Prepare for Negotiations More Effectively

  • Buy Link or Shortcode: {j2store}224|cart{/j2store}
  • member rating overall impact: 8.0/10 Overall Impact
  • member rating average dollars saved: $6,000 Average $ Saved
  • member rating average days saved: 4 Average Days Saved
  • Parent Category Name: Vendor Management
  • Parent Category Link: /vendor-management
  • IT budgets are increasing, but many CIOs feel their budgets are inadequate to accomplish what is being asked of them.
  • Eighty percent of organizations don’t have a mature, repeatable, scalable negotiation process.
  • Training dollars on negotiations are often wasted or ineffective.

Our Advice

Critical Insight

  • Negotiations are about allocating risk and money – how much risk is a party willing to accept at what price point?
  • Using a cross-functional/cross-insight team structure for negotiation preparation yields better results.
  • Soft skills aren’t enough and theatrical negotiation tactics aren’t effective.

Impact and Result

A good negotiation process can help:

  • Maximize budget dollars.
  • Improve vendor performance.
  • Enhance relationships internally and externally.

Prepare for Negotiations More Effectively Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should create and follow a scalable process for preparing to negotiate with vendors, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Before

Throughout this phase, the 12 steps for negotiation preparation are identified and reviewed.

  • Prepare for Negotiations More Effectively – Phase 1: Before
  • Before Negotiating Tool
[infographic]

Workshop: Prepare for Negotiations More Effectively

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 12 Steps to Better Negotiation Preparation

The Purpose

Improve negotiation preparation.

Understand how to use the Info-Tech Before Negotiating Tool.

Key Benefits Achieved

A scalable framework for negotiation preparation will be created.

The Before Negotiating Tool will be configured for the customer’s environment.

Activities

1.1 Establish specific negotiation goals and ranges.

1.2 Identify and assess alternatives to a negotiated agreement.

1.3 Identify and evaluate assumptions made by the parties.

1.4 Conduct research.

1.5 Identify and evaluate relationship issues.

1.6 Identify and leverage the team structure.

1.7 Identify and address leverage issues.

1.8 Evaluate timeline considerations.

1.9 Create a strategy.

1.10 Draft a negotiation agenda.

1.11 Draft and answer questions.

1.12 Rehearse (informal and formal).

Outputs

Sample negotiation goals and ranges will be generated via a case study to demonstrate the concepts and how to use the Before Negotiating Tool (this will apply to each Planned Activity)

Sample alternatives will be generated

Sample assumptions will be generated

Sample research will be generated

Sample relationship issues will be generated

Sample teams will be generated

Sample leverage items will be generated

Sample timeline issues will be generated

A sample strategy will be generated

A sample negotiation agenda will be generated

Sample questions and answers will be generated

Sample rehearsals will be conducted

Portfolio Management

  • Buy Link or Shortcode: {j2store}47|cart{/j2store}
  • Related Products: {j2store}47|crosssells{/j2store}
  • member rating overall impact: 9.6/10
  • member rating average dollars saved: $40,234
  • member rating average days saved: 30
  • Parent Category Name: Applications
  • Parent Category Link: /applications

The challenge

  • Typically your business wants much more than your IT development organization can deliver with the available resources at the requested quality levels.
  • Over-damnd has a negative influence on delivery throughput. IT starts many projects (or features) but has trouble delivering most of them within the set parameters of scope, time, budget, and quality. Some requested deliverables may even be of questionable value to the business.
  • You may not have the right project portfolio management (PPM) strategy to bring order in IT's delivery activities and to maximize business value.

Our advice

Insight

  • Many in IT mix PPM and project management. Your project management playbook does not equate to the holistic view a real PPM practice gives you.
  • Some organizations also mistake PPM for a set of processes. Processes are needed, but a real strategy works towards tangible goals.
  • PPM works at the strategic level of the company; hence executive buy-in is critical. Without executive support, any effort to reconcile supply and demand will be tough to achieve.

Impact and results 

  • PPM is a coherent business-aligned strategy that maximizes business value creation across the entire portfolio, rather than in each project.
  • Our methodology tackles the most pressing challenge upfront: get executive buy-in before you start defining your goals. With senior management behind the plan, implementation will become easier.
  • Create PPM processes that are a cultural fit for your company. Define your short and long-term goals for your strategy and support them with fully embedded portfolio management processes.

The roadmap

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

Get started.

Read our executive brief to understand why you should develop a PPM strategy and understand how our methodology can help you. We show you how we can support you.

Obtain executive buy-in for your strategy

Ensure your strategy is a cultural fit or cultural-add for your company.

  • Develop a Project Portfolio Management Strategy – Phase 1: Get Executive Buy-In for Your PPM Strategy (ppt)
  • PPM High-Level Supply-Demand Calculator (xls)
  • PPM Strategic Plan Template (ppt)
  • PPM Strategy-Process Goals Translation Matrix Template (xls)

Align the PPM processes to your company's strategic goals

Use the advice and tools in this stage to align the PPM processes.

  • Develop a Project Portfolio Management Strategy – Phase 2: Align PPM Processes to Your Strategic Goals (ppt)
  • PPM Strategy Development Tool (xls)

Refine and complete your plan

Use the inputs from the previous stages and add a cost-benefit analysis and tool recommendation.

  • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities (ppt)

Streamline your maintenance delivery

Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.

  • Develop a Project Portfolio Management Strategy – Phase 3: Complete Your PPM Strategic Plan (ppt)
  • Project Portfolio Analyst / PMO Analyst (doc)

 

 

Evaluate and Learn From Your Negotiation Sessions More Effectively

  • Buy Link or Shortcode: {j2store}226|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Vendor Management
  • Parent Category Link: /vendor-management
  • Forty-eight percent of CIOs believe their budgets are inadequate.
  • CIOs and IT departments are getting more involved with negotiations to reduce costs and risk.
  • Confident negotiators tend to be more successful, but even confident negotiators have room to improve.
  • Skilled negotiators are in short supply.

Our Advice

Critical Insight

  • Improving your negotiation skills requires more than practice or experience (i.e. repeatedly negotiating).
  • Creating and updating a negotiations lessons-learned library helps negotiators improve and provides a substantial return for the organization.
  • Failure is a great teacher; so is success … but you have to pay attention to indicators, not just results.

Impact and Result

Addressing and managing the negotiation debriefing process will help you:

  • Improve negotiation skills.
  • Implement your negotiation strategy more effectively.
  • Improve negotiation results.

Evaluate and Learn From Your Negotiation Sessions More Effectively Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should create and follow a scalable process for preparing to negotiate with vendors, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Negotiations continuing

This phase will help you debrief after each negotiation session and identify the parts of your strategy that must be modified before your next negotiation session.

  • Evaluate and Learn From Your Negotiation Sessions More Effectively – Phase 1: Negotiations Continuing

2. Negotiations completed

This phase will help you conduct evaluations at three critical points after the negotiations have concluded.

  • Evaluate and Learn From Your Negotiation Sessions More Effectively – Phase 2: Negotiations Completed
[infographic]

Workshop: Evaluate and Learn From Your Negotiation Sessions More Effectively

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 12 Steps to Better Negotiation Preparation

The Purpose

Improve negotiation skills and outcomes; share lessons learned.

Understand the value of debriefing sessions during the negotiation process.

Understand how to use the Info-Tech After Negotiations Tool.

Key Benefits Achieved

A better understanding of how and when to debrief during the negotiation process to leverage key insights.

The After Negotiations Tool will be reviewed and configured for the customer’s environment (as applicable).

Activities

1.1 Debrief after each negotiation session

1.2 Determine next steps

1.3 Return to preparation phase

1.4 Conduct Post Mortem #1

1.5 Conduct Implementation Assessment

1.6 Conduct Post Mortem #2

Outputs

Negotiation Session Debrief Checklist and Questionnaire

Next Steps Checklist

Discussion

Post Mortem #1 Checklist & Dashboard

Implementation Assessment Checklist and Questionnaire

Post Mortem #2 Checklist & Dashboard

Define Requirements for Outsourcing the Service Desk

  • Buy Link or Shortcode: {j2store}493|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Service Desk
  • Parent Category Link: /service-desk
  • In organizations where technical support is viewed as non-strategic, many see outsourcing as a cost-effective way to provide this support. However, outsourced projects often fall short of their goals in terms of cost savings and the quality of support. 
  • Significant administrative work and up-front costs are required to outsource the service desk, and poor planning often results in project failure and a decrease of end-user satisfaction.
  • A complete turnover of the service desk can result in lost knowledge and control over processes, and organizations without an exit strategy can struggle to bring their service desk back in house and return the confidence of end users.

Our Advice

Critical Insight

  • Outsourcing is easy. Realizing the expected cost, quality, and focus benefits is hard. Successful outsourcing without being directly involved in service desk management is almost impossible.
  • You don’t need to standardize before you outsource, but you still need to conduct your due diligence. If you outsource without thinking about how you want the future to work, you will likely be unsatisfied with the result.
  • If cost is your only driver for outsourcing, understand that it comes at a cost. Customer service quality will likely be less, and your outsourcer may not add on frills such as Continual Improvement. Be careful that your specialists don’t end up spending more time working on incidents and service requests.

Impact and Result

  • First decide if outsourcing is the correct step; there may be more preliminary work to do beforehand.
  • Assess requirements and make necessary adjustments before developing an outsource RFP.
  • Clearly define the project and produce an RFP to provide to vendors.
  • Plan for long-term success, not short-term gain.
  • Prepare to retain some of the higher-level service desk work.

Define Requirements for Outsourcing the Service Desk Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Define Requirements for Outsourcing the Service Desk Deck – A step-by-step document to walk you through building a strategy for efficient service desk outsourcing.

This storyboard will help you craft a project charter, create an RFP, and outline strategies to build a long-term relationship with the vendor.

  • Define Requirements for Outsourcing the Service Desk – Storyboard
  • Service Desk Outsourcing Requirements Database Library

2. Service Desk Outsourcing Project Charter Template and Requirements Library – Best-of-breed templates to help you determine processes and build a strategy to outsource them.

These templates will help you determine your service desk requirements and document your proposed service desk outsourcing strategy.

  • Service Desk Outsourcing Project Charter Template

3. Service Desk Outsourcing RFP Template – A structured document to help you outline expectations and communicate requirements to managed service providers.

This template will allow you to create a detailed RFP for your outsourcing agreement, document the statement of work, provide service overview, record exit conditions, and document licensing model and estimated pricing.

  • Service Desk Outsourcing RFP Template

4. Service Desk Outsourcing Reference Interview Template and Scoring Tool – Materials to help you conduct efficient briefings and select the best vendor to fulfill your service desk requirements.

Use the Reference Interview Template to outline a list of questions for interviewing current/previous customers of your candidate vendors. These interviews will help you with unbiased vendor scoring. The RFP Vendor Scoring Tool will help you facilitate vendor briefings with your list of questions and score candidate vendors efficiently through quantifying evaluations.

  • Service Desk Outsourcing Reference Interview Template
  • Service Desk Outsourcing RFP Scoring Tool

Infographic

Further reading

Define Requirements for Outsourcing the Service Desk

Prepare your RFP for long-term success, not short-term gains

Define Requirements for Outsourcing the Service Desk

Prepare your RFP for long-term success, not short-term gains

EXECUTIVE BRIEF

Analyst Perspective

Outsource services with your eyes wide open.

Cost reduction has traditionally been an incentive for outsourcing the service desk. This is especially the case for organizations that don't have minimal processes in place and those that need resources and skills to fill gaps.

Although cost reduction is usually the main reason to outsource the service desk, in most cases service desk outsourcing increases the cost in a short run. But without a proper model, you will only outsource your problems rather than solving them. A successful outsourcing strategy follows a comprehensive plan that defines objectives, assigns accountabilities, and sets expectations for service delivery prior to vendor outreach.

For outsourcing the service desk, you should plan ahead, work as a group, define requirements, prepare a strong RFP, and contemplate tension metrics to ensure continual improvement. As you build a project charter to outline your strategy for outsourcing your IT services, ensure you focus on better customer service instead of cost optimization. Ensure that the outsourcer can support your demands, considering your long-term achievement.

Think about outsourcing like a marriage deed. Take into account building a good relationship before beginning the contract, ensure to include expectations in the agreement, and make it possible to exit the agreement if expectations are not satisfied or service improvement is not achieved.

This is a picture of Mahmoud Ramin, PhD, Senior Research Analyst, Infrastructure and Operations, Info-Tech Research Group

Mahmoud Ramin, PhD
Senior Research Analyst
Infrastructure and Operations
Info-Tech Research Group

Executive Summary

Your Challenge

In organizations where technical support is viewed as non-strategic, many see outsourcing as a cost-effective way to provide this support. However, outsourcing projects often fall short of their goals in terms of cost savings and quality of support.

Common Obstacles

Significant administrative work and up-front costs are required to outsource the service desk, and poor planning often results in project failure and the decrease of end-user satisfaction.

A complete turnover of the service desk can result in lost knowledge and control over processes, and organizations without an exit strategy can struggle to bring their service desk back in house and reestablish the confidence of end users.

Info-Tech's Approach

  • First decide if outsourcing is the correct step; there may be more preliminary work to do beforehand.
  • Assess requirements and make necessary adjustments before developing an outsource RFP.
  • Clearly define the project and produce an RFP to provide to vendors.
  • Plan for long-term success, not short-term gains.
  • Prepare to retain some of the higher-level service desk work.

Info-Tech Insight

Outsourcing is easy. Realizing all of the expected cost, quality, and focus benefits is hard. Successful outsourcing without being directly involved in service desk management is almost impossible.

Your challenge

This research is designed to help organizations that need to:

  • Outsource the service desk or portions of service management to improve service delivery.
  • Improve and repatriate existing outsourcing outcomes by becoming more engaged in the management of the function. Regular reviews of performance metrics, staffing, escalation, knowledge base content, and customer satisfaction are critical.
  • Understand the impact that outsourcing would have on the service desk.
  • Understand the potential benefits that outsourcing can bring to the organization.

This image contains a donut chart with the following information: Salaries and Benefits - 68.50%; Technology - 9.30%; Office Space and Facilities Expense - 14.90%; Travel, Training, and Office Supplies - 7.30%

Source: HDI 2017

About 68.5% of the service desk fund is allocated to agent salaries, while only 9.3% of the service desk fund is spent on technology. The high ratio of salaries and expenses over other expense drives organizations to outsource their service desk without taking other considerations into account.

Info-Tech Insight

The outsourcing contract must preserve your control, possession, and ownership of the intellectual property involved in the service desk operation. From the beginning of the process, repatriation should be viewed as a possibility and preserved as a capability.

Your challenge

This research helps organizations who would like to achieve these goals:

  • Determine objectives and requirements to outsource the service desk.
  • Develop a project charter and build an outsourcing strategy to efficiently define processes to reduce risk of failure.
  • Build an outsourcing RFP and conduct interviews to identify the best candidate for service delivery.
  • Build a long-term relationship with an outsourcing vendor, making sure the vendor is able to satisfy all requirements.
  • Include a continual improvement plan in the outsourcing strategy and contain the option upon service delivery dissatisfaction.

New hires require between 10 and 80 hours of training (Forward Bpo Inc., 2019).

A benchmark study by Zendesk from 45,000 companies reveals that timely resolution of issues and 24/7 service are the biggest factors in customer service experience.

This image contains a bar graph with the following data: Timely issue resolution; 24/7 support; Friendly agent; Desired contact method; Not to repeat info; Proactive support; Self-serve; Call back; Rewards & freebies

These factors push many businesses to consider service desk outsourcing to vendors that have capabilities to fulfill such requirements.

Common obstacles

These barriers make this challenge difficult to address for many organizations:

  • In most cases, organizations must perform significant administrative work before they can make a move. Those that fail to properly prepare impede a smooth transition, the success of the vendor, and the ability to repatriate.
  • Successful outsourcing comes from the recognition that an organization is experiencing complete turnover of its service desk staff. These organizations engage the vendor to transition knowledge and process to ensure continuity of quality.
  • IT realizes the most profound hidden costs of outsourcing when the rate of ticket escalation increases, diminishing the capacity of senior technical staff for strategic project work.

Many organizations may not get the value they expect from outsourcing in their first year.

Common Reasons:

  • Overall lack of due diligence in the outsourcing process
  • Unsuitable or unclear service transition plan
  • Poor service provider selection and management

Poor transition planning results in delayed benefits and a poor relationship with your outsourcing service provider. A poor relationship with your service provider results in poor communication and knowledge transfer.

Key components of a successful plan:

  1. Determine goals and identify requirements before developing an RFP.
  2. Finalize your outsourcing project charter and get ready for vendor evaluation.
  3. Assess and select the most appropriate provider; manage the transition and vendor relationship.

Outsource the service desk properly, and you could see a wide range of benefits

Service Desk Outsourcing: Ability to scale up/down; Reduce fixed costs; Refocus IT efforts on core activities; Access to up-to-date technology; Adhere to  ITSM best practices; Increased process optimization; Focus IT efforts on advanced expertise; Reframe to shift-left;

Info-Tech Insight

In your service desk outsourcing strategy, rethink downsizing first-level IT service staff. This can be an opportunity to reassign resources to more valuable roles, such as asset management, development or project backlog. Your current service desk staff are most likely familiar with the current technology, processes, and regulations within IT. Consider the ways to better use your existing resources before reducing headcount.

Info-Tech's Approach

Determine Goals

Conduct activities in the blueprint to pinpoint your current challenges with the service desk and find out objectives to outsource customer service.

Define Requirements

You need to be clear about the processes that will be outsourced. Considering your objectives, we'll help you discover the processes to outsource, to help you achieve your goals.

Develop RFP

Your expectations should be documented in a formal proposal to help vendors provide solid information about how they will satisfy your requirements and what their plan is.

Build Long-Term Relationship

Make sure to plan for continual improvement by setting expectations, tracking the services with proper metrics, and using efficient communication with the provider. Think about the rainy day and include exit conditions for ending the relationship if needed.

Info-Tech's methodology

1. Define the Goal

2. Design an Outsourcing Strategy

3. Develop an RFP and Make a Long-Term Relationship

Phase Steps

1.1 Identify goals and objectives

1.2 Assess outsourcing feasibility

2.1 Identify project stakeholders

2.2 Outline potential risks and constraints

3.1 Prepare service overview and responsibility matrix

3.2 Define approach to vendor relationship management

3.3 Manage the outsource relationship

Phase Outcomes

Service Desk Outsourcing Vision and Goals

Service Desk Processes to Outsource

Outsourcing Roles and Responsibilities

Outsourcing Risks and Constraints

Service Desk Outsourcing Project Charter

Service Desk Outsourcing RFP

Continual Improvement Plan

Exit Strategy

This is an image of the strategy which you will use to build your requirements for outsourcing the service desk.  it includes: 1. Define the Goal; 2. Design an Outsourcing Strategy; 3. Develop RFP and long-term relationship.

Insight summary

Focus on value

Outsourcing is easy. Realizing all of the expected cost, quality, and focus benefits is hard. Successful outsourcing without being directly involved in service desk management is almost impossible.

Define outsourcing requirements

You don't need to standardize before you outsource, but you still need to conduct your due diligence. If you outsource without thinking about how you want the future to work, you will likely be unsatisfied with the result.

Don't focus on cost

If cost is your only driver for outsourcing, understand that there will be other challenges. Customer service quality will likely be less, and your outsourcer may not add on frills such as Continual Improvement. Be careful that your specialists don't end up spending more time working on incidents and service requests.

Emphasize on customer service

A bad outsourcer relationship will result in low business satisfaction with IT overall. The service desk is the face of IT, and if users are dissatisfied with the service desk, then they are much likelier to be dissatisfied with IT overall.

Vendors are not magicians

They have standards in place to help them succeed. Determine ITSM best practices, define your requirements, and adjust process workflows accordingly. Your staff and end users will have a much easier transition once outsourcing proceeds.

Plan ahead to guarantee success

Identify outsourcing goals, plan for service and system integrations, document standard incidents and requests, and track tension metrics to make sure the vendor does the work efficiently. Aim for building a long-term relationship but contemplate potential exit strategy.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

This is a screenshot from the Service Desk Outsourcing Requirements Database Library

Service Desk Outsourcing Requirements Database Library

Use this library to guide you through processes to outsource

This is a screenshot from the Service Desk Outsourcing RFP Template

Service Desk Outsourcing RFP Template

Use this template to craft a proposal for outsourcing your service desk

This is a screenshot from the Service Desk Outsourcing Reference Interview Template

Service Desk Outsourcing Reference Interview Template

Use this template to verify vendor claims on service delivery with pervious or current customers

This is a screenshot from the Service Desk Outsourcing Vendor Proposal Scoring Tool

Service Desk Outsourcing Vendor Proposal Scoring Tool

Use this tool to evaluate RFP submissions

Key deliverable:

This is a screenshot from the key deliverable, Service Desk Outsourcing Project Charter

Service Desk Outsourcing Project Charter

Document your project scope and outsourcing strategy in this template to organize the project for efficient resource and requirement allocation

Blueprint benefits

IT Benefits

Business Benefits

  • Determine current challenges with the service desk and identify services to outsource.
  • Make the project charter for an efficient outsourcing strategy that will lead to higher satisfaction from IT.
  • Select the best outsource vendor that will satisfy most of the identified requirements.
  • Reduce the risk of project failure with efficient planning.
  • Understand potential feasibility of service desk outsourcing and its possible impact on business satisfaction.
  • Improve end-user satisfaction through a better service delivery.
  • Conduct more efficient resource allocation with outsourcing customer service.
  • Develop a long-term relationship between the enterprise and vendor through a continual improvement plan.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

Guided Implementation

"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

Workshop

"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

Consulting

"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

Phase 1Phase 2Phase 3

Call #1: Scope your specific challenges and objectives

Call #3: Identify project stakeholders, and potential risks and constraints

Call #5: Create a detailed RFP

Call #6: Identify strategy risks.

Call #2: Assess outsourcing feasibility and processes to outsourceCall #4: Create a list of metrics to ensure efficient reporting

Call #7: Prepare for vendor briefing and scoring each vendor

Call #8: Build a communication plan

A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 8 to 10 calls over the course of 4 to 6 months.

Phase 1

Define the goal

Define the goal

Design an outsourcing strategy

Develop an RFP and make a long-term relationship

1.1 Identify goals and objectives

1.2 Assess outsourcing feasibility

2.1 Identify project stakeholders

2.2 Outline potential risks and constraints

3.1 Prepare a service overview and responsibility matrix

3.2 Define your approach to vendor relationship management

3.3 Manage the outsource relationship

This phase will walk you through the following activities:

  • Analysis outsourcing objectives
  • Assess outsourcing feasibility
  • Identify services and processes to outsource

This phase involves the following participants:

  • Service Desk Team
  • IT Leadership

Define requirements for outsourcing service desk support

Step 1.1

Identify goals and objectives

Activities

1.1.1 Find out why you want to outsource your service desk

1.1.2 Document the benefits of outsourcing your service desk

1.1.3 Identify your outsourcing vision and goals

1.1.4 Prioritize service desk outsourcing goals to help structure your mission statement

1.1.5 Craft a mission statement that demonstrates your decision to reach your outsourcing objectives

Define the goal

This step requires the following inputs:

  • List of strengths and weaknesses of the service desk
  • Challenges with the service desk

This step involves the following participants:

  • CIO
  • IT Leadership
  • Service Desk Manager
  • IT Managers

Outcomes of this step

  • Service desk outsourcing vision and goals
  • Benefits of outsourcing the service desk
  • Mission statement

What is your rationale to outsource the service desk?

Potential benefits of outsourcing the service desk:

  • Bring in the expertise and knowledge to manage tickets according to best-practice guidelines
  • Reduce the timeline to response and resolution
  • Improve IT productivity
  • Enhance IT services and improve performance
  • Augment relationship between IT and business through service-level improvement
  • Free up the internal team and focus IT on complex projects and higher priority tasks
  • Speed up service desk optimization
  • Improve end-user satisfaction through efficient IT services
  • Reduce impact of incidents through effective incident management
  • Increase service consistency via turnover reduction
  • Expand coverage hour and access points
  • Expand languages to service different geographical areas

1.1.1 Find out why you want to outsource your service desk

1 hour

Service desk is the face of IT. Service desk improvement increases IT efficiency, lowers operation costs, and enhances business satisfaction.

Common challenges that result in deciding to outsource the service desk are:

Participants: IT Director, Service Desk Manager, Service Desk Team

ChallengeExample
Lack of tier 1 supportStartup does not have a dedicated service desk to handle incidents and provide services to end users.
Inefficient ticket handlingMTTR is very high and end users are frustrated with their issues not getting solved quickly. Even if they call service desk, they are put on hold for a long time. Due to these inefficiencies, their daily work is greatly impacted.
Restricted service hoursCompany headquartered in Texas does not have resources to provide 24/7 IT service. When users in the East Asia branch have a laptop issue, they must wait until the next day to get response from IT. This has diminished their satisfaction.
Restricted languagesCompany X is headquartered in New York. An end user not fluent in English from Madrid calls in for support. It takes five minutes for the agent to understand the issue and log a ticket.
Ticket backlogIT is in firefighting mode, very busy with taking care of critical incidents and requests from upper management. Almost no one is committed to the SLA because of their limited availability.

Brainstorm your challenges with the service desk. Why have you decided to outsource your service desk? Use the above table as a sample.

1.1.2 Document benefits of outsourcing your service desk

1 hour

  1. Review the challenges with your current service desk identified in activity 1.1.1.
  2. Discuss possible ways to tackle these challenges. Be specific and determine ways to resolve these issues if you were to do it internally.
  3. Determine potential benefits of outsourcing the service desk to IT, business, and end users.
  4. For each benefit, describe dependencies. For instance, to reduce the number of direct calls (benefit), users should have access to service desk as a single point of contact (dependency).
  5. Document this activity in the Service Desk Outsourcing Project Charter Template.

Download the Project Charter Template

Input

  • List of challenges with the current service desk from activity 1.1.1

Output

  • Benefits of outsourcing the service desk

Materials

  • Whiteboard/flip charts
  • Markers
  • Sticky notes
  • Laptops

Participants

  • IT Director/CIO
  • Service Desk Manager
  • Service Desk Team
  • IT Managers

Why should you not consider cost reduction as a primary incentive to outsourcing the service desk?

Assume that some of the costs will not go away with outsourcing

When you outsource, the vendor's staff tend to gradually become less effective as:

  • They are managed by metrics to reduce costs by escalating sooner, reducing talk time, and proposing questionable solutions.
  • Turnover results in new employees that get insufficient training.

You must actively manage the vendor to identify and resolve these issues. Many organizations find that service desk management takes more time after they outsource.

You need to keep spending on service desk management, and you may not get away from technology infrastructure spending.

Info-Tech Insight

In their first year, almost 42% of Info-Tech's clients do not get the real value of outsourcing services as expected. This iss primarily because of misalignment of organizational goals with outcomes of the outsourced services.

Consider the hidden costs of outsourcing

Expected Costs

Unexpected Costs

Example

Transition CostsSeverance and staff retention
  • Cost to adapt to vendor standards
  • Training cost of vendor staff
  • Lost productivity
  • Format for requirements
  • Training report developers to work with vendor systems
FeesPrice of the engagement
  • Extra fees for additional services
  • Extra charges for uploading data to cloud storage
  • Portal access
Management CostsTime directing account
  • Time directly managing vendor staff
  • Checking deliverables for errors
  • Disputing penalty amounts
Rework CostsDowntime, defect rate, etc. (quality metrics measured in SLAs)
  • Time spent adapting deliverables for unanticipated requirements
  • Time spent assuring the quality and usefulness of deliverables
  • Completing quality assurance and updating knowledgebase articles
  • Adapting reporting for presentation to stakeholders

Determine strategies to avoid each hidden cost

Costs related to transitioning into the engagementAdapting to standards and training costs

Adapting to standards: Define the process improvements you will need to work with each potential vendor.

Training costs for vendor staff: Reduce training costs by keeping the same vendor staff on all of your projects.

Fee-related costs

Fees for additional services (that you thought were included)

Carefully review each proposed statement of work to identify and reduce extra fees. Understand why extra fees occur in the SLA, the contract, and the proposed statement of work, and take steps to protect yourself and the vendor.

Management-related costs

Direct management of vendor staff and dispute resolution

Direct management of vendor staff: Avoid excessive management costs by defining a two-tier management structure on both sides of the engagement.

Time spent resolving disputes: Avoid prolonged resolution costs by defining terms of divorce for the engagement up front.

Rework costs

Unanticipated requirements and integration with existing systems

Unanticipated requirements: Use a two-stage process to define requirements, starting with business people and then with review by technical staff.

Integration with existing systems: Obtain a commitment from vendors that deliverables will conform to standards at points of integration with your systems.

Your outsourcing strategy should address the reasons you decided to outsource

A clear vision of strategic objectives prior to entering an outsourcing agreement will allow you to clearly communicate these objectives to the Managed Service Provider (MSP) and use them as a contracted basis for the relationship.

  • Define the business' overall approach to outsourcing along with the priorities, rules, and principles that will drive the outsourcing strategy and every subsequent outsourcing decision and activity.
  • Define specific business, service, and technical goals for the outsourcing project and relevant measures of success.

"People often don't have a clear direction around what they're trying to accomplish. The strategic goals should be documented. Is this a cost-savings exercise? Is it because you're deficient in one area? Is it because you don't have the tools or expertise to run the service desk yourself? Figure out what problem you're trying to solve by outsourcing, then build your strategy around that.
– Jeremy Gagne, Application Support Delivery Manager, Allegis Group

Most organizations are driven to consider outsourcing their service desk hoping to improve the following:

  • Ability to scale (train people and acquire skills)
  • Focus on core competencies
  • Decrease capital costs
  • Access latest technology without large investment
  • Resolve labor force constraints
  • Gain access to special expertise without paying a full salary
  • Save money overall

Info-Tech Insight

Use your goals and objectives as a management tool. Clearly outline your desired project outcomes to both your in-house team and the vendor during implementation and monitoring. It will allow a common ground to unite both parties as the project progresses.

Mitigate pitfalls that lay in the way of desired outcomes of outsourcing

Desired outcomePitfalls to overcome
IT can focus on core competencies and strategic initiatives rather than break-fix tasks.Escalation to second- and third-level support usually increases when the first level has been outsourced. Outsourcers will have less experience with your typical incidents and will give up on trying to solve some issues more quickly than your internal level-one staff.
Low outsourcing costs compared to the costs needed to employ internal employees in the same role. Due to lack of incentive to decrease ticket volume, costs are likely to increase. As a result, organizations often find themselves paying more overall for an outsourced service desk than if they had a few dedicated IT service desk employees in-house.
Improved employee morale as a result of being able to focus on more interesting tasks.Management often expects existing employee morale to increase as a result of shifting their focus to core and strategic tasks, but the fear of diminished job security often spreads to the remaining non-level-one employees.

1.1.3 Identify outsourcing vision and goals

Identify the goals and objectives of outsourcing to inform your strategy.

Participants: IT Director, Service Desk Manager, Service Desk Team

1-2 hours

  1. Meet with key business stakeholders and the service desk staff who were involved in the decision to outsource.
  2. As a group, review the results from activity 1.1.1 (challenges with current service desk operations) and identify the goals and objectives of the outsourcing initiative.
  3. Determine the key performance indicator (KPI) for each goal.
  4. Identify the impacted stakeholder/s for each goal.
  5. Discuss checkpoint schedule for each goal to make sure the list stays updated.

Use the sample table as a starting point:

  1. Document your table in the Service Desk Outsourcing Project Charter Template.
IDGoal DescriptionKPIImpacted StakeholdersCheckpoint Schedule
1Provide capacity to take calls outside of current service desk work hours
  • Decreased in time to response
  • Decreased time to resolve
  • IT Entire organization
  • Every month
2Take calls in different languages
  • Improved service delivery in different geographical regions
  • Improved end-user satisfaction
  • End users
  • Every month
3Provide field support at remote sites with no IT presence without having to fly out an employee
  • 40% faster incident resolution and request fulfillment
  • Entire organization
  • Every month
4Improve ease of management by vendor helping with managing and optimizing service desk tasks
  • Improved service management efficiency
  • Entire organization
  • Every 3 months

Download the Project Charter Template

Evaluate organizational demographics to assess outsourcing rationale

The size, complexity, and maturity of your organization are good indicators of service desk direction with regards to outsourcing.

Organization Size

  • As more devices, applications, systems, and users are added to the mix, vendor costs will increase but their ability to meet business needs will decrease.
  • Small organizations are often either rejected by vendors for being too small or locked into a contract that is overkill for their actual needs (and budget).

Complexity

  • Highly customized environments and organizations with specialized applications or stringent regulatory requirements are very difficult to outsource for a reasonable cost and acceptable quality.
  • In these cases, the vendor is required to train skilled support or ends up escalating more tickets back to second- and third-level support.

Requirements

  • Organizations looking to outsource must have defined outsourcing requirements before looking at vendors.
  • Without a requirement assessment, the vendor won't have guidelines to follow and you won't be able to measure their adherence.

Info-Tech Insight

Although less adherence to service desk best practices can be one of the main incentives to outsourcing the service desk, IT should have minimal processes in place to be able to set expectations with targeting vendors.

1.1.4 Prioritize service desk outsourcing goals to help structure mission statement

0.5-1 hour

The evaluation process for outsourcing the service desk should be done very carefully. Project leaders should make sure they won't panic internal resources and impact their performance through the transition period.

If the outsourcing process is rushed, it will result in poor evaluation, inefficient decision making, and project failure.

  1. Refer to results in activity 1.1.3. Discuss the service desk outsourcing goals once again.
  2. Brainstorm the most important objectives. Use sticky notes to prioritize the items from the most important to the least important.
  3. Edit the order accordingly.

Input

  • Project goals from activity 1.1.3

Output

  • Prioritized list of outsourcing goals

Materials

  • Whiteboard/flip charts
  • Markers
  • Sticky notes
  • Laptops

Participants

  • IT Director/CIO
  • Service Desk Manager
  • Service Desk Team
  • IT Managers

Download the Project Charter Template

1.1.5 Craft a mission statement that demonstrates your decision to reach outsourcing objectives

Participants: IT Director, Service Desk Manager

0.5-1 hour

The IT mission statement specifies the function's purpose or reason for being. The mission should guide each day's activities and decisions. The mission statement should use simple and concise terminology and speak loudly and clearly, generating enthusiasm for the organization.

Strong IT mission statements:

  • Articulate the IT function's purpose and reason for existence
  • Describe what the IT function does to achieve its vision
  • Define the customers of the IT function
  • Can be described as:
    • Compelling
    • Easy to grasp
    • Sharply focused
    • Inspirational
    • Memorable
    • Concise

Sample mission statements:

  • To help fulfill organizational goals, IT has decided to empower business stakeholders with outsourcing the service desk.
  • To support efficient IT service provision, better collaboration, and effective communication, [Company Name] has decided to outsource the service desk.
  • [Company Name] plans to outsource the service desk so it can identify bottlenecks and inefficiencies with current service desk processes and enable [Company Name] to innovate and support business growth.
  • Considering the goals and benefits determined in the previous activities, outline a mission statement.
  • Document your outsourcing mission statement in the "Project Overview" section of the Project Charter Template.

Download the Project Charter Template

Step 1.2

Assess outsourcing feasibility

Activities

1.2.1 Create a baseline of customer experience

1.2.2 Identify service desk processes to outsource

1.2.3 Design an outsourcing decision matrix for service desk processes and services

1.2.4 Discuss if you need to outsource only service desk or if additional services would benefit from outsourcing too

Define the goal

This step requires the following inputs:

  • List of service desk tasks and responsibilities

This step involves the following participants:

  • CIO
  • IT Leadership
  • Service Desk Manager
  • Infrastructure Manager

Outcomes of this step

  • End-user satisfaction with the service desk
  • List of processes and services to outsource

1.2.1 Create a baseline of customer experience

Solicit targeted department feedback on IT's core service capabilities, communications, and business enablement from end users. Use this feedback to assess end-user satisfaction with each service, broken down by department and seniority level.

  1. Complete an end-user satisfaction survey to define the current state of your IT services, including service desk (timeliness and effectiveness). With Info-Tech's end-user satisfaction program, an analyst will help you set up the diagnostic and will go through the report with you.
  2. Evaluate survey results.
  3. Communicate survey results with team leads and discuss the satisfaction rates and comments of the end users.
  4. Schedule to launch another survey one year after outsourcing the service desk.
  5. Your results will be compared to the following year's results to analyze the overall success/failure of your outsourcing project.

A decrease of business and end-user satisfaction is a big drive to outsourcing the service desk. Conduct a customer service survey to discover your end-user experience prior to and after outsourcing the service desk.

Don't get caught believing common misconceptions: outsourcing doesn't mean sending away all the work

First-time outsourcers often assume they are transferring most of the operations over to the vendor, but this is often not the case.

  1. Management of performance, SLAs, and customer satisfaction remain the responsibility of your organization.
  2. Service desk outsource vendors provide first-line response. This includes answering the phones, troubleshooting simple problems, and redirecting requests that are more complex.
  3. The vendor is often able to provide specialized support for standard applications (and for customized applications if you'll pay for it). However, the desktop support still needs someone onsite, and that service is very expensive to outsource.
  4. Tickets that are focused on custom applications and require specialized or advanced support are escalated back to your organization's second- and third-level support teams.

Switching to a vendor won't necessarily improve your service desk maturity

You should have minimal requirements before moving.

Whether managing in-house or outsourcing, it is your job to ensure core issues have been clarified, processes defined, and standards maintained. If your processes are ad-hoc or non-existent right now, outsourcing won't fix them.

You must have the following in place before looking to outsource:

  • Defined reporting needs and plans
  • Formalized skill-set requirements
  • Problem management and escalation guidelines
  • Ticket templates and classification rules
  • Workflow details
  • Knowledge base standards

Info-Tech Insight

If you expect your problems to disappear with outsourcing, they might just get worse.

Define long-term requirements

Anticipate growth throughout the lifecycle of your outsourcing contract and build that into the RFP

  • Most outsourcing agreements typically last three to five years. In that time, you risk outgrowing your service provider by neglecting to define your long-term service desk requirements.
  • Outgrowing your vendor before your contract ends can be expensive due to high switching costs. Managing multiple vendors can also be problematic.
  • It is crucial to define your service desk requirements before developing a request for proposal to make sure the service you select can meet your organization's needs.
  • Make sure that the business is involved in this planning stage, as the goals of IT need to scale with the growth strategy of the business. You may select a vendor with no additional capacity despite the fact that your organization has a major expansion planned to begin two years from now. Assessing future requirements also allows you to culture match with the vendor. If your outlooks and practices are similar, the match will likely click.

Info-Tech Insight

Don't select a vendor for what your company is today – select a vendor for what your company will be years from now. Define your future service desk requirements in addition to your current requirements and leave room for growth and development.

You can't outsource everything

Manage the things that stay in-house well or suffer the consequences.

"You can't outsource management; you can only outsource supervision." Barry Cousins, Practice Lead, Info-Tech Research Group

What can be the vendor in charge of?

What stays in-house?

  • Call and email answering
  • Ongoing daily ticket creation and tracking
  • Tier 1 support
  • Internal escalation to Level 2 support
  • External escalation to specialized Level 2 and Level 3 support
  • Knowledge base article creation
  • Service desk-related hardware acquisition and maintenance
  • Service desk software acquisition and maintenance
  • Security and access management
  • Disaster recovery
  • Staff acquisition
  • Facilities
  • The role of the Service Desk Manager
  • Skills and training standards
  • Document standardization
  • Knowledge base quality assurance and documentation standardization
  • Self-service maintenance, promotion, and ownership
  • Short and long-term tracking of vendor performance

Info-Tech Insight

The need for a Service Desk Manager does not go away when you outsource. In fact, the need becomes even stronger and never diminishes.

Assess current service desk processes before outsourcing

Process standards with areas such as documentation, workflow, and ticket escalation should be in place before the decision to outsource has been made.

Every effective service desk has a clear definition of the services that they are performing for the end user. You can't provide a service without knowing what the services are.

MSPs typically have their own set of standards and processes in play. If your service desk is not at a similar level of maturity, outsourcing will not be pleasant.

Make sure that your metrics are reported consistently and that they tell a story.

"Establish baseline before outsourcing. Those organizations that don't have enough service desk maturity before outsourcing should work with the outsourcer to establish the baseline."
– Yev Khobrenkov, Enterprise Consultant, Solvera Solutions

Info-Tech Insight

Outsourcing vendors are not service desk builders; they're service desk refiners. Switching to a vendor won't improve your maturity; you must have a certain degree of process maturity and standardization before moving.

Case Study

INDUSTRY: Cleaning Supplies

SOURCE: PicNet

Challenge

  • Reckitt Benckiser of Australia determined that its core service desk needed to be outsourced.
  • It would retain its higher level service desk staff to work on strategic projects.
  • The MSP needed to fulfill key requirements outlined by Reckitt Benckiser.

Solution

  • Reckitt Benckiser recognized that its rapidly evolving IT needs required a service desk that could fulfill the following tasks:
  • Free up internal IT staff.
  • Provide in-depth understanding of business apps.
  • Offer efficient, cost-effective support onsite.
  • Focus on continual service improvement (CSI).

Results

  • An RFP was developed to support the outsourcing strategy.
  • With the project structure outlined and the requirements of the vendor for the business identified, Reckitt Benckiser could now focus on selecting a vendor that met its needs.

1.2.1 Identify service desk processes to outsource

2-3 hours

Review your prioritized project goals from activity 1.1.4.

Brainstorm requirements and use cases for each goal and describe each use case. For example: To improve service desk timeliness, IT should improve incident management, to resolve incidents according to the defined SLA and based on ticket priority levels.

Discuss if you're outsourcing just incident management or both incident management and request fulfillment. If both, determine what level of service requests will be outsourced? Will you ask the vendor to provide a service catalog? Will you outsource self-serve and automation?

Document your findings in the service desk outsourcing requirements database library.

Input

  • Outsourcing project goals from activity 1.1.4

Output

  • List of processes to outsource

Materials

  • Sticky notes
  • Markers
  • Whiteboard/flip charts
  • Laptops

Participants

  • IT Director/CIO
  • Service Desk Manager
  • Service Desk Team

Download the Requirements Database Library

1.2.2 Design an outsourcing decision matrix for service desk processes and services

Participants: IT Director, Service Desk Manager, Infrastructure manager

2-3 hours

Most successful service desk outsourcing engagements have a primary goal of freeing up their internal resources to work on complex tasks and projects. The key outsourcing success factor is to find out internal services and processes that are standardized or should be standardized, and then determine if they can be outsourced.

  1. Review the list of identified service desk processes from activity 1.2.1.
  2. Discuss the maturity level of each process (low, medium, high) and document under the maturity column of the Outsource the Service Desk Requirements Database Library.
  3. Use the following decision matrix for each process. Discuss which tasks are important to strategic objectives, which ones provide competitive advantage, and which ones require specialized in-house knowledge.
  4. Identify processes that receive high vendor's performance advantage. For instance, access to talent, lower cost at scale, and access to technology.
  5. In your outsourcing assessment, consider a narrow scope of engagement and a broad view of what is important to business outcome.
  6. Based on your findings, determine the priority of each process to be outsourced. Document results in the service desk outsourcing requirements database library, and section 4.1 of the service desk outsourcing project charter.
  • Important to strategic objectives
  • Provides competitive advantage
  • Specialized in-house knowledge required

This is an image of a quadrant analysis, where the X axis is labeled Vendor's Performance Advantage, and the Y axis is labeled Importance to Business Outcomes.

  • Talent/access to skills
  • Economies of scale/lower cost at scale
  • Access to technology

Download the Requirements Database Library

Download the Project Charter Template

Maintain staff and training: you need to know who is being hired, how, and why

Define documentation rules to retain knowledge

  • Establish a standard knowledge article template and list of required information.
  • Train staff on the requirements of knowledge base creation and management. Help them understand the value of the time spent recording their work.
  • It is your responsibility to assure the quality of each knowledge article. Outline accountabilities for internal staff and track for performance evaluations.

For information on better knowledge management, refer to Info-Tech's blueprint Optimize the Service Desk With a Shift-Left Strategy.

Expect to manage stringent skills and training standards

  • Plan on being more formal about a Service Manager position and spending more time than you allocated previously.
  • Complete a thorough assessment of the skills you need to keep the service desk running smoothly.
  • Don't forget to account for any customized or proprietary systems. How will you train vendor staff to accommodate your needs? What does their turnaround look like: would it be more likely that you acquire a dependable employee in-house?
  • Staffing requirements need to be actively monitored to ensure the outsourcer doesn't have degradation of quality or hiring standards. Don't assume that things run well – complete regular checks and ask for access to audit results.
  • Are the systems and data being accessed by the vendor highly sensitive or subject to regulatory requirements? If so, it is your job to ensure that vendor staff are being screened appropriately.

Does your service desk need to integrate to other IT services?

A common challenge when outsourcing multiple services to more than one vendor is a lack of collaboration and communication between vendors.

  • Leverage SIAM capabilities to integrate service desk tasks to other IT services, if needed.
  • "Service Integration and Management (SIAM) is a management methodology that can be applied in an environment that includes services sourced from a number of service providers" (Scopism Limited, 2020).
  • SIAM supports cross-functional integrations. Organizations that look for a single provider will be less likely to get maximum benefits from SIAM.

There are three layers of entities in SIAM:

  • Customer Organization: The customer who receives services, who defines the relationship with service providers.
  • Service Integrator: End-to-end service governance and integration is done at this layer, making sure all service providers are committed to their services.
  • Service Provider: Responsible party for service delivery according to contract. It can be combination of internal provider, managed by internal agreements, and external provider, managed by SLAs between providers and customer organization.

Use SIAM to obtain better results from multiple service providers

In the SIAM model, the customer organization keeps strategic, governance, and business activities, while integrating other services (either internally or externally).

This is an image of the SIAM model

SIAM Layers. Source: SIAM Foundation BoK

Utilize SIAM to obtain better results from multiple service providers

SIAM reduces service duplication and improves service delivery via managing internal and external service providers.

To utilize the SIAM model, determine the following components:

  • Service providers
  • Service consumers
  • Service outcomes
  • Service obstacles and boundaries
  • Service dependencies
  • Technical requirements and interactions for each service
  • Service data and information including service levels

To learn more about adopting SIAM, visit Scopism.

1.2.3 Discuss if you need to outsource only service desk or if additional services would benefit from outsourcing too

1-2 hours

  • Discuss principles and goals of SIAM and how integrating other services can apply within your processes.
  • Review the list of service desk processes and tasks to be outsourced from activities 1.2.1 and 1.2.2.
  • Brainstorm a list of other services that are outsourced/need to be outsourced.
  • Determine providers of each service (both internal and external). Document the other services to be integrated in the project charter template and requirements database library.

Input

  • SIAM objectives
  • List of service desk processes to outsource

Output

  • List of other services to outsource and integrate in the project

Materials

  • Sticky notes
  • Markers
  • Whiteboard/flip charts
  • Laptops

Participants

  • IT Director/CIO
  • Service Desk Manager
  • Service Desk Team

Download the Requirements Database Library

Download the Project Charter Template

Establish requirements for problem management in the outsourcing plan

Your MSP should not just fulfill SLAs – they should be a proactive source of value.

Problem management is a group effort. Make sure your internal team is assisted with sufficient and efficient data by the outsourcer to conduct a better problem management.

Clearly state your organization's expectations for enabling problem management. MSPs may not necessarily need, and cannot do, problem management; however, they should provide metrics to help you discover trends, define recurring issues, and enable root cause analysis.

For more information on problem management, refer to Info-Tech's blueprint Improve Incident and Problem Management.

PROBLEM MANAGEMENT

INCIDENT MANAGEMENT

INTAKE: Ticket data from incident management is needed for incident matching to identify problems. Critical Incidents are also a main input to problem management.

EVENT MANAGEMENT

INTAKE: SMEs and operations teams monitoring system health events can identify indicators of potential future issues before they become incidents.

APPLICATION, INFRASTRUCTURE, and SECURITY TEAMS

ACTION: Problem tickets require investigation from relevant SMEs across different IT teams to identify potential solutions or workarounds.

CHANGE MANAGEMENT

OUTPUT: Problem resolution may need to go through Change Management for proper authorization and risk management.

Outline problem management protocols to gain value from your service provider

  • For example, with a deep dive into ticket trend analysis, your MSP should be able to tell you that you've had a large number of tickets on a particular issue in the past month, allowing you to look into means to resolve the issue and prevent it from reoccurring.
  • A proactive MSP should be able to help your service levels improve over time. This should be built into the KPIs and metrics you ask for from the outsourcer.

Sample Scenario

Your MSP tracks ticket volume by platform.

There are 100 network tickets/month, 200 systems tickets/month, and 5,000 end-user tickets/month.

Tracking these numbers is a good start, but the real value is in the analysis. Why are there 5,000 end-user tickets? What are the trends?

Your MSP should be providing a monthly root-cause analysis to help improve service quality.

Outcomes:

  1. Meeting basic SLAs tells a small part of the story. The MSP is performing well in a functional sense, but this doesn't shed any insight on what kind of knowledge or value is being added.
  2. The MSP should provide routine updates on ticket trends and other insights gained through data analysis.
  3. A commitment to continual improvement will provide your organization with value throughout the duration of the outsourcing agreement.

Phase 2

Design an Outsourcing Strategy

Define the goal

Design an outsourcing strategy

Develop an RFP and make a long-term relationship

1.1 Identify goals and objectives

1.2 Assess outsourcing feasibility

2.1 Identify project stakeholders

2.2 Outline potential risks and constraints

3.1 Prepare a service overview and responsibility matrix

3.2 Define your approach to vendor relationship management

3.3 Manage the outsource relationship

This phase will walk you through the following activities:

  • Identify roles and responsibilities
  • Determine potential risks of outsourcing the service desk
  • Build a list of metrics

This phase involves the following participants:

  • Service Desk Team
  • IT Leadership

Define requirements for outsourcing service desk support

Step 2.1

Identify project stakeholders

Activity

2.1.1 Identify internal outsourcing roles and responsibilities

Design an Outsourcing Strategy

This step requires the following inputs:

  • List of service desk roles
  • Service desk outsourcing goals

This step involves the following participants:

  • IT Managers
  • Project Team
  • Service Desk Manager

Outcome of this step

  • Outsourcing roles and responsibilities

Design an outsourcing strategy to capture the vision of your service desk

An outsourcing strategy is crucial to the proper accomplishment of an outsourcing project. By taking the time to think through your strategy beforehand, you will have a clear idea of your desired outcomes. This will make your RFP of higher quality and will result in a much easier negotiation process.

Most MSPs are prepared to offer a standard proposal to clients who do not know what they want. These are agreements that are doomed to fail. A clearly defined set of goals (discussed in Phase 1), risks, and KPIs and metrics (covered in this phase) makes the agreement more beneficial for both parties in the long run.

  1. Identify goals and objectives
  2. Determine mission statement
  3. Define roles and responsibilities
  4. Identify risks and constraints
  5. Define KPIs and metrics
  6. Complete outsourcing strategy

A successful outsourcing initiative depends on rigorous preparation

Outsourcing is a garbage in, garbage out initiative. You need to give your service provider the information they need to provide an effective product.

  • Data quality is critical to your outsourcing initiative's success.
  • Your vendor will be much better equipped to help you and to better price its services if it has a thorough understanding of your IT environment.
  • This means more than just building a catalog of your hardware and software. You will need to make available documented policies and processes so you and your vendor can understand where they fit in.
  • Failure to completely document your environment can lead to a much longer time to value as your provider will have to spend much more time (and thus much more money) getting their service up and running.

"You should fill the gap before outsourcing. You should make sure how to measure tickets, how to categorize, and what the cost of outsourcing will be. Then you'll be able to outsource the execution of the service. Start your own processes and then outsource their execution."
– Kris Krishan, Head of IT and business systems, Waymo

Case Study

Digital media company built an outsourcing strategy to improve customer satisfaction

INDUSTRY: Digital Media

SOURCE: Auxis

Challenge

A Canadian multi-business company with over 13,000 employees would like to maintain a growing volume of digital content with their endpoint management.

The client operated a tiered model service desk. Tier 1 was outsourced, and tier 2 tasks were done internally, for more complex tasks and projects.

As a result of poor planning and defining goals, the company had issues with:

  • Low-quality ticket handling
  • High volume of tickets escalated to tier 2, restraining them from working on complex tickets
  • High turn over and a challenge with talent retention
  • Insufficient documentation to train external tier 1 team
  • Long resolution time and low end-user satisfaction

Solution

The company structured a strategy for outsourcing service desk and defined their expectations and requirements.

They engaged with another outsourcer that would fulfill their requirements as planned.

With the help of the outsourcer's consulting team, the client was able to define the gaps in their existing processes and system to:

  • Implement a better ticketing system that could follow best-practices guidelines
  • Restructure the team so they would be able to handle processes efficiently

Results

The proactive planning led to:

  • Significant improvement in first call resolution (82%).
  • MTTR improvement freed tier 2 to focus on business strategic objectives and allowed them to work on higher-value activities.
  • With a better strategy around outsourcing planning, the company saved 20% of cost compared to the previous outsourcer.
  • As a result of this partnership, the company is providing a 24/7 structure in multiple languages, which is aligned with the company's growth.
  • Due to having a clear strategy built for the project, the client now has better visibility into metrics that support long-term continual improvement plans.

Define roles and responsibilities for the outsourcing transition to form the base of your outsourcing strategy

There is no "I" in outsource; make sure the whole team is involved

Outsourcing is a complete top-to-bottom process that involves multiple levels of engagement:

  • Management must make high-level decisions about staffing and negotiate contract details with the vendor.
  • Service desk employees must execute on the documentation and standardization of processes in an effort to increase maturity.
  • Roles and responsibilities need to be clearly defined to ensure that all aspects of the transition are completed on time.
  • Implement a full-scale effort that involves all relevant staff. The most common mistake is to have the project design follow the same top-down pattern as the decision-making process.

Info-Tech Insight

The service desk doesn't operate in isolation. The service desk interfaces with many other parts of the organization (such as finance, purchasing, field support, etc.), so it's important to ensure you engage stakeholders from other departments as well. If you only engage the service desk staff in your discussions around outsourcing strategy and RFP development, you may miss requirements that will come up when it's too late.

2.1.1 Identify internal outsourcing roles and responsibilities

2 hours

  1. The sample RACI chart in section 5 of the Project Charter Template outlines which positions are responsible, accountable, consulted, and informed for each major task within the outsourcing project.
  2. Responsible, is the group that is responsible for the execution and oversight of activities for the project. Accountable is the owner of the task/process, who is accountable for the results and outcomes. Consulted is the subject matter expert (SME) who is actively involved in the task/process and consulted on decisions. Informed is not actively involved with the task/process and is updated about decisions around the task/process.
  3. Make sure that you assign only one person as accountable per process. There can be multiple people responsible for each task. Consulted and Informed are optional for each task.
  4. Complete the RACI chart with recommended participants, and document in your service desk outsourcing project charter, under section 5.

Input

  • RACI template
  • Org chart

Output

  • List of roles and responsibilities for outsource project

Materials

  • Whiteboard/flip charts
  • Markers
  • Laptops

Participants

  • IT Director/CIO
  • Service Desk Manager
  • Service Desk Team

Download the Project Charter Template

Step 2.2

Outline potential risks and constraints

Activities

2.2.1 Identify potential risks and constraints that may impact achievement of objectives

2.2.2 Arrange groups of tension metrics to balance your reporting

Design an Outsourcing Strategy

This step will walk you through the following activities:

  • Outsourcing objectives
  • Potential risks

This step involves the following participants:

  • IT Managers
  • Project Team
  • Service Desk Manager

Outcomes of this step

  • Mitigation strategy for each risk
  • Service desk metrics

Know your constraints to reduce surprises during project implementation

No service desk is perfect; know your limits and plan accordingly

Define your constraints to outsourcing the service desk.

Consider all types of constraints and opportunities, including:

  • Business forces
  • Economic cycles
  • Disruptive tech
  • Regulation and compliance issues
  • Internal organizational issues

Within the scope of a scouring decision, define your needs and objectives, measure those as much as possible, and compare them with the "as-is" situation.

Start determining what alternative approaches/scenarios the organization could use to fill the gaps. Start a comparison of scenarios against drivers, goals, and risks.

Constraints

Goals and objectives

  • Budget
  • Maturity
  • Compliance
  • Regulations
  • Outsourcing Strategy

Plan ahead for potential risks that may impede your strategy

Risk assessment must go hand-in-hand with goal and objective planning

Risk is inherent with any outsourcing project. Common outsourcing risks include:

  • Lack of commitment to the customer's goals from the vendor.
  • The distraction of managing the relationship with the vendor.
  • A perceived loss of control and a feeling of over-dependence on your vendor.
  • Managers may feel they have less influence on the development of strategy.
  • Retained staff may feel they have become less skilled in their specialist field.
  • Unanticipated expenses that were assumed to be offered by the vendor.
  • Savings only result from high capital investment in new projects on the part of the customer.

Analyze the risks associated with a specific scenario. This analysis should identify and understand the most common sourcing and vendor risks using a risk-reward analysis for selected scenarios. Use tools and guidelines to assess and manage vendor risk and tailor risk evaluation criteria to the types of vendors and products.

Info-Tech Insight

Plan for the worst to prevent it from happening. Evaluating risk should cover a wide variety of scenarios including the worst possible cases. This type of thinking will be crucial when developing your exit strategy in a later exercise.

2.2.1 Identify potential risks and constraints that may impact achievement of objectives

1-3 hours

  1. Brainstorm any potential risks that may arise through the outsourcing project. Describe each risk and categorize both its probability of occurring and impact on the organization as high (H), medium (M), or low (L), using the table below:
Risk Description

Probability(H/M/L)

Impact(H/M/L)Planned Mitigation
Lack of documentationMMUse cloud-based solution to share documents.
Knowledge transferLMDetailed knowledge-sharing agreement in place in the RFP.
Processes not followedLHClear outline and definition of current processes.
  1. Identify any constraints for your outsourcing strategy that may restrict, limit, or place certain conditions on the outsourcing project.
    • This may include budget restrictions or staffing limitations.
    • Identifying constraints will help you be prepared for risks and will lessen their impact.
  2. Document risks and constraints in section 6 of the Service Desk Outsourcing Project Charter Template.

Input

  • RACI template
  • Org chart

Output

  • List of roles and responsibilities for outsource project

Materials

  • Whiteboard/flip charts
  • Markers

Participants

  • IT Director/CIO
  • Service Desk Manager
  • Service Desk Team

Download the Project Charter Template

Define service tiers and roles to develop clear vendor SLAs

Management of performance, SLAs, and customer satisfaction remain the responsibility of your organization.

Define the tiers and/or services that will be the responsibility of the MSP, as well as escalations and workflows across tiers. A sample outsourced structure is displayed here:

External Vendor

Tickets beyond the scope of the service desk staff need to be escalated back to the vendor responsible for the affected system.

Tier 3

Tickets that are focused on custom applications and require specialized or advanced support are escalated back to your organization's second- and third-level support teams.

Tier 2

The vendor is often able to provide specialized support for standard applications. However, the desktop support still needs someone onsite as that service is very expensive to outsource.

Tier 1

Service desk outsource vendors provide first-line response. This includes answering the phones, troubleshooting simple problems, and redirecting requests that are more complex.

Info-Tech Insight

If you outsource everything, you'll be at the mercy of consultancy or professional services shops later on. You won't have anyone in-house to help you deploy anything; you're at the mercy of a consultant to come in and tell you what to do and how much to spend. Keep your highly skilled people in-house to offset what you'd have to pay for consultancy. If you need to repatriate your service desk later on, you will need skills in-house to do so.

Don't become obsessed with managing by short-term metrics – look at the big picture

"Good" metric results may simply indicate proficient reactive fixing; long-term thinking involves implementing proactive, balanced solutions.

KPIs demonstrate that you are running an effective service desk because:

  • You close an average of 300 tickets per week
  • Your first call resolution is above 90%
  • Your talk time is less than five minutes
  • Surveys reveal clients are satisfied

While these results may appear great on the surface, metrics don't tell the whole story.

The effort from any support team seeks to balance three elements:

FCR: Time; Resources; Quality

First-Contact Resolution (FCR) Rate

Percentage of tickets resolved during first contact with user (e.g. before they hang up or within an hour of submitting ticket). Could be measured as first-contact, first-tier, or first-day resolution.

End-User Satisfaction

Perceived value of the service desk measured by a robust annual satisfaction survey of end users and/or transactional satisfaction surveys sent with a percentage of tickets.

Ticket Volume and Cost Per Ticket

Monthly operating expenses divided by average ticket volume per month. Report ticket volume by department or ticket category, and look at trends for context.

Average Time to Resolve (incidents) or Fulfill (service requests)

Time elapsed from when a ticket is "open" to "resolved." Distinguish between ticket resolution vs. closure, and measure time for incidents and service requests separately.

Focus on tension metrics to achieve long-term success

Tension metrics help create a balance by preventing teams from focusing on a single element.

For example, an MSP built incentives around ticket volume for their staff, but not the quality of tickets. As a result, the MSP staff rushed through tickets and gamed the system while service quality suffered.

Use metrics to establish baselines and benchmarking data:

  • If you know when spikes in ticket volumes occur, you can prepare to resource more appropriately for these time periods
  • Create KB articles to tackle recurring issues and assist tier 1 technicians and end users.
    • Employ a root cause analysis to eliminate recurring tickets.

"We had an average talk time of 15 minutes per call and I wanted to ensure they could handle those calls in 15 minutes. But the behavior was opposite, [the vendor] would wrap up the call, transfer prematurely, or tell the client they'd call them back. Service levels drive behavior so make sure they are aligned with your strategic goals with no unintended consequences."
– IT Services Manager, Banking

Info-Tech Insight

Make sure your metrics work cooperatively. Metrics should be chosen that cause tension on one another. It's not enough to rely on a fast service desk that doesn't have a high end-user satisfaction rate or runs at too high a cost; there needs to be balance.

2.2.2 Arrange groups of tension metrics to balance your reporting

1-3 hours

  1. Define KPIs and metrics that will be critical to service desk success.
  2. Distribute sticky notes of different colors to participants around the table.
  3. Select a space to place the sticky notes – a table, whiteboard, flip chart, etc. – and divide it into three zones.
  4. Refer to your defined list of goals and KPIs from activity 1.1.3 and discuss metrics to fulfill each KPI. Note that each goal (critical success factor, CSF) may have more than one KPI. For instance:
    1. Goal 1: Increase end-user satisfaction; KPI 1: Improve average transactional survey score. KPI 2: Improve annual relationship survey score.
    2. Goal 2: Improve service delivery; KPI 1: Reduce time to resolve incidents. KPI 2: Reduce time to fulfill service requests.
  5. Recall that tension metrics must form a balance between:
    1. Time
    2. Resources
    3. Quality
  6. Record the results in section 7 of the Service Desk Outsourcing Project Charter Template.

Input

  • Service desk outsourcing goals
  • Service desk outsourcing KPIs

Output

  • List of service desk metrics

Materials

  • Whiteboard/flip charts
  • Sticky notes
  • Markers
  • Laptops

Participants

  • Project Team
  • Service Desk Manager

Download the Project Charter Template

Phase 3

Develop an RFP and make a long-term relationship

Define the goal

Design an outsourcing strategy

Develop an RFP and make a long-term relationship

1.1 Identify goals and objectives

1.2 Assess outsourcing feasibility

2.1 Identify project stakeholders

2.2 Outline potential risks and constraints

3.1 Prepare a service overview and responsibility matrix

3.2 Define your approach to vendor relationship management

3.3 Manage the outsource relationship

This phase will walk you through the following activities:

  • Build your outsourcing RFP
  • Set expectations with candidate vendors
  • Score and select your vendor
  • Manage your relationship with the vendor

This phase involves the following participants:

  • CIO
  • Service Desk Manager
  • IT Managers
  • Project Managers

Define requirements for outsourcing service desk support

Step 3.1

Prepare a service overview and responsibility matrix

Activities

3.1.1 Evaluate your technology, people, and process requirements

3.1.2 Outline which party will be responsible for which service desk processes

This step requires the following inputs:

  • Service desk processes and requirements

This step involves the following participants:

  • CIO
  • Service Desk Manager
  • IT Managers
  • Project Managers

Outcomes of this step

  • Knowledge management and technology requirements
  • Self-service requirements

Develop an RFP and make a long-term relationship

Create a detailed RFP to ensure your candidate vendor will fulfill all your requirements

At its core, your RFP should detail the outcomes of your outsourcing strategy and communicate your needs to the vendor.

The RFP must cover business needs and the more detailed service desk functions required. Many enterprises only consider the functionality they need, while ignoring operational and selection requirements.

Negotiate a supply agreement with the preferred outsourcer for delivery of the required services. Ensure your RFP covers:

  1. Service specification
  2. Service levels
  3. Roles and responsibilities
  4. Transition period and acceptance
  5. Prices, payment, and duration
  6. Agreement administration
  7. Outsourcing issues

In addition to defining your standard requirements, don't forget to take into consideration the following factors when developing your RFP:

  • Employee onboarding and hardware imaging for new users
  • Applications you need current and future support for
  • Reporting requirements
  • Self-service options
  • Remote support needs and locations

Although it may be tempting, don't throw everything over the wall at your vendor in the RFP. Evaluate your service desk functions in terms of quality, cost effectiveness, and the value provided from the vendor. Organizations should only outsource functions that the vendor can operate better, faster, or cheaper.

Info-Tech Insight

Involve the right stakeholders in developing your RFP, not just service desk. If only service desk is involved in RFP discussion, the connection between tier 1 and specialists will be broken, as some processes are not considered from IT's point of view.

Identify ITSM solution requirements

Your vendor probably uses a different tool to manage their processes; make sure its capabilities align with the vision of your service desk.

Your service desk and outsourcing strategy were both designed with your current ITSM solution in mind. Before you hand the reins to an MSP, it is crucial that you outline how your current ITSM solution is being used in terms of functionality.

Find out if it's better to have the MSP use their own ITSM tools or your ITSM solution.

Benefits of operating within your own ITSM while outsourcing the service desk:

Disadvantages of using your own ITSM while outsourcing the service desk:

  • If you provide the service catalog, it's easier to control your ITSM tool yourself.
  • Using your own ITSM and giving access to the outsourcer will allow you to build your dashboard and access your operational metrics rather than relying on the MSP to provide you with metrics.
  • Usage of the current tool may be extended across multiple departments, so it may be in the best interest of your business to have the vendor adopt usage of the current tool.
  • While many ITSM solutions have similar functions, innate differences do exist between them. Outsourcers mostly want to operate in their own ticketing solution. As other departments besides IT may be using the service management tool, you will need to have the same tool across the organization. This makes purchasing the new ITSM license very expensive, unless you operate in the same ITSM as the outsourcer.
  • You need your vendor to be able to use the system you have in order to meet your requirements, which will limit your options in the market.
  • If the outsourcer is using your ITSM, you should provide training to them.

Info-Tech Insight

Defining your tool requirements can be a great opportunity to get the tool functionality you always wanted. Many MSPs offer enterprise-level ITSM tools and highly mature processes that may tempt you to operate within their ITSM environment. However, first define your goals for such a move, as well as pros and cons of operating in their service management tool to weigh if its benefits overweigh its downfalls.

Case Study

Lone Star College learned that it's important to select a vendor whose tool will work with your service desk

INDUSTRY: Education

SOURCE: ServiceNow

Challenge

Lone Star College has an end-user base of over 100,000 staff and students.

The college has six campuses across the state of Texas, and each campus was using its own service desk and ITSM solution.

Initially, the decision was to implement a single ITSM solution, but organizational complexity prevented that initiative from succeeding.

A decision was made to outsource and consolidate the service desks of each of the campuses to provide more uniform service to end users.

Solution

Lone Star College selected a vendor that implemented FrontRange.

Unfortunately, the tool was not the right fit for Lone Star's service and reporting needs.

After some discussion, the outsourcing vendor made the switch to ServiceNow.

Some time later, a hybrid outsourced model was implemented, with Lone Star and the vendor combining to provide 24/7 support.

Results

The consolidated, standardized approach used by Lone Star College and its vendor has created numerous benefits:

  • Standardized reporting
  • High end-user satisfaction
  • All SLAs are being met
  • Improved ticket resolution times
  • Automated change management.

Lone Star outsourced in order to consolidate its service desks quickly, but the tools didn't quite match.

It's important to choose a tool that works well with your vendor's, otherwise the same standardization issues can persist.

Design your RFP to help you understand what the vendor's standard offerings are and what it is capable of delivering

Your RFP should be worded in a way that helps you understand what your vendor's standard offerings are because that's what they're most capable of delivering. Rather than laying out all your requirements in a high level of detail, carefully craft your questions in a probing way. Then, understand what your current baseline is, what your target requirements are, and assess the gap.

Design the RFP so that responses can easily be compared against one another.

It is common to receive responses that are very different – RFPs don't provide a response framework. Comparing vastly different responses can be like comparing apples to oranges. Not only are they immensely time consuming to score, their scores also don't end up accurately reflecting the provider's capabilities or suitability as a vendor.

If your RFP is causing a ten minute printer backlog, you're doing something wrong.

Your RFP should not be hundreds of pages long. If it is, there is too much detail.

Providing too much detail can box your responses in and be overly limiting on your responses. It can deter potentially suitable provider candidates from sending a proposal.

Request
For
Proposal

"From bitter experience, if you're too descriptive, you box yourself in. If you're not descriptive enough, you'll be inundated with questions or end up with too few bidders. We needed to find the best way to get the message across without putting too much detail around it."
– Procurement Manager, Utilities

Info-Tech's Service Desk Outsourcing RFP Template contains nine sections

  1. Statement of work
    • Purpose, coverage, and participation ààInsert the purpose and goals of outsourcing your service desk, using steps 1.1 findings in this blueprint as reference.
  2. General information
    • Information about the document, enterprise, and schedule of events ààInsert the timeline you developed for the RFP issue and award process in this section.
  3. Proposal preparation instructions
    • The vendor's understanding of the RFP, good faith statement, points of contact, proposal submission, method of award, selection and notification.
  4. Service overview
    • Information about organizational perspective, service desk responsibility matrix, vendor requirements, and service level agreements (SLAs).
  5. Scope of work, specifications and requirements
    • Technical and functional requirements à Insert the requirements gathered in Phase 1 in this section of the RFP. Remember to include both current and future requirements.
  6. Exit conditions
    • Overview of exit strategy and transition process.
  7. Vendor qualifications and references
  8. Account management and estimated pricing
  9. Vendor certification
This is a screenshot of the Service Desk Outsourcing RFP Template.

The main point of focus in this document is defining your requirements (discussed in Phase 1) and developing proposal preparation instructions.

The rest of the RFP consists mostly of standard legal language. Review the rest of the RFP template and adapt the language to suit your organization's standards. Check with your legal departments to make sure the RFP adheres to company policies.

3.1.1 Evaluate your technology, people, and process requirements

1-2 hours

  1. Review the outsourcing goals you identified in Phase 1 (activity 1.1.3).
  2. For each goal, divide the defined requirements from your requirements database library (activity 1.2.1) into three areas:
    1. People Requirements
    2. Process Requirements
    3. Technical Requirements
  3. Group your requirements based on characteristics (e.g. recovery capabilities, engagement methodology, personnel, etc.).
  4. Validate these requirements with the relevant stakeholders.
  5. Document your results in section 4 of the Service Desk Outsourcing RFP Template.

Input

  • Identified key requirements

Output

  • Refined requirements to input into the RFP

Materials

  • Whiteboard/flip charts
  • Markers
  • Laptops

Participants

  • IT Director/CIO
  • Service Desk Manager
  • IT Managers

Download the Service Desk Outsourcing RFP Template

Assess knowledge management and technology requirements to enable the outsourcer with higher quality work

Retain ownership of the knowledgebase to foster long-term growth of organizational intelligence

With end users becoming more and more tech savvy, organizational intelligence is becoming an increasingly important aspect of IT support. Modern employees are able and willing to troubleshoot on their own before calling into the service desk. The knowledgebase and FAQs largely facilitate self-serve trouble shooting, both of which are not core concerns for the outsource vendor.

Why would the vendor help you empower end users and decrease ticket volume when it will lead to less revenue in the future? Ticket avoidance is not simply about saving money by removing support. It's about the end-user community developing organizational intelligence so that it doesn't need as much technical support.

Organizational intelligence occurs when shared knowledge and insight is used to make faster, better decisions.

When you outsource, the flow of technical insight to your end-user community slows down or stops altogether unless you proactively drive it. Retain ownership of the knowledgebase and ensure that the content is:

  1. Validated to ensure it accurately describes the best solution.
  2. Actionable to ensure it prescribes repeatable, verifiable steps.
  3. Contextual to ensure the reader knows when NOT to apply the knowledge.
  4. Maintained to ensure the solution remains current.
  5. Applied, since knowledge is a cost with no benefit unless you apply it and turn it into organizational intelligence.

Info-Tech Insight

Include knowledge management process in your ticket handling workflows to make sure knowledge is transferred to the MSP and end users. For more information on knowledge management, refer to Info-Tech's Standardize the Service Desk and Optimize the Service Desk With a Shift-Left Strategy blueprints.

Assess self-service requirements in your outsourcing plan

When outsourcing the service desk, determine who will take ownership of the self-service portal.

Nowadays, outsourcers provide innovative services such as self-serve options. However, bear in mind that the quality of such services is a differentiating factor. A well-maintained portal makes it easy to:

  • Report incidents efficiently via use-case-based forms
  • Place requests via a business-oriented service catalog
  • Automate request processes
  • Give visibility on ticket status
  • Access knowledgebase articles
  • Provide status on critical systems
  • Look for services by both clicking service lists and searching them
  • Provide 24/7 service via interactive communication with live agent and AI-powered machine
  • Streamline business process in multiple departments rather than only IT

In the outsourcing process, determine your expectations from your vendor on self-serve options and discuss how they will fulfill these requirements. Similar to other processes, work internally to define a list of services your organization is providing that you can pass over to the outsourcer to convert to a service catalog.

Use Info-Tech's Sample Enterprise Services document to start determining your business's services.

Assess admin rights in your outsourcing plan to give access to the outsourcer while you keep ownership

Provide accessibility to account management to improve self-service, which enables:

  • Group owners to be named who can add or remove people from their operating units
  • Users to update attributes such as photos, address, phone number
  • Synchronization with HRIS (Human Resource Information Systems) to enable two-way communication on attribute updates
  • Password reset self-service

Ensure the vendor has access rights to execute regular clean up to help:

  • Find stale and inactive user and computer accounts (inactive, expired, stale, never logged in)
  • Bulk move and disable capabilities
  • Find empty groups and remove
  • Find and assess NTFS permissions
  • Automated tasks to search and remediate

Give admin rights to outsourcer to enable reporting and auditing capabilities, such as:

  • Change tracking and notifications
  • Password reset attempts, account unlocks, permission and account changes
  • Anomaly detection and remediation
  • Privilege abuse, such as password sharing

Info-Tech Insight

Provide your MSP with access rights to enable the service desk to have account management without giving too much authentication. This way you'll enable moving tickets to the outsourcer while you keep ownership and supervision.

3.1.2 Outline which party will be responsible for which service desk processes

1-2 hours

This activity is an expansion to the outcomes of activity 1.2.1, where you determined the outsourcing requirements and the party to deliver each requirement.

  1. Add your identified tasks from the requirements database library to the service desk responsibility matrix (section 4.2 of the Service Desk Outsourcing RFP Template).
  2. Break each task down into more details. For instance, incident management may include tier 1, tier 2/3, KB creation and update, reporting, and auditing.
  3. Refer to section 4.1 of your Project Charter to review the responsible party for each use case.
  4. Considering the use cases, assess whether your organization, the MSP, or both parties will be responsible for the task.
  5. Document the results in section 4.2 of the RFP.

Input

  • Identified key requirements

Output

  • Responsible party to deliver each task

Materials

  • Whiteboard/flip charts
  • Markers
  • Laptops

Participants

  • IT Director/CIO
  • Service Desk Manager
  • IT Managers

Download the Service Desk Outsourcing RFP Template

Step 3.2

Define your approach to vendor relationship management

Activities

3.2.1 Define your SLA requirements

3.2.2 Score each vendor to mitigate the risk of failure

3.2.3 Score RFP responses

3.2.4 Get referrals, conduct reference interviews and evaluate responses for each vendor

Develop an RFP and make a long-term relationship

This step requires the following inputs:

  • Service desk outsourcing RFP
  • List of service desk outsourcing requirements

This step involves the following participants:

  • CIO
  • Service Desk Manager
  • IT Managers
  • Project Managers

Outcomes of this step

  • Service desk SLA
  • RFP scores

Don't rush to judgment; apply due diligence when selecting your vendor

The most common mistake in vendor evaluation is moving too quickly. The process leading to an RFP evaluation can be exhausting, and many organizations simply want to be done with the whole process and begin outsourcing.

The most common mistake in vendor evaluation is moving too quickly. The process leading to an RFP evaluation can be exhausting, and many organizations simply want to be done with the whole process and begin outsourcing.

  1. Call around to get referrals for each vendor
  2. Create a shortlist
  3. Review SLAs and contract terms
  4. Select your vendor

Recognize warning signs in the MSP's proposal to ensure a successful negotiation

Vendors often include certain conditions in their proposals that masquerade as appealing but may spell disaster. Watch for these red flags:

  1. Discounted Price
    • Vendors know the market value of their competitors' services. Price is not what sets them apart; it's the type of services offered as well as the culture present.
    • A noticeably low price is often indicative of a desperate organization that is not focused on quality managed services.
  2. No Pushback
    • Vendors should work to customize their proposal to suit both their capabilities and your needs. No pushback means they are not invested in your project as deeply as they should be.
    • You should be prepared for and welcome negotiations; they're a sign that both sides are reaching a mutually beneficial agreement.
  3. Continual SLA Improvement
    • Continual improvement is a good quality that your vendor should have, but it needs to have some strategic direction.
    • Throwing continual SLA improvement into the deal may seem great, but make sure that you'll benefit from the value-added service. Otherwise, you'll be paying for services that you don't actually need.

Clearly define core vendor qualities before looking at any options

Vendor sales and marketing people know just what to say to sway you: don't talk to them until you know what you're looking for.

Geography

Do you prefer global or local data centers? Do you need multiple locations for redundancy in case of disaster? Will language barriers be a concern?

Contract Length

Ensure you can terminate a poor arrangement by having shorter terms with optional renewals. It's better to renew and renegotiate if one side is losing in the deal in order to keep things fair. Don't assume that proposed long-term cost savings will provide a satisfactory service.

Target Market

Vendors are aiming at different business segments, from startups to large enterprises. Some will accept existing virtual machines, and others enforce compliance to appeal to government and health agencies.

SLA

A robust SLA strengthens a vendor's reliability and accountability. Agencies with special needs should have room in negotiations for customization. Providers should also account for regular SLA reviews and updates. Vendors should be tracking call volume and making projections that should translate directly to SLAs.

Support

Even if you don't need a vendor with 24/7 availability, vendors who cannot support this timing should be eliminated. You may want to upgrade later and will want to avoid the hassle of switching.

Maturity

Vendors must have the willingness and ability to improve processes and efficiencies over time. Maintaining the status-quo isn't acceptable in the constantly evolving IT world.

Cost

Consider which model makes the most sense: will you go with per call or per user pricing? Which model will generate vendor motivation to continually improve and meet your long-term goals? Watch out for variable pricing models.

Define your SLA requirements so your MSP can create a solution that fits

SLAs ensure accountability from the service provider and determine service price

SLAs define the performance of the service desk and clarify what the provider and customer can expect in their outsourcing relationship.

  • Service categories
  • The acceptable range of end-user satisfaction
  • The scope of what functions of the service desk are being measured (availability, time to resolve, time to respond, etc.)
  • Credits and penalties for achieving or missing targets
  • Frequency of measurement/reporting
  • Provisions and penalties for ending the contractual relationship early
  • Management and communication structure
  • Escalation protocol for incidents relating to tiers 2 or 3

Each MSP's RFP response will help you understand their basic SLA terms and enhanced service offerings. You need to understand the MSP's basic SLA terms to make sure they are adequate enough for your requirements. A well-negotiated SLA will balance the requirements of the customer and limit the liability of the provider in a win/win scenario.

For more information on defining service level requirements, refer to Info-Tech's blueprint Reduce Risk With Rock-Solid Service-Level Agreements.

3.2.1 Define your SLA requirements

2-3 hours

  • As a team, review your current service desk SLA for the following items:
    • Response time
    • Resolution time
    • Escalation time
    • End-user satisfaction
    • Service availability
  • Use the sample table as a starting point to determine your current incident management SLA:
  • Determine your SLA expectations from the outsourcer.
  • Document your SLA expectations in section 4.4 of the RFP template.

Participants: IT Managers, Service Desk Manager, Project Team

Response
PriorityResponse SLOResolution SLOEscalation Time
T1
Severity 1CriticalWithin 10 minutes4 hours to resolveImmediate
Severity 2HighWithin 1 business hour8 business hours to resolve20 minutes
Severity 3MediumWithin 4 business hours24 business hours to resolveAfter 20 minutes without progress
Severity 4LowSame day (8 hours)72 business hours to resolve After 1 hour without progress
SLO ResponseTime it takes for service desk to respond to service request or incident. Target response is 80% of SLO
SLO ResolutionTime it takes to resolve incident and return business services to normal. Target resolution is 80% of SLO

Download the Service Desk Outsourcing RFP Template

Get a detailed plan from your selected vendor before signing a contract

Build a standard process to evaluate candidate vendors

Use section 5 of Info-Tech's Service Desk Outsourcing RFP Template for commonly used questions and requirements for outsourcing the service desk. Ask the right questions to secure an agreement that meets your needs. If you are already in a contract with an MSP, tale the opportunity of contract renewal to improve the contract and service.

This is a screenshot of the Service Desk Outsourcing RFP Template.

Download the Service Desk Outsourcing RFP Template

Add your finalized assessment questions into Info-Tech's Service Desk Outsourcing RFP Scoring Tool to aggregate responses in one repository for comparison. Since the vendors are asked to respond in a standard format, it is easier to bring together all the responses to create a complete view of your options.

This is an image of the Service Desk Vendor Proposal Scoring Tool

Download the Service Desk Vendor Proposal Scoring Tool

3.2.2 Score each vendor to mitigate the risk of failure

1-2 hours

Include the right requirements for your organization and analyze candidate vendors on their capability to satisfy them.

  1. Use section 5 of the RFP template to convert your determined requirements into questions to address in vendor briefings.
  2. Review the questions in the context of near- and long-term service desk outsourcing needs. In the template, we have separated requirements into 7 categories:
    • Vendor Requirements (VR)
    • Vendor Qualifications/Engagement/Administration Capabilities (VQ)
    • Service Operations (SO)
    • Service Support (SS)
    • Service Level Agreement (SLA)
    • Transition Processes (TP)
    • Account Management (AM)
  3. Define the priority for each question:
    • Required
    • Desired
    • Optional
  4. Leave the compliance and comments to when you brief with vendors.

Input

  • Technical and functional requirements

Output

  • Priority level for each requirement
  • Completed list of requirement questions

Materials

  • Whiteboard/flip charts
  • Markers
  • Laptops

Participants

  • IT Director/CIO
  • Service Desk Manager
  • IT Managers

Download the Service Desk Outsourcing RFP Template

3.2.3 Score RFP responses

2-3 hours

  1. Enter the requirements questions into the RFP Scoring Tool and use it during vendor briefings.
  2. Copy the Required and Desired priority requirements from the previous activity into the RFP Questions column.
  3. Evaluate each RFP response against the RFP criteria based on the scoring scale.
  4. The Results section in the tool shows the vendor ranking based on their overall scores.
  5. Compare potential outsourcing partners considering scores on individual requirements categories and based on overall scores.

Input

  • Completed list of requirement questions
  • Priority level for each requirement

Output

  • List of top vendors for outsourcing the service desk

Materials

  • Service Desk Vendor Proposal Scoring Tool

Participants

  • Service Desk Manager
  • IT Managers
  • Project Managers
  • IT Director/CIO

Download the Service Desk Vendor Proposal Scoring Tool

3.2.3 Get referrals, conduct reference interviews, and evaluate responses for each vendor

  1. Outline a list of questions to conduct reference interviews with past/present clients of your candidate vendors.
  2. Use the reference interview template as a starting point. As a group review the questions and edit them to a list that will fulfill your requirements.
  3. Ask your candidate vendors to provide you with a list of three to five clients that have/had used their services. Make sure that vendors enforce the interview will be kept anonymous and names and results won't be disclosed.
  4. Ask vendors to book a 20-30 minute call with you and their client.
  5. Document your interview comments in your updated reference interview template.
  6. Update the RFP scoring tool accordingly.

Input

  • List of top vendors for outsourcing the service desk

Output

  • Updated list of top vendors for outsourcing the service desk

Materials

  • Service Desk Outsourcing Reference Interview Template
  • Service Desk Vendor Proposal Scoring Tool

Participants

  • Service Desk Manager
  • IT Managers
  • Project Managers

Download the Service Desk Vendor Proposal Scoring Tool

Compare pricing models of outsourcing services

It's a common sales tactic to use a low price as an easy solution. Carefully evaluate the vendors on your short-list and ensure that SLAs, culture, and price all match to your organization.

Research different pricing models and accurately assess which model fits your organization. Consider the following pricing models:

Pay per technician

In this model, a flat rate is allocated to agents tackling your service desk tickets. This is a good option for building long-term relationship with outsourcer's agents and efficient knowledge transfer to the external team; however, it's not ideal for small organizations that deal with few tickets. This is potentially an expensive model for small teams.

Pay per ticket

This model considers the number of tickets handled by the outsourcer. This model is ideal if you only want to pay for your requirement. Although the internal team needs to have a close monitoring strategy to make sure the outsourcer's efficiency in ticket resolution.

Pay per call

This is based on outbound and inbound calls. This model is proper for call centers and can be less expensive than the other models; however, tracking is not easy, as you should ensure service desk calls result in efficient resolution rather than unnecessary follow-up.

Pay per time (minutes or hours)

The time spent on tickets is considered in this model. With this model, you pay for the work done by agents, so that it may be a good and relatively cheap option. As quicker resolution SLA is usually set by the organization, customer satisfaction may drop, as agents will be driven to faster resolution, not necessarily quality of work.

Pay per user

This model is based on number of all users, or number of users for particular applications. In this model, correlation between number of users and number of tickets should be taken into account. This is an ideal model if you want to deal with impact of staffing changes on service price. Although you should first track metrics such as mean time to resolve and average number of tickets so you can prevent unnecessary payment based on number of users when most users are not submitting tickets.

Step 3.3

Manage the outsource relationship

Activities

3.3.1 Analyze your outsourced service desk for continual improvement

3.3.2 Make a case to either rehabilitate your outsourcing agreement or exit

3.3.3 Develop an exit strategy in case you need to end your contract early

Develop an RFP and make a long-term relationship

This step requires the following inputs:

  • Service desk SLA
  • List of impacted stakeholder groups
  • List of impacts and benefits of the outsourced service desk

This step involves the following participants:

  • CIO
  • Service Desk Manager
  • IT Managers
  • Project Managers

Outcomes of this step

  • Communication plan
  • Vendor management strategy

Ensure formality of your vendor management practice

A service desk outsourcing project is an ongoing initiative. Build a relationship plan to make sure the outsourcer complies with the agreement.

This is an iamge of the cycle of relationship management and pre-contract management.

Monitor Vendor Performance

Key Activity:

Measure performance levels with an agreed upon standard scorecard.

Manage Vendor Risk

Key Activity:

Periodical assessment of the vendors to ensure they are meeting compliance standards.

Manage Vendor Contracts and Relationships

Key Activity:
Manage the contracts and renewal dates, the level of demand for the services/products provided, and the costs accrued.

COMPLETE Identify and Evaluate Vendors

Key Activity:
Develop a plan with procurement and key internal stakeholders to define clear, consistent, and stable requirements.

COMPLETE Select a Vendor

Key Activity:
Develop a consistent and effective process for selecting the most appropriate vendor.

Manage Vendor Contracts and Relationships

Key Activity:
Contracts are consistently negotiated to ensure the vendor and the client have a documented and consistent understanding of mutual expectations.

Expect the vendor to manage processes according to your standards

You need this level of visibility into the service desk process, whether in-house or outsourced

Each of these steps requires documentation – either through standard operating procedures, SLAs, logs, or workflow diagrams.

  • Define key operating procedures and workflows
  • Record, classify, and prioritize tickets
  • Verify, approve, and fulfill tickets
  • Investigate, diagnose, and allocate tickets
  • Resolve, recover, and close tickets
  • Track and report

"Make sure what they've presented to you is exactly what's happening."
– Service Desk Manager, Financial Services

Manage the vendor relationship through regular communication

Regular contact with your MSP provides opportunities to address issues that emerge

Designate a relationship manager to act as a liaison at the business to be a conduit between the business and the MSP.

  • The relationship manager will take feedback from the MSP and relate it back to you to bridge the technical and business gap between the two.

Who should be involved

  • Routine review meetings should involve the MSP and your relationship manager.
  • Technical knowledge may be needed to address specific issues, but business knowledge and relationship management skills are absolutely required.
  • Other stakeholders and people who are deeply invested in the vendor relationship should be invited or at least asked to contribute questions and concerns.

What is involved

  • Full review of the service desk statistics, escalations, staffing changes, process changes, and drivers of extra billing or cost.
  • Updates to key documentation for the issues listed above and changes to the knowledgebase.
  • Significant drivers of customer satisfaction and dissatisfaction.
  • Changes that have/are being proposed that can impact any of the above.

Communicate changes to end users to avoid push back and get buy-in

Top-down processes for outsourcing will leave end users in the dark

  • Your service desk staff has been involved in the outsourcing process the entire time, but end users are affected all the same.
  • The service desk is the face of IT. A radical shift in service processes and points of contact can be detrimental to not only the service desk, but all of IT.
  • Communicating the changes early to end users will both help them cope with the change and help the MSP achieve better results.
    • An internal communication plan should be rolled out in order to inform and educate end users about the changes associated with outsourcing the service desk.
  • Your relationship manager should be tasked with communicating the changes to end users. The focus should be on addressing questions or concerns about the transition while highlighting the value gained through outsourcing to an MSP.
  • Service quality is a two-way street; the end user needs to be informed of proper protocols and points of contact so that the service desk technicians can fulfill their duties to the best of their ability.

"When my company decided to outsource, I performed the same role but for a different company. There was a huge disruption to the business flow and a lack of communication to manage the change. The transition took weeks before any end users figured out what the new processes were for submitting a ticket and who to ask for help, and from a personal side, it became difficult to maintain relationships with colleagues."
– IT Specialist for a financial institution

Info-Tech Insight

Educate the enterprise on expectations and processes that are handled by the MSP. Identify stakeholder groups affected by the outsourced processes then build a communication plan on what's been changed, what the benefits are, and how they will be impacted. Determine a timeline for communicating these initiatives and how these announcements will be made. Use InfoTech's Sample Communication Plan as a starting point.

Build a continual improvement plan to make sure your MSP is efficiently delivering services according to expectations

Ensure that your quality assurance program is repeatable and applicable to the outsourced services

  1. Design a QA scorecard that can help you assess steps the outsourcer agents should follow. Keep the questionnaire high level but specific to your environment. The scorecard should include questions that follow the steps to take considering your intake channels. For instance, if end users can reach the service desk via phone, chat, and email, build your QA around assessing customer service for call, chat, and ticket quality.
  2. Build a training program for agents: Develop an internal monitoring plan to relay detailed feedback to your MSP. Assess performance and utilize KBs as training materials for coaching agents on challenging transactions.
  3. Everything that goes to your service desk has to be documented; there will be no organic transfer of knowledge and experience.
  4. You need to let your MSP know how their efforts are impacting the performance of your organization. Measure your internal performance against the external performance of your service desk.
  5. Constant internal check-ins ensure that your MSP is meeting the SLAs outlined in the RFP.
  6. Routine reporting of metrics and ticket trends allow you to enact problem management. Otherwise, you risk your MSP operating your service desk with no internal feedback from its owner.
  7. Use metrics to determine the service desk functionality.

Consider the success story of your outsourced service desk

Build a feedback program for your outsourced services. Utilize transactional surveys to discover and tell outsourcing success to the impacted stakeholders.

Ensure you apply steps for providing feedback to make sure processes are handled as expected. Service desk is the face of IT. Customer satisfaction on ticket transactions reflects satisfaction with IT and the organization.

Build customer satisfaction surveys and conduct them for every transaction to get a better sense of outsourced service desk functionality. Collaborate with the vendor to make sure you build a proper strategy.

  • Build a right list of questions. Multiple and lengthy questions may lead to survey taking fatigue. Make sure you ask the right questions and give an option to the customer to comment any additional notes.
  • Give the option to users to rate the transaction. Make the whole process very seamless and doable in a few seconds.
  • Ensure to follow-up on negative feedback. This will help you find gaps in services and provide training to improve customer service.

3.3.1 Analyze your outsourced service desk for continual improvement

1 hour

  1. In this project, you determined the KPIs based on your service desk objectives (activity 2.2.2).
  2. Refer to your list of metrics in section 7 of the Service Desk Outsourcing Project Charter.
  3. Think about what story you want to tell and determine what factors will help move the narrative.
  4. Discuss how often you would like to track these metrics. Determine the audience for each metric.
  5. Provide the list to the MSP to create reports with auto-distribution.

Input

  • Determined CSFs and KPIs

Output

  • List of metrics to track, including frequency to report and audience to report to

Materials

  • Service Desk Outsourcing Project Charter

Participants

  • Service Desk Manager
  • IT Managers
  • Project Managers

Download the Project Charter Template

Reward the MSP for performance instead of "punishing" them for service failure

Turn your vendor into a true partner by including an "earn back" condition in the contract

MSPs often offer clients credit requests (service credits) for their service failures, which are applied to the previous month's monthly recurring charge. They are applied to the last month's MRC (monthly reoccurring charges) at the end of term and then the vendor pays out the residual.

However, while common, service credits are not always perceived to be a strong incentive for the provider to continually focus on improvement of mean-time-to-respond/mean-time-to-resolve.

  • Engage the vendor as a true partner within a relationship only based upon Service Credits.
  • Suggest the vendor include a minor change to the non-performance processes within the final agreement: the vendor implements an "earn back" condition in the agreement.
  • Where a bank of service credits exists because of non-performance, if the provider exceeds the SLA performance metrics for a number of consecutive months (two is common), then an amount of any prior credits received by client is returned to the provider as an earn back for improved performance.
  • This can be a useful mechanism to drive improved performance.

Measure the outsourced service desk ROI constantly to drive efficient decisions for continual improvement or an exit plan

Efficient outsourced service desk causes positive impacts on business satisfaction. To address the true value of the services outsourced, you should evaluate the return on investment (ROI) in these areas: Emotional ROI, Time ROI, Financial ROI

Emotional ROI

Service desk's main purpose should be to provide topnotch services to end users. Build a customer experience program and leverage transactional surveys and relationship surveys to constantly analyze customer feedback on service quality.

Ask yourself:

  • How have the outsourced services improved customer satisfaction?
  • How has the service desk impacted the business brand?
  • Have these services improved agents' job satisfaction?
  • What is the NPS score of the service desk?
  • What should we do to reduce the detractor rate and improve satisfaction leveraging the outsourced service desk?

Time ROI

Besides customer satisfaction, SLA commitment is a big factor to consider when conducting ROI analysis.

Ask these questions:

  • Have we had improvement in FCR?
  • What are the mean time to resolve incidents and mean time to fulfill requests?
  • Is the cost incurred to outsourced services worth improvement in such metrics?

Financial ROI

As already mentioned in Phase 1, the main motivation for outsourcing the service desk should not be around cost reduction, but to improve performance. Regardless, it's still important to understand the financial implications of your decision.

To evaluate the financial impact of your outsourced service desk, ask these questions:

  • How much have the outsourced services impacted our business financially?
  • How much are we paying compared to when it was done internally?
  • Considering the emotional, time, and effort factors, is it worth bringing the services in house or changing the vendor?

3.3.2 Make a case to either rehabilitate your outsourcing agreement or exit

3-4 hours

  1. Refer to the results of activity 2.2.2. for the list of metrics and the metrics dashboard over the past quarter.
  2. Consider emotional and time ROI, assess end-user satisfaction and SLA, and run a report comparison with the baseline that you built prior to outsourcing the service desk.
  3. Estimate the organization's IT operating expenses over the next five years if you stay with the vendor.
  4. Estimate the organization's IT operating expenses over the next five years if you switch the vendor.
  5. Estimate the organization's IT operating expenses over the next five years if you repatriate the service desk.
  6. Estimate the non-recurring costs associated with the move, such as the penalty for early contract termination, data center moving costs, and cost of potential business downtime during the move. Sum them to determine the investment.
  7. Calculate the return on investment. Discuss and decide whether the organization should consider rehabilitating the vendor agreement or ending the partnership.

Input

  • Outsourced service desk metrics
  • Operating expenses

Output

  • Return on investment

Materials

  • List of metrics
  • Laptop
  • Markers
  • Flip chart/whiteboard

Participants

  • IT Director/CIO
  • Service Desk Manager
  • IT Managers

For more information on conducting this activity, refer to InfoTech's blueprint Terminate the IT Infrastructure Outsourcing Relationship

Define exit conditions to complete your contract with your MSP

The end of outsourcing is difficult. Your organization needs to maintain continuity of service during the transition. Your MSP needs to ensure that its resources can be effectively transitioned to the next deployment with minimal downtime. It is crucial to define your exit conditions so that both sides can prepare accordingly.

  • Your exit conditions must be clearly laid out in the contract. Create a list of service desk functions and metrics that are important to your organization's success. If your MSP is not meeting those needs or performance levels, you should terminate your services.
  • Most organizations accomplish this through a clear definition of hard and measurable KPIs and metrics that must be achieved and what will happen in the case these metrics are not being regularly met. If your vendor doesn't meet these requirements as defined in your contract, you then have a valid reason and the ability to leave the agreement.

Examples of exit conditions:

  • Your MSP did not meet their SLAs on priority 1 or 2 tickets two times within a month.
  • If they didn't meet the SLA twice in that 30 days, you could terminate the contract penalty-free.

Info-Tech Insight

If things start going south with your MSP, negotiate a "get well plan." Outline your problems to the MSP and have them come back to you with a list of how they're going to fix these problems to get well before you move forward with the contract.

Try to rehabilitate before you repatriate

Switching service providers or ending the contract can be expensive and may not solve your problems. Try to rehabilitate your vendor relationship before immediately ending it.

You may consider terminating your outsourcing agreement if you are dissatisfied with the current agreement or there has been a change in circumstances (either the vendor has changed, or your organization has changed).

Before doing so, consider the challenges:

  1. It can be very expensive to switch providers or end a contract.
  2. Switching vendors can be a large project involving transfer of knowledge, documentation, and data.
  3. It can be difficult to maintain service desk availability, functionality, and reliability during the transition.

Diagnose the cause of the problem before assuming it's the MSP's fault. The issue may lie with poorly defined requirements and processes, lack of communication, poor vendor management, or inappropriate SLAs. Re-assess your strategy and re-negotiate your contract if necessary.

Info-Tech Insight

There are many reasons why outsourcing relationships fail, but it's not always the vendor's fault.

Clients often think their MSP isn't doing a great job, but a lot of the time the reason comes back to the client. They may not have provided sufficient documentation on processes, were not communicating well, didn't have a regular point of contact, and weren't doing regular service reviews. Before exiting the relationship, evaluate why it's not working and try to fix things first.

Don't stop with an exit strategy, you also need to develop a transition plan

Plan out your transition timeline, taking into account current contract terms and key steps required. Be prepared to handle tickets immediately upon giving notice.

  • Review your outsourcing contract with legal counsel to identify areas of concern for lock-in or breech.
  • Complete a cost/benefit analysis.
  • Bring intellectual property (including ticket data, knowledge base articles, and reports) back in-house (if you'd like to repatriate the service desk) or transfer to the next service desk vendor (if you're outsourcing to another MSP).
  • Review and update service desk standard processes (escalation, service levels, ticket templates, etc.).
  • Procure service desk software, licenses, and necessary hardware as needed.
  • Train the staff (internal for repatriating the service desk, or external for the prospective MSP).
  • Communicate the transition plan and be prepared to start responding to tickets immediately.

Info-Tech Insight

Develop a transition plan about six months before the contract notice date. Be proactive by constantly tracking the MSP, running ROI analyses and training staff before moving the services to the internal team or the next MSP. This will help you manage the transition smoothly and handle intake channels so that upon potential exit, users won't be disrupted.

3.3.3 Develop an exit strategy in case you need to end your contract early

3-4 hours

Create a plan to be prepared in case you need to end your contract with the MSP early.

Your exit strategy should encompass both the conditions under which you would need to end your contract with the MSP and the next steps you will take to transition your services.

  1. Define the exit conditions you plan to negotiate into your contract with the MSP:
    • Identify the performance levels you will require your MSP to meet.
    • Identify the actions you expect the MSP to take if they fail to meet these performance levels.
    • Identify the conditions under which you would leave the contract early.
  2. Develop a strategy for transitioning services in the event you need to leave your contract with the MSP:
    • Will you hand the responsibility to a new MSP or repatriate the service desk back in-house?
    • How will you maintain services through the transition?
  3. Document your exit strategy in section 6 of the Service Desk Outsourcing RFP Template.

Input

  • Outsourced service desk metrics
  • Operating expenses

Output

  • Return on investment

Materials

  • List of metrics
  • Laptop
  • Markers
  • Flip chart/whiteboard

Participants

  • IT Director/CIO
  • Service Desk Manager
  • IT Managers

Download the Service Desk Outsourcing RFP Template

Summary of Accomplishment

Problem Solved

You have now re-envisioned your service desk by building a solid strategy for outsourcing it to a vendor. You first analyzed your challenges with the current service desk and evaluated the benefits of outsourcing services. Then you went through requirements assessment to find out which processes should be outsourced. Thereafter, you developed an RFP to communicate your proposal and evaluate the best candidates.

You have also developed a continual improvement plan to ensure the outsourcer provides services according to your expectations. Through this plan, you're making sure to build a good relationship through incentivizing the vendor for accomplishments rather than punishing for service failures. However, you've also contemplated an exit plan in the RFP for potential consistent service failures.

Ideally, this blueprint has helped you go beyond requirements identification and served as a means to change your mindset and strategy for outsourcing the service desk efficiently to gain long-term benefits.

if you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

Contact your account representative for more information

workshops@infotech.com

1-888-670-8889

Additional Support

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

This is a picture of Info-Tech analyst Mahmoud Ramin

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

The following are sample activities that will be conducted by Info-Tech analysts with your team:

This is a screenshot of activity 1.2.1 found in this blueprint

Identify Processes to Outsource
Identify service desk tasks that will provide the most value upon outsourcing.

This is a screenshot of activity 3.2.2 found in this blueprint

Score Candidate Vendors
Evaluate vendors on their capabilities for satisfying your service desk requirements.

Related Info-Tech Research

Standardize the Service Desk

  • Improve customer service by driving consistency in your support approach and meeting SLAs.

Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery

  • There are very few IT infrastructure components you should be housing internally – outsource everything else.

Terminate the IT Infrastructure Outsourcing Relationship

  • There must be 50 ways to leave your vendor.

Research Contributors and Experts

Yev Khovrenkov; Enterprise Consultant, Solvera Solutions

Kamil Salagan; I&O Manager, Bartek Ingredients

Satish Mekerira; VP of IT, Coherus BioSciences

Kris Krishan; Head of IT and Business Systems, Waymo

Kris Arthur; Infra & Security Director, SEKO Logistics

Valance Howden; Principal Research Advisor, Info-Tech Research Group

Sandi Conrad; Principal Research Director, Info-Tech Research Group

Graham Price; Senior Director of Executive Services, Info-Tech Research Group

Barry Cousins; Practice Lead, Info-Tech Research Group

Mark Tauschek; VP of I&O Research, Info-Tech Research Group

Darin Stahl; Principal Research Advisor, Info-Tech Research Group

Scott Yong; Principal Research Advisor, Info-Tech Research Group

A special thank-you to five anonymous contributors

Bibliography

Allnutt, Charles. "The Ultimate List of Outsourcing Statistics." MicroSourcing, 2022. Accessed July 2022.
"Considerations for outsourcing the service desk. A guide to improving your service desk and service delivery performance through outsourcing." Giva. Accessed May 2022.
Hurley, Allison. "Service Desk Outsourcing | Statistics, Challenges, & Benefits." Forward BPO Inc., 2019. Accessed June 2022.
Mtsweni, Patricia, et al. "The impact of outsourcing information technology services on business operations." South African Journal of Information Management, 2021, Accessed May 2022.
"Offshore, Onshore or Hybrid–Choosing the Best IT Outsourcing Model." Calance, 2021. Accessed June 2022. Web.
"Service Integration and Management (SIAM) Foundation Body of Knowledge." Scopism, 2020. Accessed May 2022.
Shultz, Aaron. "IT Help Desk Outsourcing Pricing Models Comparison." Global Help Desk Services. Accessed June 2022. Web.
Shultz, Aaron. "4 Steps to Accurately Measure the ROI of Outsourced Help Desk Services" Global Help Desk Services, Accessed June 2022. Web.
Sunberg, John. "Great Expectations: What to Look for from Outsourced Service Providers Today." HDI. Accessed June 2022. Web.
Walters, Grover. "Pivotal Decisions in outsourcing." Muma Case Review, 2019. Accessed May 2022.
Wetherell, Steve. "Outsourced IT Support Services: 10 Steps to Better QA" Global Held Desk Services. Accessed May 2022. Web.

Evolve Your Business Through Innovation

  • Buy Link or Shortcode: {j2store}330|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Innovation
  • Parent Category Link: /innovation
  • Innovation teams are tasked with the responsibility of ensuring that their organizations are in the best position to succeed while the world is in a period of turmoil, chaos, and uncertainty.
  • CIOs have been expected to help the organization transition to remote work and collaboration instantaneously.
  • CEOs are under pressure to redesign, and in some cases reinvent, their business model to cope with and compete in a new normal.

Our Advice

Critical Insight

It is easy to get swept up during a crisis and cling to past notions of normal. Unfortunately, there is no controlling the fact that things have changed fundamentally, and it is now incumbent upon you to help your organization adapt and evolve. Treat this as an opportunity because that is precisely what this is.

Impact and Result

There are some lessons we can learn from innovators who have succeeded through past crises and from those who are succeeding now.

There are a number of tactics an innovation team can employ to help their business evolve during this time:

  1. Double down on digital transformation (DX)
  2. Establish a foresight capability
  3. Become a platform for good

Evolve Your Business Through Innovation Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Evolve your business through innovation

Download our guide to learn what you can do to evolve your business and innovate your way through uncertainty.

  • Evolve Your Business Through Innovation Storyboard
[infographic]

Understand the Data and Analytics Landscape

  • Buy Link or Shortcode: {j2store}131|cart{/j2store}
  • member rating overall impact: 9.8/10 Overall Impact
  • member rating average dollars saved: $2,000 Average $ Saved
  • member rating average days saved: 14 Average Days Saved
  • Parent Category Name: Data Management
  • Parent Category Link: /data-management
  • The data and analytics landscape comprises many disciplines and components; organizations may find themselves unsure of where to start or what data topic or area they should be addressing.
  • Organizations want to better understand the components of the data and analytics landscape and how they are connected.

Our Advice

Critical Insight

  • This deck will provide a base understanding of the core data disciplines and will point to the various Info-Tech blueprints that dive deeper into each of the areas.

Impact and Result

  • This deck will provide a base understanding of the core disciplines of the data and analytics landscape and will point to the various Info-Tech blueprints that dive deeper into each of the areas.

Understand the Data and Analytics Landscape Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Understand the data and analytics landscape

Get an overview of the core disciplines of the data and analytics landscape.

  • Understand the Data and Analytics Landscape Storyboard

Infographic

Implement Hardware Asset Management

  • Buy Link or Shortcode: {j2store}312|cart{/j2store}
  • member rating overall impact: 9.4/10 Overall Impact
  • member rating average dollars saved: $29,447 Average $ Saved
  • member rating average days saved: 25 Average Days Saved
  • Parent Category Name: Asset Management
  • Parent Category Link: /asset-management
  • Executives are often aware of the benefits asset management offers, but many organizations lack a defined program to manage their hardware.
  • Efforts to implement hardware asset management (HAM) are stalled because organizations feel overwhelmed navigating the process or under use the data, failing to deliver value.

Our Advice

Critical Insight

  • Organizations often implement an asset management program as a one-off project and let it stagnate.
  • Organizations often fail to dedicate adequate resources to the HAM process, leading to unfinished processes and inconsistent standards.
  • Hardware asset management programs yield a large amount of useful data. Unfortunately, this data is often underutilized. Departments within IT become data siloes, preventing effective use of the data.

Impact and Result

  • As the IT environment continues to change, it is important to establish consistency in the standards around IT asset management.
  • A current state assessment of your HAM program will shed light on the steps needed to safeguard your processes.
  • Define the assets that will need to be managed to inform the scope of the ITAM program before defining processes.
  • Build and involve an ITAM team in the process from the beginning to help embed the change.
  • Define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.

Implement Hardware Asset Management Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should Implement Hardware Asset Management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Lay foundations

Build the foundations for the program to succeed.

  • Implement Hardware Asset Management – Phase 1: Lay Foundations
  • HAM Standard Operating Procedures
  • HAM Maturity Assessment Tool
  • IT Asset Manager
  • IT Asset Administrator

2. Procure & receive

Define processes for requesting, procuring, receiving, and deploying hardware.

  • Implement Hardware Asset Management – Phase 2: Procure and Receive
  • HAM Process Workflows (Visio)
  • HAM Process Workflows (PDF)
  • Non-Standard Hardware Request Form
  • Purchasing Policy

3. Maintain & dispose

Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.

  • Implement Hardware Asset Management – Phase 3: Maintain and Dispose
  • Asset Security Policy
  • Hardware Asset Disposition Policy

4. Plan implementation

Plan the hardware budget, then build a communication plan and roadmap to implement the project.

  • Implement Hardware Asset Management – Phase 4: Plan Implementation 
  • HAM Budgeting Tool
  • HAM Communication Plan
  • HAM Implementation Roadmap
[infographic]

Workshop: Implement Hardware Asset Management

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Lay Foundations

The Purpose

Build the foundations for the program to succeed.

Key Benefits Achieved

Evaluation of current challenges and maturity level

Defined scope for HAM program

Defined roles and responsibilities

Identified metrics and reporting requirements

Activities

1.1 Outline hardware asset management challenges.

1.2 Conduct HAM maturity assessment.

1.3 Classify hardware assets to define scope of the program.

1.4 Define responsibilities.

1.5 Use a RACI chart to determine roles.

1.6 Identify HAM metrics and reporting requirements.

Outputs

HAM Maturity Assessment

Classified hardware assets

Job description templates

RACI Chart

2 Procure & Receive

The Purpose

Define processes for requesting, procuring, receiving, and deploying hardware.

Key Benefits Achieved

Defined standard and non-standard requests for hardware

Documented procurement, receiving, and deployment processes

Standardized asset tagging method

Activities

2.1 Identify IT asset procurement challenges.

2.2 Define standard hardware requests.

2.3 Document standard hardware request procedure.

2.4 Build a non-standard hardware request form.

2.5 Make lease vs. buy decisions for hardware assets.

2.6 Document procurement workflow.

2.7 Select appropriate asset tagging method.

2.8 Design workflow for receiving and inventorying equipment.

2.9 Document the deployment workflow(s).

Outputs

Non-standard hardware request form

Procurement workflow

Receiving and tagging workflow

Deployment workflow

3 Maintain & Dispose

The Purpose

Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.

Key Benefits Achieved

Policies and processes for hardware maintenance and asset security

Documented workflows for hardware disposal and recovery/redeployment

Activities

3.1 Build a MAC policy, request form, and workflow.

3.2 Design process and policies for hardware maintenance, warranty, and support documentation handling.

3.3 Revise or create an asset security policy.

3.4 Identify challenges with IT asset recovery and disposal and design hardware asset recovery and disposal workflows.

Outputs

User move workflow

Asset security policy

Asset disposition policy, recovery and disposal workflows

4 Plan Implementation

The Purpose

Select tools, plan the hardware budget, then build a communication plan and roadmap to implement the project.

Key Benefits Achieved

Shortlist of ITAM tools

Hardware asset budget plan

Communication plan and HAM implementation roadmap

Activities

4.1 Generate a shortlist of ITAM tools that will meet requirements.

4.2 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget.

4.3 Build HAM policies.

4.4 Develop a communication plan.

4.5 Develop a HAM implementation roadmap.

Outputs

HAM budget

Additional HAM policies

HAM communication plan

HAM roadmap tool

Further reading

Implement Hardware Asset Management

Build IT services value on the foundation of a proactive asset management program.

ANALYST PERSPECTIVE

IT asset data impacts the entire organization. It’s time to harness that potential.

"Asset management is like exercise: everyone is aware of the benefits, but many struggle to get started because the process seems daunting. Others fail to recognize the integrative potential that asset management offers once an effective program has been implemented.

A proper hardware asset management (HAM) program will allow your organization to cut spending, eliminate wasteful hardware, and improve your organizational security. More data will lead to better business decision-making across the organization.

As your program matures and your data gathering and utility improves, other areas of your organization will experience similar improvements. The true value of asset management comes from improved IT services built upon the foundation of a proactive asset management program." - Sandi Conrad, Practice Lead, Infrastructure & Operations Info-Tech Research Group

Our understanding of the problem

This Research Is Designed For:

  • Asset Managers and Service Delivery Managers tasked with developing an asset management program who need a quick start.
  • CIOs and CFOs who want to reduce or improve budgeting of hardware lifecycle costs.
  • Information Security Officers who need to mitigate the risk of sensitive data loss due to insecure assets.

This Research Will Help You:

  • Develop a hardware asset management (HAM) standard operating procedure (SOP) that documents:
    • Process roles and responsibilities.
    • Data classification scheme.
    • Procurement standards, processes, and workflows for hardware assets.
    • Hardware deployment policies, processes, and workflows.
    • Processes and workflows for hardware asset security and disposal.
  • Identify requirements for an IT asset management (ITAM) solution to help generate a shortlist.
  • Develop a hardware asset management implementation roadmap.
  • Draft a communication plan for the initiative.

Executive summary

Situation

  • Executives are aware of the numerous benefits asset management offers, but many organizations lack a defined ITAM program and especially a HAM program.
  • Efforts to implement HAM are stalled because organizations cannot establish and maintain defined processes and policies.

Complication

  • Organizations often implement an asset management program as a one- off project and let it stagnate, but asset management needs to be a dynamic, continually involving process to succeed.
  • Organizations often fail to dedicate adequate resources to the HAM process, leading to unfinished processes and inconsistent standards.
  • Hardware asset management programs yield a large amount of useful data. Unfortunately, this data is often underused. Departments within IT become data siloes, preventing effective use of the data.

Resolution

  • As the IT environment continues to change, it is important to establish consistency in the standards around IT asset management.
  • A current state assessment of your HAM program will shed light on the steps needed to safeguard your processes.
  • Define the assets that will need to be managed to inform the scope of the ITAM program before defining processes.
  • Build and involve an ITAM team in the process from the beginning to help embed the change.
  • Define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.
  • Pace yourself; a staged implementation will make your ITAM program a success.

Info-Tech Insight

  1. HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.
  2. ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.
  3. Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

Implement HAM to reduce and manage costs, gain efficiencies, and ensure regulatory compliance

Save & Manage Money

  • Companies with effective HAM practices achieve cost savings through redeployment, reduction of lost or stolen equipment, power management, and on-time lease returns.
  • The right HAM system will enable more accurate planning and budgeting by business units.

Improve Contract Management

  • Real-time asset tracking to vendor terms and conditions allows for more effective negotiation.

Inform Technology Refresh

  • HAM provides accurate information on hardware capacity and compatibility to inform upgrade and capacity planning

Gain Service Efficiencies

  • Integrating the hardware lifecycle with the service desk will enable efficiencies through Install/Moves/Adds/Changes (IMAC) processes, for larger organizations.

Meet Regulatory Requirements

  • You can’t secure organizational assets if you don’t know where they are! Meet governance and privacy laws by knowing asset location and that data is secure.

Prevent Risk

  • Ensure data is properly destroyed through disposal processes, track lost and stolen hardware, and monitor hardware to quickly identify and isolate vulnerabilities.

HAM is more than just inventory; 92% of organizations say that it helps them provide better customer support

Hardware asset management (HAM) provides a framework for managing equipment throughout its entire lifecycle. HAM is more than just keeping an inventory; it focuses on knowing where the product is, what costs are associated with it, and how to ensure auditable disposition according to best options and local environmental laws.

Implementing a HAM practice enables integration of data and enhancement of many other IT services such as financial reporting, service management, green IT, and data and asset security.

Cost savings and efficiency gains will vary based on the organization’s starting state and what measures are implemented, but most organizations who implement HAM benefit from it. As organizations increase in size, they will find the greatest gains operationally by becoming more efficient at handling assets and identifying costs associated with them.

A 2015 survey by HDI of 342 technical support professionals found that 92% say that HAM has helped their teams provide better support to customers on hardware-related issues. Seventy-seven percent have improved customer satisfaction through managing hardware assets. (HDI, 2015)

HAM delivers cost savings beyond only the procurementstage

HAM cost savings aren’t necessarily realized through the procurement process or reduced purchase price of assets, but rather through the cost of managing the assets.

HAM delivers cost savings in several ways:

  • Use a discovery tool to identify assets that may be retired, redeployed, or reused to cut or reallocate their costs.
  • Enforce power management policies to reduce energy consumption as well as costs associated with wasted energy.
  • Enforce policies to lock down unauthorized devices and ensure that confidential information isn’t lost (and you don’t have to waste money recovering lost data).
  • Know the location of all your assets and which are connected to the network to ensure patches are up to date and avoid costly security risks and unplanned downtime.
  • Scan assets to identify and remediate vulnerabilities that can cause expensive security attacks.
  • Improve vendor and contract management to identify areas of hardware savings.

The ROI for HAM is significant and measurable

Benefit Calculation Sample Annual Savings

Reduced help desk support

  • The length of support calls should be reduced by making it easier for technicians to identify PC configuration.
# of hardware-related support tickets per year * cost per ticket * % reduction in average call length 2,000 * $40 * 20% = $16,000

Greater inventory efficiency

  • An ITAM solution can automate and accelerate inventory preparation and tasks.
Hours required to complete inventory * staff required * hourly pay rate for staff * number of times a year inventory required 8 hours * 5 staff * $33 per hour * 2 times a year = $2,640

Improved employee productivity

  • Organizations can monitor and detect unapproved programs that result in lost productivity.
# of employees * percentage of employees who encounter productivity loss through unauthorized software * number of hours per year spent using unauthorized software * average hourly pay rate 500 employees * 10% * 156 hours * $18 = $140,400

Improved security

  • Improved asset tracking and stronger policy enforcement will reduce lost and stolen devices and data.
# of devices lost or stolen last year * average replacement value of device + # of devices stolen * value of data lost from device (50 * $1,000) + (50 * $5,000) = $300,000
Total Savings: $459,040
  1. Weigh the return against the annual cost of investing in an ITAM solution to calculate the ROI.
  2. Don’t forget about the intangible benefits that are more difficult to quantify but still significant, such as increased visibility into hardware, more accurate IT planning and budgeting, improved service delivery, and streamlined operations.

Avoid these common barriers to ITAM success

Organizations that struggle to implement ITAM successfully usually fall victim to these barriers:

Organizational resistance to change

Senior-level sponsorship, engagement, and communication is necessary to achieve the desired outcomes of ITAM; without it, ITAM implementations stall and fail or lack the necessary resources to deliver the value.

Lack of dedicated resources

ITAM often becomes an added responsibility for resources who already have other full-time responsibilities, which can quickly cause the program to lose focus. Increase the chance of success through dedicated resources.

Focus on tool over process

Many organizations buy a tool thinking it will do most of the work for them, but without supporting processes to define ITAM, the data within the tool can become unreliable.

Choosing a tool or process that doesn’t scale

Some organizations are able to track assets through manual discovery, but as their network and user base grows, this quickly becomes impossible. Choose a tool and build processes that will support the organization as it grows.

Using data only to respond to an audit without understanding root causes

Often, organizations implement ITAM only to the extent necessary to achieve compliance for audits, but without investigating the underlying causes of non-compliance and thus not solving the real problems.

To help you make quick progress, Info-Tech Research Group parses hardware asset management into essential processes

Focus on hardware asset lifecycle management essentials:

IT Asset Procurement:

  • Define procurement standards for new hardware along with related warranties and support options.
  • Develop processes and workflows for purchasing and work out financial implications to inform budgeting later.

IT Asset Intake and Deployment:

  • Define policies, processes, and workflows for hardware and receiving, inventory, and tracking practices.
  • Develop processes and workflows for managing imaging, change and moves, and large-scale rollouts.

IT Asset Security and Maintenance:

  • Develop processes, policies, and workflows for asset tracking and security.
  • Maintain contracts and agreements.

IT Asset Disposal or Recovery:

  • Manage the employee termination and equipment recovery cycle.
  • Securely wipe and dispose of assets that have reached retirement stage.

The image is a circular graphic, with Implement HAM written in the middle. Around the centre circle are four phrases: Recover or Dispose; Plan & Procure; Receive & Deploy; Secure & Maintain. Around that circle are six words: Retire; Plan; Request; Procure; Receive; Manage.

Follow Info-Tech’s methodology to build a plan to implement hardware asset management

Phase 1: Assess & Plan Phase 2: Procure & Receive Phase 3: Maintain & Dispose Phase 4: Plan Budget & Build Roadmap
1.1 Assess current state & plan scope 2.1 Request & procure 3.1 Manage & maintain 4.1 Plan budget
1.2 Build team & define metrics 2.2 Receive & deploy 3.2 Redeploy or dispose 4.2 Communicate & build roadmap
Deliverables
Standard Operating Procedure (SOP)
HAM Maturity Assessment Procurement workflow User move workflow HAM Budgeting Tool
Classified hardware assets Non-standard hardware request form Asset security policy HAM Communication Plan
RACI Chart Receiving & tagging workflow Asset disposition policy HAM Roadmap Tool
Job Descriptions Deployment workflow Asset recovery & disposal workflows Additional HAM policies

Asset management is a key piece of Info-Tech's COBIT- inspired IT Management and Governance Framework

The image shows a graphic which is a large grid, showing Info-Tech's research, sorted into categories.

Cisco IT reduced costs by upwards of $50 million through implementing ITAM

CASE STUDY

Industry IT

Source Cisco Systems, Inc.

Cisco Systems, Inc.

Cisco Systems, Inc. is the largest networking company in the world. Headquartered in San Jose, California, the company employees over 70,000 people.

Asset Management

As is typical with technology companies, Cisco boasted a proactive work environment that encouraged individualism amongst employees. Unfortunately, this high degree of freedom combined with the rapid mobilization of PCs and other devices created numerous headaches for asset tracking. At its peak, spending on hardware alone exceeded $100 million per year.

Results

Through a comprehensive ITAM implementation, the new asset management program at Cisco has been a resounding success. While employees did have to adjust to new rules, the process as a whole has been streamlined and user-satisfaction levels have risen. Centralized purchasing and a smaller number of hardware platforms have allowed Cisco to cut its hardware spend in half, according to Mark Edmondson, manager of IT services expenses for Cisco Finance.

This case study continues in phase 1

The image shows four bars, from bottom to top: 1. Asset Gathering; 2. Asset Distribution; 3. Asset Protection; 4. Asset Data. On the right, there is an arrow pointing upwards labelled ITAM Program Maturity.

Info-Tech delivers: Use our tools and templates to accelerate your project to completion

HAM Standard Operating Procedures (SOP)

HAM Maturity Assessment

Non-Standard Hardware Request Form

HAM Visio Process Workflows

HAM Policy Templates

HAM Budgeting Tool

HAM Communication Plan

HAM Implementation Roadmap Tool

Measured value for Guided Implementations (GIs)

Engaging in GIs doesn’t just offer valuable project advice, it also results in significant cost savings.

GI Measured Value
Phase 1: Lay Foundations
  • Time, value, and resources saved by using Info-Tech’s tools and templates to assess current state and maturity, plan scope of HAM program, and define roles and metrics.
  • For example, 2 FTEs * 14 days * $80,000/year = $8,615
Phase 2: Procure & Receive
  • Time, value, and resources saved by using Info-Tech’s tools and templates to build processes for hardware request, procurement, receiving, and deployment.
  • For example, 2 FTEs * 14 days * $80,000/year = $8,615
Phase 3: Maintain & Dispose
  • Time, value, and resources saved by following Info-Tech’s tools and methodology to build processes and policies for managing and maintaining hardware and disposing or redeploying of equipment.
  • For example, 2 FTE * 14 days * $80,000/year = $8,615
Phase 4: Plan Implementation
  • Time, value, and resources saved by following Info-Tech’s tools and methodology to select tools, plan the hardware budget, and build a roadmap.
  • For example, 2 FTE * 14 days * $80,000/year = $8,615
Total savings $25,845

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation overview

1. Lay Foundations 2. Procure & Receive 3. Maintain & Dispose 4. Budget & Implementation
Best-Practice Toolkit

1.1 Assess current state & plan scope

1.2 Build team & define metrics

2.1 Request & procure

2.2 Receive & deploy

3.1 Manage & maintain

3.2 Redeploy or dispose

4.1 Plan budget

4.2 Communicate & build roadmap

Guided Implementation
  • Assess current state.
  • Define scope of HAM program.
  • Define roles and metrics.
  • Define standard and non-standard hardware.
  • Build procurement process.
  • Determine asset tagging method and build equipment receiving and deployment processing.
  • Define processes for managing and maintaining equipment.
  • Define policies for maintaining asset security.
  • Build process for redeploying or disposing of assets.
  • Discuss best practices for effectively managing a hardware budget.
  • Build communications plan and roadmap.
Results & Outcomes
  • Evaluation of current maturity level of HAM
  • Defined scope for the HAM program including list of hardware to track as assets
  • Defined roles and responsibilities
  • Defined and documented KPIs and metrics to meet HAM reporting requirements
  • Defined standard and non- standard requests and processes
  • Defined and documented procurement workflow and purchasing policy
  • Asset tagging method and process
  • Documented equipment receiving and deployment processes
  • MAC policies and workflows
  • Policies and processes for hardware maintenance and asset security
  • Documented workflows for hardware disposal and recovery/redeployment
  • Shortlist of ITAM tools
  • Hardware asset budget plan
  • Communication plan and HAM implementation roadmap

Workshop overview

Contact your account representative or email Workshops@InfoTech.comfor more information.

Phases: Teams, Scope & Hardware Procurement Hardware Procurement and Receiving Hardware Maintenance & Disposal Budgets, Roadmap & Communications
Duration* 1 day 1 day 1 day 1 day
* Activities across phases may overlap to ensure a timely completion of the engagement
Projected Activities
  • Outline hardware asset management goals
  • Review HAM maturity and anticipated milestones
  • Define scope and classify hardware assets
  • Define roles and responsibilities
  • Define metrics and reporting requirements
  • Define standard and non-standard hardware requests
  • Review and document procurement workflow
  • Discuss appropriate asset tagging method
  • Design and document workflow for receiving and inventorying equipment
  • Review/create policy for hardware procurement and receiving
  • Identify data sources and methodology for inventory and data collection
  • Define install/moves/adds/changes (MAC) policy
  • Build workflows to document user MAC processes and design request form
  • Design process and policies for hardware maintenance, warranty, and support documentation handling
  • Design hardware asset recovery and disposal workflows
  • Define budgeting process and review Info-Tech’s HAM Budgeting Tool
  • Develop a communication plan
  • Develop a HAM implementation plan
Projected Deliverables
  • Standard operating procedures for hardware
  • Visio diagrams for all workflows
  • Workshop summary with milestones and task list
  • Budget template
  • Policy draft

Phase 1

Lay Foundations

Implement Hardware Asset Management

A centralized procurement process helped cut Cisco’s hardware spend in half

CASE STUDY

Industry IT

Source Cisco Systems, Inc.

Challenge

Cisco Systems’ hardware spend was out of control. Peaking at $100 million per year, the technology giant needed to standardize procurement processes in its highly individualized work environment.

Users had a variety of demands related to hardware and network availability. As a result, data was spread out amongst multiple databases and was managed by different teams.

Solution

The IT team at Cisco set out to solve their hardware-spend problem using a phased project approach.

The first major step was to identify and use the data available within various departments and databases. The heavily siloed nature of these databases was a major roadblock for the asset management program.

This information had to be centralized, then consolidated and correlated into a meaningful format.

Results

The centralized tracking system allowed a single point of contact (POC) for the entire lifecycle of a PC. This also created a centralized source of information about all the PC assets at the company.

This reduced the number of PCs that were unaccounted for, reducing the chance that Cisco IT would overspend based on its hardware needs.

There were still a few limitations to address following the first step in the project, which will be described in more detail further on in this blueprint.

This case study continues in phase 2

Step 1.1: Assess current state and plan scope

Phase 1: Assess & Plan

1.1 Assess current state & plan scope

1.2 Build team & define metrics

This step will walk you through the following activities:

1.1.1 Complete MGD (optional)

1.1.2 Outline hardware asset management challenges

1.1.3 Conduct HAM maturity assessment

1.1.4 Classify hardware assets to define scope of the program

This step involves the following participants:

  • CIO/CFO
  • IT Director
  • Asset Manager
  • Purchasing
  • Service Desk Manager
  • Security (optional)
  • Operations (optional)

Step Outcomes

  • Understand key challenges related to hardware asset management within your organization to inform program development.
  • Evaluate current maturity level of hardware asset management components and overall program to determine starting point.
  • Define scope for the ITAM program including list of hardware to track as assets.

Complete the Management & Governance Diagnostic (MGD) to weigh the effectiveness of ITAM against other services

1.1.1 Optional Diagnostic

The MGD helps you get the data you need to confirm the importance of improving the effectiveness of your asset management program.

The MGD allows you to understand the landscape of all IT processes, including asset management. Evaluate all team members’ perceptions of each process’ importance and effectiveness.

Use the results to understand the urgency to change asset management and its relevant impact on the organization.

Establish process owners and hold team members accountable for process improvement initiatives to ensure successful implementation and realize the benefits from more effective processes.

To book a diagnostic, or get a copy of our questions to inform your own survey, visit Info-Tech’s Benchmarking Tools, contact your account manager, or call toll-free 1-888-670-8889 (US) or 1-844-618-3192 (CAN).

Sketch out challenges related to hardware asset management to shape the direction of the project

Common HAM Challenges

Processes and Policies:

  • Existing asset management practices are labor intensive and time consuming
  • Manual spreadsheets are used, making collaboration and automation difficult
  • Lack of HAM policies and standard operating procedures
  • Asset management data is not centralized
  • Lack of clarity on roles and responsibilities for ITAM functions
  • End users don’t understand the value of asset management

Tracking:

  • Assets move across multiple locations and are difficult to track
  • Hardware asset data comes from multiple sources, creating fragmented datasets
  • No location data is available for hardware
  • No data on ownership of assets

Security and Risk:

  • No insight into which assets contain sensitive data
  • There is no information on risks by asset type
  • Rogue systems need to be identified as part of risk management best practices
  • No data exists for assets that contain critical/sensitive data

Procurement:

  • No centralized procurement department
  • Multiple quotes from vendors are not currently part of the procurement process
  • A lack of formal process can create issues surrounding employee onboarding such as long lead times
  • Not all procurement standards are currently defined
  • Rogue purchases create financial risk

Receiving:

  • No formal process exists, resulting in no assigned receiving location and no assigned receiving role
  • No automatic asset tracking system exists

Disposal:

  • No insight into where disposed assets go
  • Formal refresh and disposal system is needed

Contracts:

  • No central repository exists for contracts
  • No insight into contract lifecycle, hindering negotiation effectiveness and pricing optimization

Outline hardware asset management challenges

1.1.1 Brainstorm HAM challenges

Participants

  • CIO/CFO
  • IT Director
  • Asset Manager
  • Purchasing
  • Service Desk Manager
  • Security
  • Operations (optional)

A. As a group, outline the hardware asset management challenges facing the organization.

Use the previous slide to help you get started. You can use the following headings as a guide or think of your own:

  • Processes and Policies
  • Tracking
  • Procurement
  • Receiving
  • Security and Risk
  • Disposal
  • Contracts

B. If you get stuck, use the Hardware Asset Management Maturity Assessment Tool to get a quick view of your challenges and maturity targets and kick-start the conversation.

To be effective with hardware asset management, understand the drivers and potential impact to the organization

Drivers of effective HAM Results of effective HAM
Contracts and vendor licensing programs are complex and challenging to administer without data related to assets and their environment. Improved access to accurate data on contracts, licensing, warranties, installed hardware and software for new contracts, renewals, and audit requests.
Increased need to meet compliance requires a formal approach to tracking and managing assets, regardless of device type. Encryption, hardware tracking and discovery, software application controls, and change notifications all contribute to better asset controls and data security.
Cost cutting is on the agenda, and management is looking to reduce overall IT spend in the organization in any possible way. Reduction of hardware spend by as much as 5% of the total budget through data for better forecasting and planning.
Assets with sensitive data are not properly secured, go missing, or are not safely disposed of when retired. Document and enforce security policies for end users and IT staff to ensure sensitive data is properly secured, preventing costs much larger than the cost of only the device.

Each level of HAM maturity comes with its own unique challenges

Maturity People & Policies Processes Technology
Chaos
  • No dedicated staff
  • No policies published
  • Procedures not documented or standardized
  • Hardware not safely secured or tagged
  • Hardware purchasing decisions not based on data
  • Minimal tracking tools in place
Reactive
  • Semi-focused HAM manager
  • No policies published
  • Reliance on suppliers to provide reports for hardware purchases
  • Hardware standards are enforced
  • Discovery tools and spreadsheets used to manage hardware
Controlled
  • Full-time HAM manager
  • End-user policies published
  • HAM manager involved in budgeting and planning sessions
  • Inventory tracking is in place
  • Hardware is secured and tagged
  • Discovery and inventory tools used to manage hardware
  • Compliance reports run as needed
Proactive
  • Extended HAM team, including Help Desk, HR, Purchasing
  • Corporate hardware use policies in place and enforced
  • HAM process integrated with help desk and HR processes
  • More complex reporting and integrated financial information and contracts with asset data
  • Hardware requests are automated where possible
  • Product usage reports and alerts in place to harvest and reuse licenses
  • Compliance and usage reports used to negotiate software contracts
Optimized
  • HAM manager trained and certified
  • Working with HR, Legal, Finance, and IT to enforce policies
  • Quarterly meetings with ITAM team to review policies, procedures, upcoming contracts, and rollouts; data is reviewed before any financial decisions made
  • Full transparency into hardware lifecycle
  • Aligned with business objectives
  • Detailed savings reports provided to executive team annually
  • Automated policy enforcement and process workflows

Conduct a hardware maturity assessment to understand your starting point and challenges

1.1.3 Complete HAM Maturity Assessment Tool

Complete the Hardware Asset Management Maturity Assessment Tool to understand your organization’s overall maturity level in HAM, as well as the starting maturity level aligned with each step of the blueprint, in order to identify areas of strength and weakness to plan the project. Use this to track progress on the project.

An effective asset management project has four essential components, with varying levels of management required

The hardware present in your organization can be classified into four categories of ascending strategic complexity: commodity, inventory, asset, and configuration.

Commodity items are devices that are low-cost, low-risk items, where tracking is difficult and of low value.

Inventory is tracked primarily to identify location and original expense, which may be depreciated by Finance. Typically there will not be data on these devices and they’ll be replaced as they lose functionality.

Assets will need the full lifecycle managed. They are identified by cost and risk. Often there is data on these devices and they are typically replaced proactively before they become unstable.

Configuration items will generally be tracked in a configuration management database (CMDB) for the purpose of enabling the support teams to make decisions involving dependencies, configurations, and impact analysis. Some data will be duplicated between systems, but should be synchronized to improve accuracy between systems.

See Harness Configuration Management Superpowers to learn more about building a CMDB.

Classify your hardware assets to determine the scope and strategy of the program

Asset: A unique device or configuration of devices that enables a user to perform productive work tasks and has a defined location and ownership attributes.

  • Hardware asset management involves tracking and managing physical components from procurement through to retirement. It provides the base for software asset management and is an important process that can lead to improved lifecycle management, service request fulfillment, security, and cost savings through harvesting and redeployment.
  • When choosing your strategy, focus on those devices that are high cost and high risk/function such as desktops, laptops, servers, and mobile devices.

ASSET - Items of high importance and may contain data, such as PCs, mobile devices, and servers.

INVENTORY - Items that require significant financial investment but no tracking beyond its existence, such as a projector.

COMMODITY - Items that are often in use but are of relatively low cost, such as keyboards or mice.

Classify your hardware assets to define the scope of the program

1.1.4 Define the assets to be tracked within your organization

Participants

  • Participants
  • CIO/CFO
  • IT Director
  • Asset Manager
  • Purchasing
  • Service Desk Manager
  • Security (optional)
  • Operations (optional)

Document

Document in the Standard Operating Procedures, Section 1 – Overview & Scope

  1. Determine value/risk threshold at which items should be tracked (e.g. over $1,000 and holding data).
  2. Divide a whiteboard or flip chart into three columns: commodity, asset, and inventory.
  3. Divide participants into groups by functional role to brainstorm devices in use within the organization. Write them down on sticky notes.
  4. Place the sticky notes in the column that best describes the role of the product in your organization.

Align the scope of the program with business requirements

CASE STUDY

Industry Public Administration

Source Client Case Study

Situation

A state government designed a process to track hardware worth more than $1,000. Initially, most assets consisted of end-user computing devices.

The manual tracking process, which relied on a series of Excel documents, worked well enough to track the lifecycle of desktop and laptop assets.

However, two changes upended the organization’s program: the cost of end-user computing devices dropped dramatically and the demand for network services led to the proliferation of expensive equipment all over the state.

Complication

The existing program was no longer robust enough to meet business requirements. Networking equipment was not only more expensive than end-user computing devices, but also more critical to IT services.

What was needed was a streamlined process for procuring high-cost, high-utility equipment, tracking their location, and managing their lifecycle costs without compromising services.

Resolution

The organization decided to formalize, document, and automate hardware asset management processes to meet the new challenges and focus efforts on high-cost, high-utility end-user computing devices only.

Step 1.2: Build team and define metrics

Phase 1: Assess & Plan

1.1 Assess current state & plan scope

1.2 Build team and define metrics

This step will walk you through the following activities:

1.2.1 Define responsibilities for Asset Manager and Asset Administrator

1.2.2 Use a RACI chart to determine roles within HAM team

1.2.3 Further clarify HAM responsibilities for each role

1.2.4 Identify HAM reporting requirements

This step involves the following participants:

  • CIO/CFO
  • IT Director
  • IT Managers
  • Asset Manager
  • Asset Coordinators
  • ITAM Team
  • Service Desk
  • End-User Device Support Team

Step Outcomes:

  • Defined responsibilities for Asset Manager and Asset Administrator
  • Documented RACI chart assigning responsibility and accountability for core HAM processes
  • Documented responsibilities for ITAM/HAM team
  • Defined and documented KPIs and metrics to meet HAM reporting requirements

Form an asset management team to lead the project

Asset management is an organizational change. To gain buy-in for the new processes and workflows that will be put in place, a dedicated, passionate team needs to jump-start the project.

Delegate the following roles to team members and grow your team accordingly.

Asset Manager

  • Responsible for setting policy and governance of process and data accuracy
  • Support budget process
  • Support asset tracking processes in the field
  • Train employees in asset tracking processes

Asset Administrator

  • The front-lines of asset management
  • Communicates with and supports asset process implementation teams
  • Updates and contributes information to asset databases
Service Desk, IT Operations, Applications
  • Responsible for advising asset team of changes to the IT environment, which may impact pricing or ability to locate devices
  • Works with Asset Coordinator/Manager to set standards for lifecycle stages
  • The ITAM team should visit and consult with each component of the business as well as IT.
  • Engage with leaders in each department to determine what their pain points are.
  • The needs of each department are different and their responses will assist the ITAM team when designing goals for asset management.
  • Consultations within each department also communicates the change early, which will help with the transition to the new ITAM program.

Info-Tech Insight

Ensure that there is diversity within the ITAM team. Assets for many organizations are diverse and the composition of your team should reflect that. Have multiple departments and experience levels represented to ensure a balanced view of the current situation.

Define the responsibilities for core ITAM/HAM roles of Asset Manager and Asset Administrator

1.2.1 Use Info-Tech’s job description templates to define roles

The role of the IT Asset Manager is to oversee the daily and long-term strategic management of software and technology- related hardware within the organization. This includes:

  • Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
  • Forming procurement strategies to optimize technology spend across the organization.
  • Developing and implementing procedures for tracking company assets to oversee quality control throughout their lifecycles.

The role of the IT Asset Administrator is to actively manage hardware and software assets within the organization. This includes:

  • Updating and maintaining accurate asset records.
  • Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
  • Administrative duties within procurement and inventory management.
  • Maintaining records and databases regarding warranties, service agreements, and lifecycle management.
  • Product standardization and tracking.

Use Info-Tech’s job description templates to assist in defining the responsibilities for these roles.

Organize your HAM team based on where they fit within the strategic, tactical, and operational components

Typically the asset manager will answer to either the CFO or CIO. Occasionally they answer to a vendor manager executive. The hierarchy may vary based on experience and how strategic a role the asset manager will play.

The image shows a flowchart for organizing the HAM team, structured by three components: Strategic (at the top); Tactical (in the middle); and Operational (at the bottom). The chart shows how the job roles flow together within the hierarchy.

Determine the roles and responsibilities of the team who will support your HAM program

1.2.2 Complete a RACI

A RACI chart will identify who should be responsible, accountable, consulted, and informed for each key activity during the consolidation.

Participants

  • Project Sponsor
  • IT Director, CIO
  • Project Manager
  • IT Managers and Asset Manager(s)
  • ITAM Team

Document

Document in the Standard Operating Procedure.

Instructions:

  1. Write out the list of all stakeholders along the top of a whiteboard. Write out the key initiative steps for the consolidation project along the left side (use this list as a starting point).
  2. For each initiative, identify each team member’s role. Are they:
    • Responsible? The one responsible for getting the job done.
    • Accountable? Only one person can be accountable for each task.
    • Consulted? Involved through input of knowledge and information.
    • Informed? Receive information about process execution and quality.
  3. As you proceed through the initiative, continue to add tasks and assign responsibility to this RACI chart.

A sample RACI chart is provided on the next slide

Start with a RACI chart to determine the responsibilities

1.2.2 Complete a RACI chart for your organization

HAM Tasks CIO CFO HAM Manager HAM Administrator Service Desk (T1,T2, T3) IT Operations Security Procurement HR Business Unit Leaders Compliance /Legal Project Manager
Policies and governance A I R I I C I C C I I
Strategy A R R R R
Data entry and quality management C I A I C C I I C C
Risk management and asset security A R C C R C C
Process compliance auditing A R I I I I I
Awareness, education, and training I A I I C
Printer contracts C A C C C R C C
Hardware contract management A I R R I I R R I I
Workflow review and revisions I A C C C C
Budgeting A R C I C
Asset acquisition A R C C C C I C C
Asset receiving (inspection/acceptance) I A R R I
Asset deployment A R R I I
Asset recovery/harvesting A R R I I
Asset disposal C A R R I I
Asset inventory (input/validate/maintain) I I A/R R R R I I I

Further clarify HAM responsibilities for each role

1.2.3 Define roles and responsibilities for the HAM team

Participants

  • Participants IT Asset Managers and Coordinators
  • ITAM Team
  • IT Managers and IT Director

Document

  1. Discuss and finalize positions to be established within the ITAM/HAM office as well as additional roles that will be involved in HAM.
  2. Review the sample responsibilities below and revise or create responsibilities for each key position within the HAM team.
  3. Document in the HAM Standard Operating Procedures.
Role Responsibility
IT Manager
  • Responsible for writing policies regarding asset management and approving final documents
  • Build and revise budget, tracking actual spend vs. budget, seeking final approvals from the business
  • Process definition, communication, reporting and ensuring people are following process
  • Awareness campaign for new policy and process
Asset Managers
  • Approval of purchases up to $10,000
  • Inventory and contract management including contract review and recommendations based on business and IT requirements
  • Liaison between business and IT regarding software and hardware
  • Monitor and improve workflows and asset related processes
  • Monitor controls, audit and recommend policies and procedures as needed
  • Validate, manage and analyze data as related to asset management
  • Provide reports as needed for decision making and reporting on risk, process effectiveness and other purposes as required
  • Asset acquisition and disposal
Service Desk
Desktop team
Security
Infrastructure teams

Determine criteria for success: establish metrics to quantify and demonstrate the results and value of the HAM function

HAM metrics fall in the following categories:

HAM Metrics

  • Quantity e.g. inventory levels and need
  • Cost e.g. value of assets, budget for hardware
  • Compliance e.g. contracts, policies
  • Quality e.g. accuracy of data
  • Duration e.g. time to procure or deploy hardware

Follow a process for establishing metrics:

  1. Identify and obtain consensus on the organization’s ITAM objectives, prioritized if possible.
  2. For each ITAM objective, select two or three metrics in the applicable categories (not all categories will apply to all objectives); be sure to select metrics that are achievable with reasonable effort.
  3. Establish a baseline measurement for each metric.
  4. Establish a method and accountability for ongoing measurement and analysis/reporting.
  5. Establish accountability for taking action on reported results.
  6. As ITAM expands and matures, change or expand the metrics as appropriate.

Define KPIs and associated metrics

  • Identify the critical success factors (CSFs) for your hardware asset management program based on strategic goals.
  • For each success factor, identify the key performance indicators (KPIs) to measure success and specific metrics that will be tracked and reported on.
  • Sample metrics are below:
CSF KPI Metrics
Improve accuracy of IT budget and forecasting
  • Asset costs and value
  • Average cost of workstation
  • Total asset spending
  • Total value of assets
  • Budget vs. spend
Identify discrepancies in IT environment
  • Unauthorized or failing assets
  • Number of unauthorized assets
  • Assets identified as cause of service failure
Avoid over purchasing equipment
  • Number of unused and underused computers
  • Number of unaccounted-for computers
  • Money saved from harvesting equipment instead of purchasing new
Make more-effective purchasing decisions
  • Predicted replacement time and cost of assets
  • Deprecation rate of assets
  • Average cost of maintaining an asset
  • Number of workstations in repair
Improve accuracy of data
  • Accuracy of asset data
  • Accuracy rate of inventory data
  • Percentage improvement in accuracy of audit of assets
Improved service delivery
  • Time to deploy new hardware
  • Mean time to purchase new hardware
  • Mean time to deploy new hardware

Identify hardware asset reporting requirements and the data you need to collect to meet them

1.2.4 Identify asset reporting requirements

Participants

  • CIO/CFO
  • IT Director
  • Asset Manager
  • Purchasing
  • Service Desk Manager
  • Operations (optional)

Document

Document in the Standard Operating Procedures, Section 13: Reporting

  1. Discuss the goals and objectives of implementing or improving hardware asset management, based on challenges identified in Step 1.2.
  2. From the goals, identify the critical success factors for the HAM program
  3. For each CSF, identify one to three key performance indicators to evaluate achievement of the success factor.
  4. For each KPI, identify one to three metrics that can be tracked and reported on to measure success. Ensure that the metrics are tangible and measurable and will be useful for decision making or to take action.
  5. Determine who needs this information and the frequency of reporting.
  6. If you have existing ITAM data, record the baseline metric.
CSF KPI Metrics Stakeholder/frequency

Phase 1 Guided Implementation

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Guided Implementation 1: Lay Foundations

Proposed Time to Completion: 4 weeks

Step 1.1: Assess current state and plan scope

Start with an analyst kick-off call:

  • Review challenges.
  • Assess current HAM maturity level.
  • Define scope of HAM program.

Then complete these activities…

  • Complete MGD (optional).
  • Outline hardware asset management challenges.
  • Conduct HAM maturity assessment.
  • Classify hardware assets to define scope of the program.

With these tools & templates:

HAM Maturity Assessment

Standard Operating Procedures

Step 1.2: Build team and define metrics

Review findings with analyst:

  • Define roles and responsibilities.
  • Assess reporting requirements.
  • Document metrics to track.

Then complete these activities…

  • Define responsibilities for Asset Manager and Asset Administrator.
  • Use a RACI chart to determine roles within HAM team.
  • Document responsibilities for HAM roles.
  • Identify HAM reporting requirements.

With these tools & templates:

RACI Chart

Asset Manager and Asset Administrator Job Descriptions

Standard Operating Procedures

Phase 1 Results & Insights:

For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

Book a workshop with our Info-Tech analysts:

  • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
  • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
  • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

1.1.4 Classify hardware assets to define scope of the program

Determine value/risk threshold at which assets should be tracked, then divide a whiteboard into four quadrants representing four categories of assets. Participants write assets down on sticky notes and place them in the appropriate quadrant to classify assets.

1.2.2 Build a RACI chart to determine responsibilities

Identify all roles within the organization that will play a part in hardware asset management, then document all core HAM processes and tasks. For each task, assign each role to be responsible, accountable, consulted, or informed.

Phase 2

Procure and Receive

Implement Hardware Asset Management

Step 2.1: Request and Procure Hardware

Phase 2: Procure & Receive

2.1 Request & Procure

2.2 Receive & Deploy

This step will walk you through the following activities:

2.1.1 Identify IT asset procurement challenges

2.1.2 Define standard hardware requests

2.1.3 Document standard hardware request procedure

2.1.4 Build a non-standard hardware request form

2.1.5 Make lease vs. buy decisions for hardware assets

2.1.6 Document procurement workflow

2.1.7 Build a purchasing policy

This step involves the following participants:

  • Asset Manager
  • Purchasing
  • Service Desk Manager
  • Operations (optional)
  • CFO or other management representative from Finance

Step Outcomes:

  • Definition of standard hardware requests for roles, including core vs. optional assets
  • End-user request process for standard hardware
  • Non-standard hardware request form
  • Lease vs. buy decisions for major hardware assets
  • Defined and documented procurement workflow
  • Documented purchasing policy

California saved $40 million per year using a green procurement strategy

CASE STUDY

Industry Government

Source Itassetmanagement.net

Challenge

Signed July 27, 2004, Executive order S-20-04, the “Green Building Initiative,” placed strict regulations on energy consumption, greenhouse gas emissions, and raw material usage and waste.

In compliance with S-20-04, the State of California needed to adopt a new procurement strategy. Its IT department was one of the worst offenders given the intensive energy usage by the variety of assets managed under the IT umbrella.

Solution

A green IT initiative was enacted, which involved an extensive hardware refresh based on a combination of agent-less discovery data and market data (device age, expiry dates, power consumption, etc.).

A hardware refresh of almost a quarter-million PCs, 9,500 servers, and 100 email systems was rolled out as a result.

Other changes, including improved software license compliance and data center consolidation, were also enacted.

Results

Because of the scale of this hardware refresh, the small changes meant big savings.

A reduction in power consumption equated to savings of over $40 million per year in electricity costs. Additionally, annual carbon emissions were trimmed by 200,000 tons.

Improve your hardware asset procurement process to…

Asset Procurement

  • Standardization
  • Aligned procurement processes
  • SLAs
  • TCO reduction
  • Use of centralized/ single POC

Standardize processes: Using standard products throughout the enterprise lowers support costs by reducing the variety of parts that must be stocked for onsite repairs or for provisioning and supporting equipment.

Align procurement processes: Procurement processes must be aligned with customers’ business requirements, which can have unique needs.

Define SLAs: Providing accurate and timely performance metrics for all service activities allows infrastructure management based on fact rather than supposition.

Reduce TCO: Management recognizes service infrastructure activities as actual cost drivers.

Implement a single POC: A consolidated service desk is used where the contact understands both standards (products, processes, and practices) and the user’s business and technical environment.

Identify procurement challenges to identify process improvement needs

2.1.1 Identify IT asset procurement challenges

Participants

  • Asset Manager
  • Purchasing
  • Service Desk Manager
  • Operations (optional)
  1. As a group, brainstorm existing challenges related to IT hardware requests and procurement.
  2. If you get stuck, consider the common challenges listed below.
  3. Use the results of the discussion to focus on which problems can be resolved and integrated into your organization as operational standards.

Document hardware standards to speed time to procure and improve communications to users regarding options

The first step in your procurement workflow will be to determine what is in scope for a standard request, and how non-standard requests will be handled. Questions that should be answered by this procedure include:

  • What constitutes a non-standard request?
  • Who is responsible for evaluating each type of request? Will there be one individual or will each division in IT elect a representative to handle requests specific to their scope of work?
  • What additional security measures need to be taken?
  • Are there exceptions made for specific departments or high-ranking individuals?

If your end-user device strategy requires an overhaul, schedule time with an Info-Tech analyst to review our blueprint Build an End-User Computing Strategy.

Once you’ve answered questions like these, you can outline your hardware standards as in the example below:

Use Case Mobile Standard Mac Standard Mobile Power User
Asset Lenovo ThinkPad T570 iMac Pro Lenovo ThinkPad P71
Operating system Windows 10 Pro Mac OSX Windows 10 Pro, 64 bit
Display 15.6" 21.5" 17.3”

Memory

32GB 8GB 64GB
Processor Intel i7 – 7600U Processor 2.3GHz Xeon E3 v6 Processor
Drive 500GB 1TB 1TB
Warranty 3 year 1 year + 2 extended 3 year

Info-Tech Insight

Approach hardware standards from a continual improvement frame of mind. Asset management is a dynamic process. Hardware standards will need to adapt over time to match the needs of the business. Plan assessments at routine intervals to ensure your current hardware standards align with business needs.

Document specifications to meet environmental, security, and manageability requirements

Determine environmental requirements and constraints.

Power management

Compare equipment for power consumption and ability to remotely power down machines when not in use.

Heat and noise

Test equipment run to see how hot the device gets, where the heat is expelled, and how much noise is generated. This may be particularly important for users who are working in close quarters.

Carbon footprint

Ask what the manufacturer is doing to reduce post-consumer waste and eliminate hazardous materials and chemicals from their products.

Ensure security requirements can be met.

  • Determine if network/wireless cards meet security requirements and if USB ports can be turned off to prevent removal of data.
  • Understand the level of security needed for mobile devices including encryption, remote shut down or wipe of hard drives, recovery software, or GPS tracking.
  • Decide if fingerprint scanners with password managers would be appropriate to enable tighter security and reduce the forgotten-password support calls.

Review features available to enhance manageability.

  • Discuss manageability goals with your IT team to see if any can be solved with added features, for example:
    • Remote control for troubleshooting and remote management of data security settings.
    • Asset management software or tags for bar coding, radio frequency identification (RFID), or GPS, which could be used in combination with strong asset management practices to inventory, track, and manage equipment.

If choosing refurbished equipment, avoid headaches by asking the right questions and choosing the right vendor

  • Is the equipment functional and for how long is it expected to last?
  • How long will the vendor stand behind the product and what support can be expected?
    • This is typically two to five years, but will vary from vendor to vendor.
    • Will they repair or replace machines? Many will just replace the machine.
  • How big is the inventory supply?
    • What kind of inventory does the vendor keep and for how long can you expect the vendor to keep it?
    • How does the vendor source the equipment and do they have large quantities of the same make and model for easier imaging and support?
  • How complete is the refurbishment process?
    • Do they test all components, replace as appropriate, and securely wipe or replace hard drives?
    • Are they authorized to reload MS Windows OEM?
  • Is the product Open Box or used?
    • Open Box is a new product returned back to the vendor. Even if it is not used, the product cannot be resold as a new product. Open Box comes with a manufacturer’s warranty and the latest operating system.
    • If used, how old is the product?

"If you are looking for a product for two or three years, you can get it for less than half the price of new. I bought refurbished equipment for my call center for years and never had a problem". – Glen Collins, President, Applied Sales Group

Info-Tech Insight

Price differences are minimal between large and small vendors when dealing with refurbished machines. The decision to purchase should be based on ability to provide and service equipment.

Define standard hardware requests, including core and optional assets

2.1.2 Identify standards for hardware procurement by role

Participants

  • Asset Manager
  • Purchasing
  • Service Desk Manager
  • Operations (optional)
  • Representatives from all other areas of the business

Document

Document in the Standard Operating Procedures, Section 7: Procurement.

  1. Divide a whiteboard into columns representing all major areas of the business.
  2. List the approximate number of end users present at each tier and record these totals on the board.
  3. Distribute sticky notes. Use two different sizes: large sizes represent critically important hardware and small sizes represent optional hardware.
  4. Define core hardware assets for each division as well as optional hardware assets.
  5. Focus on the small sticky notes to determine if these optional purchases are necessary.
  6. Finalize the group decision to determine the standard hardware procurement for each role in the organization. Record results in a table similar to the example below:
Department Core Hardware Assets Optional Hardware Assets
IT PC, tablet, monitor Second monitor
Sales PC, monitor Laptop
HR PC, monitor Laptop
Marketing PC (iMac) Tablet, laptop

Document procedures for users to make standard hardware requests

2.1.3 Document standard hardware request procedure

Participants

  • Asset Manager
  • Purchasing
  • Service Desk Manager
  • Operations (optional)
  • Representatives from all other areas of the business

Document

Document in the Standard Operating Procedures, Section 6: End-User Request Process.

Discuss and document the end-user request process:

  1. In which cases can users request a primary device?
  2. In which cases can users request a secondary (optional device)?
  3. What justification is needed to approve of a secondary device?
    1. E.g. The request for a secondary device should be via email to the IS Projects and Procurements Officer. This email should outline the business case for why multiple devices are required.
  4. Will a service catalog be available and integrated with an ITAM solution for users to make standard requests? If so, can users also configure their options?
  5. Document the process in the standard operating procedure. Example:

End-User Request Process

  • Hardware and software will be purchased through the user-facing catalog.
  • Peripherals will be ordered as needed.
  • End-user devices will be routed to business managers for approval prior to fulfillment by IT.
  • Requests for secondary devices must be accompanied by a business case.
  • Equipment replacements due to age will be managed through IT replacement processes.

Improve the process for ordering non-standard hardware by formalizing the request process, including business needs

2.1.4 Build a non-standard hardware request form

  • Although the goal should be to standardize as much as possible, this isn’t always possible. Ensure users who are requesting non-standard hardware have a streamlined process to follow that satisfies the justifications for increased costs to deliver.
  • Use Info-Tech’s template to build a non-standard hardware request form that may be used by departments/users requesting non-standard hardware in order to collect all necessary information for the request to be evaluated, approved, and sent to procurement.
  • Ensure that the requestor provides detailed information around the equipment requested and the reason standard equipment does not suffice and includes all required approvals.
  • Include instructions for completing and submitting the form as well as expected turnaround time for the approval process.

Info-Tech Insight

Include non-standard requests in continual improvement assessment. If a large portion of requests are for non-standard equipment, it’s possible the hardware doesn’t meet the recommended requirements for specialized software in use with many of your business users. Determine if new standards need to be set for all users or just “power users.”

Identify the information you need to collect to ensure a smooth purchasing process

Categories Peripherals Desktops/Laptops Servers
Financial
  • Operational expenses
  • Ordered for inventory with the exceptions of monitors that will be ordered as needed
  • Equipment will be purchased through IT budget
  • Capital expenses
  • Ordered as needed…
  • Inventory kept for…
  • End-user devices will be purchased through departmental budgets
  • Capital expenses
  • Ordered as needed to meet capacity or stability requirements
  • Devices will be purchased through IT budgets
Request authorization
  • Any user can request
  • Users who are traveling can purchase and expense peripherals as needed, with manager approvals
  • Tier 3 technicians
Required approvals
  • Manager approvals required for monitors
  • Infrastructure and applications manager up to [$]
  • CIO over [$]
Warranty requirements
  • None
  • Three years
  • Will be approved with project plan
Inventory requirements
  • Minimum inventory at each location of 5 of each: mice, keyboards, cables
  • Docking stations will be ordered as needed
  • Laptops (standard): 5
  • Laptops (ultra light): 1
  • Desktops: 5
  • Inventory kept in stock as per DR plan
Tracking requirements
  • None
  • Added to ITAM database, CMDB
  • Asset tag to be added to all equipment
  • Added to ITAM database, CMDB

Info-Tech Best Practice

Take into account the possibility of encountering taxation issues based on where the equipment is being delivered as well as taxes imposed or incurred in the location from which the asset was shipped or sent. This may impact purchasing decisions and shipping instructions.

Develop a procurement plan to get everyone in the business on the same page

  • Without an efficient and structured process around how IT purchases are budgeted and authorized, maverick spending and dark procurement can result, limiting IT’s control and visibility into purchases.
  • The challenge many IT departments face is that there is a disconnect between meeting the needs of the business and bringing in equipment according to existing policies and procedures.
  • The asset manager should demonstrate how they can bridge the gaps and improve tracking mechanisms at the same time.

Improve procurement decisions:

  • Demonstrate how technology is a value-add.
  • Make a clear case for the budget by using the same language as the rest of the business.
  • Quantify the output of technology investments in tangible business terms to justify the cost.
  • Include the refresh cycle in the procurement plan to ensure mission- critical systems will include support and appropriate warranty.
  • Plan technology needs for the future and ensure IT technology will continue to meet changing needs.
  • Synchronize redundant organizational procurement chains in order to lower cost.

Document the following in your procurement procedure:

  • Process for purchase requests
  • Roles and responsibilities, including requestors and approvers
  • Hardware assets to purchase and why they are needed
  • Timelines for purchase
  • Process for vendors

Info-Tech Insight

IT procurement teams are often heavily siloed from ITAM teams. The procurement team is typically found in the finance department. One way to bridge the gap is to implement routine, reliable reporting between departments.

Determine if it makes sense to lease or buy your equipment; weigh the pros and cons of leasing hardware

Pros

  • Keeps operational costs low in the short term by containing immediate cost.
  • Easy, predictable payments makes it easier to budget for equipment over long term.
  • Get the equipment you need to start doing business right away if you’re just starting out.
  • After the leasing term is up, you can continue the lease and update your hardware to the latest version.
  • Typical leases last 2 or 3 years, meaning your hardware can get upgrades when it needs it and your business is in a better position to keep up with technology.
  • Leasing directly from the vendor provides operational flexibility.
  • Focus on the business and let the vendor focus on equipment service and updates as you don’t have to pay for maintenance.
  • Costs structured as OPEX.

Cons

  • In the long term, leasing is almost always more expensive than buying because there’s no equity in leased equipment and there may be additional fees and interest.
  • Commitment to payment through the entire lease period even if you’re not using the equipment anymore.
  • Early termination fees if you need to get out of the lease.
  • No option to sell equipment once you’re finished with it to make money back.
  • Maintenance is up to leasing company’s specifications.
  • Product availability may be limited.

Recommended for:

  • Companies just starting out
  • Business owners with limited capital or budget
  • Organizations with equipment that needs to be upgraded relatively often

Weigh the pros and cons of purchasing hardware

Pros

  • Complete control over assets.
  • More flexible and straightforward procurement process.
  • Tax incentives: May be able to fully deduct the cost of some newly purchased assets or write off depreciation for computers and peripherals on taxes.
  • Preferable if your equipment will not be obsolete in the next two or three years.
  • You can resell the asset once you don’t need it anymore to recover some of the cost.
  • Customization and management of equipment is easier when not bound by terms of leasing agreement.
  • No waiting on vendor when maintenance is needed; no permission needed to make changes.

Cons

  • High initial cost of investment with CAPEX expense model.
  • More paperwork.
  • You (as opposed to vendor) are responsible for equipment disposal in accordance with environmental regulations.
  • You are responsible for keeping up with upgrades, updates, and patches.
  • You risk ending up with out-of-date or obsolete equipment.
  • Hardware may break after terms of warranty are up.

Recommended for:

  • Established businesses
  • Organizations needing equipment with long-term lifecycles

Make a lease vs. buy decision for equipment purchases

2.1.4 Decide whether to purchase or lease

Participants

  • Asset Manager
  • Purchasing
  • Service Desk Manager
  • Operations (optional)
  • Representatives from all other areas of the business

Document

Document policy decisions in the Standard Operating Procedures – Section 7: Procurement

  1. Identify hardware equipment that requires a purchase vs. lease decision.
  2. Discuss with Finance whether it makes sense to purchase or lease each major asset, considering the following:
  • Costs of equipment through each method
  • Tax deductions
  • Potential resale value
  • Potential revenue from using the equipment
  • How quickly the equipment will be outdated or require refresh
  • Size of equipment
  • Maintenance and support requirements
  • Overall costs
  • The leasing vs. buying decision should take considerable thought and evaluation to make the decision that best fits your organizational needs and situation.
  • Determine appropriate warranty and service-level agreements for your organization

    Determine acceptable response time, and weigh the cost of warranty against the value of service.

    • Standard warranties vary by manufacturer, but are typically one or three years.
    • Next-day, onsite service may be part of the standard offering or may be available as an uplift.
    • Four-hour, same-day service can also be added for high availability needs.
    • Extended warranties can be purchased beyond three years, although not many organizations take advantage of this offering.
    • Other organizations lower or remove the warranty and have reported savings of as much as $150 per machine.

    Speak to your partner to see how they can help the process of distributing machines.

    • Internal components change frequently with laptops and desktops. If purchasing product over time rather than buying in bulk, ensure the model will be available for a reasonable term to reduce imaging and support challenges.
    • Determine which services are important to your organization and request these services as part of the initial quote. If sending out a formal RFQ or RFP, document required services and use as the basis for negotiating SLAs.
    • Document details of SLA, including expectations of services for manufacturer, vendor, and internal team.
    • If partner will be providing services, request they stock an appropriate number of hot spares for frequently replaced parts.
    • If self-certifying, review resource capabilities, understand skill and certification requirements; for example, A+ certification may be a pre-requisite.
    • Understand DOA policy and negotiate a “lemon policy,” meaning if product dies within 15 or 30 days it can be classified as DOA. Seek clarity on return processes.

    Consider negotiation strategies, including how and when to engage with different partners during acquisition

    Direct Model

    • Dell’s primary sales model is direct either through a sales associate or through its e-commerce site. Promotions are regularly listed on the website, or if customization is required, desktops and laptops have some flexibility in configuration. Discounts can be negotiated with a sales rep on quantity purchases, but the discount level changes based on the model and configuration.
    • Other tier-one manufacturers typically sell direct only from their e-commerce sites, providing promotions based on stock they wish to move, and providing some configuration flexibility. They rely heavily on the channel for the majority of their business.

    Channel Model

    • Most tier one manufacturers have processes in place to manage a smaller number of partners rather than billing and shipping out to individual customers. Deviating from this process and dealing direct with end customers can create order processing issues.
    • Resellers have the ability to negotiate discounts based on quantities. Discounts will vary based on model, timing (quarter or year end), and quantity commitment.
    • Negotiations on large quantities should involve a manufacturer rep as well as the reseller to clearly designate roles and services, ensure processes are in place to fulfill your needs, and agree on pricing scheme. This will prevent misunderstandings and bring clarity to any commitments.
    • Often the channel partners are authorized to provide repair services under warranty for the manufacturer.
    • Dell also uses the channel model for distribution where customers demand additional services.

    Expect discounts to reflect quantity and method of purchase

    Transaction-based purchases will receive the smallest discounting.

    • Understand requirements to find the most appropriate make and model of equipment.
    • Prepare a forecast of expected purchases for the year and discuss discounting.
    • Typically initial discounts will be 3-5% off suggested retail price.
    • Once a history is in place, and the vendor is receiving regular orders, it may extend deeper discounts.

    Bulk purchases will receive more aggressive discounting of 5-15% off suggested retail price, depending on quantities.

    • Examine shipping options and costs to take advantage of bulk deliveries; in some cases vendors may waive shipping fees as an extension of the discounting.
    • If choosing end-of-line product, ensure appropriate quantity of a single model is available to efficiently roll out equipment.
    • Various pricing models can be used to obtain best price.

    Larger quantities rolled out over time will require commitments to the manufacturer to obtain deepest discounts.

    • Discuss all required services as part of negotiation to ensure there are no surprise charges.
    • Several pricing models can be used to obtain the best price.
      • Suggested retail price minus as much as 20%.
      • Cost plus 3% up to 10% or more.
      • Fixed price based on negotiating equipment availability with budget requirements.

    If sending out to bid, determine requirements and scoring criteria

    It’s nearly impossible to find two manufacturers with the exact same specifications, so comparisons between vendors is more art than science.

    New or upgraded components will be introduced into configurations when it makes the most sense in a production cycle. This creates a challenge in comparing products, especially in an RFP. The best way to handle this is to:

    • Define and document minimum technology requirements.
    • Define and document service needs.
    • Compare vendors to see if they’ve met the criteria or not; if yes, compare prices.
    • If the vendors have included additional offerings, see if they make sense for your organization. If they do, include that in the scoring. If not, exclude and score based on price.
    • Recognize that the complexity of the purchase will dictate the complexity of scoring.

    "The hardware is the least important part of the equation. What is important is the warranty, delivery, imaging, asset tagging, and if they cannot deliver all these aspects the hardware doesn’t matter." – Doug Stevens, Assistant Manager Contract Services, Toronto District School Board

    Document and analyze the hardware procurement workflow to streamline process

    The procurement process should balance the need to negotiate appropriate pricing with the need to quickly approve and fulfill requests. The process should include steps to follow for approving, ordering, and tracking equipment until it is ready for receipt.

    Within the process, it is particularly important to decide if this is where equipment is added into the database or if it will happen upon receipt.

    A poorly designed procurement workflow:

    • Includes many bottlenecks, stopping and starting points.
    • May impact project and service requests and requires unrealistic lead times.
    • May lead to lost productivity for users and lost credibility for the IT department.

    A well-designed hardware procurement workflow:

    • Provides reasonable lead times for project managers and service or hardware request fulfillment.
    • Provides predictability for technical resources to plan deployments.
    • Reduces bureaucracy and workload for following up on missing shipments.
    • Enables improved documentation of assets to start lifecycle management.

    Info-Tech Insight

    Where the Hardware Asset Manager is unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand. Projects, replacements, and new-user requests cannot be delayed in a service-focused IT organization due to bureaucratic processes.

    Document and analyze your procurement workflow to identify opportunities for improvement and communicate process

    Determine if you need one workflow for all equipment or multiples for small vs. large purchases.

    Occasionally large rollouts require significant changes from lower dollar purchases.

    Watch for:

    • Back and forth communications
    • Delays in approvals
    • Inability to get ETAs from vendors
    • Too many requests for quotes for small purchases
    • Entry into asset database

    This sample can be found in the HAM Process Workflows.

    The image shows a workflow, titled Procurement-Equipment-Small Quantity. On the left, the chart is separated into categories: IT Procurment; Tier 2 or Tier 3; IT Director; CIO.

    Design the process workflow for hardware procurement

    2.1.6 Illustrate procurement workflow with a tabletop exercise

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 7: Procurement

    1. In a group, distribute sticky notes or cue cards.
    2. Designate a space on the table/whiteboard to plot the workflow.
    3. Determine which individuals are responsible for handling non-standard requests. Establish any exceptions that may apply to your defined hardware standard.
    4. Gather input from Finance on what the threshold will be for hardware purchases that will require further approval.
    5. Map the procurement process for a standard hardware purchase.
    6. If applicable, map the procurement process for a non-standard request separately.
    7. Evaluate the workflow to identify any areas of inefficiency and make any changes necessary to improve the process.
    8. Be sure to discuss and include:
      • All necessary approvals
      • Time required for standard equipment process
      • Time required for non-standard equipment process
      • How information will be transferred to ITAM database

    Document and share an organizational purchasing policy

    2.1.7 Build a purchasing policy

    A purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

    The policy will ensure that all purchasing processes are consistent and in alignment with company strategy. The purchasing policy is key to ensuring that corporate purchases are effective and the best value for money is obtained.

    Implement a purchasing policy to prevent or reduce:

    • Costly corporate conflict of interest cases.
    • Unauthorized purchases of non-standard, difficult to support equipment.
    • Unauthorized purchases resulting in non-traceable equipment.
    • Budget overruns due to decentralized, equipment acquisition.

    Download Info-Tech’s Purchasing Policytemplate to build your own purchasing policy.

    Step 2.2: Receive and Deploy Hardware

    Phase 2: Procure & Receive

    2.1 Request & Procure

    2.2 Receive & Deploy

    This step will walk you through the following activities:

    2.2.1 Select appropriate asset tagging method

    2.2.2 Design workflow for receiving and inventorying equipment

    2.2.3 Document the deployment workflow(s)

    This step involves the following participants:

    • Asset Manager
    • Purchasing
    • Receiver (optional)
    • Service Desk Manager
    • Operations (optional)

    Step Outcomes:

    • Understanding of the pros and cons of various asset tagging methods
    • Defined asset tagging method, process, and location by equipment type
    • Identified equipment acceptance, testing, and return procedures
    • Documented equipment receiving and inventorying workflow
    • Documented deployment workflows for desktop hardware and large-scale deployments

    Cisco implemented automation to improve its inventory and deployment system

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Although Cisco Systems had implemented a centralized procurement location for all PCs used in the company, inventory tracking had yet to be addressed.

    Inventory tracking was still a manual process. Given the volume of PCs that are purchased each year, this is an incredibly labor-intensive process.

    Sharing information with management and end users also required the generation of reports – another manual task.

    Solution

    The team at Cisco recognized that automation was the key component holding back the success of the inventory management program.

    Rolling out an automated process across multiple offices and groups, both nationally and internationally, was deemed too difficult to accomplish in the short amount of time needed, so Cisco elected to outsource its PC management needs to an experienced vendor.

    Results

    As a result of the PC management vendor’s industry experience, the implementation of automated tracking and management functions drastically improved the inventory management situation at Cisco.

    The vendor helped determine an ideal leasing set life of 30 months for PCs, while also managing installations, maintenance, and returns.

    Even though automation helped improve inventory and deployment practices, Cisco still needed to address another key facet of asset management: security.

    This case study continues in phase 3.

    An effective equipment intake process is critical to ensure product is correct, documented, and secured

    Examine your current process for receiving assets. Typical problems include:

    Receiving inventory at multiple locations can lead to inconsistent processes. This can make invoice reconciliation challenging and result in untracked or lost equipment and delays in deployment.

    Equipment not received and secured quickly. Idle equipment tends to go missing if left unsupervised for too long. Missed opportunities to manage returns where equipment is incorrect or defective.

    Disconnect between procurement and receiving where ETAs are unknown or incorrect. This can create an issue where no one is prepared for equipment arrival and is especially problematic on large orders.

    How do you solve these problems? Create a standardized workflow that outlines clear steps for asset receiving.

    A workflow will help to answer questions such as:

    • How do you deal with damaged shipments? Incorrect shipments?
    • Did you reach an agreement with the vendor to replace damaged/incorrect shipments within a certain timeframe?
    • When does the product get tagged and entered into the system as received?
    • What information needs to get captured on the asset tag?

    Standardize the process for receiving your hardware assets

    The first step in effective hardware asset intake is establishing proper procedures for receiving and handling of assets.

    Process: Start with information from the procurement process to determine what steps need to follow to receive into appropriate systems and what processes will enable tagging to happen as soon as possible.

    People: Ensure anyone who may impact this process is aware of the importance of documenting before deployment. Having everyone who may be handling equipment on board is key to success.

    Security: Equipment will be secured at the loading dock or reception. It will need to be secured as inventory and be secured if delivering directly to the bench for imaging. Ensure all receiving activities are done before equipment is deployed.

    Tools: A centralized ERP system may already provide a place to receive and reconcile with purchasing and invoicing, but there may still be a need to receive directly into the ITAM and/or CMDB database rather than importing directly from the ERP system.

    Tagging: A variety of methods can be used to tag equipment to assist with inventory. Consider the overall lifecycle management when determining which tagging methods are best.

    Info-Tech Insight

    Decentralized receiving doesn’t have to mean multiple processes. Take advantage of enterprise solutions that will centralize the data and ensure everyone follows the same processes unless there is an uncompromising and compelling logistical reason to deviate.

    Evaluate the pros and cons of different asset tagging methods

    Method Cost Strengths Weaknesses Recommendation
    RFID with barcoding – asset tag with both a barcode and RFID solution $$$$
    • Secure, fast, and robust
    • Track assets in real time
    • Quick and efficient
    • Most expensive option, requiring purchase of barcode scanner with RFID reader and software)
    • Does not work as well in an environment with less control over assets
    • Requires management of asset database
    • Best in a controlled environment with mature processes and requirement for secure assets
    RFID only – small chip with significant data capacity $$$
    • Track assets from remote locations
    • RFID can be read through boxes so you don’t have to unpack equipment
    • Scan multiple RFID-tagged hardware simultaneously
    • Large data capacity on small chip
    • Expensive, requiring purchase of RFID reading equipment and software
    • Ideal if your environment is spread over multiple locations
    Barcoding only – adding tags with unique barcodes $$
    • Reasonable security
    • Report inventory directly to database
    • Relatively low cost
    • Only read one at a time
    • Need to purchase barcode scanners and software
    • Can be labor intensive to deploy with manual scanning of individual assets
    • Less secure
    • Can’t hold as much data
    • Not as secure as barcodes with RFID but works for environments that are more widely distributed and less controlled

    Evaluate the pros and cons of different asset tagging methods

    Method Cost Strengths Weaknesses Recommendation
    QR codes – two-dimensional codes that can store text, binary, image, or URL data $$
    • Easily scannable from many angles
    • Save and print on labels
    • Can be read by barcode scanning apps or mobile phones
    • Can encode more data than barcodes
    • QR codes need to be large enough to be usable, which can be difficult with smaller IT assets
    • Scanning on mobile devices takes longer than scanning barcodes
    • Ideal if you need to include additional data and information in labels and want workers to use smartphones to scan labels
    Manual tags – tag each asset with your own internal labels and naming system $
    • Most affordable
    • Manual
    • Tags are not durable
    • Labor intensive and time consuming
    • Leaves room for error, misunderstanding, and process variances between locations
    • As this is the most time consuming and resource intensive with a low payoff, it is ideal for low maturity organizations looking for a low-cost option for tagging assets
    Asset serial numbers – tag assets using their serial number $
    • Less expensive
    • Unique serial numbers identified by vendor
    • Serial numbers have to be added to database manually, which is labor intensive and leaves room for error
    • Serial numbers can rub off over time
    • Hard to track down already existing assets
    • Doesn’t help track location of assets after deployment
    • Potential for duplicates
    • Inconsistent formats of serial numbers by manufacturers makes this method prone to error and not ideal for asset management

    Select the appropriate method for tagging and tracking your hardware assets

    2.2.1 Select asset tagging method

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 8

    1. Define your asset tagging method. For most organizations, asset tracking is done via barcoding or QR codes, either by using one method or a combination of the two. Other methods, including RFID, may be applicable based on cost or tracking complexity. Overall, barcodes embedded with RFID are the most robust and efficient method for asset tagging, but also the most expensive. Choose the best method for your organization, taking into account affordability, labor-intensiveness, data complexity needs, and ease of deployment.
    2. Define the process for tagging assets, including how soon they should receive the tag, whose responsibility it is, and whether the tag type varies depending on the asset type.
    3. Define the location of asset tags according to equipment type. Example:
    Asset Type Asset Tag Location
    PC desktop Right upper front corner
    Laptop Right corner closest to user when laptop is closed
    Server Right upper front corner
    Printer Right upper front corner
    Modems Top side, right corner

    Inspect and test equipment before accepting it into inventory to ensure it’s working according to specifications

    Upon receipt of procured hardware, validate the equipment before accepting it into inventory.

    1. Receive - Upon taking possession of the equipment, stage them for inspection before placing them into inventory or deploying for immediate use.
    2. Inspect - The inspection process should involve at minimum examining the products that have been delivered to determine conformance to purchase specifications.
    3. Test -Depending on the type and cost of hardware, some assets may benefit from additional testing to determine if they perform at a satisfactory level before being accepted.
    4. Accept - If the products conform to the requirements of the purchase order, acknowledge receipt so the supplier may be paid. Most shipments are automatically considered as accepted and approved for payment within a specific timeframe.

    Assign responsibility and accountability for inspection and acceptance of equipment, verifying the following:

    • The products conform to purchase order requirements.
    • The quantity ordered is the same as the quantity delivered.
    • There is no damage to equipment.
    • Delivery documentation is acceptable.
    • Products are operable and perform according to specifications.
    • If required, document an acceptance testing process as a separate procedure.

    Build the RMA procedure into the receiving process to handle receipt of defective equipment

    The return merchandise authorization (RMA) process should be a standard part of the receiving process to handle the return of defective materials to the vendor for either repair or replacement.

    If there is a standard process in place for all returns in the organization, you can follow the same process for returning hardware equipment:

    • Call the vendor to receive a unique RMA number that will be attached to the equipment to be returned, then follow manufacturer specifications for returning equipment within allowable timelines according to the contract where applicable.
    • Establish a lemon policy with vendors, allowing for full returns up to 30 days after equipment is deployed if the product proves defective after initial acceptance.

    Info-Tech Insight

    Make sure you’re well aware of the stipulations in your contract or purchase order. Sometimes acceptance is assumed after 60 days or less, and oftentimes the clock starts as soon as the equipment is shipped out rather than when it is received.

    Info-Tech Best Practice

    Keep in mind that the serial number on the received assed may not be the asset that ultimately ends up on the user’s desk if the RMA process is initiated. Record the serial number after the RMA process or add a correction process to the workflow to ensure the asset is properly accounted for.

    Determine what equipment should be stocked for quick deployment where demand is high or speed is crucial

    The most important feature of your receiving and inventory process should be categorization. A well-designed inventory system should reflect not only the type of asset, but also the usage level.

    A common technique employed by asset managers is to categorize your assets using an ABC analysis. Assets are classified as either A, B, or C items. The ratings are based on the following criteria:

    A

    A items have the highest usage. Typically, 10-20% of total assets in your inventory account for upwards of 70-80% of the total asset requests.

    A items should be tightly controlled with secure storage areas and policies. Avoiding stock depletion is a top priority.

    B

    B items are assets that have a moderate usage level, with around 30% of total assets accounting for 15-25% of total requests.

    B items must be monitored; B items can transition to A or C items, especially during cycles of heavier business activity.

    C

    C items are assets that have the lowest usage, with upwards of 50% of your total inventory accounting for just 5% of total asset requests.

    C items are reordered the least frequently, and present a low demand and high risk for excessive inventory (especially if they have a short lifecycle). Many organizations look to move towards an on-demand policy to mitigate risk.

    Info-Tech Insight

    Get your vendor to keep stock of your assets. If large quantities of a certain asset are required but you lack the space to securely store them onsite, ask your vendor to keep stock for you and release as you issue purchase orders. This speeds up delivery and delays warranty activation until the item is shipped. This does require an adherence to equipment standards and understanding of demand to be effective.

    Define the process for receiving equipment into inventory

    Define the following in your receiving process:

    • When will equipment be opened once delivered?
    • Who will open and validate equipment upon receipt?
    • How will discrepancies be resolved?
    • When will equipment be tagged and identified in the tracking tool?
    • When will equipment be locked in secure storage?
    • Where will equipment go if it needs to be immediately deployed?

    The image shows a workflow chart titled Receiving and Tagging. The process is split into two sections, labelled on the left as: Desktop Support Team and Procurement.

    Design the workflow for receiving and inventorying equipment

    2.2.2 Illustrate receiving workflow with a tabletop exercise

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 8: Receiving and Equipment Inventory

    Option 1: Whiteboard

    1. Discuss the workflow and draw it on the whiteboard.
    2. Assess whether you are using the best workflow. Modify it if necessary.
    3. Use the sample workflow from this step as a guide if starting from scratch.
    4. Engage the team in refining the process workflow.
    5. Transfer data to Visio and add to the SOP.

    Option 2: Tabletop Exercise

    1. Distribute index cards to each member of the team.
    2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
    3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
    4. Arrange the index cards in order, removing duplicates.
    5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
    6. Transfer data to Visio and add to the SOP.

    Improve device deployment by documenting software personas for each role

    • Improve the deployment process for new users by having a comprehensive list of software used by common roles within the organization. With large variations in roles, it may be impossible to build a complete list, but as you start to see patterns in requirements, you may find less distinct personas than anticipated.
    • Consider a survey to business units to determine what they need if this will solve some immediate problems. If this portion of the project will be deferred, use the data uncovered in the discovery process to identify which software is used by which roles.
    • Replacement equipment can have the software footprint created by what was actually utilized by the user, not necessarily what software was installed on the previous device.

    The image shows 4 bubbles, representing software usage. The ARC-GIS bubble is the largest, Auto CAD the second largest, and MS Office and Adobe CS equal in size.

    A software usage snapshot for an urban planner/engineer.

    • Once software needs are determined, use this information to review the appropriate device for each persona.
      • Ensure hardware is appropriate for the type of work the user does and supports required software.
      • If it is more appropriate for a user to have a tablet, ensure the software they use can be used on any device.
    • Review deployment methods to determine if there is any opportunity to improve the imaging or software deployment process with better tools or methodologies.
    • Document the device’s location if it will be static, or if the user may be more mobile, add location information for their primary location.
    • Think about the best place to document – if this information can be stored in Active Directory and imported to the ITAM database, you can update once and use in multiple applications. But this process is built into your add/move/change workflows.

    Maintain a lean library to simplify image management

    Simplify, simplify, simplify. Use a minimal number of desktop images and automate as much as you can.

    • Embrace minimalism. When it comes to managing your desktop image library, your ultimate goal should be to minimize the manual effort involved in provisioning new desktops.
    • Less is more. Try to maintain as few standard desktop images as possible and consider a thin gold image, which can be patched and updated on a regular basis. A thin image with efficient application deployment will improve the provisioning process.
    • Standardize and repeat. System provisioning should be a repeatable process. This means it is ripe for standardization and automation. Look at balancing the imaging process with software provisioning, using group policy and deployment tools to reduce time to provision and deliver equipment.
    • Outsource where appropriate. Imaging is one of the most employed services, where the image is built in-house and deployed by the hardware vendor. As a minimum, quarterly updates should still be provided to integrate the latest patches into the operating system.

    Document the process workflow for hardware deployment

    Define the process for deploying hardware to users.

    Include the following in your workflow:

    • How will equipment be configured and imaged before deployment?
    • Which images will be used for specific roles?
    • Which assets are assigned to specific roles?
    • How will the device status be changed in the ITAM tool once deployed?

    The image shows a workflow chart titled Hardware Deployment. It is divided into two categories, listed on the left: Desktop Support Team and Procurement.

    Large-scale deployments should be run as projects, benefitting from economies of scale in each step

    Large-scale desktop deployments or data center upgrades will likely be managed as projects.

    These projects should include project plans, including resources, timelines, and detailed procedures.

    Define the process for large-scale deployment if it will differ from the regular deployment process.

    The image is a graphic of a flowchart titled Deployment-Equipment-Large Quantity Rollout. It is divided into three categories, listed on the left: IT Procurement; Desktop Rollout Team; Asset Manager.

    Document the deployment workflow(s)

    2.2.3 Document deployment workflows for desktop and large-scale deployment

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Operations (optional)
    • CFO or other management representative from Finance

    Document

    Document in the Standard Operating Procedures, Section 9: Deployment

    Document each step in the system deployment process with notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for it.
    2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If yes, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    4. Document separately the process for large-scale deployment if required.

    Look for opportunities to improve the request and deployment process with better communication and tools

    The biggest challenge in deploying equipment is meeting expectations of the business, and without cooperation from multiple departments, this becomes significantly more difficult.

    • Work with the procurement and the services team to ensure inventory is accessible, and regularly validate that inventory levels in the ITAM database are accurate.
    • Work with the HR department to predict (where possible) anticipated new hires. Plan for inventory ebbs and flows to match the hiring timelines where there are large variations.
    • If service catalogs will be made available for communicating options and SLAs for equipment purchases, work with the service catalog administrators to automate inventory checks and notifications. Work with the end-user device managers to set standards and reduce equipment variations to a manageable amount.
    • Where deployments are part of equipment refresh, ensure data is up to date for the services team to plan the project rollouts and know which software should be redeployed with the devices.
    • Infrastructure and security teams may have specific hardware assets relating to networking, data centers, and security, which may bypass the end-user device workflows but need to be tagged and entered into inventory early in the process. Work with these teams to have their equipment follow the same receiving and inventory processes. Deployment will vary based on equipment type and location.

    Automate hardware deployment where users are dispersed and deployment volume is high

    Self-serve kiosks (vending machines) can provide cost reductions in delivery of up to 25%. Organizations that have a high distribution rate are seeing reductions in cost of peripherals averaging 30-35% and a few extreme cases of closer to 85%.

    Benefits of using vending machines:

    • Secure equipment until deployed.
    • Equipment can be either purchased by credit card or linked to employee ID cards, enabling secure transactions and reporting.
    • Access rights can be controlled in real time, preventing terminated employees from accessing equipment or managing how many devices can be deployed to each user.
    • Vending machines can be managed through a cellular or wireless network.
    • Technology partners can be tasked with monitoring and refilling vending machines.
    • Employees are able to access technology wherever a vending machine can be located rather than needing to travel to the help desk.
    • Equipment loans and new employee packages can be managed through vending machines.

    Phase 2 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Request, Procure, Receive, and Deploy

    Proposed Time to Completion: 4 weeks

    Step 2.1: Request & Procure

    Start with an analyst kick-off call:

    • Define standard and non-standard hardware.
    • Weigh the pros and cons of leasing vs. buying.
    • Build the procurement process.

    Then complete these activities…

    • Define standard hardware requests.
    • Document standard hardware request procedure.
    • Document procurement workflow.
    • Build a purchasing policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Non-Standard Hardware Request Form
    • Hardware Procurement Workflow
    • Purchasing Policy

    Step 2.2: Receive & Deploy

    Review findings with analyst:

    • Determine appropriate asset tagging method.
    • Define equipment receiving process.
    • Define equipment deployment process.

    Then complete these activities…

    • Select appropriate asset tagging method.
    • Design workflow for receiving and inventorying equipment.
    • Document the deployment workflow(s).

    With these tools & templates:

    • Standard Operating Procedures
    • Equipment Receiving & Tagging Workflow
    • Deployment Workflow

    Phase 2 Insight: Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.2 Define standard hardware requests

    Divide whiteboard into columns representing core business areas. Define core hardware assets for end users in each division along with optional hardware assets. Discuss optional assets to narrow and define standard equipment requests.

    2.2.1 Select appropriate method for tagging and tracking assets

    Discuss the various asset tagging methods and choose the tagging method that is most appropriate for your organization. Define the process for tagging assets and document the standard asset tag location according to equipment type.

    Phase 3

    Maintain and Dispose

    Implement Hardware Asset Management

    Cisco overcame organizational resistance to change to improve asset security

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Cisco Systems had created a dynamic work environment that prized individuality. This environment created high employee satisfaction, but it also created a great deal of risk surrounding device security.

    Cisco lacked an asset security policy; there were no standards for employees to follow. This created a surplus of not only hardware, but software to support the variety of needs amongst various teams at Cisco.

    Solution

    The ITAM team at Cisco recognized that their largest problem was the lack of standardization with respect to PCs. Variance in cost, lifecycle, and software needs/compatibility were primary issues.

    Cisco introduced a PC leasing program with the help of a PC asset management vendor to correct these issues. The primary goal was to increase on-time returns of PCs. A set life of 30 months was defined by the vendor.

    Results

    Cisco engaged employees to help contribute to improving its asset management protocols, and the approach worked.

    On-time returns increased from 60% to 80%. Costs were reduced due to active tracking and disposal of any owned assets still present.

    A reduction in hardware and software platforms has cut costs and increased security thanks to improved tracking capabilities.

    This case study continues in phase 4

    Step 3.1: Manage, Maintain, and Secure Hardware Assets

    Phase 3: Maintain & Dispose

    3.1 Manage & Maintain

    3.2 Dispose or Redeploy

    This step will walk you through the following activities:

    3.1.1 Build a MAC policy and request form

    3.1.2 Build workflows to document user MAC processes

    3.1.3 Design process and policies for hardware maintenance, warranty, and support documentation handling

    3.1.4 Revise or create an asset security policy

    This step involves the following participants:

    • Asset Manager
    • Service Desk Manager
    • Operations (optional)
    • Security Department

    Step Outcomes

    • Understanding of inventory management process best practices
    • Templates for move/add/change request policy and form
    • Documented process workflows for the user move/add/change process
    • Process and policies for hardware maintenance, warranty, and support documentation handling
    • Defined policies for maintaining asset security

    Determine methods for performing inventory audits on equipment

    Auto-discovery

    • Auto-discovery tools will be crucial to the process of understanding what equipment is connected to the network and in use.
    • The core functionality of discovery tools is to scan the environment and collect configuration data from all connected assets, but most tools can also be used to collect usage data, network monitoring, and software asset management data including software distribution, compliance, and license information.
    • These tools may not connect to peripheral devices such as monitors and external drives, will not scan devices that are turned off or disconnected from the network, may not inventory remote users, and will rarely provide location information. This often results in a need to complete physical audits as well.

    Info-Tech Insight

    One of the most common mistakes we see when it comes to asset management is to assume that the discovery tool will discovery most or all of your inventory and do all the work. It is better to assume only 80-90% coverage by the discovery tool and build ownership records to uncover the unreportable assets that are not tied into the network.

    Physical audit

    • The physical audit can be greatly improved with barcode, RFID, or QR codes, allowing items to be scanned, records opened, then updated.
    • If not everything is tagged or entered into the ITAM database, then searching closets, cabinets, and desk drawers may be required to tag and enter those devices into the database.
    • Provide the inventory team with exact instructions on what needs to be collected, verified, and recorded. Depending on the experience and thoroughness of the team, spot checks early in the process may alleviate quality issues often discovered at the end of the inventory cycle.

    Determine requirements for performing inventory audits on equipment

    Conduct an annual hardware audit to ensure hardware is still assigned to the person and location identified in your ITAM system, and assess its condition.

    Perform a quarterly review of hardware stock levels in order to ensure all equipment is relevant and usable. The table below is an example of how to organize this information.

    Item Target Stock Levels Estimated $ Value
    Desktop computers
    Standard issue laptops
    Mice
    Keyboards
    Network cables
    Phones

    Info-Tech Insight

    Don’t forget about your remotely deployed assets. Think about how you plan to inventory remotely deployed equipment. Some tools will allow data collection through an agent that will talk to the server over the internet, and some will completely ignore those assets or provide a way to manually collect the data and email back to the asset manager. Mobile device management tools may also help with this inventory process. Determine what is most appropriate based on the volume of remote workers and devices.

    Build an inventory management process to maintain an accurate view of owned hardware assets

    • Your inventory should capture which assets are on hand, where they are located, and who owns them, at minimum. Maintaining an accurate, up-to-date view of owned hardware assets allows you to see at any time the actual state of the components that make up your infrastructure across the enterprise.
    • Automated inventory practices save time and effort from doing physical inventories and also reduce the interruption to business users while improving accuracy of data.
    • If you are just starting out, define the process for conducting an inventory of deployed assets, and then define the process for regular upkeep and audit of inventory data.

    Inventory Methods

    • Electronic – captures networked asset information only and can be deployed over the network with no deskside service interaction.
    • Physical – captures environmental detail and must be performed manually by a service technician with possible disruption to users.
    • Full inventory – both physical and electronic inventory of assets.

    Internal asset information to collect electronically

    • Hardware configuration
    • Installed software
    • Operating system
    • System BIOS
    • Network configuration
    • Network drive mappings
    • Printer setups
    • System variables

    External asset information that cannot be detected electronically

    • Assigned user
    • Associated assets
    • Asset/user location
    • Usage of asset
    • Asset tag number

    IMAC (Install, Move, Add, Change) services will form the bulk of asset management work while assets are deployed

    IMAC services are usually performed at a user’s deskside by a services technician and can include:

    • Installing new desktops or peripherals
    • Installing or modifying software
    • Physically moving an end user’s equipment
    • Upgrading or adding components to a desktop

    Specific activities may include:

    Changes

    • Add new user IDs
    • Manage IDs
    • Network changes
    • Run auto-discovery scan

    Moves

    • Perform new location site survey
    • Coordinate with facilities
    • Disconnect old equipment
    • Move to new location
    • Reconnect at new location
    • Test installed asset
    • Obtain customer acceptance
    • Close request

    Installs and Adds

    • Perform site survey
    • Perform final configuration
    • Coordinate with Facilities
    • Asset tagging
    • Transfer data from old desktop
    • Wipe old desktop hard drive
    • Test installed asset
    • Initiate auto-discovery scan
    • Obtain customer acceptance
    • Close request

    A strong IMAC request process will lessen the burden on IT asset managers

    • When assets are actively in use, Asset Managers must also participate in the IMAC (Install-Move-Add-Change) process and ensure that any changes to asset characteristics or locations are updated and tracked in the asset management tool and that the value and usefulness of the asset is monitored.
    • The IMAC process should not only be reactive in response to requests, but proactive to plan for moves and relocations during any organizational change events.

    Recommendations:

    Automate. Wherever possible, use tools to automate the IMAC process.

    E-forms, help desk, ticketing, or change management software can automate the request workflow by allowing the requestor to submit a request ticket that can then be automatically assigned to a designated team member according to the established chain of command. As work is completed, the ticket can be updated, and the requestor will be able to check the status of the work at any time.

    Communicate the length of any downtime associated with execution of the IMAC request to lessen the frustration and impatience among users.

    Involve HR. When it comes to adding or removing user accounts, HR can be a valuable resource. As most new employees should be hired through HR, work with them to improve the onboarding process with enough advanced notice to set up accounts and equipment. Role changes with access rights and software modifications can benefit from improved communications. Review the termination process as well, to secure data and equipment.

    Build a MAC request policy and form for end users

    A consistent Move, Add, Change (MAC) request process is essential for lessening the burden on the IT department. MAC requests are used to address any number of tasks, including:

    • Relocation of PCs and/or peripherals.
    • New account setup.
    • Hardware or software upgrades.
    • Equipment swaps or replacements.
    • User account/access changes.
    • Document generation.
    • User acceptance testing.
    • Vendor coordination.

    Create a request form.

    If you are not using help desk or other ticketing software, create a request template that must be submitted for each MAC. The request should include:

    • The name and department of the requester.
    • The date of the request.
    • Severity of the request. For example, severity can be graded on a score of high, medium, or low where high represents a mission-critical change that could compromise business continuity if not addressed immediately, and low represents a more cosmetic change that will not negatively affect operations. The severity of the request can be determined by the service-level agreement (SLA) associated with the service.
    • Date the request must be completed by. Or at least, what would be the ideal date for completion. This will vary greatly depending on the severity of the request. For example, deleting the access of a terminated employee would be very time sensitive.
    • Item or service to be moved, added, or changed. Include location, serial number, or other designated identifier where possible.
    • If the item or service is to be moved, indicated where it is being moved.
    • It is a good idea to include a comments section where the requester can add any additional questions or details.

    Use Info-Tech’s templates to build your MAC policy and request form

    3.1.1 Build a MAC policy and request form

    Desktop Move/Add/Change Policy

    This desktop move/add/change policy should be put in place to mitigate the risk associated with unauthorized changes, minimize disruption to the business, IT department, and end users, and maintain consistent expectations.

    Move, Add, Change Request Form

    Help end users navigate the move/add/change process. Use the Move/Add/Change Request Form to increase efficiency and organization for MAC requests.

    Document the process for user equipment moves

    Include the following in your process documentation:

    • How and when will any changes to user or location information be made in the ITAM tool?
    • Will any changes in AD automatically update in the ITAM tool?
    • How should requests for equipment moves or changes be made?
    • How will resources be scheduled?

    The image shows a flowchart titled SErvice Request - User Moves. The chart of processes is split into three categories, listed on the left side of the chart: User Manager; IT Coordinator; and Tier 2 & Facilities.

    Build workflows to document user MAC processes

    3.1.2 Build MAC process workflows

    Participants

    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 10: Equipment Install, Adds, Moves, and Changes

    Document each step in the system deployment process using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for each step.
    2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    4. Document separately the process for large-scale deployment if required.

    Define a policy to ensure effective maintenance of hardware assets

    Effective maintenance and support of assets provides longer life, higher employee productivity, and increased user satisfaction.

    • Your asset management documentation and database should store equipment maintenance contract information so that it can be consulted whenever hardware service is required.
    • Record who to contact as well as how, warranty information, and any SLAs that are associated with the maintenance agreement.
    • Record all maintenance that hardware equipment receives, which will be valuable for evaluating asset and supplier performance.
    • In most cases, the Service Desk should be the central point of contact for maintenance calls to all suppliers.

    Sample equipment maintenance policy terms:

    • Maintenance and support arrangements are required for all standard and non-standard hardware.
    • All onsite hardware should be covered by onsite warranty agreements with appropriate response times to meet business continuity needs.
    • Defective items under warranty should be repaired in a timely fashion.
    • Service, maintenance, and support shall be managed through the help desk ticketing system.

    Design process and policies for hardware maintenance, warranty, and support documentation handling

    3.1.3 Design process for hardware maintenance

    Participants

    • Asset Manager
    • Purchasing
    • Service Desk Manager
    • Security
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Section 10

    1. Discuss and document the policy for hardware maintenance, warranty, and support.
    2. Key outcomes should include:
    • Who signs off on policies?
    • What is the timeline for documentation review?
    • Where are warranty and maintenance documents stored?
    • How will equipment be assessed for condition during audits?
    • How often will deployed equipment be reimaged?
    • How will equipment repair needs be requested?
    • How will repairs for equipment outside warranty be handled?
  • Document in the Standard Operating Procedure.
  • Use your HAM program to improve security and meet regulatory requirements

    ITAM complements and strengthens security tools and processes, improving the company’s ability to protect its data and systems and reduce operational risk.

    It’s estimated that businesses worldwide lose more than $221 billion per year as a result of security breaches. HAM is one important factor in securing data, equipment investment, and meeting certain regulatory requirements.

    How does HAM help keep your organization secure?

    • Educating users on best practices for securing their devices, and providing physical security such as cable locks and tracking mechanisms.
    • Best practices for reporting lost or stolen equipment for quickly removing access and remotely wiping devices.
    • Accurate location and disposal records will enable accurate reporting for HIPAA and PCI DSS audits where movement of media or hardware containing data is a requirement. Best practices for disposal will include properly wiping drives, recording information, and ensuring equipment is disposed of according to environmental regulations.
    • Secure access to data through end-user mobile devices. Use accurate records and MDM tools to securely track, remove access, and wipe mobile devices if compromised.
    • Encrypt devices that may be difficult to track such as USB drives or secure ports to prevent data from being copied to external drives.
    • Managed hardware allows software to be managed and patched on a regular basis.

    Best Practices

    1. Educate end users about traveling with equipment. Phones and laptops are regularly stolen from cars; tablets and phones are left on planes. Encourage users to consider how they store equipment on the way home from work.
    2. Cable locks used at unsecured offsite or onsite work areas should be supplied to employees.
    3. Equipment stored in IT must be secured at all times.

    Implement mobile device management (MDM) solutions

    Organizations with a formal mobile management strategy have fewer problems with their mobile devices.

    Develop a secure MDM to:

    • Provide connection and device support when the device is fully subsidized by the organization to increase device control.
    • Have loaner devices for when traveling to limit device theft or data loss.
    • Personal devices not managed by MDM should be limited to internet access on a guest network.
    • Limit personal device access to only internet access or a limited zone for data access and a subset of applications.
    • Advanced MDM platforms provide additional capabilities including containerization.

    The benefits of a deployed MDM solution:

    • Central management of a variety of devices and platforms is the most important advantage of MDM. Administrators can gain visibility into device status and health, set policies to groups of users, and control who has access to what.
    • Security features such as enforcing passcodes and remote wipe are also essential, given the increased risk of mobile devices.
      • Remote wipe should be able to wipe either the whole device or just selected areas.
    • Separation of personal data is becoming increasingly important as BYOD becomes the norm. This is a feature that vendors are approaching radically differently.
    • Device lock: Be able to lock the device itself, its container, or its SIM. Even if the SIM is replaced, the device should still remain locked. Consider remote locking a device if retrieval is possible.

    Mobile device management is constantly evolving to incorporate new features and expand to new control areas. This is a high-growth area that warrants constant up-to-date knowledge on the latest developments.

    What can be packed into an MDM can vary and be customized in many forms for what your organization needs.

    Secure endpoint devices to protect the data you cannot control

    Endpoint Encryption

    Endpoints Average None
    Desktop 73% 4%
    Laptops 65% 9%
    Smartphones 27% 28%
    Netbooks 26% 48%
    Tablets 16% 59%
    Grand average 41%

    Benefits from endpoint encryption:

    • Reduced risk associated with mobile workers.
    • Enabled sharing of data in secured workspace.
    • Enhanced end-user accountability.
    • Reduced number of data breach incidents.
    • Reduced number of regulatory violations.

    Ways to reduce endpoint encryption costs:

    • Use multiple vendors (multiple platforms): 33%
    • Use a single vendor (one platform): 40%
    • Use a single management console: 22%
    • Outsource to managed service provider: 26%
    • Permit user self-recovery: 26%

    Remote Wiping

    • If all else fails, a device can always be erased of all its data, protecting sensitive data that may have been on it.
    • Selective wipe takes it a step further by erasing only sensitive data.

    Selective wipe is not perfect.

    It is nearly impossible to keep the types of data separate, even with a sandbox approach. Selective wipe will miss some corporate data, and even a full remote wipe can only catch some of users’ increasingly widely distributed data.

    Selective wipe can erase:

    • Corporate profiles, email, and network settings.
    • Data within a corporate container or other sandbox.
    • Apps deployed across the enterprise.

    Know when to perform a remote wipe.

    Not every violation of policy warrants a wipe. Playing Candy Crush during work hours probably does not warrant a wipe, but jail breaking or removing a master data management client can open up security holes that do warrant a wipe.

    Design an effective asset security policy to protect the business

    Data security is not simply restricted to compromised software. In fact, 70% of all data breaches in the healthcare industry since 2010 are due to device theft or loss, not hacking. (California Data Breach Report – October, 2014) ITAM is not just about tracking a device, it is also about tracking the data on the device.

    Organizations often struggle with the following with respect to IT asset security:

    • IT hardware asset removal control.
    • Personal IT hardware assets (BYOD).
    • Data removal from IT hardware assets.
    • Inventory control with respect to leased hardware and software.
    • Unused software.
    • Repetitive versions of software.
    • Unauthorized software.

    Your security policy should seek to protect IT hardware and software that:

    • Have value to the business.
    • Require ongoing maintenance and support.
    • Create potential risk in terms of financial loss, data loss, or exposure.

    These assets should be documented and controlled in order to meet security requirements.

    The asset security policy should encompass the following:

    • Involved parties.
    • Hardware removal policy/documentation procedure.
    • End-user asset security responsibilities.
    • Theft/loss reporting procedure.
    • BYOD standards, procedures, and documentation requirements.
    • Data removal.
    • Software usage.
    • Software installation.

    Info-Tech Insight

    Hardware can be pricey; data is priceless. The cost of losing a device is minimal compared to the cost of losing data contained on a device.

    Revise or create an asset security policy

    3.1.4 Develop IT asset security policy

    Participants

    • CIO or IT Director
    • Asset Manager
    • Service Desk Manager
    • Security
    • Operations (optional)

    Document

    Document in the Asset Security Policy.

    1. Identify asset security challenges within your organization. Record them in a table like the one below.
    Challenge Current Security Risk Target Policy
    Hardware removal Secure access and storage, data loss Designated and secure storage area
    BYOD No BYOD policy in place N/A → phasing out BYOD as an option
    Hardware data removal Secure data disposal Data disposal, disposal vendor
    Unused software Lack of support/patching makes software vulnerable Discovery and retirement of unused software
    Unauthorized software Harder to track, less secure Stricter stance on pirated software
    1. Brainstorm the reasons for why these challenges exist.
    2. Identify target policy details that pertain to each challenge. Record the outcomes in section(s) 5.1, 5.2, or 5.3 of the Asset Security Policy.

    Poor asset security and data protection had costly consequences for UK Ministry of Justice

    CASE STUDY

    Industry Legal

    Source ICO

    Challenge

    The Ministry of Justice (MoJ) in the UK had a security problem: hard drives that contained sensitive prisoner data were unencrypted and largely unprotected for theft.

    These hard drives contained information related to health, history of drug use, and past links to organized crime.

    After two separate incidents of hard drive theft that resulted in data breaches, the Information Commissioner’s Office (ICO), stepped in.

    Solution

    It was determined that after the first hard drive theft in October 2011, replacement hard drives with encryption software were provisioned to prisons managed by the MoJ.

    Unfortunately, the IT security personnel employed by the MoJ were unaware that the encryption software required manual activation.

    When the second hard drive theft occurred, the digital encryption could not act as a backup to poor physical security (the hard drive was not secured in a locker as per protocol).

    Results

    The perpetrators were never found and the stolen hard drives were never recovered.

    As a result of the two data breaches, the MoJ had to implement costly security upgrades to its data protection system.

    The ICO fined the MoJ £180,000 for its repeated security breaches. This costly fine could have been avoided if more diligence was present in the MoJ’s asset management program.

    Step 3.2: Dispose or Redeploy Assets

    3.1 Manage & Maintain

    3.2 Dispose or Redeploy

    This step will walk you through the following activities:

    3.2.1 Identify challenges with IT asset recovery and disposal

    3.2.2 Design hardware asset recovery and disposal workflows

    3.2.3 Build a hardware asset disposition policy

    This step involves the following participants:

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Step Outcomes:

    • Defined process to determine when to redeploy vs. dispose of hardware assets
    • Process for recovering and redeploying hardware equipment
    • Process for safely disposing of assets that cannot be redeployed
    • Comprehensive asset disposition policy

    Balance the effort to roll out new equipment against the cost to maintain equipment when building your lifecycle strategy

    The image shows two line graphs. The graph on the left is titled: Desktop Refresh Rate by Company Size (based on Revenue). The graph on the right is titled: Laptop Refresh Rate by Company Size (based on Revenue). Each graph has four lines, defined by a legend in the centre of the image: yellow is small ($25mm); dark blue is Mid ($25-500MM); light blue is large ( data-verified=$500MM); and orange is Overall.">

    (Info-Tech Research Group; N=96)

    Determining the optimal length of time to continue to use equipment will depend on use case and equipment type

    Budget profiles Refresh methods

    Stretched

    Average equipment age: 7+ years

    To save money, some organizations will take a cascading approach, using the most powerful machines for engineers or scientists to ensure processing power, video requirements and drives will meet the needs of their applications and storage needs; then passing systems down to departments who will require standard-use machines. The oldest and least powerful machines are either used as terminals or disposed.

    Generous

    Average equipment age: 3 years

    Organizations that do not want to risk user dissatisfaction or potential compatibility or reliability issues will take a more aggressive replacement approach. These organizations often have less people assigned to end-user device maintenance and will not repair equipment outside of warranty. There is little variation in processing power among devices, with major differences determined by mobility and operating system.

    Cautious

    Average equipment age: 4 to 5 years

    Organizations that fit between the other two profiles will look to stretch the budget beyond warranty years, but will keep a close eye on maintenance requirements. Repairs needed outside of warranty will require an eye to costs, efforts, and subsequent administrative work of loaning equipment to keep the end user productive while waiting on service.

    Recommendations to keep users happy and equipment in prime form is to check condition at the 2-3 year mark, reimage at least once to improve performance, and have backup machines, if equipment starts to become problematic.

    Build a process to determine when and how to redeploy or dispose of hardware assets at end of use

    • When equipment is no longer needed for the function or individual to whom it was assigned, the Hardware Asset Manager needs to use data to ensure the right decision is made as to what to do with the asset.
    • End of use involves evaluating options for either continuing to use the equipment in another capacity or by another individual or determining that the asset has no remaining value to the organization in any capacity and it is time to retire it.
    • If the asset is retired, it may still have capacity for continued use outside of the organization or it may be disposed.

    Redeployment

    • Deliver the asset to a new user if it is no longer needed by the original user but still has value and usability.
    • Redeployment saves money and prevents unnecessary purchases.
    • Common when employees leave the company or a merge or acquisition changes the asset pool.

    VS.

    Disposal

    • When an asset is no longer of use to the organization, it may be disposed of.
    • Need to consider potential financial and public relations considerations if disposal is not done according to environmental legislation.
    • Need to ensure proper documentation and data removal is built into disposition policy.

    Use persistent documentation and communication to improve hardware disposal and recovery

    Warning! Poor hardware disposal and recovery practices can be caused by the following:

    1. Your IT team is too busy and stretched thin. Data disposal is one of many services your IT team is likely to have to deal with, but this service requires undivided attention. By standardizing hardware refreshes, you can instill more predictability with your hardware life cycles and better manage disposal.
    2. Poor inventory management. Outdated data and poor tracking practices can result in lost assets during the disposal phase. It only takes a single lost asset to cause a disastrous data breach in your supply chain.
    3. Obliviousness to disposal regulations. Electronic disposal and electronically stored data are governed by strict regulation.

    How do you improve your hardware disposal and recovery process?

    • A specific, controlled process needs to be in place to wipe all equipment and verify that it’s been wiped properly. Otherwise, companies will continue to spend money to protect data while equipment is in use, but overlook the dangerous implications of careless IT asset disposal. Create a detailed documentation process to track your assets every step of the way to ensure that data and applications are properly disposed of. Detailed documentation can also help bolster sustainability reporting for organizations wishing to track such data.
    • Better communication should be required. Most decommissioning or refresh processes use multiple partners for manufacturing, warehousing, data destruction, product resale, and logistics. Setting up and vetting these networks can take years, and even then, managing them can be like playing a game of telephone; transparency is key.

    Address three core challenges of asset disposal and recovery

    Asset Disposal

    Data Security

    Sixty-five percent of organizations cite data security as their top concern. Many data breaches are a result of hardware theft or poor data destruction practices.

    Choosing a reputable IT disposal company or data removal software is crucial to ensuring data security with asset disposal.

    Environmental

    Electronics contain harmful heavy metals such as mercury, arsenic, and cadmium.

    Disposal of e-waste is heavily regulated, and improper disposal can result in hefty fines and bad publicity for organizations.

    Residual value

    Many obsolete IT assets are simply confined to storage at their end of life.

    This often imposes additional costs with maintenance or storage fees and leaves a lot of value on the table through assets that could be sold or re-purposed within the organization.

    Identify challenges with IT asset recovery and disposal with a triple bottom line scorecard

    3.2.1 Identify challenges with IT asset recovery and disposal

    Participants

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)
    1. Divide the whiteboard into three boxes: Social, Economic, and Environmental.
    2. Divide each box into columns like the one shown below:
    Economic
    Challenge Objectives Targets Initiatives
    No data capture during disposal Develop reporting standards 80% disposed assets recorded Work with Finance to develop reporting procedure
    Idle assets Find resale market/dispose of idle assets 50% of idle assets disposed of within the year Locate resale vendor and disposal service
    1. Ask participants to list challenges associated with each area.
    2. Once challenges facing recovery and disposal have been exhausted from the group, assign a significance of 1-5 (1 being the lowest and 5 being the highest) to each challenge.
    3. Discuss the most significant challenges and how they might be addressed through the next steps of building recovery & disposal processes.

    Build a process for recovery and redeployment of hardware

    • Having hardware standards in place makes redeploying easier by creating a larger pool of possible users for a standardized asset.
    • Most redeployment activities will be carried out by the Help Desk as a service request ticket, so it is important to have clear communication and guidelines with the Help Desk as to which tasks need to be carried out as part of the request.

    Ensure the following are addressed:

    • Where will equipment be stored before being redeployed?
    • Will shipping be required and are shipping costs factored into analysis?
    • Ensure equipment is cleaned before it is redeployed.
    • Do repairs and reconfigurations need to be made?
    • How will software be removed and licenses harvested and reported to Software Asset Manager?
    • How will data be securely wiped and protected?

    The image shows a work process in flowchart format titled Equipment Recovery. The chart is divided into two sections, listed on the left: Business Manager/HR and Desktop Support Team.

    Define the process for safely disposing of assets that cannot be redeployed

    Asset Disposal Checklist

    1. Review the data stored on the device.
    2. Determine if there has been any sensitive or confidential information stored.
    3. Remove all sensitive/confidential information.
    4. Determine if software licenses are transferable.
    5. Remove any non- transferable software prior to reassignment.
    6. Update the department’s inventory record to indicate new individual assigned custody.
    7. In the event of a transfer to another department, remove data and licensed software.
    8. If sensitive data has been stored, physically destroy the storage device.
    • Define the process for retiring and disposing of equipment that has reached replacement age or no longer meets minimum conditions or standards.
    • Clearly define the steps that need to be taken both before and after the involvement of an ITAD partner.

    The image shows a flowchart titled Equipment Disposal. It is divided into two sections, labelled on the left as: Desktop Support Team and Asset Manager.

    Design hardware asset recovery and disposal workflows

    3.2.2 Design hardware asset recovery and disposal policies and workflows

    Participants

    • Infrastructure Director/Manager
    • Asset Manager
    • Service Desk Manager
    • Operations (optional)

    Document

    Document in the Standard Operating Procedures, Sections 11 and 12

    Document each step in the recovery and disposal process in two separate workflows using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

    1. Keeping in mind current challenges around hardware asset recovery and disposal, design the target state for both the asset recovery and disposal processes.
    2. Outline each step of the process and be as granular as possible.
    3. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
    4. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
    5. Review the checklists on the previous slides to ensure all critical tasks are accounted for in your process workflows.

    Add equipment disposition to asset lifecycle decisions to meet environmental regulations and mitigate risk

    Although traditionally an afterthought in asset management, IT asset disposition (ITAD) needs to be front and center. Increase focus on data security and concern surrounding environmental sustainability and develop an awareness of the cost efficiencies possible through best-practices disposition.

    Optimized ITAD solutions:

    1. Protect sensitive or valuable data
    2. Support sustainability
    3. Focus on asset value recovery

    Info-Tech Insight

    A well-thought-out asset management program mitigates risk and is typically less costly than dealing with a large-scale data loss incident or an inappropriate disposal suit. Also, it protects your company’s reputation – which is difficult to put a price on.

    Partner with an ITAD vendor to support your disposition strategy

    Maximizing returns on assets requires knowledge and skills in asset valuation, upgrading to optimize market return, supply chain management, and packaging and shipping. It’s unlikely that the return will be adequate to justify that level of investment, so partnering with a full-service ITAD vendor is a no-brainer.

    • An ITAD vendor knows the repurpose and resale space better than your organization. They know the industry and have access to more potential buyers.
    • ITAD vendors can help your organization navigate costly environmental regulations for improper disposal of IT assets.

    Disposal doesn’t mean your equipment has to go to waste.

    Additionally, your ITAD vendor can assist with a large donation of hardware to a charitable organization or a school.

    Donating equipment to schools or non-profits may provide charitable receipts that can be used as taxable benefits.

    Before donating:

    • Ensure equipment is needed and useful to the organization.
    • Be prepared for an appraisal requirement. Receipts can only be issued for fair market value.
    • Prevent compromised data by thoroughly wiping or completely replacing drives.
    • Ensure official transfer of ownership to prevent liability if improper disposal practices follow.

    Info-Tech Insight

    Government assistance grants may be available to help keep your organization’s hardware up to date, thereby providing incentives to upgrade equipment while older equipment still has a useful life.

    Protect the organization by sufficiently researching potential ITAD partners

    Research ITAD vendors as diligently as you would primary hardware vendors.

    Failure to thoroughly investigate a vendor could result in a massive data breach, fines for disposal standards violations, or a poor resale price for your disposed assets. Evaluate vendors using questions such as the following:

    • Are you a full-service vendor or are you connected to a wholesaler?
    • Who are your collectors and processors?
    • How do you handle data wiping? If you erase the data, how many passes do you perform?
    • What do you do with the e-waste? How much is reused? How much is recycled?
    • Do you have errors and omissions insurance in case data is compromised?
    • How much will it cost to recycle or dispose of worthless equipment?
    • How much will I receive for assets that still have useful life?

    ITAD vendors that focus on recycling will bundle assets to ship to an e-waste plant – leaving money on the table.

    ITAD vendors with a focus on reuse will individually package salable assets for resale – which will yield top dollars.

    Info-Tech Insight

    To judge the success of a HAM overhaul, you need to establish a baseline with which to compare final results. Be sure to take HAM “snapshots” before ITAD partnering so it’s easy to illustrate the savings later.

    Work with ITAD partner or equipment supplier to determine most cost-effective method and appropriate time for disposal

    2-4 Two-to-four year hardware refresh cycle

    • Consider selling equipment to an ITAD partner who specializes in sales of refurbished equipment.
    • Consider donating equipment to schools or non-profits, possibly using an ITAD partner who specializes in refurbishing equipment and managing the donation process.

    5-7 Five-to-seven year hardware refresh cycle

    • At this stage equipment may still have a viable life, but would not be appropriate for school or non-profit donations, due to a potentially shorter lifespan. Consider selling equipment to an ITAD partner who has customers interested in older, refurbished equipment.

    7+ Seven or more years hardware refresh cycle

    • If keeping computers until they reach end of life, harvest parts for replacement on existing machines and budget for disposal fees.
    • Ask new computer supplier about disposal services or seek out ITAD partner who will disassemble and dispose of equipment in an environmentally responsible manner.

    Info-Tech Insight

    • In all cases, ensure hard drives are cleansed of data with no option for data recovery. Many ITAD partners will provide a drive erasure at DoD levels as part of their disposal service.
    • Many ITAD partners will provide analysts to help determine the most advantageous time to refresh.

    Ensure data security and compliance by engaging in reliable data wiping before disposition

    Failure to properly dispose of data can not only result in costly data breaches, but also fines and other regulatory repercussions. Choosing an ITAD vendor or a vendor that specializes in data erasure is crucial. Depending on your needs, there are a variety of data wiping methods available.

    Certified data erasure is the only method that leaves the asset’s hard drive intact for resale or donation. Three swipes is the bare minimum, but seven is recommended for more sensitive data (and required by the US Department of Defense). Data erasure applications may be destructive or non-destructive – both methods overwrite data to make it irretrievable.

    Physical destruction must be done thoroughly, and rigorous testing must be done to verify data irretrievability. Methods such as hand drilling are proven to be unreliable.

    Degaussing uses high-powered magnets to erase hard drives and makes them unusable. This is the most expensive option; degaussing devices can be purchased or rented.

    Info-Tech Best Practice

    Data wiping can be done onsite or can be contracted to an ITAD partner. Using an ITAD partner can ensure greater security at a more affordable price.

    Make data security a primary driver of asset disposition practices

    It is estimated that 10-15% of data loss cases result from insecure asset disposal. Protect yourself by following some simple disposition rules.

    1. Reconcile your data onsite
    • Verify that bills of landing and inventory records match before assets leave. Otherwise, you must take the receiver’s word on shipment contents.
  • Wipe data at least once onsite
    • Do at least one in-house data wipe before the assets leave the site for greater data security.
  • Transport promptly after data wiping
    • Prompt shipment will minimize involvement with the assets, and therefore, cost. Also, the chance of missing assets will drop dramatically.
  • Avoid third-party transport services
    • Reputable ITAD companies maintain strict chain of custody control over assets. Using a third party introduces unnecessary risk.
  • Keep detailed disposition records
    • Records will protect you in the event of an audit, a data loss incident, or an environmental degradation claim. They could save you millions.
  • Wipe all data-carrying items
    • Don’t forget cell phones, fax machines, USB drives, scanners, and printers – they can carry sensitive information that can put the organization at risk.
  • Only partner with insured ITAD vendors
    • You are never completely out of danger with regards to liability, but partnering with an insured vendor is potent risk mitigation.
  • Work these rules into your disposition policy to mitigate data loss risk.

    Support your HAM efforts with a comprehensive disposition policy

    3.2.3 Build a Hardware Asset Disposition Policy

    Implementation of a HAM program is a waste of time if you aren’t going to maintain it. Maintenance requires the implementation of detailed policies, training, and an ongoing commitment to proper management.

    Use Info-Tech’s Hardware Asset Disposition Policy to:

    1. Establish and define clear standards, procedures, and restrictions surrounding disposition.
    2. Ensure continual compliance with applicable data security and environmental legislation.
    3. Assign specific responsibilities to individuals or groups to ensure ongoing adherence to policy standards and that costs or benefits are in line with expectations.

    Phase 3 Guided Implementation

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Maintain & Dispose

    Proposed Time to Completion: 4 weeks

    Start with an analyst kick-off call:

    • Discuss inventory management best practices.
    • Build process for moves, adds, and changes.
    • Build process for hardware maintenance.
    • Define policies for maintaining asset security.

    Then complete these activities…

    • Build a MAC policy and request form.
    • Build workflows to document user MAC processes.
    • Design processes and policies for hardware maintenance, warranty, and support documentation handling.
    • Build an asset security policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Asset Security Policy

    Step 3.2: Dispose or Redeploy Assets

    Review findings with analyst:

    • Discuss when to dispose vs. redeploy assets.
    • Build process for redeploying vs. disposing of assets.
    • Review ITAD vendors.

    Then complete these activities…

    • Identify challenges with IT asset recovery and disposal.
    • Design hardware asset recovery and disposal workflows.
    • Build a hardware asset disposition policy.

    With these tools & templates:

    • Standard Operating Procedures
    • Asset Recovery Workflow
    • Asset Disposal Workflow
    • Hardware Asset Disposition Policy

    Phase 3 Insight: Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.4 Revise or create an asset security policy

    Discuss asset security challenges within the organization; brainstorm reasons the challenges exist and process changes to address them. Document a new asset security policy.

    3.2.2 Design hardware asset recovery and disposal workflows

    Document each step in the hardware asset recovery and disposal process, including all decision points. Examine challenges and amend the workflow to address them.

    Phase 4

    Plan Budget Process and Build Roadmap

    Implement Hardware Asset Management

    Cisco deployed an enterprise-wide re-education program to implement asset management

    CASE STUDY

    Industry Networking

    Source Cisco IT

    Challenge

    Even though Cisco Systems had designed a comprehensive asset management program, implementing it across the enterprise was another story.

    An effective solution, complete with a process that could be adopted by everyone within the organization, would require extensive internal promotion of cost savings, efficiencies, and other benefits to the enterprise and end users.

    Cisco’s asset management problem was as much a cultural challenge as it was a process challenge.

    Solution

    The ITAM team at Cisco began discussions with departments that had been tracking and managing their own assets.

    These sessions were used as an educational tool, but also as opportunities to gather internal best practices to deploy across the enterprise.

    Eventually, Cisco introduced weekly meetings with global representation to encourage company-wide communication and collaboration.

    Results

    By establishing a process for managing PC assets, we have cut our hardware costs in half.” – Mark Edmonson, Manager – IT Services Expenses

    Cisco reports that although change was difficult to adopt, end-user satisfaction has never been higher. The centralized asset management approach has resulted in better contract negotiations through better data access.

    A reduced number of hardware and software platforms has streamlined tracking and support, and will only drive down costs as time goes on.

    Step 4.1: Plan Hardware Asset Budget

    Phase 4: Plan Budget & Build Roadmap

    4.1 Plan Budget

    4.2 Communicate & Build Roadmap

    This step will walk you through the following activities:

    4.1 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

    This step involves the following participants:

    • IT Director
    • Asset Manager
    • Finance Department

    Step Outcomes

    • Know where to find data to budget for hardware needs accurately
    • Learn how to manage a hardware budget
    • Plan hardware asset budget with a budgeting tool

    Gain control of the budget to increase the success of HAM

    A sophisticated hardware asset management program will be able to uncover hidden costs, identify targets for downsizing, save money through redistributing equipment, and improve forecasting of equipment to help control IT spending.

    While some asset managers may not have experience managing budgets, there are several advantages to ITAM owning the hardware budget:

    • Be more involved in negotiating pricing with suppliers.
    • Build better relationships with stakeholders across the business.
    • Forecast requirements more accurately.
    • Inform benchmarks for hardware performance.
    • Gain more responsibility and have a greater influence on purchasing decisions.
    • Directly impact the reduction in IT spend.
    • Manage the asset database more easily and have a greater understanding of hardware needs.
    • Build a continuous rolling refresh.

    Use ITAM data to forecast hardware needs accurately and realistically

    Your IT budget should be realistic, accounting for business needs, routine maintenance, hardware replacement costs, unexpected equipment failures, and associated support and warranty costs. Know where to find the data you need and who to work with to forecast hardware needs as accurately as possible.

    What type of data should I take into account?

    Plan for:

    • New hardware purchases required
      • Planned refreshes based on equipment lifecycle
      • Inventory for break and fix
      • Standard equipment for new hires
      • Non-standard equipment required
      • Hardware for planned projects
      • Implementation and setup costs
      • Routine hardware implementation
      • Large hardware implementation for projects
      • Support and warranty costs

    Take into account:

    • Standard refresh cycle for each hardware asset
    • Amount of inventory to keep on hand
    • Length of time from procurement to inventory
    • Current equipment costs and equipment price increases
    • Equipment depreciation rates and resale profits

    Where do I find the information I need to budget accurately?

    • Work with HR to forecast equipment needs for new hires.
    • Work with the Infrastructure Manager to forecast devices and equipment needed for approved and planned projects.
    • Use the asset management database to forecast hardware refresh and replacement needs based on age and lifecycle.
    • Work with business stakeholders to ensure all new equipment needs are accounted for in the budget.

    Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

    4.1.1 Build HAM budget

    This tool is designed to assist in developing and justifying the budget for hardware assets for the upcoming year. The tool will allow you to budget for projects requiring hardware asset purchases as well as equipment requiring refresh and to adjust the budget as needed to accommodate both projects and refreshes. Follow the instructions on each tab to complete the tool.

    The hardware budget should serve as a planning and communications tool for the organization

    The most successful relationships have a common vocabulary. Thus, it is important to translate “tech speak” into everyday language and business goals and initiatives as you plan your budget.

    One of the biggest barriers that infrastructure and operations team face with regards to equipment budgeting is the lack of understanding of IT infrastructure and how it impacts the rest of the organization. The biggest challenge is to help the rest of the organization overcome this barrier.

    There are several things you can do to overcome this barrier:

    • Avoid using technical terms or jargon. Terms many would consider common knowledge, such as “WLAN,” are foreign to many.
    • Don’t assume the business knows how the technology you’re referring to will impact their day-to-day work. You will need to demonstrate it to them.
    • Help the audience understand the business impact of not implementing each initiative. What does this mean for them?
    • Discuss the options on the table in terms of the business value that the hardware can enable. Review how deferring refresh projects can impact user-facing applications, systems, and business unit operations.
    • Present options. If you can’t implement everything on the project list, present what you can do at different levels of funding.

    Info-Tech Insight

    Err on the side of inviting more discussion. Your budgeting process relies on business decision makers and receiving actionable feedback requires an ongoing exchange of information.

    Help users understand the importance of regular infrastructure refreshes

    Getting business users to support regular investments in maintenance relies on understanding and trust. Present the facts in plain language. Provide options, and clearly state the impact of each option.

    Example: Your storage environment is nearing capacity.

    Don’t:

    Explain the project exclusively in technical terms or slang.

    We’re exploring deduping technology as well as cheap solid state, SATA, and tape storage to address capacity.”

    Do:

    • Explain impact in terms that the business can understand.

    Deduplication technology can reduce our storage needs by up to 50%, allowing us to defer a new storage purchase.”

    • Be ready to present project alternatives and impacts.

    Without implementing deduplication technology, we will need to purchase additional storage by the end of the year at an estimated cost of $25,000.”

    • Connect the project to business initiatives and strategic priorities.

    This is a cost-effective technique to increase storage capacity to manage annual average data growth at around 20% per year.

    Step 4.2: Build Communication Plan and Roadmap

    Phase 4: Plan Budget & Build Roadmap

    4.1 Plan Budget

    4.2 Communicate & Build Roadmap

    This step will walk you through the following activities:

    4.2 Develop a HAM implementation roadmap

    This step involves the following participants:

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Step Outcomes

    • Documented end-user hardware asset management policies
    • Communications plan to achieve support from end users and other business units
    • HAM implementation roadmap

    Educate end users through ITAM training to increase program success

    As part of your communication plan and overall HAM implementation, training should be provided to end users within the organization.

    All facets of the business, from management to new hires, should be provided with ITAM training to help them understand their role in the project’s success.

    ITAM solutions are complex by nature with both business process and technical knowledge required to use them correctly. Keep the message appropriate to the audience – end users don’t need to know the complete process, but will need to know policy and how to request.

    Management may have priorities that appear to clash with new processes. Engage management by making them aware of the benefits and importance of ITAM. Include the benefits and consequences of not implementing ITAM in your education approach. Encourage them to support efforts by reinforcing your messages to end users.

    New hires should have ITAM training bundled into their onboarding process. Fresh minds are easier to train and the ITAM program will be seen as an organizational standard, not merely a change.

    Policy documents can help summarize end users’ obligations and clarify processes. Consider an IT Resources Acceptable UsePolicy.

    "The lowest user is the most important user in your asset management program. New employees are your most important resource. The life cycle of the assets will go much smoother if new employees are brought on board." – Tyrell Hall, ITAM Program Coordinator

    Info-Tech Insight

    During training, you should present the material through the lens of “what’s in it for me?” Otherwise, you risk alienating end users through implementing organizational change viewed as low value.

    Include policy design and enforcement in your communication plan

    • Hardware asset management policies should define the actions to be taken to protect and preserve technology assets from failure, loss, destruction, theft, or damage.
    • Implementing asset management policies enforces the notion that the organization takes its IT assets and the management of them seriously, and will help ensure the benefits of ITAM are achieved.
    • Designing, approving, documenting, and adopting one set of standard ITAM policies for each department to follow will ensure the processes are enforced equally across the organization.
    • Good ITAM policies answer the “what, how, and why” of IT asset management, provide the means for ITAM governance, and provide a basis for strategy and decision making.

    Info-Tech Insight

    Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but be sure to modify and adapt policies to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation and involvement from the committees and departments to whom it will pertain.

    Use Info-Tech’s policy templates to build HAM policies

    4.2.1 Build HAM policies

    Use these HAM policy templates to get started:

    Information Technology Standards Policy

    This policy establishes standards and guidelines for a company’s information technology environment to ensure the confidentiality, integrity, and availability of company computing resources.

    Desktop Move/Add/Change Policy

    This desktop move/add/change policy is put in place for users to request to change their desktop computing environments. This policy applies configuration changes within a company.

    Purchasing Policy

    The purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

    Hardware Asset Disposition Policy

    This policy assists in creating guidelines around disposition in the last stage of the asset lifecycle.

    Additional policy templates

    Info-Tech Insight

    Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but modify and adapt them to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation from the committees and departments to whom it will pertain.

    Create a communication plan to achieve end-user support and adherence to policies

    Communication is crucial to the integration and overall implementation of your ITAM program. An effective communication plan will:

    • Gain support from management at the project proposal phase.
    • Create end-user buy-in once the program is set to launch.
    • Maintain the presence of the program throughout the business.
    • Instill ownership throughout the business from top-level management to new hires.

    Use the variety of components as part of your communication plan in order to reach the organization.

    1. Advertise successes.
    • Regularly demonstrate the value of the ITAM program with descriptive statistics focused on key financial benefits.
    • Share data with the appropriate personnel; promote success to obtain further support from senior management.
  • Report and share asset data.
    • Sharing detailed asset-related reports frequently gives decision makers useful data to aid in their strategy.
    • These reports can help your organization prepare for audits, adjust asset budgeting, and detect unauthorized assets.
  • Communicate the value of ITAM.
    • Educate management and end users about how they fit into the bigger picture.
    • Individuals need to know that their behaviors can adversely affect data quality and, ultimately, lead to better decision making.
  • Develop a communication plan to convey the right messages

    4.2.2 Develop a communication plan to convey the right messages

    Participants

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Document

    Document in the HAM Communication Plan

    1. Identify the groups that will be affected by the HAM program as those who will require communication.
    2. For each group requiring a communication plan, identify the following:
    • Benefits of HAM for that group of individuals (e.g. better data, security).
    • The impact the change will have on them (e.g. change in the way a certain process will work).
    • Communication method (i.e. how you will communicate).
    • Timeframe (i.e. when and how often you will communicate the changes).
  • Complete this information in a table like the one below and document in the Communication Plan.
  • Group Benefits Impact Method Timeline
    Service Desk Improve end-user device support Follow new processes Email campaign 3 months
    Executives Mitigate risks, better security, more data for reporting Review and sign off on policies
    End Users Smoother request process Adhere to device security and use policies
    Infrastructure Faster access to data and one source of truth Modified processes for centralized procurement and inventory

    Implement ITAM in a phased, constructive approach

    • One of the most difficult decisions to make when implementing ITAM is: “where do we start?”
    • The pyramid to the right mirrors Maslow’s hierarchy of needs. The base is the absolute bare minimum that should be in place, and each level builds upon the previous one.
    • As you track up the pyramid, your ITAM program will become more and more mature.

    Now that your asset lifecycle environment has been constructed in full, it’s time to study it. Gather data about your assets and use the results to create reports and new solutions to continually improve the business.

    • Asset Data
    • Asset Protection: safely protect and dispose of assets once they are mass distributed throughout your organization.
    • Asset Distribution: determine standards for asset provisioning and asset inventory strategy.
    • Asset Gathering: define what assets you will procure, distribute, and track. Classifying your assets by tier will allow you to make decisions as you progress up the pyramid.

    ↑ ITAM Program Maturity

    Integrate your HAM program into the organization to assist its implementation

    The HAM program cannot perform on its own – it must be integrated with other functional areas of the organization in order to maintain its stability and support.

    • Effective IT asset management is supported by a comprehensive set of processes as part of its implementation.
    • For example, integration with the purchasing/procurement team is required to gather hardware and software purchase data to control asset costs and mitigate software license compliance risk.
    • Integration with Finance is required to support internal cost allocations and charge backs.

    To integrate your ITAM program into your organization effectively, a clear implementation roadmap needs to be designed. Prioritize “quick wins” in order to demonstrate success to the business early and gain buy-in from your team. Long-term goals should be designed that will be supported by the outcomes of the short-term gains of your ITAM program.

    Short-term goal Long-term goal
    Identify inventory classification and tool (hardware first) Hardware contract data integration (warranty, maintenance, lease)
    Create basic ITAM policies and processes Continual improvement through policy impact review and revision
    Implement ITAM auto-discovery tools Software compliance reports, internal audits

    Info-Tech Insight

    Installing an ITAM tool does not mean you have an effective asset management program. A complete solution needs to be built around your tool, but the strength of ITAM comes from processes embedded in the organization that are shaped and supported by your ITAM data.

    Develop an IT hardware asset management implementation roadmap

    4.2.3 Develop a HAM implementation roadmap

    Participants

    • CIO
    • IT Director
    • Asset Manager
    • Service Desk Manager

    Document

    Document in the IT Hardware Asset Management Implementation Roadmap

    1. Identify up to five streams to work on initiatives for the hardware asset management project.
    2. Fill out key tasks and objectives for each process. Assign responsibility for each task.
    3. Select a start date and end date for each task. See tab 1 of the tool for instructions on which letters to input for each stage of the process.
    4. Once your list is complete, open tab 3 of the tool to see your completed sunshine diagram.
    5. Keep this diagram visible for your team and use it as a guide to task completion as you work towards your future-state value stream.

    Focus on continual improvement to sustain your ITAM program

    Periodically review the ITAM program in order to achieve defined goals, objectives, and benefits.

    Act → Plan → Do → Check

    Once ITAM is in place in your organization, a focus on continual improvement creates the following benefits:

    • Remain in sync with the business: your asset management program reflects the current and desired future states of your organization at the time of its creation. But the needs of the business change. As mentioned previously, asset management is a dynamic process, so in order for your program to keep pace, a focus on continual improvement is needed.
      • For example, imagine if your organization had designed your ITAM program before cloud-based solutions were an option. What if your asset classification scheme did not include personal devices or tablets or your asset security policy lacked a section on BYOD?
    • Create funding for new projects through ITAM continual improvement: one of the goals is to save money through more efficient use of your assets by “sweating” out underused hardware and software.
      • It may be tempting to simply present the results to Finance as savings, but instead, describe the results as “available funds for other projects.” Otherwise, Finance may view the savings as a nod to restrict IT’s budget and allocate funds elsewhere. Make it clear that any saved funds are still required, albeit in a different capacity.

    Info-Tech Best Practice

    Look for new uses for ITAM data. Ask management what their goals are for the next 12-18 months. Analyze the data you are gathering and determine how your ITAM data can assist with achieving these goals.

    Phase 4 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Step 4.1: Plan Budget

    Start with an analyst kick-off call:

    • Know where to find data to budget for hardware needs accurately.
    • Learn how to manage a hardware budget.

    Then complete these activities…

    • Plan hardware asset budget.

    With these tools & templates:

    HAM Budgeting Tool

    Step 4.2: Communicate & Roadmap

    Review findings with analyst:

    • Develop policies for end users.
    • Build communications plan.
    • Build an implementation roadmap.

    Then complete these activities…

    • Build HAM policies.
    • Develop a communication plan.
    • Develop a HAM implementation roadmap.

    With these tools & templates:

    HAM policy templates

    HAM Communication Plan

    HAM Implementation Roadmap

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1.1 Build a hardware asset budget

    Review upcoming hardware refresh needs and projects requiring hardware purchases. Use this data to forecast and budget equipment for the upcoming year.

    4.2.2 Develop a communication plan

    Identify groups that will be affected by the new HAM program and for each group, document a communications plan.

    Insight breakdown

    Overarching Insights

    HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.

    ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.

    Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

    Phase 1 Insight

    For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

    Phase 2 Insight

    Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

    Phase 3 Insight

    Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

    Phase 4 Insight

    Deploying a fancy ITAM tool will not make hardware asset management implementation easier. Implementation is a project that requires you focus on people and process first – the technology comes after.

    Related Info-Tech research

    Implement Software Asset Management

    Build an End-User Computing Strategy

    Find the Value – and Remain Valuable – With Cloud Asset Management

    Consolidate IT Asset Management

    Harness Configuration Management Superpowers

    IT Asset Management Market Overview

    Bibliography

    Chalkley, Martin. “Should ITAM Own Budget?” The ITAM Review. 19 May 2011. Web.

    “CHAMP: Certified Hardware Asset Management Professional Manual.” International Association of Information Technology Asset Managers, Inc. 2008. Web.

    Foxen, David. “The Importance of Effective HAM (Hardware Asset Management).” The ITAM Review. 19 Feb. 2015. Web.

    Foxen, David. “Quick Guide to Hardware Asset Tagging.” The ITAM Review. 5 Sep. 2014. Web.

    Galecki, Daniel. “ITAM Lifecycle and Savings Opportunities – Mapping out the Journey.” International Association of IT Asset Managers, Inc. 16 Nov. 2014. Web.

    “How Cisco IT Reduced Costs Through PC Asset Management.” Cisco IT Case Study. 2007. Web.

    Irwin, Sherry. “ITAM Metrics.” The ITAM Review. 14 Dec. 2009. Web.

    “IT Asset and Software Management.” ECP Media LLC, 2006. Web.

    Rains, Jenny. “IT Hardware Asset Management.” HDI Research Brief. May 2015. Web.

    Riley, Nathan. “IT Asset Management and Tagging Hardware: Best Practices.” Samanage Blog. 5 March 2015. Web.

    “The IAITAM Practitioner Survey Results for 2016 – Lean Toward Ongoing Value.” International Association of IT Asset Managers, Inc. 24 May 2016. Web.

    Choose Your Mobile Platform and Tools

    • Buy Link or Shortcode: {j2store}281|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
    • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
    • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness their value of these trends.

    Our Advice

    Critical Insight

    • Mobile applications can stress the stability, reliability, and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
    • High costs of entry may restrict what built-in features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain built-in feature needs.
    • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

    Impact and Result

    • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
    • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
    • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

    Choose Your Mobile Platform and Tools Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Choose Your Mobile Platform and Tools Storyboard

    This blueprint helps you develop an approach to understand the mobile experience your stakeholders want your users to have and select the appropriate platform and delivery tools to meet these expectations.

    • Choose Your Mobile Platform and Tools Storyboard

    2. Mobile Application Delivery Communication Template – Clearly communicate the goal and approach of your mobile application implementation in a language your audience understands.

    This template narrates a story to describe the need and expectations of your low- and no-code initiative to get buy-in from stakeholders and interested parties.

    • Mobile Application Delivery Communication Template

    Infographic

    Workshop: Choose Your Mobile Platform and Tools

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Choose Your Platform and Delivery Solution

    The Purpose

    Choose the right mobile platform.

    Shortlist your mobile delivery solution and desired features and services.

    Key Benefits Achieved

    A chosen mobile platform that meets user and enterprise needs.

    Candidate mobile delivery solutions that meet your delivery needs and capacity of your teams.

    Activities

    1.1 Select your platform approach.

    1.2 Shortlist your mobile delivery solution.

    1.3 Build your feature and service lists.

    Outputs

    Desired mobile platform approach.

    Shortlisted mobile delivery solutions.

    Desired list of vendor features and services.

    2 Create Your Roadmap

    The Purpose

    Design the mobile application minimal viable product (MVP).

    Create your mobile roadmap.

    Key Benefits Achieved

    An achievable and valuable mobile application that is scalable for future growth.

    Clear intent of business outcome delivery and completing mobile delivery activities.

    Activities

    2.1 Define your MVP release.

    2.2 Build your roadmap.

    Outputs

    MVP design.

    Mobile delivery roadmap.

    3 Set the Mobile Context

    The Purpose

    Understand your user’s environment needs, behaviors, and challenges.

    Define stakeholder expectations and ensure alignment with the holistic business strategy.

    Identify your mobile application opportunities.

    Key Benefits Achieved

    Thorough understanding of your mobile user and opportunities where mobile applications can help.

    Level set stakeholder expectations and establish targeted objectives.

    Prioritized list of mobile opportunities.

    Activities

    3.1 Generate user personas with empathy maps.

    3.2 Build your mobile application canvas.

    3.3 Build your mobile backlog.

    Outputs

    User personas.

    Mobile objectives and metrics.

    Mobile opportunity backlog.

    4 Identify Your Technical Needs

    The Purpose

    Define the mobile experience you want to deliver and the features to enable it.

    Understand the state of your current system to support mobile.

    Identify your definition of mobile application quality.

    List the concerns with mobile delivery.

    Key Benefits Achieved

    Clear understanding of the desired mobile experience.

    Potential issues and risks with enabling mobile on top of existing systems.

    Grounded understanding of mobile application quality.

    Holistic readiness assessment to proceed with mobile delivery.

    Activities

    4.1 Discuss your mobile needs.

    4.2 Conduct a technical assessment.

    4.3 Define mobile application quality.

    4.4 Verify your decision to deliver mobile applications.

    Outputs

    List of mobile features to enable the desired mobile experience.

    System current assessment.

    Mobile application quality definition.

    Verification to proceed with mobile delivery.

    Further reading

    Choose Your Mobile Platform and Tools

    Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

    EXECUTIVE BRIEF

    Analyst Perspective

    Mobile is the way of working.

    Workers require access to enterprise products, data, and services anywhere at anytime on any device. Give them the device-specific features, offline access, desktop-like interfaces, and automation capabilities they need to be productive.

    To be successful, you need to instill a collaborative business-IT partnership. Only through this partnership will you be able to select the right mobile platform and tools to balance desired outcomes with enterprise security, performance, integration, quality, and other delivery capacity concerns.

    This is a picture of Andrew Kum-Seun Senior Research Analyst, Application Delivery and Application Management Info-Tech Research Group

    Andrew Kum-Seun
    Senior Research Analyst,
    Application Delivery and Application Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
    • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
    • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness the value of these trends.

    Common Obstacles

    • Mobile applications can stress the stability, reliability and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
    • High costs of entry may restrict what native features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain native feature needs.
    • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

    Info-Tech's Approach

    • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
    • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
    • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

    Insight Summary

    Overarching Info-Tech Insight

    Treat your mobile applications as digital products. Digital products are continuously modernized to ensure they are fit-for-purpose, secured, accessible, and immersive. A successful mobile experience involves more than just the software and supporting system. It involves good training and onboarding, efficient delivery turnaround, and a clear and rational vision and strategy.

    Phase 1: Set the Mobile Context

    • Build applications your users need and desire – Design the right mobile application that enables your users to address their frustrations and productivity challenges.
    • Maximize return on your technology investments – Build your mobile applications with existing web APIs, infrastructure, and services as much as possible.
    • Prioritize mobile security, performance and integration requirements – Understand the unique security, performance, and integration influences has on your desired mobile user experience. Find the right balance of functional and non-functional requirements through business and IT collaboration.

    Phase 2: Define Your Mobile Approach

    • Start with a mobile web platform - Minimize disruptions to your existing delivery process and technical stack by building against common web standards. Select a hybrid platform or cross-platform if you need device hardware access or have complicated non-functional requirements.
    • Focus your mobile solution decision on vendor support and functional complexity – Verify that your solution is not only compatible with the architecture, data, and policies of existing business systems, but satisfies IT's concerns with access to restricted technology and data, and with IT's ability to manage and operate your applications.
    • Anticipate changes, defects & failures in your roadmap - Quickly shift your mobile roadmaps according to user feedback, delivery challenges, value, and stability.

    Mobile is how the business works today

    Mobile adoption continues to grow in part due to the need to be a mobile workforce, and the shift in customer behaviors. This reality pushed the industry to transform business processes and technologies to better support the mobile way of working.

    Mobile Builds Interests
    61%
    Mobile devices drove 61% of visits to U.S. websites
    Source: Perficient, 2021

    Mobile Maintains Engagement
    54%
    Mobile devices generated 54.4% of global website traffic in Q4 2021.
    Source: Statista, 2022

    Mobile Drives Productivity
    82%
    According to 82% of IT executives, smartphones are highly important to employee productivity
    Source: Samsung and Oxford Economics, 2022

    Mobile applications enable and drive your digital business strategy

    Organizations know the criticality of mobile applications in meeting key business and digital transformation goals, and they are making significant investments. Over half (58%) of organizations say their main strategy for driving application adoption is enabling mobile access to critical enterprise systems (Enterprise CIO, 2016). The strategic positioning and planning of mobile applications are key for success.

    Mobile Can Motivate, Support and Drive Progress in Key Activities Underpinning Digital Transformation Goals

    Goal: Enhance Customer Experience

    • A shift from paper to digital communications
    • Seamless, omni-channel client experiences across devices
    • Create Digital interactive documents with sections that customers can customize to better understand their communications

    Goal: Increase Workflow Throughput & Efficiency

    • Digitized processes and use of data to improve process efficiency
    • Modern IT platforms
    • Automation through robotic process automation (RPA) where possible
    • Use of AI and machine learning for intelligent automation

    Source: Broadridge, 2022

    To learn more, visit Info-Tech's Define Your Digital Business Strategy blueprint.

    Well developed mobile applications bring unique opportunities to drive more value

    Role

    Opportunities With Mobile Applications

    Expected Value

    Stationary Worker

    Design flowcharts and diagrams, while abandoning paper and desktop applications in favor of easy-to-use, drawing tablet applications.

    Multitask by checking the application to verify information given by a vendor during their presentation or pitch.

    • Reduce materials cost to complete administrative responsibilities.
    • Digitally and automatically store and archive frequently used documents.

    Roaming Worker
    (Engineer)

    Replace physical copies of service and repair manuals with digital copies, and access them with mobile applications.

    Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.

    • Readily access and update corporate data anywhere at anytime.
    • Expand employee responsibilities with minimal skills impact.

    Roaming Worker
    (Nurse)

    Log patient information according to HIPAA standards and complete diagnostics live to propose medication for a patient.

    Receive messages from senior staff about patients and scheduling while on-call.

    • Quickly and accurately complete tasks and update patient data at site.
    • Be readily accessible to address urgent issues.

    Info-Tech Insight

    If you build it, they may not come. Design and build the applications your user wants and needs, and ensure users are properly onboarded and trained. Learn how your applications are leveraged, capture feedback from the user and system dashboards, and plan for enhancements, fixes, and modernizations.

    Workers expect IT to deliver against their high mobile expectations

    Workers want sophisticated mobile applications like what they see their peers and competitors use.

    Why is IT considering building their own applications?

    • Complex and Unique Workflows: Canned templates and shells are viewed as incompatible to the workflows required to complete worker responsibilities outside the office, with the same level of access to corporate data as on premise.
    • Supporting Bring Your Own Device (BYOD): Developing your own mobile applications around your security protocols and standards can help mitigate the risks with personal devices that are already in your workforce.
    • Long-Term Architecture Misalignment: Outsourcing mobile development risks the mobile application misaligned with your quality standards or incompatible with other enterprise and third-party systems.

    Continuously meeting aggressive user expectations will not be easy

    Value Quickly Wears Off
    39.9% of users uninstall an application because it is not in use.
    40%
    Source: n=2,000, CleverTap, 2021

    Low Tolerance to Waiting
    Keeping a user waiting for 3 seconds is enough to dissatisfy 43% of users.
    43%
    Source: AppSamurai, 2018

    Quick Fixes Are Paramount
    44% of defects are found by users
    44%
    Source: Perfecto Mobile, 2014

    Mobile emphasizes the importance of good security, performance, and integration

    Today's mobile workers are looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile devices, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

    Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

    Accept change as the norm

    IT is challenged with keeping up with disruptive technologies, such as mobile, which are arriving and changing faster and faster.

    What is the issue? Mobile priorities, concepts, and technologies do not remain static. For example, current Google's Pixels benefit from at least three versions of Android updates and at least three years of monthly security patches after their release (NextPit, 2022). Keeping up to date with anything mobile is difficult if you do not have the right delivery and product management practices in place.

    What is the impact on IT? Those who fail to prepare for changing requirements and technologies will quickly run into maintainability, extensibility, and flexibility issues. Mobile applications will quickly become stale and misaligned with the maturity of other enterprise infrastructure and applications.

    Continuously look at the trends, vendor roadmaps, and your user's feedback to envision where your mobile applications should be. Learning from your past attempts gives you insights on the opportunities and impacts changes will have on your people, process, and technology.

    How do I address this issue? A well-defined mobile vision and roadmap ensures your initiatives are aligned with your holistic business and technology strategies, the right problem is being solved, and resources are available to deliver high priority changes.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Address the difficulties in managing enterprise mobile technologies

    Adaptability During Development

    Teams must be ready to alter their mobile approach when new insights and issues arise during and after the delivery of your mobile application and its updates.

    High Cybersecurity Standards

    Cybersecurity should be a top priority given the high security exposure of mobiles and the sensitive data mobile applications need to operate. Role-based access, back-up systems, advanced scanning, and protection software and encryption should all be implemented.

    Integration with Other Systems

    Your application will likely be integrated with other systems to expand service offerings and optimize performance and user experience. Your enterprise integration strategy ensures all systems connect against a common pattern with compatible technologies.

    Finding the Right Mobile Developers

    Enterprise mobile delivery requires a broad skillset to build valuable applications against extensive non-functional requirements in complex and integration environments. The right resources are even harder to find when native applications are preferred over web-based ones.

    Source: Radoslaw Szeja, Netguru, 2022.

    Build and manage the right experience by treating mobile as digital products

    Digital products are continuously modernized to ensure they are fit-for-purpose, secured, insightful, accessible, and interoperable. A good experience involves more than just technology.

    First, deliver the experience end users want and expect by designing the application against digital application principles.

    Business Value

    Continuous modernization

    • Fit for purpose
    • User-centric
    • Adaptable
    • Accessible
    • Private and secured
    • Informative and insightful
    • Seamless application connection
    • Relationship and network building

    To learn more, visit Info-Tech's Modernize Your Applications blueprint.

    Then, deliver a long-lasting experience by supporting your applications with key governance and management capabilities.

    • Product Strategy and Roadmap
    • External Relationships
    • User Adoption and Organizational Change Management
    • Funding
    • Knowledge Management
    • Stakeholder Management
    • Product Governance
    • Maintenance & Enhancement
    • User Support
    • Managing and Governing Data
    • Requirements Analysis and Design
    • Research & Development

    To learn more, visit Info-Tech's Make the Case for Product Delivery blueprint.

    Choose Your Mobile Platform and Tools

    Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

    WORKFLOW

    1. Capture Your User Personas and Journey workflow: Trigger: Step 1; Step 2; Step 3; Step 4; Outcome
    2. Select Your Platform Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.
    3. Shortlist Your Solutions A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Strategic Perspective
    Business and Product Strategies

    1. End-User Perspective

    End User Needs

    • Productivity
    • Innovation
    • Transformation

    Native User Experience

    • Anytime, Anywhere
    • Visually Pleasing & Fulfilling
    • Personalized & Insightful
    • Hands-Off & Automated
    • Integrated Ecosystem

    2. Platform Perspective

    Technical Requirements

    Security

    Performance

    Integration

    Mobile Platform

    3. Solution Perspective

    Vendor Support

    Services

    Stack Mgmt.

    Quality & Risk

    Mobile Delivery Solutions

    Make user experience (UX) the standard

    User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

    For a mobile application to be meaningful, the functions, aesthetics and content must be:

    • Usable
      • Users can intuitively navigate through your mobile application and complete their desired tasks.
    • Desirable
      • The application elements are used to evoke positive emotions and appreciation.
    • Accessible
      • Users can easily use your mobile application, including those with disabilities.
    • Valuable
      • Users find the content useful, and it fulfills a need.

    Enable a greater experience with UX-driven thinking

    Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

    To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

    A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

    Source: Marky Roden, Xomino, 2018

    Define the mobile experience your end users want

    • Anytime, Anywhere
      • The user can access, update and analyze data and corporate products and services whenever they want, in all networks, and on any device.
    • Hands-Off and Automated
      • The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.
    • Personalized and Insightful
      • Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware, or predicted actions.
    • Integrated Ecosystem
      • The application supports a seamless experience across various third-party and enterprise applications and services the user needs.
    • Visually Pleasing and Fulfilling
      • The UI is intuitive and aesthetically gratifying, with little security and performance trade-offs to use the full breadth of its functions and services.

    Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

    Mobile value is dependent on the platform you choose

    What is a platform?

    "A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely-coupled API architecture, whether the supporting system is managed and supported by your organization or by third-party providers.

    Web

    Mobile web applications are deployed and executed within the mobile web browser. They are often developed with a combination of web and scripting languages, such as HTML, CSS, and JavaScript. Web often takes two forms on mobile:

    • Progressive Web Applications (PWA)
    • Mobile Web Sites

    Hybrid

    Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container. It uses the device's browser runtime engine to support more sophisticated designs and features than to the web approach.

    Cross-Platform

    Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. The solution compiles the code into device-specific builds for native deployment.

    Native

    Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

    Start mobile development on a mobile web platform

    Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first. Then consider a cross-platform application if you require device access or need to meet specific non-functional requirements.

    Why choose a mobile web platform?

    Pros

    The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g. geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

    Cons

    Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices. This requires resources with specific skillsets and different tools to support development and testing.

    Other Notable Benefits with Web Languages

    • Modern browsers in most mobile devices can execute and render many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
    • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

    Select your mobile platform

    Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

    When does a platform makes sense to use?

    Web

    • Desire to maximize current web technologies investments (people, process, and technologies).
    • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
    • Limited budget to acquire mobile development resources.
    • Access to device hardware is not a high priority.

    Hybrid / Cross-Platform

    • The need to quickly spin up native-like applications for multiple platforms and devices.
    • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
    • Vendor support is needed for the entire mobile delivery process.

    Native

    • Developers are experts in the target programming language and with the device's hardware.
    • Strong need for high performance, security, and device-specific access and customizations.
    • Application use cases require significant computing resources.

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

    Understand the common attributes of a mobile delivery solution

    • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
    • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g. AngularJS, Java) or a vendor-defined one.
    • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with third-party tools and systems to deliver and manage high quality and valuable mobile applications.
    • Emulators – Ability to virtualize an application's execution on a target platform and device.
    • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

    What are mobile delivery solutions?

    A mobile delivery solution provides the tools, resources, and support to enable or build your mobile application. It can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Solutions can be barebone software development kits (SDKs), or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

    • Mobile application management
    • Testing and publishing to app stores
    • Content management
    • Cloud hosting
    • Application performance management

    Info-Tech Insight

    Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need to acquire new tools.

    Select your mobile delivery solutions

    1. Set the scope of your framework.
    • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.
  • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Optimize your software delivery process

    Mobile brings new delivery and management challenges that are often difficult for organizations that are tied to legacy systems, hindered by rigid and slow delivery lifecycles, and are unable to adopt leading-edge technologies. Many of these challenges stem from the fact that mobile is a significant shift from desktop development:

    • Mobile devices and operating systems are heavily fragmented, especially in the Android space.
    • Test coverage is significantly expanded to include physical environments and multiple network connections.
    • Mobile devices do not have the same performance capabilities and memory storage as their desktop counterparts.
    • The user interface must be strategically designed to accommodate the limited screen size.
    • Mobile applications are highly susceptible to security breaches.
    • Mobile users often expect quick turnaround time on fixes and enhancements due to continuously changing technology, business priorities, and user needs.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    How should the process change?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      1. The activeness of users on the applications, the number of returning users, and the happiness of the users.
      2. Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      1. The business value that the user directly or indirectly receives with the mobile application.
      2. Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      1. The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      2. Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end-user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Grow your mobile delivery practice

    Level 1: Mobile Delivery Foundations

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    Level 2: Scaled Mobile Delivery

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Level 3: Leading-Edge Mobile Delivery

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    Awareness Education & Discovery Evaluation Selection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization 2.1 Understand Marketplace Capabilities & Trends 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics 4.1 Create a Weighted Selection Decision Model 5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action 2.2 Discover Alternate Solutions & Conduct Market Education 3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors 5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    2.3 Evaluate Enterprise Architecture & Application Portfolio Narrow the Field to Four Top Contenders 4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks 5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation 2.4 Validate the Business Case 5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Pitch your mobile delivery approach with Info-Tech's template

    Communicate the justification of your approach to mobile applications with Info-Tech's Mobile Application Delivery Communication Template:

    • Level set your mobile application goals and objectives by weighing end user expectations with technical requirements.
    • Define the high priority opportunities for mobile applications.
    • Educate decision makers of the limitations and challenges of delivering specific mobile experiences with the various mobile platform options.
    • Describe your framework to select the right mobile platform and delivery tools.
    • Lay out your mobile delivery roadmap and initiatives.

    INFO-TECH DELIVERABLE

    This is a screenshot from Info-Tech's Mobile Application Delivery Communication Template

    Info-Tech's methodology for mobile platform and delivery solution selection

    1. Set the Mobile Context

    2. Define Your Mobile Approach

    Phase Steps

    Step 1.1 Build Your Mobile Backlog

    Step 1.2 Identify Your Technical Needs

    Step 1.3 Define Your Non-Functional Requirements

    Step 2.1 Choose Your Platform Approach

    Step 2.2 Shortlist Your Mobile Delivery Solution

    Step 2.3 Create a Roadmap for Mobile Delivery

    Phase Outcomes

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Understand the case and motivators for mobile applications.

    Call #2: Discuss the end user and desired mobile experience.

    Call #5: Discuss the desired mobile platform.

    Call #8: Discuss your mobile MVP.

    Call #3: Review technical complexities and non-functional requirements.

    Call #6: Shortlist mobile delivery solutions and desired features.

    Call #9: Review your mobile delivery roadmap.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 9 calls over the course of 2 to 3 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Module 1 Module 2 Module 3 Module 4 Post-Workshop
    Activities Set the Mobile Context Identify Your Technical Needs Choose Your Platform & Delivery Solution Create Your Roadmap Next Steps andWrap-Up (offsite)

    1.1 Generate user personas with empathy maps

    1.2 Build your mobile application canvas

    1.3 Build your mobile backlog

    2.1 Discuss your mobile needs

    2.2 Conduct a technical assessment

    2.3 Define mobile application quality

    2.4 Verify your decision to deliver mobile applications

    3.1 Select your platform approach

    3.2 Shortlist your mobile delivery solution

    3.3 Build your feature and service lists

    4.1 Define your MVP release

    4.2 Build your roadmap

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Verification to proceed with mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap
    • Completed workshop output deliverable
    • Next steps

    Phase 1

    Set the Mobile Context

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following steps:

    • Step 1.1 – Build Your Mobile Backlog
    • Step 1.2 – Identify Your Technical Needs
    • Step 1.3 – Define Your Non-Functional Requirements

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 1.1

    Build Your Mobile Backlog

    Activities

    1.1.1 Generate user personas with empathy maps

    1.1.2 Build your mobile application canvas

    1.1.3 Build your mobile backlog

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog

    Users expect your organization to support their mobile way of working

    Today, users expect sophisticated and personalized features, immersive interactions, and cross-platform capabilities from their mobile applications and be able to access information and services anytime, anywhere and on any device. These demands are pushing organizations to become more user-driven, placing greater importance on user experience (UX) with enterprise-grade technologies.

    How has technologies evolved to easily enable mobile capabilities?

    • Desktop-Like Features
      • Native-like features, such as geolocation and local caching, are supported through web language or third-party plugins and extensions.
    • Extendable & Scalable
      • Plug-and-play architecture is designed to allow software delivery teams to explore new use cases and mobile capabilities with out-of-the-box connectors and/or customizable REST APIs.
    • Low Barrier to Entry
      • Low- and no-code development tools, full-stack solutions, and plug-and-play architectures allow non-technical users to easily build and implement applications without direct IT involvement.
    • Templates & Shells
      • Vendors provide UI templates and application shells that contain pre-built native features and multiple aesthetic layouts in a publishing-friendly and configurable way.
    • Personalized Content
      • Content can be uniquely tailored to a user's preference or be automatically generated based on the user's profile or activity history.
    • Hands-Off Operations
      • Many mobile solutions operate in a as-a-service model where the underlying and integrated technologies are managed by the vendor and abstracted away.

    Make user experience (UX) the standard

    User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

    For a mobile application to be a meaningful experience, the functions, aesthetics and content must be:

    • Usable
      • Users can intuitively navigate through your mobile application and complete their desired tasks.
    • Desirable
      • The application elements are used to evoke positive emotions and appreciation.
    • Accessible
      • Users can easily use your mobile application, including those with disabilities.
    • Valuable
      • Users find the content useful, and it fulfills a need.

    Enable a greater experience with UX-driven thinking

    Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

    To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

    A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

    Source: Marky Roden, Xomino, 2018

    UX-driven mobile apps bring together a compelling UI with valuable functionality

    Info-Tech Insight

    Organizations often over-rotate on the UI. Receptive and satisfying applications require more than just pretty pictures, bold colors, and flashy animations. UX-driven mobile applications require the seamless merging of enticing design elements and valuable functions that are specifically tailored to the behaviors of the users. Take a deep look at how each design element and function is used and perceived by the user, and how your application can sufficiently support user needs.

    UI-Function Balance to Achieve Highly Satisfying Mobile Applications

    An application's UI and function both contribute to UX, but they do so in different ways.

    • The UI generates the visual, audio, and vocal cues to draw the attention of users to key areas of the application while stimulating the user's emotions.
    • Functions give users the means to satisfy their needs effortlessly.

    Finding the right balance of UI and function is dependent on the organization's understanding of user emotions, needs, and tendencies. However, these factors are often left out of an application's design. Having the right UX competencies is key in assuring user behaviors are appropriately accommodated early in the delivery process.

    To learn more, visit Info-Tech's Modernize Your Corporate Website to Drive Business Value blueprint.

    Focus your efforts on all items that drive high user experience and satisfaction

    UX-driven mobile applications involve all interaction points and system components working together to create an immersive experience while being actively supported by delivery and operations teams. Many organizations commonly focus on visual and content design to improve the experience, but this is only a small fraction of the total UX design. Look beyond the surface to effectively enhance your application's overall UX.

    Typical Focus of Mobile UX

    Aesthetics
    What Are the Colors & Fonts?

    Relevance & Modern
    Will Users Receive Up to Date Content and Trending Features?

    UI Design
    Where Are the Interaction Points?

    Content Layout
    How Is Content Organized?

    Critical Areas of Mobile UX That Are Often Ignored

    Web Infrastructure
    How Will Your Application Be Operationally Supported?

    Human Behavior
    What Do the Users Feel About Your Application?

    Coding Language
    What Is the Best Language to Use?

    Cross-Platform Compatibility
    How Does It Work in a Browser Versus Each Mobile Platform?

    Application Quality
    How are Functional and Non-Functional Needs Balanced?

    Adoption & Retention
    How Do I Promote Adoption and Maintain User Engagement?

    Application Support
    How Will My Requests and Issues Be Handled?

    Use personas to envision who will be using your mobile application

    What Are Personas?

    Personas are detailed descriptions of the targeted audience of your mobile application. It represents a type of user in a particular scenario. Effective personas:

    • Express and focus on the major needs and expectations of the most important user groups.
    • Give a clear picture of the typical user's behavior.
    • Aid in uncovering critical features and functionalities.
    • Describe real people with backgrounds, goals, and values.

    Why Are Personas Important to UX?

    They are important because they help:

    • Focus the development of mobile application features on the immediate needs of the intended audience.
    • Detail the level of customization needed to ensure content is valuable to and resonates with the user.
    • Describe how users may behave when certain audio and visual stimulus are triggered from the mobile application.
    • Outline the special design considerations required to meet user accessibility needs.

    Key Elements of a Persona:

    • Professional and Technical Skills and Experiences (e.g., knowledge of mobile applications, area of expertise)
    • Persona Group (e.g., executives)
    • Technological Environment of User (e.g., devices, browsers, network connection)
    • Demographics (e.g., nationality, age, language spoken)
    • Typical Behaviors and Tendencies (e.g., goes to different website when cannot find information in 20 seconds)
    • Purpose of Using the Mobile Application (e.g., search for information, submit registration form)

    Create empathy maps to gain a deeper understanding of stakeholder personas

    Empathy mapping draws out the characteristics, motivations, and mannerisms of a potential end user.

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Source: XPLANE, 2017

    Empathy mapping focuses on identifying the problems, ambitions, and frustrations they are looking to resolve and describes their motivations for wanting to resolve them. This analysis helps your teams:

    • Better understand the reason behind the struggles, frustrations and motivators through a user's perspective.
    • Verify the accuracy of assertions made about the user.
    • Pinpoint the specific problem the mobile application will be designed to solve and the constraints to its successful adoption and on-going use.
    • Read more about empathy mapping and download the empathy map PDF template here.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    1.1.1 Generate user personas with empathy maps

    1-3 hours

    1. Download the Empathy Map Canvas and draw the map on a whiteboard or project it on the screen.
    2. Choose an end user to be the focus of your empathy map. Using sticky notes, fill out the sections of the empathy map in the following order:
      1. Start by filling out the goals section. State who the subject of the empathy map will be and what activity or task you would like them to do.
        1. Focus on activities and tasks that may benefit from mobile.
      2. Next, complete the outer sections in clockwise order (see, say, do, hear). The purpose of this is to think in terms of what the subject of your empathy map is observing, sensing, and experiencing.
        1. Indicate the mobile devices and OS users will likely use and the environments they will likely be in (e.g., places with poor connections)
        2. Discuss accessibility needs and how user prefer to consume content.
      3. Last, complete the inner circle of the empathy map (pains and gains). Since you spent the last step of the exercise thinking about the external influences on your stakeholder, you can think about how those stimuli affect their emotions.
    3. Document your end user persona into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • List of potential mobile application users
    • User personas
    Materials Participants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.1 cont'd

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Download the Empathy Map Canvas

    Many business priorities are driving mobile

    Mobile Applications

    • Product Roadmap
      • Upcoming enterprise technology releases and updates offer mobile capabilities to expand its access to a broader userbase.
    • Cost Optimization
      • Maximizing business value in processes and technologies through disciplined and strategic cost and spending reduction practices with mobile applications.
    • Competitive Differentiation
      • Developing and optimizing your organization's distinct products and services quickly with mobile applications.
    • Digital Transformation
      • Transitioning processes, data and systems to a digital environment to broaden access to enterprise data and services anywhere at anytime.
    • Operational Efficiency
      • Improving software delivery and business process throughput by increasing worker productivity with mobile applications.
    • Other Business Priorities
      • New corporate products and services, business model changes, application rationalization and other priorities may require modernization, innovation and a mobile way of working.

    Focus on the mobile business and end user problem, not the solution

    People are naturally solution-focused. The onus isn't on them to express their needs in the form of a problem statement!

    When refining your mobile problem statement, attempt to answer the following four questions:

    • Who is impacted?
    • What is the (user or organizational) challenge that needs to be addressed?
    • Where does it happen?
    • Why does it matter?

    There are many ways of writing problem statements, a clear approach follows the format:

    • "Our (who) has the problem that (what) when (where). Our solution should (why)."
    • Example: "Our system analysts has the problem that new tickets take too long to update when working on user requests. Our approach should enable the analyst to focus on working with customers and not on administration."

    Adapted from: "Design Problem Statements – What and How to Frame Them"

    How to write a vision statement

    It's ok to dream a little!

    When thinking about a vision statement, think about:

    • Who is it for?
    • What does the customer need?
    • What can we do for them?
    • And why is this special?

    There are different statement templates available to help form your vision statements. Some include:

    1. For [our target customer], who [customer's need], the [product] is a [product category or description] that [unique benefits and selling points]. Unlike [competitors or current methods], our product [main differentiators]. (Crossing the Chasm)
    2. "We believe (in) a [noun: world, time, state, etc.] where [persona] can [verb: do, make, offer, etc.], for/by/with [benefit/goal].
    3. To [verb: empower, unlock, enable, create, etc.] [persona] to [benefit, goal, future state].
    4. Our vision is to [verb: build, design, provide], the [goal, future state], to [verb: help, enable, make it easier to...] [persona]."

    (Numbers 2-4 from: How to define a product vision)

    Info-Tech Best Practice

    A vision shouldn't be so far out that it doesn't feel real and so short term that it gets bogged down in minutiae and implementation details. Finding that right balance will take some trial and error and will be different depending on your organization.

    Ensure mobile supports ongoing value delivery and stakeholder expectations

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Set realistic mobile goals

    Mobile applications enables the exploration of new and different ways to improve worker productivity and deliver business value. However, the realities of mobile applications may limit your ability to meet some of your objectives:

    • On the day of installation, the average retention rate for public-facing applications was 25.3%. By day 30, the retention rate drops to 5.7%. (Source: Statista, 2020)
    • 63% of 3,335 most popular Android mobile applications on the Google Play Store contained open-source components with known security vulnerabilities and other pervasive security concerns including exposing sensitive data (Source: Synopsys, 2021)
    • 62% of users would delete the application because of performance issues, such as crashes, freezes and other errors (Source: Intersog, 2021).

    These realities are not guaranteed to occur or impede your ability to deliver valuable mobile applications, but they can lead to unachievable expectations. Ensure your stakeholders are not oversold on advertised benefits and hold you accountable for unrealistic objectives. Recognize that the organization must also change how it works and operates to see the full benefit and adoption of mobile applications and overcome the known and unknown challenges and hurdles that often come with mobile delivery.

    Benchmarks present enticing opportunities, but should be used to set reasonable expectations

    66%
    Improve Market Reach
    66% of the global population uses a mobile device
    Source: DataReportal, 2021

    20%
    Connected Workers are More Productive
    Nearly 20 percent of mobile professionals estimate they miss more than three hours of working time a week not being able to get connected to the internet
    Source: iPass, 2017

    80%
    Increase Brand Recognition
    80% of smartphone users are more likely to purchase from companies whose mobile sites of apps help them easily find answers to their questions
    Source: Google, 2018

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      • The activeness of users on the applications, the number of returning users, and the happiness of the users.
      • Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      • The business value that the user directly or indirectly receives with the mobile application.
      • Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      • The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      • Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Use a canvas to define key elements of your mobile initiative

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    The problem or need mobile applications are addressing

    Vision, unique value proposition, elevator pitch, or positioning statement

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    List of business objectives or goals for the mobile application initiative.

    List of business capabilities, processes and application systems related to this initiative.

    Personas/Customers/Users

    Stakeholders

    List of groups who consume the mobile application

    List of key resources, stakeholders, and teams needed to support the process, systems and services

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    1.1.2 Build your mobile application canvas

    1-3 hours

    1. Complete the following fields to build your mobile application canvas:
      • Mobile application initiative name
      • Mobile application owner
      • Parent initiative name
      • Problem that mobile applications are intending to solve and your vision. See the outcome from the previous exercise.
      • Mobile application business goals and metrics.
      • Capabilities, processes and application systems involved
      • Primary customers/users (For additional help with your product personas, download and complete to Deliver on Your Digital Product Vision.)
    2. Stakeholders
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • User personas
    • Business strategy
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.2 cont'd

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    [Problem Statement]

    [Vision]

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    [Business Goal 1, Metric]
    [Business Goal 2, Metric]
    [Business Goal 3, Metric]

    [Business Capability]
    [Business Process]
    [Application System]

    Personas/Customers/Users

    Stakeholders

    [User 1]
    [User 2]
    [User 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Create your mobile backlog

    Your backlog gives you a holistic understanding of the demand for mobile applications across your organization.

    Opportunities
    Trends
    MVP

    External Sources

    Internal Sources

    • Market Trends Analysis
    • Competitive Analysis
    • Regulations & Industry Standards
    • Customer & Reputation Analysis
    • Application Rationalization
    • Capability & Value Stream Analysis
    • Business Requests & Incidents
    • Discovery & Mining Capabilities

    A mobile application minimum viable product (MVP) focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to maximize learning, evaluate value and acceptance, and inform the development of a full-fledged mobile delivery practice.

    Find your mobile opportunities

    Modern mobile technologies enable users to access, analyze and change data anywhere with native device features, which opens the door to enhanced processes and new value sources.

    Examples of Mobile Opportunities:

    • Mobile Payment
      • Cost alternative to credit card transaction fees.
      • Loyalty systems are updated upon payment without need of a physical card.
      • Quicker completion of transactions.
    • Inventory Management
      • Update inventory database when shipments arrive or deliveries are made.
      • Inform retailers and consumers of current stock on website.
      • Alert staff of expired or outdated products.
    • Quick and Small Data Transfer
      • Embed tags into posters to transfer URIs, which sends users to sites containing product or location information.
      • Replace entry tags, fobs, or smart cards at doors.
      • Exchange contact details.
    • Location Sensitive Information
      • Proactively send promotions and other information (e.g. coupons, event details) to users within a defined area.
      • Inform employees of nearby prospective clients.
    • Supply Chain Management
      • Track the movement and location of goods and delivery trucks.
      • Direct drivers to the most optimal route.
      • Location-sensitive billing apps such as train and bus ticket purchases.
    • Education and Learning
      • Educate users about real-world objects and places with augmented books and by pushing relevant learning materials.
      • Visualize theories and other text with dynamic 3D objects.
    • Augmented Reality (AR)
      • Provide information about the user's surroundings and the objects in the environment through the mobile device.
      • Interactive and immersive experiences with the inclusion of virtual reality.
    • Architecture and Planning
      • Visualize historic buildings or the layout of structural projects and development plans.
      • Develop a digital tour with location-based audio initiated with location-based services or a camera.
    • Navigation
      • Provide directions to users to navigate and provide contextual travelling instructions.
      • Push traffic notifications and route changes to travelling users.
    • Tracking User Movement
      • Predict the future location of users based on historic information and traffic modelling.
      • Proactively push information to users before they reach their destination.

    1.1.3 Build your mobile backlog

    1-3 hours

    1. As a group, discuss the use and value mobile already has within your organization for each persona.
      1. What are some of the apps being used?
      2. What enterprise systems and applications are already exposed to the web and accessible by mobile devices?
      3. How critical is mobile to business operations, marketing campaigns, etc.?
    2. Discuss how mobile can bring additional business value to other areas of your organization for each persona.
      1. Can mobile enhance your customer reach? Do your customers care that your services are offered through mobile?
      2. Are employees asking for better access to enterprise systems in order to improve their productivity?
    3. Write your mobile opportunities in the following form: As a [end user persona], I want to [process or capability to enable with mobile applications], so that [organizational benefit]. Prioritize each opportunity against feasibility, desirability, and viability.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    • Mobile opportunities backlog
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Manage your mobile backlog

    Your backlog stores and organizes your mobile opportunities at various stages of readiness. It must be continuously refined to address new requests, maintenance and changing priorities.

    3 – IDEAS
    Composed of raw, vague, and potentially large ideas that have yet to go through any formal valuation.

    2 – QUALIFIED
    Researched and qualified opportunities awaiting refinement.

    1 READY
    Discrete, refined opportunities that are ready to be placed in your team's delivery plans.

    Adapted from Essential Scrum

    A well-formed backlog can be thought of as a DEEP backlog

    • Detailed Appropriately: opportunities are broken down and refined as necessary
    • Emergent: The backlog grows and evolves over time as opportunities are added and removed.
    • Estimated: The effort an opportunity requires is estimated at each tier.
    • Prioritized: The opportunity's value and priority are determined at each tier.

    (Source Perforce, 2018)

    See our Deliver on Your Digital Product Vision for more information on backlog practices.

    Step 1.2

    Identify Your Technical Needs

    Activities

    1.2.1 Discuss your mobile needs

    1.2.2 Conduct a technical assessment

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • List of mobile features to enable the desired mobile experience
    • System current assessment

    Describe your desired mobile experiences with journey maps

    A journey map tells the story of the user's experience with an existing or prospective product or service, starting with a trigger, through the process of engagement, to create an outcome. Journey maps can focus on a particular part of the user's or the entire experience with your organization's products or services. All types of maps capture key interactions and motivations of the user in chronological order.

    Why are journey maps an important for mobile application delivery?

    Everyone has their own preferred method for completing their tasks on mobile devices – often, what differentiates one persona from another has to do with how users privately behave. Understand that the activities performed outside of IT's purview develop context for your persona's pain points and position IT to meet their needs with the appropriate solution.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    Two charts are depicted, the first shows the path from Trigger, through steps 1-4, to the outcome, and the Activities and Touchpoints for each. The second chart shows the Expectation analysis, showing which steps are must-haves, nice-to-haves, and hidden-needs.

    Pinpoint specific mobile needs in your journey map

    Realize that mobile applications may not precisely fit with your personas workflow or align to their expectations due to device and system limitations and restrictions. Flag the mobile opportunities that require significant modifications to underlying systems.

    Consider these workflow scenarios that can influence your persona's desire for mobile:

    Workflow Scenarios Ask Yourself The Key Questions Technology Constraints or Restrictions to Consider Examples of Mobile Opportunities

    Data View – Data is queried, prepared and presented to make informed decisions, but it cannot be edited.

    Where is the data located and can it be easily gathered and prepared?

    Is the data sensitive and can it be locally stored?

    What is the level of detail in my view?

    Multi-factor authentication required.

    Highly sensitive data requires encryption in transit and at rest.

    Minor calculations and preparation needed before data view.

    Generate a status report.

    View social media channels.

    View contact information.

    Data Collection – Data is inputted directly into the application and updates back-end system or integrated 3rd party services.

    Do I need special permission to add, delete and overwrite data?

    How much data can I edit?

    Is the data automatically gathered?

    Bandwidth restrictions.

    Multi-factor authentication required.

    Native device access required (e.g., camera).

    Multiple types and formats of gathered data.

    Manual and automatic data gathering

    Book appointments with clients.

    Update inventory.

    Tracking movement of company assets.

    Data Analysis & Modification – Data is evaluated, manipulated and transformed through the application, back-end system or 3rd party service.

    How complex are my calculations?

    Can computations be offloaded?

    What resources are needed to complete the analysis?

    Memory and processing limitations on device.

    Inability to configure device and enterprise hardware to support system resource demand.

    Scope and precision of analysis and modifications.

    Evaluate and propose trends.

    Gauge user sentiment.

    Propose next steps and directions.

    Define the mobile experience your end users want

    Anytime, Anywhere
    The user can access, update and analyze data, and corporate products and services whenever they want, in all networks, and on any device.

    Hands-Off & Automated
    The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.

    Personalized & Insightful
    Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware or predicted actions.

    Integrated Ecosystem
    The application supports a seamless experience across various 3rd party and enterprise applications and services the user needs.

    Visually Pleasing & Fulfilling
    The UI is intuitive and aesthetically gratifying with little security and performance trade-offs to use the full breadth of its functions and services.

    Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

    1.2.1 Discover your mobile needs

    1-3 hours

    1. Define the workflow of a high priority opportunity in your mobile backlog. This workflow can be pertaining to an existing mobile application or a workflow that can benefit with a mobile application.
      1. Indicate the trigger that will initiate the opportunity and the desired outcome.
      2. Break down the persona's desired outcome into small pieces of value that are realized in each workflow step.
    2. Identify activities and touchpoints the persona will need to complete to finish each step in the workflow. Indicate the technology used to complete the activity or to facilitate the touchpoint.
    3. Indicate which activities and touchpoints can be satisfied, complimented or enhanced with mobile.

    Input

    Output
    • User personas
    • Mobile application canvas
    • Desired mobile experience
    • List of mobile features
    • Journey map
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.1 cont'd

    Workflow

    Trigger

    Conduct initial analysis

    Get planning help

    Complete and submit RFP

    Design and implement solution

    Implement changes

    Activities, Channels, and Touchpoints

    Need is recognized in CIO council meeting

    See if we have a sufficient solution internally

    Seek planning help (various channels)

    *Meet with IT shared services business analyst

    Select the appropriate vendor

    Follow action plan

    Compliance rqmt triggered by new law

    See if we have a sufficient solution internally

    *Hold in-person initial meeting with IT shared services

    *Review and approve rqmts (email)

    Seek miscellaneous support

    Implement project and manage change

    Research potential solutions in the marketplace

    Excess budget identified for utilization

    Pick a "favorite" solution

    *Negotiate and sign statement of work (email)

    Prime organization for the change

    Create action plan

    If solution is unsatisfactory, plan remediation

    Current Technology

    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • ERP
    • IT asset management
    • Internet browser for research
    • Virtual environment to demonstrate solutions
    • Email
    • Vendor assessment and procurement solution
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Vendor assessment and procurement solution
    • Project management solution
    • Team collaboration solution
    • Email
    • Video conferencing
    • Phone
    • Project management solution
    • Team collaboration solution
    • Vendor's solution

    Legend:

    Bold – Touchpoint

    * – Activities or Touchpoints That Can Benefit with Mobile

    1.2.1 cont'd

    1-3 hours

    1. Analyze persona expectations. Identify the persona's must-haves, then nice-to-haves, and then hidden needs to effectively complete the workflow.
      1. Must-haves. The necessary outcomes, qualities, and features of the workflow step.
      2. Nice-to-haves. Desired outcomes, qualities, or features that your persona is able to articulate or express.
      3. Hidden needs. Outcomes, qualities, or features that your persona is not aware they have a desire for; benefits that they are pleasantly surprised to receive. These will usually be unknown for your first-iteration journey map.
    2. Indicate which persona expectations can be satisfied with mobile. Discuss what would the desired mobile experience be.
    3. Discuss feedback and experiences your team has heard from the personas they engage with regularly.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    1.2.1 cont'd

    Example

    This image contains an example workflow for determining mobile needs.

    1.2.1 cont'd

    Template:

    Workflow

    TriggerStep 1Step 2Step 3Step 4

    Desired Outcome

    Journey Map

    Activities & Touch-points

    <>

    <>

    <>

    <>

    <>

    <>

    Must-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Nice-to-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Hidden Needs

    <>

    <>

    <>

    <>

    <>

    <>

    Emotional Journey

    <>

    <>

    <>

    <>

    <>

    <>

    If you need more than four steps in the workflow, duplicate this slide.

    Understand how mobile fits with your current system

    Evaluate the risks and impacts of your desired mobile features by looking at your enterprise system architecture from top to bottom. Is your mobile vision and needs compatible with your existing business capabilities and technologies?

    An architecture is usually represented by one or more architecture views that together provide a coherent description of the application system, including demonstrating the full impact mobile will have. A single, comprehensive model is often too complex to be understood and communicated in its most detailed form, and a model too high level hides the underlying complexity of an application's structure and deployment (The Open Group, TOGAF 8.1.1 - Developing Architecture Views). Obtain a complete understanding of your architecture by assessing it through multiple levels of views to reveal different sets of concerns:

    Application Architecture Views

    1. Use Case View
    • How does your business operate, and how will users interact with your mobile applications?
  • . Process View
    • What is the user workflow impacted by mobile, and how will it change?
  • Component View
    • How are my existing applications structured? What are its various components? How will mobile expand the costs of the existing technical debt?
  • Data View
    • What is the relationship of the data and information consumed, analyzed, and transmitted? Will mobile jeopardize the quality and reliability of the data?
  • Deployment View
    • In what environment are your mobile application components deployed? How will the existing systems operate with your mobile applications?
  • System View
    • How does your mobile application communicate with other internal and external systems? How will dependencies change with mobile?
  • See our Enhance Your Solution Architecture for more information.

    Ask key questions in your current system assessment

    • How do the various components of your system communicate with each other (e.g., web APIs, middleware, and point to point)?
    • What information is exchanged during the conversation?
    • How does the data flow from one component to the next? Is the data read-only or can application and users edit and modify it?
    • What are the access points to your mid- and back-tier systems (e.g., user access through web interface, corporate networks and third-party application access through APIs)?
    • Who has access to your enterprise systems?
    • Which components are managed and operated by third-party providers? What is your level of control?
    • What are the security protocols currently enforced in your system?
    • How often are your databases updated? Is it real-time or periodic extract, transfer, and load (ETL)?
    • What are the business rules?
    • Is your mobile stack dependent on other systems?
    • Is a mobile middleware, web server, or API gateway needed to help facilitate the integration between devices and your back-end support?

    1.2.2 Conduct a technical assessment

    1-3 hours

    1. Evaluate your current systems that will support the journey map of your mobile opportunities based on two categories: system quality and system management. Use the tables on the following slides and modify the questions if needed.
    2. Discuss if the current state of your system will impede your ability to succeed with mobile. Use this discussion to verify the decision to continue with mobile applications in your current state.
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Journey map
    • Understanding of current system
    • Assessment of current system
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.2 cont'd

    Current State System Quality Assessment

    Factors Definitions Survey Responses
    Fit-for-Purpose System functionalities, services and integrations are designed and implemented for the purpose of satisfying the end users' needs and technology compatibilities. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Response Rate The system completes computation and processing requests within acceptable timeframes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Data Quality The system delivers consumable, accurate, and trustworthy data. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Usability The system provides functionalities, services and integrations that are rewarding, engaging, intuitive, and emotionally satisfying. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Reliability The system is resilient or quickly recovers from issues and defects. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Accessible The system is available on demand and on the end user's preferred interface and device. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Secured End-user activity and data is protected from unauthorized access. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Adaptable The system can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    1.2.2 cont'd

    Current State System Management Assessment

    Factors Definitions Survey Responses
    Documentation The system is documented, accurate, and shared in the organization. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Measurement The system is continuously measured against clearly defined metrics tied to business value. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Compliance The system is compliant with regulations and industry standards. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Continuous Improvement The system is routinely rationalized and enhanced. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Architecture There is a shared overview of how the process supports business value delivery and its dependencies with technologies and other processes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Ownership & Accountability The process has a clearly defined owner who is accountable for its risks and roadmap. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Support Resources are available to address adoption and execution challenges. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Organizational Change Management Communication, onboarding, and other change management capabilities are available to facilitate technology and related role and process changes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    Step 1.3

    Define Your Non-Functional Requirements

    Activities

    1.3.1 Define mobile application quality

    1.3.2 Verify your decision to deliver mobile applications

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams

    Outcomes of this step

    • Mobile application quality definition
    • Readiness for mobile delivery

    Build a strong foundation of mobile application quality

    Functionality and aesthetics often take front seats in mobile application delivery. Applications are then frequently modified and changed, not because they are functionally deficient or visually displeasing, but because they are difficult to maintain or scale, too slow, vulnerable or compromised. Implementing clear quality principles (i.e., non-functional requirements) and strong quality assurance practices throughout delivery are critical to minimize the potential work of future maintenance and to avoid, mitigate and manage IT risks.

    What is Mobile Application Quality?

    • Quality requirements (i.e., non-functional requirements) are properties of a system or product that dictate how it should behave at runtime and how it should be designed, implemented, and maintained.
    • These requirements should be involved in decision making around architecture, UI and functional design changes.
    • Functionality should not dictate the level of security, availability, or performance of a product, thereby risking system quality. Functionality and quality are viewed orthogonally, and trade-offs are discussed when one impacts the other.
    • Quality attributes should never be achieved in isolation as one attribute can have a negative or positive impact on another (e.g. security and availability).

    Why is Mobile Quality Assurance Critical?

    • Quality assurance (QA) is a necessity for the validation and verification of mobile delivery, whether you are delivering applications in an Agile or Waterfall fashion. Effective QA practices implemented across the software development lifecycle (SDLC) are vital, as all layers of the mobile stack need to readily able to adjust to suddenly evolving and changing business and user needs and technologies without risking system stability and breaking business standards and expectations.
    • However, investments in QA optimizations are often afterthoughts. QA is commonly viewed as a lower priority compared to other delivery capabilities (e.g., design and coding) and is typically the first item cut when delivery is under pressure.

    See our Build a Software Quality Assurance Program for more information.

    Mobile emphasizes the importance of good security, performance and integration

    Today's mobile workforce is looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile device, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

    Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

    Mobile risks opening and widening existing security gaps

    New mobile technologies and the continued expansion of the enterprise environment increase the number of entry points attackers to your corporate data and networks. The ever-growing volume, velocity, and variety of new threats puts significant pressure on mobile delivery teams who are responsible for implementing mobile security measures and maintaining alignment to your security policies and those of app stores.

    Mobile attacks can come from various vectors:

    Attack Surface: Mobile Device

    Attack Surface: Network

    Attack Surface: Data Center

    Browser:
    Phishing
    Buffer Overflow
    Data Caching

    System:
    No Passcode
    Jailbroken and Rooted OS
    No/Weak Encryption
    OS Data Caching

    Phone:
    SMSishing
    Radio Frequency Attacks

    Apps:
    Configuration Manipulation
    Runtime Injection
    Improper SSL Validation

    • Packet Sniffing
    • Session Hijacking
    • Man-in-the-Middle (circumvent password verification systems)
    • Fake SSL Certificate
    • Rogue Access Points

    Web Server:
    Cross-Site Scripting (XSS)
    Brute Force Attacks
    Server Misconfigurations

    Database:
    SQL Injection
    Data Dumping

    Understand the top web security risks and vulnerabilities seen in the industry

    Recognize mobile applications are exposed to the same risks and vulnerabilities as web applications. Learn of OWASP's top 10 web security risks.

    • Broken Access Control
      • Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.
    • Cryptographic Failures
      • Improper and incorrect protection of data in transit and at rest, especially proprietary and confidential data and those that fall under privacy laws.
    • Injection
      • Execution of malicious code and injection of hostile or unfiltered data on the mobile device via the mobile application.
    • Insecure Design
      • Missing or ineffective security controls in the application design. An insecure design cannot be fixed by a perfect implementation,. Needed security controls were never created to defend against specific attacks.
    • Security Misconfiguration
      • The security settings in the application are not securely set or configured, including poor security hardening and inadequate system upgrading practices.
    • Vulnerable and Outdated Components
      • System components are vulnerable because they are unsupported, out of date, untested or not hardened against current security concerns.
    • Identification and Authentication Failures
      • Improper or poor protection against authentication-related attacks, particularly to the user's identity, authentication and session management.
    • Software and Data Integrity Failures
      • Failures related to code and infrastructure that does not protect against integrity violations, such as an application relying upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks
    • Security Logging and Monitoring Failures
      • Insufficient logging, detection, monitoring, and active response that hinders the ability to detect, escalate, and respond to active breaches.
    • Server-Side Request Forgery (SSRF)
      • SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL.

    Good mobile application performance drives satisfaction and value delivery

    Underperforming mobile applications can cause your users to be unproductive. Your mobile applications should always aim to satisfy the productivity requirements of your end users.

    Users quickly notice applications that are slow and difficult to use. Providing a seamless experience for the user is now heavily dependent on how well your application performs. Optimizing your mobile application's processing efficiency can help your users perform their jobs properly in various environment conditions.

    Productive Users Need
    Performant Mobile Applications

    Persona

    Mobile Application Use Case

    Optimized Mobile Application

    Stationary Worker

    • Design flowcharts and diagrams, while abandoning paper and desktop apps in favor of easy-to-use, drawing tablet applications.
    • Multitask by checking the application to verify information given by a vendor during their presentation or pitch.
    • Flowcharts and diagrams are updated in real time for team members to view and edit
    • Compare vendors under assessment with a quick look-up app feature

    Roaming Worker (Engineer)

    • Replace physical copies of service and repair manuals physically stored with digital copies and access them with mobile applications.
    • Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.
    • Worker is capable of interacting with other features of the mobile web app while product bar code is being verified

    Enhance the performance of the entire mobile stack

    Due to frequently changing mobile hardware, users' high performance expectations and mobile network constraints, mobile delivery teams must focus on the entire mobile stack for optimizing performance.

    Fine tune your enterprise mobile applications using optimization techniques to improve performance across the full mobile stack.

    This image contains a bar graph ranking the importance of the following datapoints: Minimize render blocking resources; Configure the mobile application viewport; Determine the right image file format ; Determine above-the-fold content; Minimize browser reflow; Adopt UI techniques to improve perceived latency; Resource minification; Data compression; Asynchronous programming; Resource HTTP caching; Minimize network roundtrips for first time to render.

    Info-Tech Insight

    Some user performance expectations can be managed with clever UI design (e.g., spinning pinwheels to indicate loading in progress and directing user focus to quick loading content) and operational choices (e.g. graceful degradation and progressive enhancements).

    Create an API-centric integration strategy

    Mobile delivery teams are tasked to keep up with the changing needs of end users and accommodate the evolution of trending mobile features. Ensuring scalable APIs is critical in quickly releasing changes and ensuring availability of corporate services and resources.

    As your portfolio of mobile applications grows, and device platforms and browsers diversify, it will become increasingly complex to provide all the data and service capabilities your mobile apps need to operate. It is important that your APIs are available, reliable, reusable, and secure for multiple uses and platforms.

    Take an API-centric approach to retain control of your mobile development and ensure reliability.

    APIs are the underlying layer of your mobile applications, enabling remote access of company data and services to end users. Focusing design and development efforts on the maintainability, reliability and scalability of your APIs enables your delivery teams to:

    • Reuse tried-and-tested APIs to deliver, test and harden applications and systems quicker by standardizing on the use and structure of REST APIs.
    • Ensure a consistent experience and performance across different applications using the same API.
    • Uniformly apply security and access control to remain compliant to security protocols, industry standards and regulations.
    • Provide reliable integration points when leveraging third-party APIs and services.

    See our Build Effective Enterprise Integration on the Back of Business Process for more information.

    Guide your integration strategy with principles

    Craft your principles around good API management and integration practices

    Expose Enterprise Data And Functionality in API-Friendly Formats
    Convert complex on-premises application services into developer-friendly RESTful APIs

    Protect Information Assets Exposed Via APIs to Prevent Misuse
    Ensure that enterprise systems are protected against message-level attack and hijack

    Authorize Secure, Seamless Access for Valid Identities
    Deploy strong access control, identity federation and social login functionality

    Optimize System Performance and Manage the API Lifecycle
    Maintain the availability of backend systems for APIs, applications and end users

    Engage, Onboard, Educate and Manage Developers
    Give developers the resources they need to create applications that deliver real value

    Source: 5 Pillars of API Management, Broadcom, 2021

    Clarify your definition of mobile quality

    Quality does not mean the same thing to everyone

    Do not expect a universal definition of mobile quality. Each department, person and industry standard will have a different interpretation of quality, and they will perform certain activities and enforce policies that meet those interpretations. Misunderstanding of what is defined as a high quality mobile application within business and IT teams can lead to further confusion behind governance, testing priorities and compliance.

    Each interpretation of quality can lead to endless testing, guardrails and constraints, or lack thereof. Be clear on the priority of each interpretation and the degree of effort needed to ensure they are met.

    For example:

    Mobile Application Owner
    What does an accessible mobile application mean?

    Persona: Customer
    I can access it on mobile phones, tablets and the web browser

    Persona: Developer
    I have access to each layer of the mobile stack including the code & data

    Persona: Operations
    The mobile application is accessible 24/7 with 95% uptime

    Example: A School Board's Quality Definition

    Quality Attribute Definitions
    Usability The product is an intuitive solution. Usability is the ease with which the user accomplishes a desired task in the application system and the degree of user support the system provides. Limited training and documentation are required.
    Performance Usability and performance are closely related. A solution that is slow is not usable. The application system is able to meet timing requirements, which is dependent on stable infrastructure to support it regardless of where the application is hosted. Baseline performance metrics are defined and changes must result in improvements. Performance is validated against peak loads.
    Availability The application system is present, accessible, and ready to carry out its tasks when needed. The application is accessible from multiple devices and platforms, is available 24x7x365, and teams communicate planned downtimes and unplanned outages. IT must serve teachers international student's parents, and other users who access the application outside normal business hours. The application should never be down when it should be up. Teams must not put undue burden on end users accessing the systems. Reasonable access requirements are published.
    Security Applications handle both private and personal data, and must be able to segregate data based on permissions to protect privacy. The application system is able to protect data and information from unauthorized access. Users want it to be secure but seamless. Vendors need to understand and implement the District School Board's security requirements into their products. Teams ensure access is authorized, maintain data integrity, and enforce privacy.
    Reusability Reusability is the capability for components and subsystems to be suitable for use in other applications and in other scenarios. This attribute minimizes the duplication of components and implementation time. Teams ensure a modular design that is flexible and usable in other applications.
    Interoperability The degree to which two or more systems can usefully exchange meaningful information via interfaces in a particular context.

    Scalability

    There are two kinds of scalability:

    • Horizontal scalability (scaling out): Adding more resources to logical units, such as adding another server to a cluster of servers.
    • Vertical scalability (scaling up): Adding more resources to a physical unit, such as adding more memory to a single computer.

    Ease of maintenance and enhancements are critical. Additional care is given to custom code because of the inherent difficulty to make it scale and update.

    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.
    Cost Efficiency The application system is executed and maintained in such a way that each area of cost is reduced to what is critically needed. Cost efficiency is critical (e.g. printers cost per page, TCO, software what does downtime cost us), and everyone must understand the financial impact of their decisions.
    Self-Service End users are empowered to make configurations, troubleshoot and make changes to their application without the involvement of IT. The appropriate controls are in place to manage the access to unauthorized access to corporate systems.
    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.

    1.3.1 Define mobile application quality

    1-3 hours

    1. List 5 quality attributes that your organization sees as important for a successful mobile application.
    2. List the core personas that will support mobile delivery and that will consume the mobile application. Start with development, operations and support, and end user.
    3. Describe each quality attributes from the perspective of each persona by asking, "What does quality mean to you?".
    4. Review each description from each persona to come to an acceptable definition.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • User personas
    • Mobile application canvas
    • Journey map
    • Mobile application quality definition
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.1 cont'd

    Example: Info-Tech Guided Implementation with a Legal and Professional Services Organization

    Quality AttributeDeveloperOperations & Support TeamEnd Users

    Usability

    • Architecture and frameworks are aligned with industry best practices
    • Regular feedback through analytics and user feedback
    • Faster development and less technical debt
    • Pride in the product
    • Satisfaction that the product is serving its purpose and is actually being used by the user
    • Increased update of product use and feedback for future lifecycle
    • Standardization and positive perception of IT processes
    • Simpler to train users to adopt products and changes
    • Trust in system and ability to promote the product in a positive light
    • Trusted list of applications
    • Intuitive (easy to use, no training required)
    • Encourage collaboration and sharing ideas between end users and delivery teams
    • The information presented is correct and accurate
    • Users understand where the data came from and the algorithms behind it
    • Users learn features quickly and retain their knowledge longer, which directly correlates to decreased training costs and time
    • High uptake in use of the product
    • Seamless experience, use less energy to work with product

    Security

    • Secure by design approach
    • Testing across all layers of the application stack
    • Security analysis of our source code
    • Good approach to security requirement definition, secure access to databases, using latest libraries and using semantics in code
    • Standardized & clear practices for development
    • Making data access granular (not all or none)
    • Secure mission critical procedures which will reduce operational cost, improve compliance and mitigate risks
    • Auditable artifacts on security implementation
    • Good data classification, managed secure access, system backups and privacy protocols
    • Confidence of protection of user data
    • Encryption of sensitive data
    Availability
    • Good access to the code
    • Good access to the data
    • Good access to APIs and other integration technologies
    • Automatic alerts when something goes wrong
    • Self-repairing/recovering
    • SLAs and uptimes
    • Code documentation
    • Proactive support from the infrastructure team
    • System availability dashboard
    • Access on any end user device, including mobile and desktop
    • 24/7 uptime
    • Rapid response to reported defects or bugs
    • Business continuity

    1.3.2 Verify your decision to deliver mobile applications

    1-3 hours

    1. Review the various end user, business and technical expectations for mobile its achievability given the current state of your system and non-functional requirements.
    2. Complete the list of questions on the following slide as an indication for your readiness for mobile delivery.

    Input

    Output
    • Mobile application canvas
    • Assessment to proceed with mobile
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.2 cont'd

    Skill Sets
    Software delivery teams have skills in creating mobile applications that stakeholders are expecting in value and quality. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Architects look for ways to reuse existing technical asset and design for future growth and maturity in mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Resources can be committed to implement and manage a mobile platform. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Software delivery teams and resources are adaptable and flexible to requirements and system changes. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Delivery Process
    My software delivery process can accommodate last minute and sudden changes in mobile delivery tasks. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business and IT requirements for the mobile are clarified through collaboration between business and IT representatives. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile will help us fill the gaps and standardize our software delivery process process. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My testing practices can be adapted to verify and validate the mobile functional and non-functional requirements. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Technical Stack
    My mid-tier and back-end support has the capacity to accommodate additional traffic from mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have access to my web infrastructure and integration technologies, and I am capable of making configurations. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My security approaches and capabilities can be enhanced address specific mobile application risks and vulnerabilities. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have a sound and robust integration strategy involving web APIs that gives me the flexibility to support mobile applications. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    Phase 2

    Define Your Mobile Approach

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following activities:

    • Step 2.1 – Choose Your Platform Approach
    • Step 2.2 – Shortlist Your Mobile Delivery Solution
    • Step 2.3 – Create a Roadmap for Mobile Delivery

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 2.1

    Choose Your Platform Approach

    Activities

    2.1.1 Select your platform approach

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Desired mobile platform approach

    Mobile value is dependent on the platform you choose

    What is a platform?

    "A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely coupled API architecture whether the supporting system is managed and supported by your organization or by 3rd party providers.

    Web

    The mobile web often takes on one of the following two approaches:

    • Responsive websites – Content, UI and other website elements automatically adjusts itself according to the device, creating a seamless experience regardless of the device.
    • Progressive web applications (PWAs) – PWAs uses the browser's APIs and features to offer native-like experiences.

    Mobile web applications are often developed with a combination of HTML, CSS, and JavaScript languages.

    Hybrid

    Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container, and it uses the device's browser runtime engine to support more sophisticated designs and features compared to the web approach. Hybrid mobile solutions allows teams to code once and deploy to multiple platforms.

    Some notable examples:

    • Gmail
    • Instagram

    Cross-Platform

    Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. Then the solution will compile the code into device-specific builds for native deployment.

    Some notable examples:

    • Facebook
    • Skype
    • Slack

    Native

    Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

    With this platform, developers have direct access to local device features allowing customized operations. This enables the use of local resources, such as memory and runtime engines, which will achieve a higher performance than hybrid and cross-platform applications.

    Each platform offers unique pros and cons depending on your mobile needs

    WebHybridCross-PlatformNative

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    • Modern browsers support the popular of web languages (HTML, CSS, and JavaScript).
    • Ubiquitous across multiple form factors and devices.
    • Mobile can be easily integrated into traditional web development processes and technical stacks.
    • Installations are not required, and updates are immediate.
    • Sensitive data can be wiped from memory after app is closed.
    • Limited access to local device hardware and software.
    • Local caching is available for limited offline capabilities, but the scope of tasks that can be completed in this scenario is restricted.
    • The browser's runtime engine is limited in computing power.
    • Not all browsers fully support the latest versions of HTML, CSS, or JavaScript.
    • Web languages can be used to develop a complete application.
    • Code can be reused for multiple platforms, including web.
    • Access to commonly-used native features that are not available through the web platform.
    • Quick delivery and maintenance updates compared to native and cross-platform platforms.
    • Consistent internet access is needed due to its reliance heavily reliance on web technologies to operate.
    • Limited ability to support complex workflows and features.
    • Sluggish performance compared to cross-platform and native applications.
    • Certain features may not operate the same across all platforms given the code once, deploy everywhere approach.
    • More cost-effective to develop than using native development approaches to gain similar features. Platform-specific developers are not needed.
    • Common codebase to develop applications on different applications.
    • Enables more complex application functionalities and technical customizations compared to hybrid applications.
    • Code is not portable across cross-platform delivery solutions.
    • The framework is tied to the vendor solution which presents the risk of vendor lock-in.
    • Deployment is dependent on an app store and the delivery solution may not guarantee the application's acceptance into the application store.
    • Significant training and onboarding may be needed using the cross-platform framework.
    • Tight integration with the device's hardware enables high performance and greater use of hardware features.
    • Computationally-intensive and complex tasks can be completed on the device.
    • Available offline access.
    • Apps are available through easy-to-access app stores.
    • Requires additional investments, such as app stores, app-specific support, versioning, and platform-specific extensions.
    • Developers skilled in a device-specific language are difficult to acquire and costly to train.
    • Testing is required every time a new device or OS is introduced.
    • Higher development and maintenance costs are tradeoffs for native device features.

    Start mobile development on a mobile web platform

    Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first and then consider a cross-platform application if you require device access or the need to meet specific non-functional requirements.

    Why choose a mobile web platform?

    Pros

    The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g., geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

    Cons

    Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices requiring resources with specific skillsets and different tools to support development and testing.

    Other Notable Benefits with Web Languages

    • Modern browsers in most mobile devices are capable of executing and rendering many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
    • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

    Do you need a native platform?

    Consider web workarounds if you choose a web platform but require some native experiences.

    The web platform does not give you direct access or sophisticated customizations to local device hardware and services, underlying code and integrations. You may run into the situation where you need some native experiences, but the value of these features may not offset the costs to undertake a native, hybrid or cross-platform application. When developing hybrid and cross-platform applications with a mobile delivery solution, only the APIs of the commonly used device features are available. Note that some vendors may not offer a particular native feature across all devices, inhibiting your ability to achieve feature parity or exploiting device features only available in certain devices. Workarounds are then needed.

    Consider the following workarounds to address the required native experiences on the web platform:

    Native Function Description Web Workaround Impact
    Camera Takes pictures or records videos through the device's camera. Create an upload form in the web with HTML5. Break in workflow leading to poor user experience (UX).
    Geolocation Detects the geographical location of the device. Available through HTML5. Not Applicable.
    Calendar Stores the user's calendar in local memory. Integrate with calendaring system or manually upload contacts. Costly integration initiative. Poor user experience.
    Contacts Stores contact information in local memory. Integrate app with contact system or manually upload contacts. Costly integration initiative. Poor user experience.
    Near Field Communication (NFC) Communication between devices by touching them together or bringing them into proximity. Manual transfer of data. A lot of time is consumed transferring simple information.
    Native Computation Computational power and resources needed to complete tasks on the device. Resource-intensive requests are completed by back-end systems and results sent back to user. Slower application performance given network constraints.

    Info-Tech Insight

    In many cases, workarounds are available when evaluating the gaps between web and native applications. For example, not having application-level access to the camera does not negate the user option to upload a picture taken by the camera through a web form. Tradeoffs like this will come down to assessing the importance of each platform gap for your organization and whether a workaround is good enough as a native-like experience.

    Architect and configure your entire mobile stack with a plan

    • Assess your existing technology stack that will support your mobile platform. Determine if it has the capacity to handle mobile traffic and the necessary integration between devices and enterprise and 3rd party systems are robust and reliable. Reach out to your IT teams and vendors if you are missing key mobile components, such as:
    • The acquisition and provisioning of physical or virtual mobile web servers and middleware from existing vendors.
    • Cloud services [e.g., Mobile Back-end as a Service (mBaaS)] that assists in the mobilization of back-end data sources with API SDKs, orchestration of data from multiple sources, transformation of legacy APIs to mobile formats, and satisfaction of other security, integration and performance needs.
    • Configure the services of your web server or middleware to facilitate the translation, transformation, and transfer of data between your mobile front-end and back-end. If your plan involves scripts, maintenance and other ongoing costs will likely increase.
    • Leverage the APIs or adapters provided by your vendors or device manufacturers to integrate your mobile front-end and back-end support to your web server or middleware. If you are reusing a web server, the back-end integration should already be in place. Remember, APIs implement business rules to maintain the integrity of data exchange within your mobile stack.
    • See Appendix A for examples of reference architectures of mobile platforms.

    See our Enhance Your Solution Architecture for more information.

    Do Not Forget Your Security and Performance Requirements

    Security: New threats from mobile put organizations into a difficult situation beyond simply responding to them in a timely matter. Be careful not to take the benefits of security out of the mobile context. You need to make security a first-order citizen during the scoping, design, and optimization of your systems supporting mobile. It must also be balanced with other functional and non-functional requirements with the right roles taking accountability for these decisions.

    See our Strengthen the SSDLC for Enterprise Mobile Applications for more information.

    Performance: Within a distributed mobile environment, performance has a risk of diminishing due to limited device capacity, network hopping, lack of server scalability, API bottlenecks, and other device, network and infrastructure issues. Mobile web APIs suffer from the same pain points as traditional web browsing and unplanned API call management in an application will lead to slow performance.

    See our Develop Enterprise Mobile Applications With Realistic and Relevant Performance for more information.

    Enterprise platform selection requires a shift in perspective

    Your mobile platform selection must consider both user and enterprise (i.e., non-functional) needs. Use a two-step process for your analysis:

    Begin Platform Selection with a User-Centric Approach

    Organizations appealing to end users place emphasis on the user experience: the look and appeal of the user interface, and the satisfaction, ease of use, and value of its functionalities. In this approach, IT concerns and needs are not high priorities, but many functions are completed locally or isolated from mission critical corporate networks and sensitive data. Some needs include:

    • Performance: quick execution of tasks and calculations made on the device or offloaded to web servers or the cloud.
    • User Interface: cross-platform compatibility and feature-rich design and functionality. The right native experience is critical to the user adoption and satisfaction.
    • Device Access: use of local device hardware and software to complete app use cases, such as camera, calendar, and contact lists.

    Refine Platform Selection with an Enterprise-Centric Approach

    From the enterprise perspective, emphasis is on security, system performance, integration, reuse and other non-functional requirements as the primary motivations in the selection of a mobile platform. User experience is still a contributing factor because of the mobile application's need to drive value but its priority is not exclusive. Some drivers include:

    • Openness: agreed-upon industry standards and technologies that can be applied to serve enterprise needs which support business processes.
    • Integration: increase the reuse of legacy investments and existing applications and services with integration capabilities.
    • Flexibility: support for multiple data types from applications such as JSON format for mobile.
    • Capacity: maximize the utilization of your software delivery resources beyond the initial iteration of the mobile application.

    Info-Tech Insight

    Selecting a mobile platform should not solely be made on business requirements. Key technical stakeholders should be at the table in this discussion to provide insight on the implementation and ongoing costs and benefits of each platform. Both business and technical requirements should be considered when deciding on a final platform.

    Select your mobile platform

    Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

    When does a platform makes sense to use?

    Web

    • Desire to maximize current web technologies investments (people, process, and technologies).
    • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
    • Limited budget to acquire mobile development resources.
    • Access to device hardware is not a high priority.

    Hybrid / Cross-Platform

    • The need to quickly spin up native-like applications for multiple platforms and devices.
    • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
    • Vendor support is needed for the entire mobile delivery process.

    Native

    • Developers are experts in the target programming language and with the device's hardware.
    • Strong need for high performance, security and device-specific access and customizations.
    • Application use cases requiring significant computing resources.

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

    2.1.1 Select your platform approach

    1-3 hours

    1. Review your mobile objectives, end user needs and non-functional requirements.
    2. Determine which mobile platform is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: user-centric and enterprise-centric needs.
    3. Calculate an average score for user-centric and one for enterprise-centric. Then, map them on the matrix to indicate possible platform options. Consider all options around the plotted point.
    4. Further discuss which platforms should be the preferred choice.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Desired mobile experience
    • List of desired mobile features
    • Current state assessments
    • Mobile platform approach
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.1.1 cont'd

    User-Centric Needs: Functional Requirements

    Factors Definitions Survey Responses
    Device Hardware Access The scope of access to native device hardware features. Basic features include those that are available through current web languages (e.g., geolocation) whereas comprehensive features are those that are device-specific. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Hardware The degree of changes to the execution of local device hardware to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Device Software Access The scope of access to software on the user's device, such as calendars and contact. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Software The degree of changes to the execution of local device software to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Use Case Complexity Workflow tasks and decisions are simple and straightforward. Complex computation is not needed to acquire the desired outcome. 1 (Strongly Agree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Disagree)
    Computational Resources The resources needed on the device to complete desired functional needs. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Use Case Ambiguity The mobile use case and technical requirements are well understood and documented. Changes to the mobile application is likely. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile Application Access Enterprise systems and data are accessible to the broader organization through the mobile application. This factor does not necessarily mean that anyone can access it untracked. You may still need to identify yourself or log in, etc. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Scope of Adoption & Impact The extent to which the mobile application is leveraged in the organization. 1 (Enterprise) – 2 – 3 (Department) – 4 – 5 (Team)
    Installable The need to locally install the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Targeted Devices & Platforms Mobile applications are developed for a defined set of mobile platform versions and types and device. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Output Audience The mobile application transforms an input into a valuable output for high-priority internal or external stakeholders. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    User-Centric Needs: Native User Experience Factors

    Factors Definitions Survey Responses
    Immersive Experience The need to bridge physical world with the virtual and digital environment, such as geofencing and NFC. 1 (Internally Delivered) – 2 – 3 (3rd Party Supported) – 4 – 5 (Business Implemented)
    Timeliness of Content and Updates The speed of which the mobile application (and supporting system) responds with requested information, data and updates from enterprise systems and 3rd party services. 1 (Reasonable Delayed Response) – 2 – 3 (Partially Outsourced) – 4 – 5 (Fully Outsourced)
    Application Performance The speed of which the mobile application completes tasks is critical to its success. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Network Accessibility The needed ability to access and use the mobile application in various network conditions. 1 (Only Available When Online) – 2 – 3 (Partially Available When Online) – 4 – 5 (Available Online)
    Integrated Ecosystem The approach to integrate the mobile application with enterprise or 3rd party systems and services. 1 (Out-of-the-Box Connectors) – 2 – 3 (Configurable Connectors) – 4 – 5 (Customized Connectors)
    Desire to Have a Native Look-and-Feel The aesthetics and UI features (e.g., heavy animations) that are only available through native and cross-platform applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    User Tolerance to Change The degree of willingness and ableness for a user to change their way of working to maximize the value of the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Mission Criticality The business could not execute its main strategy if the mobile application was removed. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Value The mobile application directly adds business value to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Industry Differentiation The mobile application provides a distinctive competitive advantage or is unique to your organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    Enterprise-Centric Needs: Non-Functional Requirements

    Factors Definitions Survey Responses
    Legacy Compatibility The need to integrate and operate with legacy systems. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Code Portability The need to enable the "code once and deploy everywhere" approach. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Vendor & Technology Lock-In The tolerance to lock into a vendor mobile delivery solution or technology framework. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Data Sensitivity The data used by the mobile application does not fall into the category of sensitive data – meaning nothing financial, medical, or personal identity (GDPR and worldwide equivalents). The disclosure, modification, or destruction of this data would cause limited harm to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Data Policies Policies of the mobile application's data are mandated by internal departmental standards (e.g. naming standards, backup standards, data type consistency). Policies only mandated in this way usually have limited use in a production capacity. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Security Risks Mobile applications are connected to private data sources and its intended use will be significant if underlying data is breached. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Continuity & System Integrity Risks The mobile application in question does not have much significance relative to the running of mission critical processes in the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    System Openness Openness of enterprise systems to enable mobile applications from the user interface to the business logic and backend integrations and database. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Mobile Device Management The organization's policy for the use of mobile devices to access and leverage enterprise data and services. 1 (Bring-Your-Own-Device) – 2 – 3 (Hybrid) – 4 – 5 (Corporate Devices)

    2.1.1 cont'd

    Enterprise-Centric Needs: Delivery Capacity

    Factors Definitions Survey Responses
    Ease of Mobile Delivery The desire to have out-of-the-box and packaged tools to expedite mobile application delivery using web technologies. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Competency The capability for internal staff to and learn how to implement and administer mobile delivery tools and deliver valuable, high-quality applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Ease of Deployment The desire to have the mobile applications delivered by the team or person without specialized resources from outside the team. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Approach The capability to successfully deliver mobile applications given budgetary and costing, resourcing, and supporting services constraints. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Maintenance & Operational Support The capability of the resources to responsibly maintain and operate mobile applications, including defect fixes and the addition and extension of modules to base implementations of the digital product. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Domain Knowledge Support The availability and accessibility of subject and domain experts to guide facilitate mobile application implementation and adoption. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Urgency The desire to have the mobile application delivered quickly. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Reusable Components The desire to reuse UI elements and application components. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)

    2.1.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric Needs 4.25 3
    Functional Requirements 4.5 2.25
    Native User Experience Factors 4 1.75
    Enterprise-Centric Needs 4 2
    Non-Functional Requirements 3.75 3.25
    Delivery Capacity 4.25 2.75
    Possible Mobile Platform Cross-Platform Native PWA Hybrid

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform. Two yellow circles are overlaid, one containing the phrase: Remote Support - over the box containing Progressive Web Applications (PWA) or Hybrid; and a yellow circle containing the phrase Inventory MGMT, partly covering the box containing Native; and the box containing Cross-Platform.

    Build a scalable and manageable platform

    Long-term mobile success depends on the efficiency and reliability of the underlying operational platform. This platform must support the computational and performance demands in a changing business environment, whether it is composed of off-the-self or custom-developed solutions, or a single vendor or best-of-breed.

    • Application
      • The UI design and content language is standardized and consistently applied
      • All mobile configurations and components are automatically versioned
      • Controlled administration and tooling access, automation capabilities, and update delivery
      • Holistic portfolio management
    • Data
      • Automated data management to preserve data quality (e.g. removal of duplications)
      • Defined single source of truth
      • Adherence to data governance, and privacy and security policies
      • Good content management practices, governance and architecture
    • Infrastructure
      • Containers and sandboxes are available for development and testing
      • Self-healing and self-service environments
      • Automatic system scaling and load balancing
      • Comply to budgetary and licensing constraints
    • Integration
      • Backend database and system updates are efficient
      • Loosely coupled architecture to minimize system regressions and delivery effort
      • Application, system and data monitoring

    Step 2.2

    Shortlist Your Mobile Delivery Solution

    Activities

    2.2.1 Shortlist your mobile delivery solution

    2.2.2 Build your feature and service lists

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services

    Ask yourself: should I build or buy?

    Build Buy

    Multi-Source Best-of-Breed

    Vendor Add-Ons & Integrations

    Integrate various technologies that provide subset(s) of the features needed for supporting the business functions.

    Enhance an existing vendor's offerings by using their system add-ons either as upgrades, new add-ons or integrations.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • Introduces tool sprawl.
    • Requires resources to understand tools and how they integrate.
    • Some of the tools necessary may not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Multi-Source Custom

    Single Source

    Integrate systems built in-house with technologies developed by external organizations.

    Buy an application/system from one vendor only.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • May introduce tool sprawl.
    • Requires resources to have strong technical skills
    • Some of the tools necessary may
    • not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Weigh the pros and cons of mobile enablement versus development

    Mobile Enablement

    Mobile Development

    Description Mobile interfaces that heavily rely on enterprise or 3rd party systems to operate. Mobile does not expand the functionality of the system but complements it with enhanced access, input and consumption capabilities. Mobile applications that are custom built or configured in a way that can operate as a standalone entity, whether they are locally deployed to a user's device or virtually hosted.
    Mobile Platform Mobile web, locally installed mobile application provided by vendor Mobile web, hybrid, cross-platform, native
    Typical Audience Internal staff, trusted users Internal and external users, general public
    Examples of Tooling Flavors Enterprise applications, point solutions, robotic & process automation Mobile enterprise application platform, web development, low and no code development, software development kits (SDKs)
    Technical Skills Required Little to no mobile delivery experience and skillsets are needed, but teams must be familiar with the supporting system to understand how a mobile interface can improve the value of the system. Have good UX-driven and quality-first practices in the mobile context. In-depth coding, networking, system and UX design, data management and security skills are needed for complex designs, functions, and architectures.
    Architecture & Integration Architecture is standardized by the vendor or enterprise with UI elements that are often minimally configurable. Extensions and integrations must be done through the system rather than the mobile interface. Much of application stack and integration approach can be customized to meet the specific functional and non-functional needs. It should still leverage web and design standards and investments currently used.
    Functional Scope Functionality is limited to the what the underlying system allows the interface to do. This often is constrained to commodity web application features (e.g., reporting) or tied to minor configurations to the vendor-provided point solution Functionality is only constrained by the platform and the targeted mobile devices whether it is performance, integration, access or security related. Teams should consider feature and content parity across all products within the organization portfolio.
    Delivery Pipeline End-to-end delivery and automated pipeline is provided by the vendor to ensure parity across all interfaces. Many vendors provide cloud-based services for hosting. Otherwise, it is directly tied to the SDLC of the supporting system. End-to-end delivery and automated pipeline is directly tied to enterprise SDLC practices or through the vendor. Some vendors provide cloud-based services for hosting. Updates are manually or automatically (through a vendor) published to app stores and can be automatically pushed to corporate users through mobile application management capabilities.
    Standards & Guardrails Quality standards and technology governance are managed by the vendor or IT with limited capabilities to tailor them to be mobile specific. Quality standards and technology governance are managed by the mobile delivery teams. The degree of customizations to these standards and guardrails is dependent on the chosen platform and delivery team competencies.

    Understand the common attributes of a mobile delivery solution

    • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
    • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g., AngularJS, Java) or a vendor-defined one.
    • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with 3rd party tools and systems to deliver and manage high quality and valuable mobile applications.
    • Emulators – Ability to virtualize an application's execution on a target platform and device.
    • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

    What are mobile delivery solutions?

    A mobile delivery solution gives you the tools, resources and support to enable or build your mobile application. They can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Some solutions can be barebone software development kits (SDKs) or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

    • Mobile application management
    • Testing and publishing to app stores
    • Content management
    • Cloud hosting
    • Application performance management

    Info-Tech Insight

    Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need of acquiring new tools.

    Select your mobile delivery solutions

    1. Set the scope of your framework.
    • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.
  • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Explore the various solution options

    Vendor Hosted Mobile Platform

    • Cloud Services (Mobile Backend-as-a-Service) (Amazon Amplify, Kinvey, Back4App, Google Firebase, Apache Usergrid)
    • Low Code Mobile Platforms (Outsystems, Mendix, Zoho Creator, IBM Mobile Foundation, Pega Mobile, HCL Volt MX, Appery)
    • Mobile Development via Enterprise Application (SalesForce Heroku, Oracle Application Accelerator MAX, SAP Mobile Development Kit, NetSuite Mobile)
    • Mobile Development via Business Process Automation (PowerApps, Appian, Nintex, Quickbase)

    Cross-Platform Development SDKs

    React Native, NativeScript, Xamarin Forms, .NET MAUI, Flutter, Kotlin Multiplatform Mobile, jQuery Mobile, Telerik, Temenos Quantum

    Custom Native Development Solutions

    • Native Development Languages and Environments (Swift, Java, Objective-C, Kotlin, Xcode, NetBeans, Android Studio, AppCode, Microsoft Visual Studio, Eclipse, DriodScript, Compose, Atom)
    • Mobile Application Utilities (Unity, MonoGame, Blender, 3ds Max Design, Maya, Unreal Engine, Amazon Lumberyard, Oculus)

    Commercial-Off-the-Shelf Solutions

    • No Code Mobile Platforms (Swiftic, Betty Blocks, BuildFire, Appy Pie, Plant an App, Microsoft Power Apps, AppSheet, Wix, Quixy)
    • Mobile Application Point Solutions and Enablement via Enterprise Applications

    Hybrid Development SDKs

    Cordova Project, Sencha Touch, Electron, Ionic, Capacitor, Monaca, Voltbuilder

    Custom Web Development Solutions

    Web Development Frameworks (React, Angular, Vue, Express, Django, Rails, Spring, Ember, Backbone, Bulma, Bootstrap, Tailwind CSS, Blade)

    Get the most out of your solutions by understanding their core components

    While most of the heavy lifting is handled by the vendor or framework, understanding how the mobile application is built and operates can identify where further fine-tuning is needed to increase its value and quality.

    Platform Runtime

    Automatic provisioning, configurations, and tuning of organizational and 3rd party infrastructure for high availability, performance, security and stability. This can include cloud management and non-production environments.

    Extensions

    • Mobile delivery solutions can be extended to allow:
    • Custom development of back-end code
    • Customizable integrations and hooks where needed
    • Integrations with CI/CD pipelines and administrative services
    • Integrations with existing databases and authentication services

    Platform Services

    The various services needed to support mobile delivery and enable continuous delivery, such as:

    • Configuration & Change Management – Verifies, validates, and monitors builds, deployments and changes across all components.
    • Code Generator – Transforms UI and data models into native application components that are ready to be deployed.
    • Deployment Services – Deploys application components consistently across all target environments and app stores.
    • Application Services – Manages the mobile application at runtime, including executing scheduled tasks and instrumentation.

    Application Architecture

    Fundamentally, mobile application architecture is no different than any other application architecture so much of your design standards still applies. The trick is tuning it to best meet your mobile functional and non-functional needs.

    This image contains an example of mobile application architecture.

    Source: "HCL Volt MX", HCL.

    Build your shortlist decision criteria

    The decision on which type of mobile delivery solution to use is dependent on several key questions?

    Who is the Mobile Delivery Team?

    • Is it a worker, business or IT?
    • What skills and knowledge does this person have?
    • Who is supporting mobile delivery and management?
    • Are other skills and tools needed to support, extend or mature mobile delivery adoption?

    What are the Use Cases?

    • What is the value and priority of the use cases?
    • What native features do we need?
    • Who is the audience of the output and who is impacted?
    • What systems, data and services do I need access?
    • Is it best to build it or buy it?
    • What are the quality standards?
    • How strategic is the use case?

    How Complex is the System?

    • Is the mobile application a standalone or integrated with enterprise systems?
    • What is the system's state and architecture?
    • What 3rd party services do we need integrated?
    • Are integrations out-of-the-box or custom?
    • Is the data standardized and who can edit its definition?
    • Is the system monolithic or loosely coupled?

    How Much Can We Tolerate?

    • Risks: What are the business and technical risks involved?
    • Costs: How much can we invest in implementation, training and operations?
    • Change: What organizational changes am I expecting to make? Will these changes be accepted and adopted?

    2.2.1 Shortlist your mobile delivery solution

    1-3 hours

    1. Determine which mobile delivery solutions is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: complexity of mobile workflows and native features and management of the mobile stack.
      1. Take the average of the enterprise-centric and user-centric scores from step 2.1 for your complexity of mobile workflows and native features scores.
    2. Calculate an average score for the management of the mobile stack. Then, map them on the matrix to indicate possible solution options alongside your user-centric scores. Consider all options around the plotted point.
    3. Further discuss which solution should be the preferred choice and compare those options with your selected platform approach.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Current state assessment
    • Mobile platform approach
    • Shortlist of mobile delivery solution
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.2.1 cont'd

    Stack Management

    Factors Definitions Survey Responses
    Cost of Delayed Delivery The expected cost if a vendor solution or update is delayed. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Vendor Negotiation Organization's ability to negotiate favorable terms from vendors. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Controllable Delivery Timeline Organization's desire to control when solutions and updates are delivered. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Hosting The desired approach to host the mobile application. 1 (Fully Outsourced) – 2 – 3 (Partially Outsourced) – 4 – 5 (Internally Hosted)
    Vendor Lock-In The tolerance to be locked into a specific technology stack or vendor ecosystem. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Operational Cost Target The primary target of the mobile application's operational budget. 1 (External Resources) – 2 – 3 (Hybrid) – 4 – 5 (Internal Resources)
    Platform Management The desired approach to manage the mobile delivery solution, platform or underlying technology. 1 (Decentralized) – 2 – 3 (Federated) – 4 – 5 (Centralized)
    Skill & Competency of Mobile Delivery Team The ability of the team to create and manage valuable and high-quality mobile applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Current Investment in Enterprise Technologies The need to maximize the ROI of current enterprise technologies or integrate with legacy technologies. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Ease of Extensibility Need to have out-of-the-box connectors and plug-ins to extend the mobile delivery solution beyond its base implementation. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Holistic Application Strategy Organizational priorities on the types of applications the portfolio should be comprised. 1 (Buy) – 2 – 3 (Hybrid) – 4 – 5 (Build)
    Control of Delivery Pipeline The desire to control the software delivery pipeline from design to development, testing, publishing and support. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Specific Quality Requirements Software and mobile delivery is constrained to your unique quality standards (e.g., security, performance, availability) 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)

    2.2.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric & Enterprise Centric Needs (From Step 2.1) 4.125 2.5
    Stack Management 2 2.5
    Desired Mobile Delivery Solution Vendor-Hosted Mobile Platform

    Commercial-Off-the-Shelf Solution

    Hybrid Development Solution

    A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions.

    Consider the following in your solution selection and implementation

    • Vendor lock in – Each solution has its own approach, frameworks, and data schemas to convert designs and logic into an executable build that is stable in the targeted environment. Consequently, moving application artifacts (e.g., code and designs) from one solution or environment to another may not be easily accomplished without significant modifications or the use of application modernization or migration services.
    • Conflicting priorities and viewpoints of good delivery practices – Mobile delivery solutions are very particular on how they generate applications from designs and configurations. The solution's approach may not accommodate your interpretation of high-quality code (e.g., scalability, maintainability, extensibility, security). Technical experts should be reviewing and refactoring the generated code.
    • Incompatibility with enterprise applications and systems – The true benefit of mobile delivery solutions is their ability to connect your mobile application to enterprise and 3rd party technologies and services. This capability often requires enterprise technologies and services to be architected in a way that is compatible with your delivery solution while ensuring data, security protocols and other standards and policies are consistently enforced.
    • Integration with current application development and management tools – Mobile delivery solutions should be extensions from your existing application development and management tools that provides the versioning, testing, monitoring, and deployment capabilities to sustain a valuable application portfolio. Without this integration, IT will be unable to:
      • Root cause issues found on IT dashboards or reported to help desk.
      • Rollback defective applications to a previous stable state.
      • Obtain a complete application portfolio inventory.
      • Execute comprehensive testing for high-risk applications.
      • Trace artifacts throughout the development lifecycle.
      • Generate reports of the status of releases.

    Enhance your SDLC to support mobile delivery

    What is the SDLC?

    The software development lifecycle (SDLC) is a process that ensures valuable software products are efficiently delivered to customers. It contains a repeatable set of activities needed to intake and analyze requirements to design, build, test, deploy, and maintain software products.

    How will mobile delivery influence my SDLC?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    Example: Low- & No-Code Mobile Delivery Pipeline

    Low Code

    Data Modeling & Configuration

    No Code

    Visual Interface with Complex Data Models

    Data Modeling & Configuration

    Visual Interfaces with Simple Data Models

    GUI Designer with Customizable Components & Entities

    UI Definition & Design

    GUI Designer with Canned Templates

    Visual Workflow and Custom Scripting

    Business Logic Rules and Workflow Specification

    Visual Workflow and Natural Language Scripting

    Out-of-the-Box Plugins & Custom Integrations

    Integration of External Services (via 3rd Party APIs)

    Out-of-the-Box Plugins

    Automated and Manual Build & Packaging

    Build & Package

    Automated Build & Packaging

    Automated & Manual Testing

    Test

    Automated Testing

    One-Click Push or IT Push to App Store

    Publish to App Store

    One-Click Push to App Store

    Use Info-Tech's research to address your delivery gaps

    Mobile success requires more than a set of good tools.

    Overcome the Common Challenges Faced with Building Mobile Applications

    Common Challenges with Digital Applications

    Suggested Solutions

    • Time & Resource Constraints
    • Buy-In From Internal Stakeholders
    • Rapidly Changing Requirements
    • Legacy Systems
    • Low-Priority for Internal Tools
    • Insufficient Data Access

    Source: DronaHQ, 2021

    Learn the differentiators of mobile delivery solutions

    • Native Program Languages – Supports languages other than web (Java, Ruby, C/C++/C#, Objective-C).
    • IDE Integration – Available plug-ins for popular development suites and editors.
    • Debugging Tools – Finding and eliminating bugs (breakpoints, single stepping, variable inspection, etc.).
    • Application Packaging via IDE – Digitally sign applications through the IDE for it to be packaged and published in app stores.
    • Automated Testing Tools – Native or integration with automated functional and unit testing tools.
    • Low- and No- Code Designer – Tools for designing graphical user interfaces and features and managing data with drag-and-drop functionalities.
    • Publishing and Deployment Capabilities – Automated deployment to mobile device management (MDM) systems, mobile application management (MAM) systems, mobile application stores, and web servers.
    • Third-Party and Open-Source Integration – Integration with proprietary and open-source third-party modules, development tools, and systems.
    • Developer Marketplace – Out-of-the-box plug-ins, templates, and integration are available through a marketplace.
    • Mobile Application Support Capabilities – Ability to gather, manage, and address application issues and defects.
    • API Gateway, Monitoring, and Management – Services that enable the creation, publishing, maintenance, monitoring, and securing of APIs through a common interface.
    • Mobile Analytics and Monitoring – View the adoption, usage, and performance of deployed mobile applications through graphical dashboards.
    • Mobile Content Management – Publish and manage mobile content through a centralized system.
    • Mobile Application Security – Supports the securing of application access and usage, data encryption, and testing of security controls.

    Define your mobile delivery vendor selection criteria

    Focus on the key vendor attributes and capabilities that enable mobile delivery scaling and growth in your organization

    Considerations in Mobile Delivery Vendor Selection
    Platform Features & Capabilities Price to Implement & Operate Platform
    Types of Mobile Applications That Can Be Developed Ease of IT Administration & Management
    User Community & Marketplace Size Security, Privacy & Access Control Capabilities
    SME in Industry Verticals & Business Functions Vendor Product Roadmap & Corporate Strategy
    Pre-Built Designs, Templates & Application Shells Scope of Device- and OS-Specific Compatibilities
    Regulatory & Industry Compliance Integration & Technology Partners
    Importing Artifacts From and Exporting to Other Solutions Platform Architecture & Underlying Technology
    End-to-End Support for the Entire Mobile SDLC Relevance to Current Mobile Trends & Practices

    Build your features list

    Incorporate different perspectives when defining the list of mandatory and desired features of your target solution.

    Appendix B contains a list of features for low- and no-code solutions that can be used as a starting point.

    Visit Info-Tech's Implement a Proactive and Consistent Vendor Selection Process blueprint.

    Mobile Developer

    • Visual, drag-and-drop models to define data models, business logic, and user interfaces.
    • One-click deployment.
    • Self-healing capabilities.
    • Vendor-managed infrastructure.
    • Active community and marketplace.
    • Pre-built templates and libraries.
    • Optical character recognition and natural language processing.
    • Knowledgebase and document management.
    • Business value, operational costs, and other KPI monitoring.
    • Business workflow automation.

    Mobile IT Professional

    • Audit and change logs.
    • Theme and template builder.
    • Template management.
    • Role-based access.
    • Regulatory compliance.
    • Consistent design and user experience across applications.
    • Application and system performance monitoring.
    • Versioning and code management.
    • Automatic application and system refactoring and recovery.
    • Exception and error handling.
    • Scalability (e.g. load balancing) and infrastructure management.
    • Real-time debugging.
    • Testing capabilities.
    • Security management.
    • Application integration management.

    2.2.2 Build your feature and service lists

    1-3 hours

    Review the key outcomes in the previous exercises to help inform the features and vendor support you require to support your mobile delivery needs:

    End user personas and desired mobile experience

    Objectives and expectations

    Desired mobile features and platform

    Mobile delivery solutions

    Brainstorm a list of features and functionalities you require from your ideal solution vendors. Prioritize these features and functionalities. See our Implement a Proactive and Consistent Vendor Selection Process blueprint for more information on vendor procurement.

    Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Shortlist of mobile solutions
    • Quality definitions
    • Mobile objectives and metrics
    • List of desired features and services of mobile delivery solution vendors
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    AwarenessEducation & DiscoveryEvaluationSelection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization2.1 Understand Marketplace Capabilities & Trends3.1 Gather & Prioritize Requirements & Establish Key Success Metrics4.1 Create a Weighted Selection Decision Model5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action2.2 Discover Alternate Solutions & Conduct Market Education3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    2.3 Evaluate Enterprise Architecture & Application PortfolioNarrow the Field to Four Top Contenders4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation2.4 Validate the Business Case5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Step 2.3

    Create a Roadmap for Mobile Delivery

    Activities

    2.3.1 Define your MVP release

    2.3.2 Build your roadmap

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • MVP design
    • Mobile delivery roadmap

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Leverage a canvas to detail your MVP

    Use the release canvas to organize and align the organization around your MVP!

    This is an example of a release canvas which can be used to detail your MVP.

    2.3.1 Define your MVP release

    1-3 hours

    1. Create a list of high priority use cases slated for mobile application delivery. Brainstorm the various supporting activities required to implement your use cases including the shortlisting of mobile delivery tools.
    2. Prioritize these use cases based on business priority (from your canvas). Size the effort of these use cases through collaboration.
    3. Define your MVPs using a release canvas as shown on the following slide.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • High priority mobile opportunities
    • Mobile platform approach
    • Shortlist of mobile solutions
    • List of potential MVPs
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.1 cont'd

    MVP Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    MVP Theme/Goals

    [Theme / Goal]

    Use Cases

    Value

    Costs

    [Use Case 1]
    [Use Case 2]
    [Use Case 3]

    [Business Value 1]
    [Business Value 2]
    [Business Value 3]

    [Cost Item 1]
    [Cost Item 2]
    [Cost Item 3]

    Impacted Personas

    Impacted Workflows

    Stakeholders

    [Persona 1]
    [Persona 2]
    [Persona 3]

    [Workflow 1]
    [Workflow 2]
    [Workflow 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Build your mobile roadmap

    It's more than a set of colorful boxes. It's the map to align everyone to where you are going

    Your mobile roadmap

    • Lays out a strategy for your mobile application, platform and practice implementation and scaling.
    • Is a statement of intent for your mobile adoption.
    • Communicates direction for the implementation and use of mobile delivery tools, mobile applications and supporting technologies.
    • Directly connects to the organization's goals

    However, it is not:

    • Representative of a hard commitment.
    • A simple combination of your current product roadmaps

    Roadmap your MVPs against your milestones and release dates

    This is an image of an example of a roadmap for your MVPS, with milestones across Jan 2022, Feb 2022, Mar 2022, Apr 2022. under milestones, are the following points: Points in the timeline when an established set of artifacts is complete (feature-based), or to check status at a particular point in time (time-based); Typically assigned a date and used to show progress; Plays an important role when sequencing different types of artifacts. Under Release Dates are the following points: Releases mark the actual delivery of a set of artifacts packaged together in a new version of processes and applications or new mobile application and delivery capabilities. ; Release dates, firm or not, allow stakeholders to anticipate when this is coming.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Understand what is communicated in your roadmap

    WHY is the work being done?

    Explains the overarching goal of work being done to a specific audience.

    WHO is doing the work?

    Categorizes the different groups delivering the work on the product.

    WHAT is the work being done?

    Explains the artifacts, or items of work, that will be delivered.

    WHEN is the work being done?

    Explains when the work will be delivered within your timeline.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Pay attention to organizational changes

    Be prepared to answer:

    "How will mobile change the way I do my job?"

    • Plan how workers will incorporate mobile applications into their way of working and maximize the features it offers.
    • Address the human concerns regarding the transition to a digital world involving modern and mobile technologies and automation.
    • Accept changes, challenges and failures with open arms and instill tactics to quickly address them.
    • Build and strengthen business-IT trust, empowerment, and collaborative culture by adopting the right practices throughout the mobile delivery process.
    • Ensure continuous management and leadership support for business empowerment, operational changes, and shifts in role definitions to best support mobile delivery.
    • Establish a committee to manage the growth, adoption, and delivery of mobile as part of a grandeur digital application portfolio and address conflicts among business units and IT.

    Anticipate and prepare for changes and issues

    Verify and validate the flexibility and adaptability of your mobile applications, strategy and roadmap against various scenarios

    • Scenarios
      • Application Stores Rejecting the Application
      • Security Incidents & Risks
      • Low User Adoption, Retention & Satisfaction
      • Incompatibility with User's Device & Other Systems
      • Device & OS Patches & Updates
      • Changes in Industry Standards & Regulations

    Use the "Now, Next, Later" roadmap

    Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

    Now

    What are you going to do now?

    Next

    What are you going to do very soon?

    Later

    What are you going to do in the future?

    This is a roadmap showing various points in the following categories: Now; Next; Later

    Adapted From: "Tips for Agile product roadmaps & product roadmap examples," Scrum.org, 2017

    2.3.2 Build your roadmap

    1-3 hours

    1. Identify the business outcomes your mobile application delivery and MVP is expected to deliver.
    2. Build your strategic roadmap by grouping each business outcome by how soon you need to deliver it:
      1. Now: Let's achieve this ASAP.
      2. Next: Sometime very soon, let's achieve these things.
      3. Later: Much further off in the distance, let's consider these things.
    3. Identify what the critical steps are for the organization to embrace mobile application delivery and deliver your MVP.
    4. Build your tactical roadmap by grouping each critical step by how soon you need to address it:
      1. Now: Let's do this ASAP.
      2. Next: Sometime very soon, let's do these things.
      3. Later: Much further off in the distance, let's consider these things.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • List of potential MVPs
    • Mobile roadmap
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.2 cont'd

    Example: Tactical Roadmap

    Milestone 1

    • Modify the business processes of the MVP to best leverage mobile technologies. Streamline the business processes by removing the steps that do not directly support value delivery.
    • Develop UI templates using the material design framework and the organization's design standards. Ensure it is supported on mobile devices through the mobile browser and satisfy accessibility design standards.
    • Verify and validate current security controls against latest security risks using the W3C as a starting point. Install the latest security patches to maintain compliance.
    • Acquire the Ionic SDK and upskill delivery teams.

    Milestone 2

    • Update the current web framework and third-party libraries with the latest version and align web infrastructure to latest W3C guidelines.
    • Verify and validate functionality and stability of APIs with third-party applications. Begin transition to REST APIs where possible.
    • Make minor changes to the existing data architecture to better support the data volume, velocity, variety, and veracity the system will process and deliver.
    • Update the master data management with latest changes. Keep changes to a minimum.
    • Develop and deliver the first iteration of the MVP with Ionic.

    Milestone 3

    • Standardize the initial mobile delivery practice.
    • Continuously monitor the system and proactively address business continuity, system stability and performance, and security risks.
    • Deliver a hands-on and facilitated training session to end users.
    • Develop intuitive user manuals that are easily accessible on SharePoint.
    • Consult end users for their views and perspectives of suggested business model and technology changes.
    • Regularly survey end users and the media to gauge industry sentiment toward the organization.

    Pitch your roadmap initiatives

    There are multiple audiences for your pitch, and each audience requires a different level of detail when addressed. Depending on the outcomes expected from each audience, a suitable approach must be chosen. The format and information presented will vary significantly from group to group.

    Audience

    Key Contents

    Outcome

    Outcome

    • Costs or benefits estimates

    Sign off on cost and benefit projections

    Executives and decision makers

    • Business value and financial benefits
    • Notable business risks and impacts
    • Business rationale and strategic roadmap

    Revisions, edits, and approval

    IT teams

    • Notable technical and IT risks
    • IT rationale and tactical roadmap
    • Proposed resourcing and skills capacity

    Clarity of vision and direction and readiness for delivery

    Business workers

    • Business rationale
    • Proposed business operations changes
    • Application roadmap

    Verification on proposed changes and feedback

    Continuously measure the benefits and value realized in your mobile applications

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    Business Value Matrix

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Grow your mobile delivery practice

    We are Here
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Grow your mobile delivery practice (cont'd)

    Ask yourself the following questions:
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    Checkpoint questions shown at the end of step 1.2 of this blueprint

    You should be at this point upon the successful delivery of your first mobile application.

    Security

    • Your mobile stack (application, data, and infrastructure) is updated to incorporate the security risks mobile apps will have on your systems and business operations.
    • Leading edge encryption, authentication management (e.g., multi-factor), and access control systems are used to bolster existing mobile security infrastructure.
    • Network traffic to and from mobile application is monitored and analyzed.

    Performance Optimization

    • Performance enhancements are made with the entire mobile stack in mind.
    • Mobile performance is monitored and assessed with both proactive (data flow) and retroactive (instrumentation) approaches.
    • Development and testing practices and technologies accommodate the performance differences between mobile and desktop applications.

    API Development

    • Existing web APIs are compatible with mobile applications, or a gateway / middleware is used to facilitate communication with backend and third-party services.
    • APIs are secured to prevent unauthorized access and misuse.
    • Web APIs are documented and standardized for reuse in multiple mobile applications.
    • Implementing APIs of native features in native and/or cross-platform and/or hybrid platforms is well understood.
    • All leading-edge mobile features are mapped to and support business requirements and objectives.
    • The new mobile use cases are well understood and account for the various scenarios/environments a user may encounter with the leading-edge mobile features.
    • The relevant non-mobile devices, readers, sensors, and other dependent systems are shortlisted and acquired to enable and support your new mobile capabilities.
    • Delivery teams are prepared to accommodate the various security, performance, and integration risks associated with implementing leading-edge mobile features. Practices and mechanisms are established to minimize the impact to business operations.
    • Metrics are used to measure the success of your leading-edge mobile features implementation by comparing its performance and acceptance against past projects.
    • Business stakeholders and development teams are up to date with the latest mobile technologies and delivery techniques.

    Summary of Accomplishment

    Choose Your Mobile Platform and Tools

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    If you would like additional support, have our analysts guide you through other phases as part of Info-Tech workshop.

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    This is a picture of Chaim Yudkowsky, Chief Information Officer for The American Israel Public Affairs Committee

    Chaim Yudkowsky
    Chief Information Officer
    The American Israel Public Affairs Committee

    Chaim Yudkowsky is currently Chief information Officer for American Israel Public Affairs Committee (AIPAC), the DC headquartered not-for-profit focused on lobbying for a strong US-Israel relationship. In that role, Chaim is responsible for all traditional IT functions including oversight of IT strategy, vendor relationships, and cybersecurity program. In addition, Chaim also has primary responsibility for all physical security technology and strategy for US offices and event technology for the many AIPAC events.

    Bibliography

    "5 Pillars of API Management". Broadcom, 2021. Web.

    Bourne, James. "Apperian research shows more firms pushing larger numbers of enterprise apps". Enterprise CIO, 17 Feb 2016. Web.

    Ceci, L. "Mobile app user retention rate worldwide 2020, by vertical". Statista, 6 Apr 2022. Web.

    Clement, J. "Share of global mobile website traffic 2015-2021". Statista, 18 Feb 2022. Web

    DeVos, Jordan. "Design Problem Statements – What They Are and How to Frame Them." Toptal, n.d. Web.

    Enge, Eric. "Mobile vs. Desktop Usage in 2020". Perficient, 23 March 2021. Web.

    Engels, Antoine. "How many Android updates does Samsung, Xiaomi or OnePlus offer?" NextPit, Mar 2022. Web.

    "Fast-tracking digital transformation through next-gen technologies". Broadridge, 2022. Web.

    Gayatri. "The Pulse of Digital Transformation 2021 – Survey Results." DronaHQ, 2021. Web.

    Gray, Dave. "Updated Empathy Map Canvas." The XPLANE Collection, 15 July 2017. Web.

    "HCL Volt MX". HCL, n.d. Web.

    "iPass Mobile Professional Report 2017". iPass, 2017. Web.

    Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce, 2019. Web.

    Karnes, KC. "Why Users Uninstall Apps: 28% of People Feel Spammed [Survey]". CleverTap, 27 July 2021. Web.

    Kemp, Simon. "Digital 2021: Global Overview Report". DataReportal, 27 Jan 2021. Web.

    Kleinberg, Sara. "Consumers are always shopping and eager for your help". Google, Aug 2018. Web.

    MaLavolta, Ivano. "Anatomy of an HTML 5 mobile web app". University of L'Aquila, 16 Apr 2012. Web.

    "Maximizing Mobile Value: To BYOD or not to BYOD?" Samsung and Oxford Economics, 2022. Web.

    "Mobile App Performance Metrics For Crash-Free Apps." AppSamurai, 27 June 2018. Web.

    "Mobile Application Development Statistics: 5 Facts". Intersog, 23 Nov 2021. Web.

    Moore, Geoffrey A. "Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers." Harper Business, 3rd edition, 2014. Book.

    "OWASP Top Ten". OWASP, 2021. Web.

    "Personas". Usability.gov, n.d. Web.

    Roden, Marky. "PSC Tech Talk: UX Design – Not just making things pretty". Xomino, 18 Mar 2018. Web.

    Royce, Dr. Winston W. "Managing the Development of Large Software Systems." USC Student Computing Facility, 1970. Web.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012. Book.

    Sahay, Apurvanand et al. "Supporting the understanding and comparison of low-code development platforms." Universit`a degli Studi dell'Aquila, 2020. Web.

    Schuurman, Robbin. "Tips for Agile product roadmaps & product roadmap examples." Scrum.org, 2017. Web.

    Strunk, Christian. "How to define a product vision (with examples)." Christian Strunk. n.d. Web.

    Szeja, Radoslaw. "14 Biggest Challenges in Mobile App Development in 2022". Netguru, 4 Jan 2022. Web.

    "Synopsys Research Reveals Significant Security Concerns in Popular Mobile Apps Amid Pandemic". Synopsys, 25 Mar 2021. Web.

    "TOGAF 8.1.1 Online, Part IV: Resource Base, Developing Architecture Views." The Open Group, n.d. Web.

    Wangen, Emilie Nøss. "What Is a Software Platform & How Is It Different From a Product?" HubSpot, 2021. Web.

    "Mobile App Retention Rate: What's a Good Retention Rate?" Localytics, July 2021. Web.

    "Why Mobile Apps Fail: Failure to Launch". Perfecto Mobile, 26 Jan 2014. Web.

    Appendix A

    Sample Reference Frameworks

    Reference Framework: Web Platform

    Most of the operations of the applications on a web platform are executed in the mid-tier or back-end servers. End users interact with the platform through the presentation layer, developed with web languages, in the browser.

    This is an image of the Reference Framework: Web Platform

    Reference Framework: Mobile Web Application

    Many mobile web applications are composed of JavaScript (the muscle of the app), HTML5 (the backbone of the app), and CSS (the aesthetics of the app). The user will make a request to the web server which will interact with the application to provide a response. Since each device has unique attributes, consider a device detection service to help adjust content for each type of device.

    this is an image of the Reference Framework: Mobile Web Application

    Source: MaLavolta, Ivono, 2012.

    Web Platform: Anatomy of a Web Server

    Web Server Services

    • Mediation Services: Perform transformation of data/messages.
    • Boundary Services: Provide interface protocol and data/message conversion capabilities.
    • Event Distribution: Provides for the enterprise-wide adoption of content and topic-based publish/subscribe event distribution.
    • Transport Services: Facilitate data transmission across the middleware/server.
    • Service Directory: Manages multiple service identifiers and locations.

    This image shows the relationships of the various web server services listed above

    Reference Framework: Hybrid Platform

    Unlike the mobile web platform, most of an application's operations on the hybrid platform is on the device within a native container. The container leverages the device browser's runtime engine and is based on the framework of the mobile delivery solution.

    This is an image of the Reference Framework: Hybrid Platform

    Reference Framework: Native Platform

    Applications on a native platform are installed locally on the device giving it access to native device hardware and software. The programming language depends on the operating system's or device's SDK.

    This is an image of the Reference Framework: Native Platform

    Appendix B

    List of Low- and No- Code Software Delivery Solution Features

    Supplementary List of Features

    Graphical user interface

    • Drag-and-drop designer - This feature enhances the user experience by permitting to drag all the items involved in making an app including actions, responses, connections, etc.
    • Point and click approach - This is similar to the drag-and-drop feature except it involves pointing on the item and clicking on the interface rather than dragging and dropping the item.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user can use when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user can use when developing an application.
    • Forms - This feature helps in creating a better user interface and user experience when developing applications. A form includes dashboards, custom forms, surveys, checklists, etc. which could be useful to enhance the usability of the application being developed.
    • Progress tracking - This features helps collaborators to combine their work and track the development progress of the application.
    • Advanced Reporting - This features enables the user to obtain a graphical reporting of the application usage. The graphical reporting includes graphs, tables, charts, etc.
    • Built-in workflows - This feature helps to concentrate the most common reusable workflows when creating applications.
    • Configurable workflows - Besides built-in workflows, the user should be able to customize workflows according to their needs.

    Interoperability support

    • Interoperability with external services - This feature is one of the most important features to incorporate different services and platforms including that of Microsoft, Google, etc. It also includes the interoperability possibilities among different low-code platforms.
    • Connection with data sources - This features connects the application with data sources such as Microsoft Excel, Access and other relational databases such as Microsoft SQL, Azure and other non-relational databases such as MongoDB.

    Security Support

    • Application security - This feature enables the security mechanism of an application which involves confidentiality, integrity and availability of an application, if and when required.
    • Platform security - The security and roles management is a key part in developing an application so that the confidentiality, integrity and authentication (CIA) can be ensured at the platform level.

    Collaborative development support

    • Off-line collaboration - Different developers can collaborate on the specification of the same application. They work off-line locally and then they commit to a remote server their changes, which need to be properly merged.
    • On-line collaboration - Different developers collaborate concurrently on the specification of the same application. Conflicts are managed at run-time.

    Reusability support

    • Built-in workflows - This feature helps to concentrate the most common reusable workflows in creating an application.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user might want to employ when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user might want to employ when developing an application.

    Scalability

    • Scalability on number of users - This features enables the application to scale-up with respect to the number of active users that are using that application at the same time.
    • Scalability on data traffic - This features enables the application to scale-up with respect to the volume of data traffic that are allowed by that application in a particular time.
    • Scalability on data storage - This features enables the application to scale-up with respect to the data storage capacity of that application.

    Business logic specification mechanisms

    • Business rules engine - This feature helps in executing one or more business rules that help in managing data according to user's requirements.
    • Graphical workflow editor - This feature helps to specify one or more business rules in a graphical manner.
    • AI enabled business logic - This is an important feature which uses Artificial Intelligence in learning the behavior of an attributes and replicate those behaviors according to learning mechanisms.

    Application build mechanisms

    • Code generation - According to this feature, the source code of the modeled application is generated and subsequently deployed before its execution.
    • Models at run-time - The model of the specified application is interpreted and used at run-time during the execution of the modeled application without performing any code generation phase.

    Deployment support

    • Deployment on cloud - This features enables an application to be deployed online in a cloud infrastructure when the application is ready to deployed and used.
    • Deployment on local infrastructures - This features enables an application to be deployed locally on the user organization's infrastructure when the application is ready to be deployed and used.

    Kinds of supported applications

    • Event monitoring - This kind of applications involves the process of collecting data, analyzing the event that can be caused by the data, and signaling any events occurring on the data to the user.
    • Process automation - This kind of applications focuses on automating complex processes, such as workflows, which can take place with minimal human intervention.
    • Approval process control - This kind of applications consists of processes of creating and managing work approvals depending on the authorization of the user. For example, payment tasks should be managed by the approval of authorized personnel only.
    • Escalation management - This kind of applications are in the domain of customer service and focuses on the management of user viewpoints that filter out aspects that are not under the user competences.
    • Inventory management - This kind of applications is for monitoring the inflow and outflow of goods and manages the right amount of goods to be stored.
    • Quality management - This kind of applications is for managing the quality of software projects, e.g., by focusing on planning, assurance, control and improvements of quality factors.
    • Workflow management - This kind of applications is defined as sequences of tasks to be performed and monitored during their execution, e.g., to check the performance and correctness of the overall workflow.

    Source: Sahay, Apurvanand et al., 2020

    Explore the Secrets of Oracle Cloud Licensing

    • Buy Link or Shortcode: {j2store}142|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Organizations are considering moving workloads to the cloud; however, they often struggle to understand Oracle's licensing and services models.
    • Complexity of licensing and high price tags can make the renewal process an overwhelming experience.
    • Oracle’s SaaS applications are the most mature, but Oracle’s on-premises E-Business Suite still has functionality gaps in comparison to Oracle’s cloud apps.

    Our Advice

    Critical Insight

    • Understand the Oracle agenda. Oracle has established a unique approach to their cloud offerings – they want all of your workloads on the Red Stack.
    • Communicate effectively. Be aware that Oracle will reach out to members at your organization at various levels. Having your executives on the same page is critical to successfully managing Oracle.
    • Negotiate hard. Oracle needs the deal more than the customer. Oracle's top leaders are heavily incentivized to drive massive cloud adoption and increase Oracle's share price. Use this to your advantage.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the “Oracle way” of conducting business, which includes a best-in-class sales structure, highly unique contracts, and license use policies coupled with a hyper-aggressive compliance function.
    • Leverage cloud spend to retire support on shelf-ware licenses, or gain virtualization rights for an on-premises environment.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Carefully review key clauses in the Oracle Cloud Services Agreement to avoid additional spend and compliance risks.

    Explore the Secrets of Oracle Cloud Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should explore the secrets of Oracle Cloud licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate licensing requirements

    Review current licensing options and models to determine which cloud products will most appropriately fit the organization's environment.

    • Oracle Cloud Services Agreement Terms and Conditions Evaluation Tool
    [infographic]

    Create an Agile-Friendly Project Gating and Governance Approach

    • Buy Link or Shortcode: {j2store}162|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $33,499 Average $ Saved
    • member rating average days saved: 57 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Organizations often apply gating and governance to IT projects to ensure resources are being used efficiently and effectively.
    • Agile project teams often complain that traditional project gating and governance interfere with their ability to delivery because traditional gating and governance were designed for Waterfall delivery methods.

    Our Advice

    Critical Insight

    Imposing a traditional gating and governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your traditional project gating and governance approach to be Agile friendly.

    Impact and Result

    • Create a project gating and governance approach that is Agile friendly and helps your organization realize the most benefit from its Agile transformation.
    • Oversee your Agile projects with confidence by adjusting the level of support and oversight they receive based on their Agilometer score.
    • Define a revised set of project gating artifacts that support Agile delivery methods.
    • Adopt a “trust but verify” approach to Agile project gating that will reduce risk and help ensure value delivery.

    Create an Agile-Friendly Project Gating and Governance Approach Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an Agile-Friendly Project Gating and Governance Approach Deck – A step-by-step guide to creating an Agile-friendly project gating and governance approach that will support Agile delivery methods in your organization.

    This deck is a guide to creating your own Agile-friendly project gating and governance approach using Info-Tech’s Agile Gating Framework.

    • Create an Agile-Friendly Project Gating and Governance Approach – Phases 1-3

    2. Your Gates 3 and 3A Checklists – The Gates 3 and 3A Checklists are used to determine when a project is ready to enter and exit the Risk Reduction & Value Confirmation phase.

    Modify Info-Tech’s Gates 3 and 3A Checklists to meet your organization’s needs, and then use them to determine when Agile projects are ready to enter and exit the RRVC phase.

    • Gates 3 and 3A Checklists

    3. Your Agilometer – The Agilometer is used to determine a project’s readiness to use an Agile delivery method.

    Modify Info-Tech’s Agilometer to meet your organization’s needs, and then use it to determine the level of support and oversight the project will need.

    • Agilometer

    4. Your Agile Project Status Report – An Agile Status Report will be used to monitor project progress.

    Modify Info-Tech’s Agile Project Status Report to meet your organization’s needs, and then use it to monitor in-flight Agile projects.

    • Agile Project Status Report

    5. Project Burndown Chart – A tool to let you monitor project burndown over time.

    Use Info-Tech’s Project Burndown Chart to monitor the progress of your in-flight Agile projects.

    • Project Burndown Chart

    6. Traditional to Agile Gating Artifact Mapping – A tool to help you rework your project gating artifacts to be Agile-friendly.

    Use Info-Tech’s Traditional to Agile Gating Artifact Mapping tool to modify your gating artifacts for Agile projects.

    • Traditional to Agile Gating Artifact Mapping
    [infographic]

    Further reading

    Create an Agile-Friendly Project Gating and Governance Approach

    Use Info-Tech’s Agile Gating Framework as a guide to gating your Agile projects using a “trust but verify” approach.

    Table of Contents

    Analyst Perspective

    Executive Summary

    Phase 1: Establish Your Gating and Governance Purpose

    Phase 2: Understand and Adapt Info-Tech’s Agile Gating Framework

    Phase 3: Complete Your Agile Gating Framework

    Where Do I Go Next?

    Bibliography

    Facilitator Slides

    Analyst Perspective

    Make your gating and governance process Agile friendly by following a “trust but verify” approach

    Most project gating and governance approaches are designed for traditional (Waterfall) delivery methods. However, Agile delivery methods call for a different way of working that doesn’t align well with these approaches.

    Applying traditional project gating and governance to Agile projects is like trying to fit a square peg in a round hole. Not only will it make Agile project delivery less efficient, but in the extreme, it can lead to outright project failure and even derail your organization’s Agile transformation.

    If you want Agile to successfully take root in your organization, be prepared to rethink your current gating and governance practices. This document presents a framework that you can use to rework your approach to provide both effective oversight and support for your Agile projects.

    Photo of Alex Ciraco, Principal Research Director, Application Delivery and Management, Info-Tech Research Group. Alex Ciraco
    Principal Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Many government organizations are adopting Agile project delivery methods because they have proven to be more effective than traditional delivery approaches at responding to today’s fast pace of change.
    • Government organizations have an obligation to govern projects to ensure effective use of public resources, regardless of the delivery method being used.
    Common Obstacles
    • Most government gating and governance frameworks were designed around traditional (often called “Waterfall”) delivery methods.
    • Agile and Waterfall work in completely different ways, so imposing traditional gating and governance frameworks on Agile projects will stifle progress and can even lead to project failure.
    • Government organizations must adjust their gating and governance frameworks to accommodate Agile delivery methods.
    Info-Tech’s Approach
    • Begin by understanding the fundamental purpose of project gating and governance.
    • Next, understand the major differences between Agile and Waterfall delivery methods.
    • Then, armed with this knowledge, use Info-Tech’s Agile Gating Framework to redefine your gating and governance approach to be Agile friendly.
    Info-Tech Insight

    Imposing a traditional governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your project gating and governance approach to be Agile friendly.

    Info-Tech’s methodology for Creating an Agile-Friendly Project Gating and Governance Approach

    1. Establish Your Gating and Governance Purpose 2. Understand and Adapt Info-Tech’s Agile Gating Framework 3. Complete your Agile Gating Framework
    Phase Steps

    1.1 Understand How We Gate and Govern Projects

    1.2 Compare Traditional to Agile Delivery

    1.3 Realize What Traditional Gating Looks Like and Why

    2.1 Understand How Agile Manages Risk and Ensures Value Delivery

    2.2 Introducing Info-Tech’s Agile Gating Framework

    2.3 Create Your Agilometer

    2.4 Create an Agile-Friendly Project Status Report

    2.5 Select Your Agile Health Check Tool

    3.1 Map Your Traditional Gating Artifacts to Agile Delivery

    3.2 Determine Your Now, Next, Later Roadmap for Implementation

    Phase Outcomes
    1. Your gating/governance purpose statement
    2. A fundamental understanding of the difference between traditional and Agile delivery methods.
    1. An understanding of Info-Tech’s Agile Gating Framework
    2. Your Gates 3 and 3A checklists
    3. Your Agilometer tool
    4. Your Agile project status report template
    5. Your Agile health check tool
    1. Artifact map for your Agile gating framework
    2. Roadmap for Agile gating implementation

    Key Deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals, including:

    Agilometer Tool

    Create your customized Agilometer tool to determine project support and oversight needs.
    Sample of the 'Agilometer Tool' deliverable.

    Gates 3 and 3A Checklists

    Create your customized checklists for projects at Gates 3 and 3A.
    Sample of the 'Gates 3 and 3A Checklists' deliverable.

    Agile-Friendly Project Status Report

    Create your Agile-friendly project status report to monitor progress.
    Sample of the 'Agile-Friendly Project Status Report' deliverable.

    Artifact Mapping Tool

    Map your traditional gating artifacts to their Agile replacements.
    Sample of the 'Artifact Mapping Tool' deliverable.

    Create an Agile-Friendly Project Gating and Governance Approach

    Phase 1

    Establish your gating and governance purpose

    Phase 1

    1.1 Understand How We Gate and Govern Projects

    1.2 Compare Traditional to Agile Delivery

    1.3 Realize What Traditional Gating Looks Like And Why

    Phase 2

    2.1 Understand How Agile Manages Risk and Ensures Value Delivery

    2.2 Introducing Info-Tech’s Agile Gating Framework

    2.3 Create Your Agilometer

    2.4 Create Your Agile-Friendly Project Status Report

    2.5 Select Your Agile Health Check Tool

    Phase 3

    3.1 Map Your Traditional Gating Artifacts to Agile Delivery

    3.2 Determine Your Now, Next, Later Roadmap for Implementation

    This phase will walk you through the following activities:

    • Understand why gating and governance are so important to your organization.
    • Compare and contrast traditional to Agile delivery.
    • Identify what form traditional gating takes in your organization.

    This phase involves the following participants:

    • PMO/Gating Body
    • Delivery Managers
    • Delivery Teams
    • Other Interested Parties

    Agile gating–related facts and figures

    73% of organizations created their project gating framework before adopting or considering Agile delivery practices. (Athens Journal of Technology and Engineering)

    71% of survey respondents felt an Agile-friendly gating approach improves both productivity and product quality. (Athens Journal of Technology and Engineering)

    Moving to an Agile-friendly gating approach has many benefits:
    • Faster response to change
    • Improved productivity
    • Higher team morale
    • Better product quality
    • Faster releases
    (Journal of Product Innovation Management)

    Traditional gating approaches can undermine an Agile project

    • Most existing gating and governance frameworks (often referred to as phase-gate) impose requirements on projects that are anti-patterns to an Agile delivery approach
    • For example, any gating approach that requires a project to deliver a detailed requirements document before coding can begin will make it difficult or impossible for the project to use an Agile delivery method.
    • The same can be said for other common phase-gate requirements including:
      • Imposing a formal (and onerous) change control process on project requirements.
      • Requiring a detailed design document and/or detailed user acceptance test plan at the beginning of the project.
      • Asking the project to produce a detailed project plan.
    (DZone)
    Don’t make the mistake of asking an Agile project to follow a traditional phase-gate approach to project delivery!

    Before reworking your gating approach, you need to consider two important questions

    Answering these questions will help guide your new gating process to both be Agile friendly and meet your organization’s needs

    1. What is the fundamental purpose of gating? By examining the fundamental purpose of gating, you will be better able to adjust your approach to achieve the desired outcomes in an Agile context.
    2. How does Agile delivery differ from traditional? By understanding how Agile delivery differs from traditional, you will be better able to adjust your gating approach to support Agile delivery methods.

    Stock image of speech bubbles hanging on string with a question mark and lightbulb drawn on them.

    Activate Your Augmented Reality Initiative

    • Buy Link or Shortcode: {j2store}465|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Augmented reality is a new technology and use cases are still emerging. Organizations have to work hard to stay ahead of the curve and predict how they will be impacted.
    • There are limited off-the-shelf augmented reality solutions in terms of business applications. IT not only needs to understand the emerging augmented reality hardware, but also the plethora of development platforms.

    Our Advice

    Critical Insight

    • Augmented reality presents a new avenue to solve problems that cannot be addressed efficiently with existing technology. It is a new tool that will impact the way you work.
    • Beyond addressing existing problems, augmented reality will provide the ability to differently execute business processes. Current processes have been designed with existing systems and capabilities in mind. Augmented reality impacts organizational design processes that are more complex.
    • As a technology with an evolving set of use cases, IT and the business must anticipate some of the challenges that may arise with the use of augmented reality (e.g. health and safety, application development, regulatory).

    Impact and Result

    • Our methodology addresses the possible issues by using a case-study approach to demonstrate the “art of the possible” for augmented reality.
    • With an understanding of augmented reality, it is possible to find applicable use cases for this emerging technology and get a leg up on competitors.
    • By utilizing Info-Tech’s Augmented Reality Use Case Picklist and the Augmented Reality Stakeholder Presentation Template, the IT team and their business stakeholders can confidently approach augmented reality adoption.

    Activate Your Augmented Reality Initiative Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should care about augmented reality’s potential to transform the workplace and how Info-Tech will support you as you identify and build your augmented reality use case.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand augmented reality

    Analyze the four key benefits of augmented reality to understand how the technology can resolve industry issues.

    • Activate Your Augmented Reality Initiative – Phase 1: Understand Augmented Reality
    • Augmented Reality Glossary

    2. Finding space for augmented reality

    Develop and prioritize use cases for augmented reality using Info-Tech’s AR Initiative Framework.

    • Activate Your Augmented Reality Initiative – Phase 2: Finding Space for Augmented Reality
    • Augmented Reality Use Case Picklist

    3. Communicate project decisions to stakeholders

    Present the augmented reality initiative to stakeholders and understand the way forward for the AR initiative.

    • Activate Your Augmented Reality Initiative – Phase 3: Communicate Project Decisions to Stakeholders
    • Augmented Reality Stakeholder Presentation Template
    [infographic]

    Workshop: Activate Your Augmented Reality Initiative

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Augmented Reality and Its Use Cases

    The Purpose

    Understand the fundamentals of augmented reality technology and its real-world business applications.

    Key Benefits Achieved

    A prioritized list of augmented reality use cases.

    Activities

    1.1 Introduce augmented reality technology.

    1.2 Understand augmented reality use cases.

    1.3 Review augmented reality case studies.

    Outputs

    An understanding of the history and current state of augmented reality technology.

    An understanding of “the art of the possible” for augmented reality.

    An enhanced understanding of augmented reality.

    2 Conduct an Environmental Scan and Internal Review

    The Purpose

    Examine where the organization stands in the current competitive environment.

    Key Benefits Achieved

    Understanding of what is needed from an augmented reality initiative to differentiate your organization from its competitors.

    Activities

    2.1 Environmental analysis (PEST+SWOT).

    2.2 Competitive analysis.

    2.3 Listing of interaction channels and disposition.

    Outputs

    An understanding of the internal and external propensity for augmented reality.

    An understanding of comparable organizations’ approach to augmented reality.

    A chart with the disposition of each interaction channel and its applicability to augmented reality.

    3 Parse Critical Technology Drivers

    The Purpose

    Determine which business processes will be affected by augmented reality.

    Key Benefits Achieved

    Understanding of critical technology drivers and their KPIs.

    Activities

    3.1 Identify affected process domains.

    3.2 Brainstorm impacts of augmented reality on workflow enablement.

    3.3 Distill critical technology drivers.

    3.4 Identify KPIs for each driver.

    Outputs

    A list of affected process domains.

    An awareness of critical technology drivers for the augmented reality initiative.

    2024 Tech Trends

    • Buy Link or Shortcode: {j2store}289|cart{/j2store}
    • member rating overall impact: 10
    • Parent Category Name: Innovation
    • Parent Category Link: /improve-your-core-processes/strategy-and-governance/innovation

    AI has revolutionized the landscape, placing the spotlight firmly on the generative enterprise.

    The far-reaching impact of generative AI across various sectors presents fresh prospects for organizations to capitalize on and novel challenges to address as they chart their path for the future. AI is more than just a fancy auto-complete. At this point it may look like that, but do not underestimate the evolutive power.

    In this year's Tech Trends report, we explore three key developments to capitalize on these opportunities and three strategies to minimize potential risks.

    Generative AI will take the lead.

    As AI transforms industries and business processes, IT and business leaders must adopt a deliberate and strategic approach across six key domains to ensure their success.

    Seize Opportunities:

    • Business models driven by AI
    • Automation of back-office functions
    • Advancements in spatial computing

    Mitigate Risks:

    • Ethical and responsible AI practices
    • Incorporating security from the outset
    • Ensuring digital sovereignty

    Build Your Data Practice and Platform

    • Buy Link or Shortcode: {j2store}347|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    The complex nature of data investment leads to de-scoping and delivery of data services that do not meet business needs or give value to the business. Subject matter experts are hired to resolve the problem, but their success is impacted by absent architecture, technology, and organizational alignment.

    Our Advice

    Critical Insight

    Walking through a book of architecture building plans with a personal guide is cheaper and faster than employing an architect to build and design your home.

    Impact and Result

    Info-Tech's approach provides a proven methodology that includes the following:

    • Business-aligned data initiatives and capabilities that address data challenges and realize business strategic objectives.
    • Comprehensive data practice designed based on the required business and data capabilities.
    • Data platform design based on Info-Tech data architecture reference patterns and prioritized data initiatives and capabilities.

    Build Your Data Practice and Platform Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Data Practice and Platform Storyboard – A step-by-step document that leverages road-tested patterns and frameworks to properly build your data practice and pattern in continuous alignment with the business landscape.

    Info-Tech's approach provides a proven methodology that includes following:   

  • Business-aligned data initiatives and capabilities that address data challenges and realize business strategic objectives.
  • Comprehensive data practices designed based on the required business and data capabilities.
    • Build Your Data Practice and Platform Storyboard

    2. Data Practice and Platform Models – Leveraging best-of-breed frameworks to help you build a clear, concise, and compelling data practice and platform.

    Data practice & platform pre-build pattern templates based on Info-Tech data reference patterns and data platform design best practices.

    • Data Practice and Platform Models

    Infographic

    Workshop: Build Your Data Practice and Platform

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Context and Value

    The Purpose

    Establish business context and value.

    Key Benefits Achieved

    Business context and strategic driver.

    Activities

    1.1 Understand/confirm the organization's strategic goals

    1.2 Classify the strategic goals and map to business drivers

    1.3 Identify the business capabilities that the strategy focuses on

    1.4 Identify the business processes realizing the strategy

    Outputs

    Business context and strategic drivers

    Prioritized business capabilities and processes

    Data culture survey results analysis

    2 Identify Your Top Initiatives

    The Purpose

    Identify your top initiatives.

    Key Benefits Achieved

    High-value business-aligned data initiative.

    Activities

    2.1 Highlight data-related outcomes/goals to realize to fulfill the business goal

    2.2 Map business data initiatives to the business strategic goals

    2.3 Prioritize data initiatives

    Outputs

    High-value, business-aligned data initiatives

    3 Analyze Data Challenges

    The Purpose

    Analyze data challenges.

    Key Benefits Achieved

    Clear understanding of the data challenges.

    Activities

    3.1 Map data challenges to Info-Tech data challenges

    3.2 Review Info-Tech data capabilities based on prioritized initiatives

    3.3 Discuss data platform and practice next steps

    Outputs

    List of data challenges preventing data maturation with the organization

    4 Map Data Capability

    The Purpose

    Map data capability.

    Key Benefits Achieved

    Prioritized data capability.

    Activities

    4.1 Map data challenges to Info-Tech data challenges

    4.2 Review Info-Tech data capabilities based on prioritized initiatives

    4.3 Discuss data platform and practice next steps

    Outputs

    Required data capabilities

    Data platform and practice – plan

    Initialized data management RACI 

    Further reading

    Build Your Data Practice and Platform

    Construct a scalable data foundation

    Analyst Perspective

    Build a data practice and platform that delivers value to your organization.

    The build or optimization of your data practice and data platform must be predicated on a thorough understanding of the organization’s goals, objectives, and priorities and the business capabilities and process they are meant to support and enable.

    Formalizing your practice or constructing your platform just for the sake of doing so often results in an initiative that is lengthy, costly, fizzles out, does not deliver business value, and ends up being considered a failure.

    Leverage Info-Tech’s approach and incorporate our pre-built models and patterns to effectively navigate that crucial and often difficult phase upfront of comprehensively defining business data needs so you can ultimately realize faster time-to-delivery of your overall data practice and platform.

    Photo of Rajesh Parab, Director, Research & Advisory, Data & Analytics Practice, Info-Tech Research Group.

    Rajesh Parab
    Director, Research & Advisory, Data & Analytics Practice
    Info-Tech Research Group

    Photo of Crystal Singh, Director, Research & Advisory, Data & Analytics Practice, Info-Tech Research Group.

    Crystal Singh
    Director, Research & Advisory, Data & Analytics Practice
    Info-Tech Research Group

    Attempting to Solve Data Problems?

    Situation
    • Lack of data centric leadership results in downstream issues such as integration, quality, and accessibility.
    • The complex nature of the data and lack of understanding leads to de-scoping delivery of data services that does not meet business needs or add value.
    • Poorly designed practice and siloed platforms result in an initiative that is lengthy, costly, fizzles out, does not deliver business value, and ends up being considered a failure.
    Complication
    • Data problem: When the data problem is diagnosed, the organization adopts a tactical approach.
    • Confirmation bias: Subject matter experts (SME) are hired to resolve the poorly defined problem, but the success of the SME is impacted by lack of architecture, technology, and organizational alignment.
    • Still no value: The selected tactical approach does not provide a solid foundation or solve your data problem.
    • Strategy for sake of strategy: Implementing a strategic approach for the sake of being strategic but this becomes overwhelming.
    • Fall back to tactical and operational: The data services are now potentially exposed and vulnerable, which strains business continuity and increases data debt.
    • Increased complexity and risk: Data silos, poor understanding, and high complexity results in an unmanageable data environment.
    Resolution
    • Requirements: Define and align your data requirement to business.
    • Capabilities: Discover data, identify data capabilities, and map your requirements.
    • Practices: Design and select fit-for-purpose data practices.
    • Platform: Optimize your data platform investments though sound architecture.

    Info-Tech Insight

    The true value of data comes from defining intentional relationships between the business and the data through a well thought out data platform and practice.

    Situation – Perpetual Data Problem

    Diagram of a head with gears around it and speech bubbles with notes titled 'Data Problem'. The surrounding gears, clockwise from bottom left, say 'Accessibility', 'Trust', 'Data Breach', 'Ambiguity', 'Ownership', 'Duplication', 'System Failure', and 'Manual Manipulation'. The speech bubbles notes, clockwise from bottom left, say 'Value-Add: How do I translate business needs to data capabilities?', 'Practice Organization: How do I organize resources and roles assignment challenges?', 'Platform: How do I organize data flows with no conceptual view of the environment?', and 'Break Down Silos: How do I break down silos?'
    I can’t access the data.
    I don’t trust the data in the report.
    It takes too long to get to the data for decision making
    • Lack of data-centric leadership results in downstream issues: integration, quality, accessibility
    • The organization’s data is too complex to manage without a cohesive plan.
    • The complex nature of the data and a lack of understanding leads to de-scoping delivery of data services that does not meet business needs or add value.
    • Poorly designed practice and siloed platforms result in an initiative that is lengthy, costly, fizzles out, does not deliver business value, and ends up being considered a failure.

    Complication – Data Initiative Fizzles Out

    • Data problem: When the data problem is diagnosed the organization adopts a tactical approach.
    • Confirmation bias: Subject matter experts (SME) are hired to resolve the poorly defined problem, but the success of the SME is impacted by lack of architecture, technology, and organizational alignment.
    • Still no value: the selected tactical approach does not provide a solid foundation or solve your data problem.
    • Strategy for sake of strategy: Implementing a strategic approach for sake of being strategic but this becomes overwhelming.
    • Fall back to tactical and operational: The data services are now potentially exposed and vulnerable, which strains business continuity and increases data debt.
    • Increased complexity and risk: Data silos, poor understanding, and high complexity result in an unmanageable data environment.
    Flowchart beginning with 'Data Symptom Exhibited' and 'Data Problem Diagnosed', then splitting into two paths 'Solve Data Problem as a point solution' or 'Attempt Strategic approach without culture, capacity, and business leadership'. Each approach ends with 'Data too complex, and initiative fizzles out...' and cycles back to the beginning.
    Use the road-tested patterns and frameworks in our blueprint to break the perpetual data solution cycle. Focus on the value that a data and analytics platform will bring rather than focusing on the data problems alone.

    Build Your Data Practice and Platform

    Bring Your Data Strategy to Life

    Logo for Info-Tech.
    Logo for #iTRG.
    CONVENTIONAL WISDOM

    Attempting to Solve Your Data Problems

    DATA SYMPTOM EXHIBITED

    Mismatch report, data quality issue, or similar symptom of a data problem.

    DATA PROBLEM DIAGNOSED

    Data expert identifies it as a data problem.

    COMPLEX STRATEGIC APPROACH ATTEMPTED

    Recognized need to attempt it strategically, but don't have capacity or culture to execute.

    Cycle diagram titled 'Data Problems' with numbers connected to surrounding steps, and a break after Step 3 where one can 'BREAK THE CYCLE'. In the middle are a list of data problems: 'Accessibility’, ‘Data Breach', 'Manual Manipulation', 'System Failure', 'Ambiguity', 'Duplication', 'Ownership', and 'Trust'.
    SOLUTION FAILS

    The tactical solution fails to solve the root cause of the data problem, and the data symptoms persist.

    TACTICAL SOLUTION FALLBACK

    A quick and dirty solution is attempted in order to fix the data problem.

    THE COMPLEX APPROACH FIZZLES OUT

    Attempted strategic approach takes too long, fizzles out.

    BREAK THE CYCLE

    Solving Your Data Problems

    1. DEFINE YOUR DATA REQUIREMENTS Incorporate a Business to Data Approach by utilizing Info-Tech's business capability templates for identifying data needs. BUSINESS-ALIGNED DATA REQUIREMENTS
    2. CONDUCT YOUR DATA DISCOVERY Understand the data behind your business problem. Identify the required data capabilities and domains as required by your business processes. RECOMMENDED DATA CAPABILITIES
    3. DESIGN YOUR DATA PRACTICES Build your custom data practices based on the predefined reusable models. CUSTOMIZED DATA PRACTICE
    4. ARCHITECT YOUR DATA PLATFORM Build your custom data platform based on the redefined reusable architecture patterns. CUSTOMIZED DATA PLATFORM
    CONTINUOUS PHASE: ROADMAP, SPONSORSHIP FEEDBACK AND DELIVERY

    Develop a roadmap to establish the practice and implement the architecture as designed. Ensure continuous alignment of the practice and architecture with the business landscape.

    Phase-by-Phase Approach to Build Your Data Practice and Platform

    Flowchart detailing the path to take through the four phases of this blueprint beginning with the 'Inputs' and 'People' involved and incorporating 'Deliverables' along the way. Phase-by-Phase Approach
    • Phase 1: Step 1 – Define Your Data Requirement
    • Phase 1: Step 2 – Conduct Your Data Discovery
    • Phase 2 – Design Your Data Practice
    • Phase 3 – Architect Your Data Platform

    Measure value when building your data practice and platform

    Sample Data Management Metrics

    Lists of data management metrics in different categories.

    • Refine the metrics for the overall Data Management practice and every initiative therein.
    • Refine the metrics at each platform and practice component to show business value against implementation effort.

    Understand and Build Data Culture

    See your Info-Tech Account Representative for more details on our Data Culture Diagnostic

    Only 14.29% of Transportation and Logistics respondents agree BI and Analytics Process and Technology are sufficient What is a diagnostic?

    Our diagnostics are the simplest way to collect the data you need, turn it into actionable insights, and communicate with stakeholders across the organization.

    52.54% of respondents from the healthcare industry are unaware of their organization’s data security policy
    Ask the Right Questions

    Use our low-effort surveys to get the data you need from stakeholders across the organization.

    Use Our Diagnostic Engine

    Our diagnostic engine does all the heavy lifting and analysis, turning your data into usable information.

    Communicate & Take Action

    Wow your executives with the incredible insights you've uncovered. Then, get to action: make IT better.

    On average only 40% agree that they have the reporting when needed


    (Source: Info-Tech’s Data Culture Diagnostic, 53 Organizations, 3138 Responses)

    35% of respondents feel that a governance body is in place looking at strategic data

    Build a Data-Driven Strategy Using Info-Tech Diagnostic Programs

    Make informed IT decisions by starting your diagnostic program today. Your account manager is waiting to help you.
    Sample of Info-Tech's 'Data Culture Scorecard'.

    Use Our Predefined Data and Analytics Patterns to Build Your DnA Landscape

    Walking through a book of architecture building plans with a personal guide is cheaper and faster than employing an architect to build and design your home

    Two books titled 'The Everything Homebuilding Book' and 'Architecture 101'. An open book with a finger pointing to a diagram.

    The first step is to align business strategy with data strategy and then start building your data practice and data platform

    Flowchart starting with business strategy focuses, then to data strategy focuses, and eventually to 'Data Metrics'.

    Insights

    The true value of data comes from defining intentional relationships between the business and the data through a well-thought-out data platform and practice.

    • Phase 1
      • Some organizations are low maturity so using the traditional Capability Maturity Model Integration (CMMI) would not make sense. A great alternative is to leverage existing models and methodologies to get going off the bat.
      • The Data Strategy is an input into the platform and practice. This is considered the Why; Data Practice and Platform is the How.
    • Phase 2
      • Info-Tech’s approach is business-goal driven and it leverages patterns, which enable the implementation of critical and foundational components and subsequently facilitates the evolution and development of the practice over time.
      • Systems should not be designed in isolation. Cross-functional collaboration throughout the design is critical to ensure all types of issues are revealed early. Otherwise, crucial tests are omitted, deployments fail, and end-users are dissatisfied.
    • Phase 3
      • Build your conceptual data architecture based on well-thought-out formulated patterns that align with your organization’s needs and environment.
      • Functional needs often take precedence over quality architecture. Quality must be baked into design, execution, and decision-making practices to ensure the right trade-offs are made.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Info-Tech’s Methodology for Building Your Data Practice and Platform

    Phase 1 –
    Define Your Data Requirements and Conduct Your Data Discovery
    Phase 2 –
    Design Your Data Practices
    Phase 3 –
    Architect Your Data Platform
    Phase Steps
    1. Identify your top initiatives
    2. Map your data initiatives to data capabilities
    1. Understand the practices value statement
    2. Review the Info-Tech practice pattern
    3. Initiate your practice design and setup
    1. Identify your data component
    2. Refine your data platform architecture
    3. Design your data platform
    4. Identify your new components and capabilities
    5. Initiative platform build and rollout
    Phase Outcomes Business-aligned data initiatives and capabilities that address data challenges and realize business strategic objectives Comprehensive data practice design based on the required business and data capabilities Data platform design based on Info-Tech data architecture reference pattern and prioritized data initiatives and capabilities

    Data Platform and Practice Implementation Plan

    Example timeline for data platform and practice implementation plan with 'Fiscal Years' across the top, and below they're broken down into quarters. Along the left side 'Phase 1: Step 1...', 'Phase 1: Step 2...', 'Phase 2...' and 'Phase 3'. Tasks are mapped onto the timeline in each phase with a short explanation.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Info-Tech’s Workshop support for Build Your Data Practice and Platform. 'Build Your Data Practice and Platform' slide from earlier.
    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Workshop 1

    Data Needs and Discovery

    Workshop 2

    Data Practice Design

    Workshop 3

    Data Platform Design

    Workshop 1:
    Data Needs and Discovery

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4
    Establish Business Context and Value
    Identify Your Top Initiatives
    Analyze Data Challenges
    Map Data Capability
    Activities

    1.1 Understand/confirm your organization’s strategic goals

    1.2 Classify the strategic goals and map to business drivers

    1.3 Identify the business capabilities that the strategy focus is on

    1.4 Identify the business processes realizing the strategy

    2.1 Highlight data-related outcomes /goals to realize to fulfill the business goal

    2.2 Map business data initiatives to the business strategic goals

    2.3 Prioritize Data initiatives

    3.1 Understand data management capabilities and framework

    3.2 Classify business data requirements using Info-Tech’s classification approach

    3.3 Highlight data challenges in your current environment

    4.1 Map data challenges to Info-Tech data challenges

    4.2 Review Info-Tech data capabilities based on prioritized initiative

    4.3 Discuss Data Platform and Practice Next Steps

    Deliverables
    • Business context and strategic drivers
    • Prioritized business capabilities and processes
    • Data Culture Survey results analysis
    • High-value business-aligned data initiative
    • List of data challenges preventing data maturation with the organization
    • Required data capabilities
    • Data platform and practice – plan
    • Initialized data management RACI
    Participants Business stakeholder, Business leader Business Subject Matter Expert, Data IT sponsor (CIO), Head of Data, Data Architect Business stakeholder, Business leader Business Subject Matter Expert, Data IT sponsor (CIO), Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect

    Workshop 2:
    Data Practice Design

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4
    Plan Your Data Practices
    Design Your Data Practices 1
    Design Your Data Practices 2
    Design Your Data Practices 3
    Activities

    Prerequisite: Business context, business data requirement, and data capabilities

    1.1 Understand data practice framework

    1.2 Define your practice implementation approach

    1.3 Review and update data management RACI

    2.1 Understand Info-Tech data practice patterns for each prioritized practice

    2.2 Define your practice setup for each prioritized practice

    2.3 Highlight critical processes for each practice

    3.1 Understand Info-Tech data practice patterns for each prioritized practice

    3.2 Define your practice setup for each prioritized practice

    3.3 Highlight critical processes for each practice

    4.1 Understand Info-Tech data practice patterns for each prioritized practice

    4.2 Define your practice setup for each prioritized practice

    4.3 Highlight critical processes for each practice

    4.4 Discuss data platform and practice next steps

    Deliverables
    • Data practice implementation approach
    • Data management RACI
    • Data practice setup pattern for your organization
    • Data practice process pattern for your organization
    • Data practice setup pattern for your organization
    • Data practice process pattern for your organization
    • Data practice setup pattern for your organization
    • Data practice process pattern for your organization
    • Data platform and practice – plan
    Participants Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect

    Workshop 3:
    Data Platform Design

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1Day 2Day 3Day 4
    Data Platform Overview
    Update Data Platform Reference Architecture
    Design Your Data Platform
    Design Your Data Practices 4
    Activities

    Prerequisite: Business context, business data requirement, and data capabilities

    1.1 Understand data platform framework and data capabilities

    1.2 Understand key data architecture principles and best practices

    1.3 Shortlist data platform patterns

    2.1 Map and identify data capabilities to data platform components

    2.2 Build data platform architecture using Info-Tech data platform reference architecture

    2.3 Highlight critical processes for each practice

    3.1 Design your target data platform using Info-Tech’s data platform template

    3.2 Identify new capabilities and components in your platform design

    4.1 Identify new capabilities and component in your platform design

    4.2 Discuss data platform initiatives

    Deliverables
    • Shortlisted data platform patterns
    • Data platform reference architecture for your organization
    • Data platform design for your organization
    • Data platform plan
    ParticipantsData experts, Business Subject Matter Expert, Head of Data, Data ArchitectData experts, Business Subject Matter Expert, Head of Data, Data ArchitectData experts, Business Subject Matter Expert, Head of Data, Data ArchitectData experts, Business Subject Matter Expert, Head of Data, Data Architect

    Build Your Data Practice and Platform

    Phase 1

    Phase 1: Step 1 – Define Your Data Requirements
    Phase 1: Step 2 – Conduct Your Data Discovery

    Phase 1

    1.1 Define Your Data Requirements
    1.2 Conduct Your Data Discovery

    Phase 2 Phase 3

    Phase 1: Step 1 – Define Your Data Requirements will walk you through the following activities:

    • Confirm the organizational strategic goals, business drivers, business capabilities, and processes driving the Data Practice and Platform effort.
    • Identify the data related outcomes, goals, and ideal environment needed to fulfill the business goals.

    This phase involves the following participants:

    A blend of business leaders and business SMEs together with the Data Strategy team.

    Phase 1: Step 2 – Conduct Your Data Discovery will walk you through the following activities:

    • Identify and highlight the data challenges faced in achieving the desired outcome.
    • Map the data challenges to the data capabilities required to realize the desired data outcome.

    This phase involves the following participants:

    Key personnel from IT/Data team: (Data Architect, Data Engineers, Head of Head of Reporting and Analytics)

    Build an IT Risk Management Program

    • Buy Link or Shortcode: {j2store}192|cart{/j2store}
    • member rating overall impact: 8.3/10 Overall Impact
    • member rating average dollars saved: $31,532 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks AFTER they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Our Advice

    Critical Insight

    • IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Impact and Result

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.

    Build an IT Risk Management Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an IT Risk Management Program – A holistic approach to managing IT risks within your organization and involving key business stakeholders.

    Gain business buy-in to understanding the key IT risks that could negatively impact the organization and create an IT risk management program to properly identify, assess, respond, monitor, and report on those risks.

    • Build an IT Risk Management Program – Phases 1-3

    2. Risk Management Program Manual – A single source of truth for the risk management program to exist and be updated to reflect changes.

    Leverage this Risk Management Program Manual to ensure that the decisions around how IT risks will be governed and managed can be documented in a single source accessible by those involved.

    • Risk Management Program Manual

    3. Risk Register & Risk Costing Tool – A set of tools to document identified risk events. Assess each risk event and consider the appropriate response based on your organization’s threshold for risk.

    Engage these tools in your organization if you do not currently have a GRC tool to document risk events as they relate to the IT function. Consider the best risk response to high severity risk events to ensure all possible situations are considered.

    • Risk Register Tool
    • Risk Costing Tool

    4. Risk Event Action Plan and Risk Report – A template to document the chosen risk responses and ensure accountable owners agree on selected response method.

    Establish clear guidelines and responses to risk events that will leave your organization vulnerable to unwanted threats. Ensure risk owners have agreed to the risk responses and are willing to take accountability for that response.

    • Risk Event Action Plan
    • Risk Report

    Infographic

    Workshop: Build an IT Risk Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Review IT Risk Fundamentals and Governance

    The Purpose

    To assess current risk management maturity, develop goals, and establish IT risk governance.

    Key Benefits Achieved

    Identified obstacles to effective IT risk management.

    Established attainable goals to increase maturity.

    Clearly laid out risk management accountabilities and responsibilities for IT and business stakeholders.

    Activities

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events

    Outputs

    Maturity Assessment

    Risk Management Program Manual

    Risk Register

    2 Identify IT Risks

    The Purpose

    Identify and assess all IT risks.

    Key Benefits Achieved

    Created a comprehensive list of all IT risk events.

    Risk events prioritized according to risk severity – as defined by the business.

    Activities

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT 5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment

    Outputs

    Finalized List of IT Risk Events

    Risk Register

    Risk Management Program Manual

    3 Identify IT Risks (continued)

    The Purpose

    Prioritize risks, establish monitoring responsibilities, and develop risk responses for top risks.

    Key Benefits Achieved

    Risk monitoring responsibilities are established.

    Risk response strategies have been identified for all key risks.

    Activities

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Root cause analysis

    3.6 Identify and assess risk responses

    Outputs

    Risk Register

    Risk Management Program Manual

    Risk Event Action Plans

    4 Monitor, Report, and Respond to IT Risk

    The Purpose

    Assess and select risk responses for top risks and effectively communicate recommendations and priorities to the business.

    Key Benefits Achieved

    Thorough analysis has been conducted on the value and effectiveness of risk responses for high severity risk events.

    Authoritative risk response recommendations can be made to senior leadership.

    A finalized Risk Management Program Manual is ready for distribution to key stakeholders.

    Activities

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers

    Outputs

    Risk Report

    Risk Management Program Manual

    Further reading

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    Table of Contents

    3 Executive Brief

    4 Analyst Perspective

    5 Executive Summary

    19 Phase 1: Review IT Risk Fundamentals & Governance

    43 Phase 2: Identify and Assess IT Risk

    74 Phase 3: Monitor, Communicate, and Respond to IT Risk

    102 Appendix

    108 Bibliography

    Build an IT Risk Management Program

    Mitigate the IT risks that could negatively impact your organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Siloed risks are risky business for any enterprise.

    Photo of Valence Howden, Principal Research Director, CIO Practice.
    Valence Howden
    Principal Research Director, CIO Practice
    Photo of Brittany Lutes, Senior Research Analyst, CIO Practice.
    Brittany Lutes
    Senior Research Analyst, CIO Practice

    Risk is an inherent part of life but not very well understood or executed within organizations. This has led to risk being avoided or, when it’s implemented, being performed in isolated siloes with inconsistencies in understanding of impact and terminology.

    Looking at risk in an integrated way within an organization drives a truer sense of the thresholds and levels of risks an organization is facing – making it easier to manage and leverage risk while reducing risks associated with different mitigation responses to the same risk events.

    This opens the door to using risk information – not only to prevent negative impacts but as a strategic differentiator in decision making. It helps you know which risks are worth taking, driving strong positive outcomes for your organization.

    Executive Summary

    Your Challenge

    IT has several challenges when it comes to addressing risk management:

    • Risk is unavoidable. Without a formal program to manage IT risk, you may be unaware of your severest IT risks.
    • The business could be making decisions that are not informed by risk.
    • Reacting to risks after they occur can be costly and crippling, yet it is one of the most common tactics used by IT departments.

    Common Obstacles

    Many IT organizations realize these obstacles:

    • IT risks and business risks are often addressed separately, causing inconsistencies in the approach.
    • Security risk receives such a high profile that it often eclipses other important IT risks, leaving the organization vulnerable.
    • Failing to include the business in IT risk management leaves IT leaders too accountable; the business must have accountability as well.

    Info-Tech’s Approach

    • Transform your ad hoc IT risk management processes into a formalized, ongoing program and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders, including the business senior management team, to gain buy-in and to focus on the IT risks most critical to the organization.

    Info-Tech Insight

    IT risk is business risk. Every IT risk has business implications. Create an IT risk management program that shares accountability with the business.

    Ad hoc approaches to managing risk fail because…

    If you are like the majority of IT departments, you do not have a consistent and comprehensive strategy for managing IT risk.

    1. Ad hoc risk management is reactionary.
    2. Ad hoc risk management is often focused only on IT security.
    3. Ad hoc risk management lacks alignment with business objectives.

    The results:

    • Increased business risk exposure caused by a lack of understanding of the impact of IT risks on the business.
    • Increased IT non-compliance, resulting in costly settlements and fines.
    • IT audit failure.
    • Ineffective management of risk caused by poor risk information and wrong risk response decisions.
    • Increased unnecessary and avoidable IT failures and fixes.

    58% of organizations still lack a systematic and robust method to actually report on risks (Source: AICPA, 2021)

    Data is an invaluable asset – ensure it’s protected

    Case Studies

    Logo for Cognyte.

    Cognyte, a vendor hired to be a cybersecurity analytics company, had over five billion records exposed in Spring 2021. The data was compromised for four days, providing attackers with plenty of opportunities to obtain personally identifying information. (SecureBlink., 2021 & Security Magazine, 2021)

    Logo for Facebook.

    Facebook, the world’s largest social media giant, had over 533 million Facebook users’ personal data breached when data sets were able to be cross-listed with one another. (Business Insider, 2021 & Security Magazine, 2021)

    Logo for MGM Resorts.

    In 2020, over 10.6 million customers experienced some sort of data being accessible, with 1,300 having serious personally identifying information breached. (The New York Times, 2020)

    Risk management is a business enabler

    Formalize risk management to increase your likelihood of success.

    By identifying areas of risk exposure and creating solutions proactively, obstacles can be removed or circumvented before they become a real problem.

    A certain amount of risk is healthy and can stimulate innovation:

    • A formal risk management strategy doesn’t mean trying to mitigate every possible risk; it means exposing the organization to the right amount of risk.
    • Taking a formal risk management approach allows an organization to thoughtfully choose which risks it is willing to accept.
    • Organizations with high risk management maturity will vault themselves ahead of the competition because they will be aware of which risks to prepare for, which risks to ignore, and which risks to take.

    Only 12% of organizations are using risk as a strategic tool most or all of the time (Source: AICPA, 2021)

    IT risk is enterprise risk

    Accountability for IT risks and the decisions made to address them should be shared between IT and the business.

    Multiple types of risk, 'Finance', 'IT', 'People', and 'Digital', funneling into 'ENTERPRISE RISKS'. IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk.

    Follow the steps of this blueprint to build or optimize your IT risk management program

    Cycle of 'Goverance' beginning with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report'.

    Start Here

    PHASE 1
    Review IT Risk Fundamentals and Governance
    PHASE 2
    Identify and Assess IT Risk
    PHASE 3
    Monitor, Report, and Respond to IT Risk

    1.1

    Review IT Risk Management Fundamentals

    1.2

    Establish a Risk Governance Framework

    2.1

    Identify IT Risks

    2.2

    Assess and Prioritize IT Risks

    3.1

    Monitor IT Risks and Develop Risk Responses

    3.2

    Report IT Risk Priorities

    Integrate Risk and Use It to Your Advantage

    Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.

    Risk management is more than checking an audit box or demonstrating project due diligence.

    Risk Drivers
    • Audit & compliance
    • Preserve value & avoid loss
    • Previous risk impact driver
    • Major transformation
    • Strategic opportunities
    Arrow pointing right. Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021)
    1. Assess Enterprise Risk Maturity 3. Build a Risk Management Program Plan 4. Establish Risk Management Processes 5. Implement a Risk Management Program
    2. Determine Authority with Governance
    Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020)
    IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.

    Governance and related decision making is optimized with integrated and aligned risk data.

    List of 'Integrated Risk Maturity Categories': '1. Context & Strategic Direction', '2. Risk Culture and Authority', '3. Risk Management Process', and '4. Risk Program Optimization'. The five types of a risk in 'Enterprise Risk Management (ERM)': 'IT', 'Security', 'Digital', 'Vendor/TPRM', and 'Other'.

    ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types.

    The program plan is meant to consider all the major risk types in a unified approach.

    The 'Risk Process' cycle starting with '1. Identify', '2. Assess', '3. Respond', '4. Monitor', '5. Report', and back to the beginning. Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Risk Management Program Manual

    Use the tools and activities in each phase of the blueprint to create a comprehensive, customized program manual for the ongoing management of IT risk.

    Sample of the key deliverable, Risk Manangement Program Fund.
    Integrated Risk Maturity Assessment

    Assess the organization's current maturity and readiness for integrated risk management (IRM).

    Sample of the Integrated Risk Maturity Assessment blueprint. Centralized Risk Register

    The repository for all the risks that have been identified within your environment.

    Sample of the Centralized Risk Register blueprint.
    Risk Costing Tool

    A potential cost-benefit analysis of possible risk responses to determine a good method to move forward.

    Sample of the Risk Costing Tool blueprint. Risk Report & Risk Event Action Plan

    A method to report risk severity and hold risk owners accountable for chosen method of responding.

    Samples of the Risk Report & Risk Event Action Plan blueprints.

    Benefit from industry-leading best practices

    As a part of our research process, we used the COSO, ISO 31000, and COBIT 2019 frameworks. Contextualizing IT risk management within these frameworks ensured that our project-focused approach is grounded in industry-leading best practices for managing IT risk.

    Logo for COSO.

    COSO’s Enterprise Risk Management — Integrating with Strategy and Performance addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment. (COSO)

    Logo for ISO.

    ISO 31000
    Risk Management can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment. (ISO 31000)

    Logo for COBIT.

    COBIT 2019’s IT functions were used to develop and refine our Ten IT Risk Categories used in our top-down risk identification methodology. (COBIT 2019)

    Abandon ad hoc risk management

    A strong risk management foundation is valuable when building your IT risk management program.

    This research covers the following IT risk fundamentals:

    • Benefits of formalized risk management
    • Key terms and definitions
    • Risk management within ERM
    • Risk management independent of ERM
    • Four key principles of IT risk management
    • Importance of a risk management program manual
    • Importance of buy-in and support from the business

    Drivers of Formalized Risk Management:

    Drivers External to IT
    External Audit Internal Audit
    Mandated by ERM
    Occurrence of Risk Event
    Demonstrating IT’s value to the business Proactive initiative
    Emerging IT risk awareness
    Grassroots Drivers

    Blueprint benefits

    IT Benefits

    • Increased on-time, in-scope, and on-budget completion of IT projects.
    • Meet the business’ service requirements.
    • Improved satisfaction with IT by senior leadership and business units.
    • Fewer resources wasted on fire-fighting.
    • Improved availability, integrity, and confidentiality of sensitive data.
    • More efficient use of resources.
    • Greater ability to respond to evolving threats.

    Business Benefits

    • Reduced operational surprises or failures.
    • Improved IT flexibility when responding to risk events and market fluctuations.
    • Reduced budget uncertainty.
    • Improved ability to make decisions when developing long-term strategies.
    • Improved stakeholder and shareholder confidence.
    • Achieved compliance with external regulations.
    • Competitive advantage over organizations with immature risk management practices.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 8 calls over the course of 3 to 6 months.

    What does a typical GI on this topic look like?

      Phase 1

    • Call #1: Assess current risk maturity and organizational buy-in.
    • Call #2: Establish an IT risk council and determine IT risk management program goals.
    • Phase 2

    • Call #3: Identify the risk categories used to organize risk events.
    • Call #4: Identify the threshold for risk the organization can withstand.
    • Phase 3

    • Call #5: Create a method to assess risk event severity.
    • Call #6: Establish a method to monitor priority risks and consider possible risk responses.
    • Call #7: Communicate risk priorities to the business and implement risk management plan.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Review IT Risk Fundamentals and Governance

    1.1 Assess current program maturity

    1.2 Complete RACI chart

    1.3 Create the IT risk council

    1.4 Identify and engage key stakeholders

    1.5 Add organization-specific risk scenarios

    1.6 Identify risk events

    Identify IT Risks

    2.1 Identify risk events (continued)

    2.2 Augment risk event list using COBIT5 processes

    2.3 Determine the threshold for (un)acceptable risk

    2.4 Create impact and probability scales

    2.5 Select a technique to measure reputational cost

    2.6 Conduct risk severity level assessment

    Assess IT Risks

    3.1 Conduct risk severity level assessment

    3.2 Document the proximity of the risk event

    3.3 Conduct expected cost assessment

    3.4 Develop key risk indicators (KRIs) and escalation protocols

    3.5 Perform root cause analysis

    3.6 Identify and assess risk responses

    Monitor, Report, and Respond to IT Risk

    4.1 Identify and assess risk responses

    4.2 Risk response cost-benefit analysis

    4.3 Create multi-year cost projections

    4.4 Review techniques for embedding risk management in IT

    4.5 Finalize the Risk Report and Risk Management Program Manual

    4.6 Transfer ownership of risk responses to project managers

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Outcomes
    1. Maturity Assessment
    2. Risk Management Program Manual
    1. Finalized List of IT Risk Events
    2. Risk Register
    3. Risk Management Program Manual
    1. Risk Register
    2. Risk Event Action Plans
    3. Risk Management Program Manual
    1. Risk Report
    2. Risk Management Program Manual
    1. Workshop Report
    2. Risk Management Program Manual

    Build an IT Risk Management Program

    Phase 1

    Review IT Risk Fundamentals and Governance

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Gain buy-in from senior leadership
    • Assess current program maturity
    • Identify obstacles and pain points
    • Determine the risk culture of the organization
    • Develop risk management goals
    • Develop SMART project metrics
    • Create the IT risk council
    • Complete a RACI chart

    This phase involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Step 1.1

    Review IT Risk Management Fundamentals

    Activities
    • 1.1.1 Gain buy-in from senior leadership
    • 1.1.2 Assess current program maturity

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Reviewed key IT principles and terminology
    • Gained understanding of the relationship between IT risk management and ERM
    • Introduced to Info-Tech’s IT Risk Management Framework
    • Obtained the support of senior leadership
    Step 1.1 Step 1.2

    Effective IT risk management is possible with or without ERM

    Whether or not your organization has ERM, integrating your IT risk management program with the business is possible.

    Most IT departments find themselves in one of these two organizational frameworks for managing IT risk:

    Core Responsibilities With an ERM Without an ERM
    • Risk Decision-Making Authority
    • Final Accountability
    Senior Leadership Team Senior Leadership Team
    • Risk Governance
    • Risk Prioritization & Communication
    ERM IT Risk Management
    • Risk Identification
    • Risk Assessment
    • Risk Monitoring
    IT Risk Management
    Pro: IT’s risk management responsibilities are defined (assessment schedules, escalation and reporting procedures).
    Con: IT may lack autonomy to implement IT risk management best practices.
    Pro: IT is free to create its own IT risk council and develop customized processes that serve its unique needs.
    Con: Lack of clear reporting procedures and mechanisms to share accountability with the business.

    Info-Tech’s IT risk management framework walks you through each step to achieve risk readiness

    IT Risk Management Framework

    Risk Governance
    • Optimize Risk Management Processes
    • Assess Risk Maturity
    • Measure the Success of the Program
    A cycle surrounds the words 'Business Objectives', referring to the surrounding lists. On the top half is 'Communication', and the bottom is 'Monitoring'. Risk Identification
    • Engage Stakeholder Participation
    • Use Risk Identification Frameworks
    • Compile IT-Related Risks
    Risk Response
    • Establish Monitoring Responsibilities
    • Perform Cost-Benefit Analysis
    • Report Risk Response Actions
    Risk Assessment
    • Establish Thresholds for Unacceptable Risk
    • Calculate Expected Cost
    • Determine Risk Severity & Prioritize IT Risks

    Effective IT risk management benefits

    Obtain the support of the senior leadership team or IT steering committee by communicating how IT risk impacts their priorities.

    Risk management benefits To engage the business...
    IT is compliant with external laws and regulations. Identify the industry or legal legislation and regulations your organization abides by.
    IT provides support for business compliance. Find relevant business compliance issues, and relate compliance failures to cost.
    IT regularly communicates costs, benefits, and risks to the business. Acknowledge the number of times IT and the business miscommunicate critical information.
    Information and processing infrastructure are very secure. Point to past security breaches or potential vulnerabilities in your systems.
    IT services are usually delivered in line with business requirements. Bring up IT services that the business was unsatisfied with. Explain that their inputs in identifying risks are correlated with project quality.
    IT related business risks are managed very well. Make it clear that with no risk tracking process, business processes become exposed and tend to slow down.
    IT projects are completed on time and within budget. Point out late or over-budget projects due to the occurrence of unforeseen risks.

    1.1.1 Gain buy-in from senior leadership

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Buy-in from senior leadership for an IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    The resource demands of IT risk management will vary from organization to organization. Here are typical requirements:

    • Occasional participation of key IT personnel and select business stakeholders in IT risk council meetings (e.g. once every two weeks).
    • Periodic risk assessments (e.g. 4 days, twice a year).
    • IT personnel must take on risk monitoring responsibilities (e.g. 1-4 hours per week).
    • Record the results in the Program Manual sections 3.3, 3.4 and 3.5.

    Record the results in the Risk Management Program Manual.

    Integrated Risk Maturity Assessment

    The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM)

    Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.

    Integrated Risk Maturity Assessment
    A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization.
    Sample of the Integrated Risk Maturity Assessment deliverable.

    Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organizations.

    Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.

    1.1.2 Assess current program maturity

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Maturity scores across four key risk categories

    Materials: Integrated Risk Maturity Assessment Tool

    Participants: IT executive leadership, Business executive leadership

    This assessment is intended for frequent use; process completeness should be re-evaluated on a regular basis.

    How to Use This Assessment:

    1. Download the Integrated Risk Management Maturity Assessment Tool.
    2. Tab 2, "Data Entry:" This is a qualitative assessment of your integrated risk management process and is organized by the categories of integrated risk maturity. You will be asked to rate the extent to which you are executing the activities required to successfully complete each phase of the assessment. Use the drop-down menus provided to select the appropriate level of execution for each activity listed.
    3. Tab 3, "Results:" This tab will display your rate of IRM completeness/maturity. You will receive a score for each category as well as an overall score. The results will be displayed numerically, by percentage, and graphically.

    Record the results in the Integrated Risk Maturity Assessment.

    Integrated Risk Maturity Categories

    Semi-circle with colored points indicating four categories.

    1

    Context & Strategic Direction Understanding of the organization’s main objectives and how risk can support or enhance those objectives.

    2

    Risk Culture and Authority Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture.

    3

    Risk Management Process Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization.

    4

    Risk Program Optimization Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise.

    Step 1.2

    Establish a Risk Governance Framework

    Activities
    • 1.2.1 Identify pain points/obstacles and opportunities
    • 1.2.2 Determine the risk culture of the organization
    • 1.2.3 Develop risk management goals
    • 1.2.4 Develop SMART project metrics
    • 1.2.5 Create the IT risk council
    • 1.2.6 Complete a RACI chart

    This step involves the following participants:

    • IT executive leadership
    • Business executive leadership

    Outcomes of this step

    • Developed goals for the risk management program
    • Established the IT risk council
    • Assigned accountability and responsibility for risk management processes

    Review IT Risk Fundamentals and Governance

    Step 1.1 Step 1.2

    Create an IT risk governance framework that integrates with the business

    Follow these best practices to make sure your requirements are solid:

    1. Self-assess your current approach to IT risk management.
    2. Identify organizational obstacles and set attainable risk management goals.
    3. Track the effectiveness and success of the program using SMART risk management metrics.
    4. Establish an IT risk council tasked with managing IT risk.
    5. Set clear risk management accountabilities and responsibilities for IT and business stakeholders.

    Key metrics for your IT risk governance framework

    Challenges:
    • Key stakeholders are left out or consulted once risks have already occurred.
    • Failure to employ consistent risk identification methodologies results in omitted and unknown risks.
    • Risk assessments do not reflect organizational priorities and may not align with thresholds for acceptable risk.
    • Risk assessment occurs sporadically or only after a major risk event has already occurred.
    Key metrics:
    • Number of risk management processes done ad hoc.
    • Frequency that IT risk appears as an agenda item at IT steering committee meetings.
    • Percentage of IT employees whose performance evaluations reflect risk management objectives.
    • Percentage of IT risk council members who are trained in risk management activities.
    • Number of open positions in the IT risk council.
    • Cost of risk management program operations per year.

    Info-Tech Insight

    Metrics provide the foundation for determining the success of your IT risk management program and ensure ongoing funding to support appropriate risk responses.

    IT risk management success factors

    Support and sponsorship from senior leadership

    IT risk management has more success when initiated by a member of the senior leadership team or the board, rather than emerging from IT as a grassroots initiative.

    Sponsorship increases the likelihood that risk management is prioritized and receives the necessary resources and attention. It also ensures that IT risk accountability is assumed by senior leadership.

    Risk culture and awareness

    A risk-aware organizational culture embraces new policies and processes that reflect a proactive approach to risk.

    An organization with a risk-aware culture is better equipped to facilitate communication vertically within the organization.

    Risk awareness can be embedded by revising job descriptions and performance assessments to reflect IT risk management responsibilities.

    Organization size

    Smaller organizations can often institute a mature risk management program much more quickly than larger organizations.

    It is common for key personnel within smaller organizations to be responsible for multiple roles associated with risk management, making it easier to integrate IT and business risk management.

    Larger organizations may find it more difficult to integrate a more complex and dispersed network of individuals responsible for various risk management responsibilities.

    1.2.1 Identify obstacles and pain points

    1-4 hours

    Input: Integrated Risk Maturity Assessment

    Output: Obstacles and pain points identified

    Materials: IT Risk Management Success Factors

    Participants: IT executive leadership, Business executive leadership

    Anticipate potential challenges and “blind spots” by determining which success factors are missing from your current situation.

    Instructions:

    1. List the potential obstacles and missing success factors that you must overcome to effectively manage IT risk and build a risk management program.
    2. Consider some opportunities that could be leveraged to increase the success of this program.
    3. Use this list in Activity 1.2.3 to develop program goals.

    Risk Management

    Replace the example pain points and opportunities with real scenarios in your organization.

    Pain Points/Obstacles
    • Lack of leadership buy-in
    • Skills and understanding around risk management within IT
    • Skills and understanding around risk management within the organization
    • Lack of a defined risk management posture
    Opportunities
    • Changes in regulations related to risk
    • Organization moving toward an integrated risk management program
    • Ability to leverage lessons learned from similar companies
    • Strong process management and adherence to policies by employees in the organization

    1.2.2 Determine the risk culture of your organization

    1-3 hours

    Determine how your organization fits the criteria listed below. Descriptions and examples do not have to match your organization perfectly.

    Risk Tolerant
    • You have no compliance requirements.
    • You have no sensitive data.
    • Customers do not expect you to have strong security controls.
    • Revenue generation and innovative products take priority and risk is acceptable.
    • The organization does not have remote locations.
    • It is likely that your organization does not operate within the following industries:
      • Finance
      • Health care
      • Telecom
      • Government
      • Research
      • Education
    Moderate
    • You have some compliance requirements, e.g.:
      • HIPAA
      • PIPEDA
    • You have sensitive data, and are required to retain records.
    • Customers expect strong security controls.
    • Information security is visible to senior leadership.
    • The organization has some remote locations.
    • Your organization most likely operates within the following industries:
      • Government
      • Research
      • Education
    Risk Averse
    • You have multiple, strict compliance and/or regulatory requirements.
    • You house sensitive data, such as medical records.
    • Customers expect your organization to maintain strong and current security controls.
    • Information security is highly visible to senior management and public investors.
    • The organization has multiple remote locations.
    • Your organization operates within the following industries:
      • Finance
      • Healthcare
      • Telecom

    Be aware of the organization’s attitude towards risk

    Risk culture is an organization’s attitude towards taking risks. This attitude manifests itself in two ways:

    One element of risk culture is what levels of risk the organization is willing to accept to pursue its objectives and what levels of risk are deemed unacceptable. This is often called risk appetite.
    Risk tolerant

    Risk-tolerant organizations embrace the potential of accelerating growth and the attainment of business objectives by taking calculated risks.

    Risk averse

    Risk-averse organizations prefer consistent, gradual growth and goal attainment by embracing a more cautious stance toward risk.

    The other component of risk culture is the degree to which risk factors into decision making.
    Risk conscious

    Risk-conscious organizations place a high priority on being aware of all risks impacting business objectives, regardless of whether they choose to accept or respond to those risks.

    Unaware

    Organizations that are largely unaware of the impact of risk generally believe there are few major risks impacting business objectives and choose to invest resources elsewhere.

    Info-Tech Insight

    Organizations typically fall in the middle of these spectrums. While risk culture will vary depending on the industry and maturity of the organization, a culture with a balanced risk appetite that is extremely risk conscious is able to make creative, dynamic decisions with reasonable limits placed on risk-related decision making.

    1.2.3 Develop goals for the IT risk management program

    1-4 hours

    Input: Integrated Risk Maturity Assessment, Risk Culture, Pain Points and Opportunities

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: IT executive leadership, Business executive leadership

    Translate your maturity assessment and knowledge about organizational risk culture, potential obstacles, and success factors to develop goals for your IT risk management program.

    Instructions:

    1. In the Risk Management Program Manual, revise, replace, or add to the high-level goals provided in section 2.4.
    2. Make sure that you have three to five high-level goals that reflect the current and targeted maturity of IT risk management processes.
    3. Integrate potential obstacles, pain points, and insights from the organization’s risk culture.

    Record the results in the Risk Management Program Manual.

    1.2.4 Develop SMART project metrics

    1-3 hours

    Create metrics for measuring the success of the IT risk management program.

    Ensure that all success metrics are SMART Instructions
    1. Document a list of appropriate metrics to assess the success of the IT risk management program on a whiteboard.
    2. Use the sample metrics listed in the table on the next slide as a starting point.
    3. Fill in the chart to indicate the:
      1. Name of the success metric
      2. Method for measuring success
      3. Baseline measurement
      4. Target measurement
      5. Actual measurements at various points throughout the process of improving the risk management program
      6. A deadline for each metric to meet the target measurement
    Strong Make sure the objective is clear and detailed.
    Measurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    Actionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    Realistic Objectives must be achievable given your current resources or known available resources.
    Time-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.

    1.2.4 Develop SMART project metrics (continued)

    1-3 hours

    Attach metrics to your goals to gauge the success of the IT risk management program.

    Replace the example metrics with accurate KPIs or metrics for your organization.

    Sample Metrics
    Name Method Baseline Target Deadline Checkpoint 1 Checkpoint 2 Final
    Number of risks identified (per year) Risk register 0 100 Dec. 31
    Number of business units represented (risk identification) Meeting minutes 0 5 Dec. 31
    Frequency of risk assessment Assessments recorded in risk management program manual 0 2 per year Year 2
    Percentage of identified risk events that undergo expected cost assessment Ratio of risks assessed in the risk costing tool to risks assessed in the risk register 0 20% Dec. 31
    Number of top risks without an identified risk response Risk register 5 0 March 1
    Cost of risk management program operations per year Meeting frequency and duration, multiplied by the cost of participation $2,000 $5,000 Dec. 31

    Create the IT risk committee (ITRC)

    Responsibilities of the ITRC:
    1. Formalize risk management processes.
    2. Identify and review major risks throughout the IT department.
    3. Recommend an appropriate risk appetite or level of exposure.
    4. Review the assessment of the impact and likelihood of identified risks.
    5. Review the prioritized list of risks.
    6. Create a mitigation plan to minimize risk likelihood and impact.
    7. Review and communicate overall risk impact and risk management success.
    8. Assign risk ownership responsibilities of key risks to ensure key risks are monitored and risk responses are effectively implemented.
    9. Address any concerns in regards to the risk management program, including, but not limited to, reviewing their risk management duties and resourcing.
    10. Communicate risk reports to senior management annually.
    11. Make any alterations to the committee roster and the individuals’ responsibilities as needed and document changes.
    Must be on the ITRC:
    • CIO
    • CRO (if applicable)
    • Senior Directors
    • Security Officer
    • Head of Operations

    Must be on the ITRC:

    • CFO
    • Senior representation from every business unit impacted by IT risk

    1.2.5 Create the IT risk council

    1-4 hours

    Input: List of IT personnel and business stakeholders

    Output: Goals for the IT risk management program

    Materials: Risk Management Program Manual

    Participants: CIO, CRO (if applicable), Senior Directors, Head of Operations

    Identify the essential individuals from both the IT department and the business to create a permanent committee that meets regularly and carries out IT risk management activities.

    Instructions:

    1. Review sections 3.1 (Mandate) and 3.2 (Agenda and Responsibilities) of the IT Risk Committee Charter, located in the Risk Management Program Manual. Make any necessary revisions.
    2. In section 3.3, document how frequently the council is scheduled to meet.
    3. In section 3.4, document members of the IT risk council.
    4. Obtain sign-off for the IT risk council from the CIO or another member of the senior leadership team in section 3.5 of the manual.

    Record the results in the Risk Management Program Manual.

    1.2.6 Complete RACI chart

    1-3 hours

    A RACI diagram is a useful visualization that identifies redundancies and ensures that every role, project, or task has an accountable party.

    RACI is an acronym made up of four participatory roles: Instructions
    1. Use the template provided on the following slide, and add key stakeholders who do not appear and are relevant for your organization.
    2. For each activity, assign each stakeholder a letter.
    3. There must be an accountable party for each activity (every activity must have an “A”).
    4. For activities that do not apply to a particular stakeholder, leave the space blank.
    5. Once the chart is complete, copy/paste it into section 4.1 of the Risk Management Program Manual.
    Responsible Stakeholders who undertake the activity.
    Accountable Stakeholders who are held responsible for failure or take credit for success.
    Consulted Stakeholders whose opinions are sought.
    Informed Stakeholders who receive updates.

    1.2.6 Complete RACI chart (continued)

    1-3 hours

    Assign risk management accountabilities and responsibilities to key stakeholders:

    Stakeholder Coordination Risk Identification Risk Thresholds Risk Assessment Identify Responses Cost-Benefit Analysis Monitoring Risk Decision Making
    ITRC A R I R R R A C
    ERM C I C I I I I C
    CIO I A A A A A I R
    CRO I R C I R
    CFO I R C I R
    CEO I R C I A
    Business Units I C C C
    IT I I I I I I R C
    PMO C C C
    Legend: Responsible Accountable Consulted Informed

    Build an IT Risk Management Program

    Phase 2

    Identify and Assess IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Add organization-specific risk scenarios
    • Identify risk events
    • Augment risk event list using COBIT 2019 processes
    • Conduct a PESTLE analysis
    • Determine the threshold for (un)acceptable risk
    • Create a financial impact assessment scale
    • Select a technique to measure reputational cost
    • Create a likelihood scale
    • Assess risk severity level
    • Assess expected cost

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business Risk Owners

    Step 2.1

    Identify IT Risks

    Activities
    • 2.1.1 Add organization-specific risk scenarios
    • 2.1.2 Identify risk events
    • 2.1.3 Augment risk event list using COBIT 19 processes
    • 2.1.4 Conduct a PESTLE analysis

    This step involves the following participants:

    • IT executive leadership
    • IT Risk Council
    • Business executive leadership
    • Business risk owners

    Outcomes of this step

    • Participation of key stakeholders
    • Comprehensive list of IT risk events
    Identify and Assess IT Risk
    Step 2.1 Step 2.2

    Get to know what you don’t know

    1. Engage the right stakeholders in risk identification.
    2. Employ Info-Tech’s top-down approach to risk identification.
    3. Augment your risk event list using alternative frameworks.
    Key metrics:
    • Total risks identified
    • New risks identified
    • Frequency of updates to the Risk Register Tool
    • Number of realized risk events not identified in the Risk Register Tool
    • Level of business participation in enterprise IT risk identification
      • Number of business units represented
      • Number of meetings attended in person
      • Number of risk reports received

    Info-Tech Insight

    What you don’t know CAN hurt you. How do you identify IT-related threats and vulnerabilities that you are not already aware of? Now that you have created a strong risk governance framework that formalizes risk management within IT and connects it to the enterprise, follow the steps outlined in this section to reveal all of IT’s risks.

    Engage key stakeholders

    Ensure that all key risks are identified by engaging key business stakeholders.

    Benefits of obtaining business involvement during the risk identification stage:
    • You will identify risk events you had not considered or you weren’t aware of.
    • You will identify risks more accurately.
    • Risk identification is an opportunity to raise awareness of IT risk management early in the process.

    Executive Participation:

    • CIO participation is integral when building a comprehensive register of risk events impacting IT.
    • CIOs and IT directors possess a holistic view of all of IT’s functions.
    • CIOs and IT directors are uniquely placed to identify how IT affects other business units and the attainment of business objectives. If applicable, CRO and CTO participation is also critical.

    Prioritizing and Selecting Stakeholders

    1. Reliance on IT services and technologies to achieve business objectives.
    2. Relationship with IT, and willingness to engage in risk management activities.
    3. Unique perspectives, skills, and experiences that IT may not possess.

    Info-Tech Insight

    While IT personnel are better equipped to identify IT risk than anyone, IT does not always have an accurate view of the business’ exposure to IT risk. Strive to maintain a 3 to 1 ratio of IT to non-IT personnel involved in the process.

    Enable IT to target risk holistically

    Take a top-down approach to risk identification to guide brainstorming

    Info-Tech’s risk categories are consistent with a risk identification method called Risk Prompting.

    A risk prompt list is a list that categorizes risks into types or areas. The n10 risk categories encapsulate the services, activities, responsibilities, and functions of most IT departments. Use these categories and the example risk scenarios provided as prompts to guide brainstorming and organize risks.

    Risk Category: High-level groupings that describe risk pertaining to major IT functions. See the following slide for all ten of Info-Tech’s IT risk categories. Risk Scenario: An abstract profile representing common risk groups that are more specific than risk categories. Typically, organizations are able to identify two to five scenarios for each category. Risk Event: Specific threats and vulnerabilities that fall under a particular risk scenario. Organizations are able to identify anywhere between 1 and 20 events for each scenario. See the Appendix of the Risk Management Program Manual for a list of risk event examples.

    Risk Category

    Risk Scenario

    Risk Event

    Compliance Regulatory compliance Being fined for not complying/being aware of a new regulation.
    Externally originated attack Phishing attack on the organization.
    Operational Technology evaluation & selection Partnering with a vendor that is not in compliance with a key regulation.
    Capacity planning Not having sufficient resources to support a DRP.
    Third-Party Risk Vendor management Vendor performance requirements are improperly defined.
    Vendor selection Vendors are improperly selected to meet the defined use case.

    2.1.1 Add organization-specific risk scenarios

    1-3 hours

    Review Info-Tech’s ten IT risk categories and add risk scenarios to the examples provided.

    IT Reputational
    • Negative PR
    • Consumers writing negative reviews
    • Employees writing negative reviews
    IT Financial
    • Stock prices drop
    • Value of the organization is reduced
    IT Strategic
    • Organization prioritizes innovation but remains focused on operational
    • Unable to access data to support strategic initiative
    Operational
    • Enterprise architecture
    • Technology evaluation and selection
    • Capacity planning
    • Operational errors
    Availability
    • Power outage
    • Increased data workload
    • Single source of truth
    • Lacking knowledge transfer processes for critical tasks
    Performance
    • Network failure
    • Service levels not being met
    • Capacity overload
    Compliance
    • Regulatory compliance
    • Standards compliance
    • Audit compliance
    Security
    • Malware
    • Internally originated attack
    Third Party
    • Vendor selection
    • Vendor management
    • Contract termination
    Digital
    • No back-up process if automation fails

    2.1.2 Identify risk events

    1-4 hours

    Input: IT risk categories

    Output: Risk events identified and categorized

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owners, CRO (if applicable)

    Use Info-Tech’s IT risk categories and scenarios to brainstorm a comprehensive list of IT-related threats and vulnerabilities impacting your organization.

    Instructions:

    1. Document risk events in the Risk Register Tool.
    2. List risk scenarios (organized by risk category) in the Risk Events/Threats column.
    3. Disseminate the list to key stakeholders who were unable to participate and solicit their feedback.
      • Consult the RACI chart located in section 4.1 of the Risk Management Program Manual.
    4. Attack one scenario at a time, exhausting all realistic risk events for that grouping before moving onto the next scenario. Each scenario should take approximately 45-60 minutes.

    Tip: If disagreement arises regarding whether a specific risk event is relevant to the organization or not and it cannot be resolved quickly, include it in the list. The applicability of these risks will become apparent during the assessment process.

    Record the results in the Risk Register Tool.

    2.1.3 Augment the risk event list using COBIT 2019 processes (Optional)

    1-3 hours

    Other industry-leading frameworks provide alternative ways of conceptualizing the functions and responsibilities of IT and may help you uncover additional risk events.

    1. Managed IT Management Framework
    2. Managed Strategy
    3. Managed Enterprise Architecture
    4. Managed Innovation
    5. Managed Portfolio
    6. Managed Budget and Costs
    7. Managed Human Resources
    8. Managed Relationships
    9. Managed Service Agreements
    10. Managed Vendors
    11. Managed Quality
    12. Managed Risk
    13. Managed Security
    14. Managed Data
    15. Managed Programs
    16. Managed Requirements Definition
    17. Managed Solutions Identification and Build
    18. Managed Availability and Capacity
    19. Managed Organizational Change Enablement
    20. Managed IT Changes
    1. Managed IT Change Acceptance and Transitioning
    2. Managed Knowledge
    3. Managed Assets
    4. Managed Configuration
    5. Managed Projects
    6. Managed Operations
    7. Managed Service Requests and Incidents
    8. Managed Problems
    9. Managed Continuity
    10. Managed Security Services
    11. Managed Business Process Controls
    12. Managed Performance and Conformance Monitoring
    13. Managed System of Internal Control
    14. Managed Compliance with External Requirements
    15. Managed Assurance
    16. Ensured Governance Framework Setting and Maintenance
    17. Ensured Benefits Delivery
    18. Ensured Risk Optimization
    19. Ensured Resource Optimization
    20. Ensured Stakeholder Engagement

    Instructions:

    1. Review COBIT 2019’s 40 IT processes and identify additional risk events.
    2. Match risk events to the corresponding risk category and scenario and add them to the Risk Register Tool.

    2.1.4 Finalize your risk register by conducting a PESTLE analysis (Optional)

    1-3 hours

    Explore alternative identification techniques to incorporate external factors and avoid “groupthink.”

    Consider the External Environment – PESTLE Analysis

    Despite efforts to encourage equal participation in the risk identification process, key risks may not have been shared in previous exercises.

    Conduct a PESTLE analysis as a final safety net to ensure that all key risk events have been identified.

    Avoid “Groupthink” – Nominal Group Technique

    The Nominal Group Technique uses the silent generation of ideas and an enforced “safe” period of time where ideas are shared but not discussed to encourage judgement-free idea generation.

    • Ideas are generated silently and independently.
    • Ideas are then shared and documented; however, discussion is delayed until all of the group’s ideas have been recorded.
    • Idea generation can occur before the meeting and be kept anonymous.

    Note: Employing either of these techniques will lengthen an already time-consuming process. Only consider these techniques if you have concerns regarding the homogeneity of the ideas being generated or if select individuals are dominating the exercise.

    List the following factors influencing the risk event:
    • Political factors
    • Economic factors
    • Social factors
    • Technological factors
    • Legal factors
    • Environmental factors
    'PESTLE Analysis' presented as a wheel with the acronym's meanings surrounding the title. 'Political Factors', 'Economic Factors', 'Social Factors', 'Technological Factors', 'Legal Factors', and 'Environmental Factors'.

    Step 2.2

    Assess and Prioritize IT Risks

    Activities
    • 2.2.1 Determine the threshold for (un)acceptable risk
    • 2.2.2 Create a financial impact assessment scale
    • 2.2.3 Select a technique to measure reputational cost
    • 2.2.4 Create a likelihood scale
    • 2.2.5 Risk severity level assessment
    • 2.2.6 Expected cost assessment

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owners

    Outcomes of this step

    • Business-approved thresholds for unacceptable risk
    • Completed Risk Register Tool with risks prioritized according to severity
    • Expected cost calculations for high-priority risks

    Identify and Assess IT Risk

    Step 2.1 Step 2.2

    Reveal the organization’s greatest IT threats and vulnerabilities

    1. Establish business-approved risk thresholds for acceptable and unacceptable risk.
    2. Conduct a streamlined assessment of all risks to separate acceptable and unacceptable risks.
    3. Perform a deeper, cost-based assessment of prioritized risks.
    Key metrics:
    • Frequency of IT risk assessments
      • (Annually, bi-annually, etc.)
    • Assessment accuracy
      • Percentage of risk assessments that are substantiated by later occurrences or testing
      • Ratio of cumulative actual costs to expected costs
    • Assessment consistency
      • Percentage of risk assessments that are substantiated by third-party audit
    • Assessment rigor
      • Percentage of identified risk events that undergo first-level assessment (severity scores)
      • Percentage of identified risk events that undergo second-level assessment (expected cost)
    • Stakeholder oversight and participation
      • Level of executive participation in IT risk assessment (attend in person, receive report, etc.)
      • Number of business stakeholder reviews per risk assessment

    Info-Tech Insight

    Risk is money. It’s impossible to make intelligent decisions about risks without knowing what their financial impact will be.

    Review risk assessment fundamentals

    Risk assessment provides you with the raw materials to conduct an informed cost-benefit analysis and make robust risk response decisions.

    In this section, you will be prioritizing your IT risks according to their risk severity, which is a reflection of their expected cost.

    Calculating risk severity

    How much you expect a risk event to cost if it were to occur:

    Likelihood of Risk Impact

    e.g. $250,000 or “High”

    X

    Calibrated by how likely the risk is to occur:

    Likelihood of Risk Occurrence

    e.g. 10% or “Low”

    =

    Produces a dollar value or “severity level” for comparing risks:

    Risk Severity

    e.g. $25,000 or “Medium”
    Which must be evaluated against thresholds for acceptable risk and the cost of risk responses.

    Risk Tolerance
    Risk Response

    CBA
    Cost-benefit analysis

    Maintain the engagement of key stakeholders in the risk assessment process

    1

    Engage the Business During Assessment Process

    Asking business stakeholders to make significant contributions to the assessment exercise may be unrealistic (particularly for members of the senior leadership team, other than the CIO).

    Ensure that they work with you to finalize thresholds for acceptable or unacceptable risk.

    2

    Verify the Risk Impact and Assessment

    If IT has ranked risk events appropriately, the business will be more likely to offer their input. Share impact and likelihood values for key risks to see if they agree with the calculated risk severity scores.

    3

    Identify Where the Business Focuses Attention

    While verifying, pay attention to the risk events that the business stresses as key risks. Keep these risks in mind when prioritizing risk responses as they are more likely to receive funding.

    Try to communicate the assessments of these risk events in terms of expected cost to attract the attention of business leaders.

    Info-Tech Insight

    If business executives still won’t provide the necessary information to update your initial risk assessments, IT should approach business unit leaders and lower-level management. Lean on strong relationships forged over time between IT and business managers or supervisors to obtain any additional information.

    Info-Tech recommends a two-level approach to risk assessment

    Review the two levels of risk assessment offered in this blueprint.

    Risk severity level assessment (mandatory)

    1

    Information

    Number of risks: Assess all risk events identified in Phase 1.
    Units of measurement: Use customized likelihood and impact “levels.”
    Time required: One to five minutes per risk event.

    Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    X

    Assess Likelihood

    Negligible
    Low
    Moderate
    High
    Very High

    =

    Output


    Risk Security Level:

    Moderate

    Example of a risk severity level assessment chart.
    Chart risk events according to risk severity as this allows you to organize and prioritize IT risks.

    Assess all of your identified risk events with a risk severity-level assessment.

    • By creating a likelihood and impact assessment scale divided into three to nine “levels” (sometimes referred to as “buckets”), you can evaluate every risk event quickly while being confident that risks are being assessed accurately.
    • In the following activities, you will create likelihood and impact scales that align with your organizational risk appetite and tolerance.
    • Severity-level assessment is a “first pass” of your risk list, revealing your organization’s most severe IT risks, which can be assessed in greater detail by incorporating expected cost into your evaluation.

    Info-Tech recommends a two-level approach to risk assessment (continued)

    Expected cost assessment (optional)

    2

    Information

    Number of risks: Only assess high-priority risks revealed by severity-level assessment.
    Units of measurement: Use actual likelihood values (%) and impact costs ($).
    Time required: 10-20 minutes per risk event.

    Assess Likelihood

    15%

    Moderate

    X

    Assess Likelihood

    $100,000

    High

    =

    Output


    Expected Cost:

    $15,000

    Expected cost is useful for conducting cost-benefit analysis and comparing IT risks to non-IT risks and other budget priorities for the business.

    Conduct expected cost assessments for IT’s greatest risks.

    For risk events warranting further analysis, translate risk severity levels into hard expected-cost numbers.

    Why conduct expected cost assessments?
    • Expected cost represents how much you would expect to pay in an average year for each risk event.
    • Communicate risk priorities to the business in language they can understand.
    • While risk severity levels are useful for comparing one IT risk to another, expected cost data allows the business to compare IT risks to non-IT risks that may not use the same scales.
    Why is expected cost assessment optional?
    • Determining robust likelihood values and precise impact estimates can be challenging and time consuming.
    • Some risk events may require extensive data gathering and industry analysis.

    Implement and leverage a centralized risk register

    The purpose of the risk register is to act as the repository for all the risks that have been identified within your environment.

    Use this tool to:

    1. Collect and maintain a repository for all IT risk events impacting the organization and relevant information for each risk.
      • Capture all relevant IT risk information in one location.
      • Organize risk identification and assessment information for transparent risk management, stakeholder review, and/or internal audit.
    2. Calculate risk severity scores to prioritize risk events and determine which risks require a risk response.
      • Separate acceptable and unacceptable risks (as determined by the business).
      • Rank risks based on severity levels.
    3. Assess risk responses and calculate residual risk.
      • Evaluate the effect that proposed risk response actions will have on top risk events and quantify residual risk magnitude.
      • This step will be completed in section 3.1

    2.2.1 Determine the threshold for (un)acceptable risk

    1-4 hours

    Input: Risk events, Risk appetite

    Output: Threshold for risk identified

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    There are times when the business needs to know about IT risks with high expected costs.

    1. Create an expected cost threshold that defines what constitutes an acceptable and unacceptable risk for the organization. This figure should be a concrete dollar value. In the next exercises, you will build risk impact and likelihood scales with this value in mind, ensuring that “high” or “extreme” risks are immediately communicated to senior leadership.
    2. Do not consider IT budget restrictions when developing this number. The acceptable risk threshold should reflect the business’ tolerance/appetite for risk.

    This threshold is typically based on the organization’s ability to absorb financial losses, and its tolerance/appetite towards risk.

    If your organization has ERM, adopt the existing acceptability threshold.

    Record this threshold in section 5.3 of the Risk Management Program Manual

    2.2.2 Create a financial impact assessment scale

    1-4 hours

    Input: Risk events, Risk threshold

    Output: Financial impact scale created

    Materials: Risk Register Tool, Risk Management Program Manual

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Create a scale to assess the financial impact of risk events.
      • Typically, risk impacts are assessed on a scale of 1-5; however, some organizations may prefer to assess risks using 3, 4, 7, or 9-point scales.
    2. Ensure that the unacceptable risk threshold is reflected in the scale.
      • In the example provided, the unacceptable risk threshold ($100,000) is represented as “High” on the impact scale.
    3. Attach labels to each point on the scale. Effective labels will easily distinguish between risks on either side of the unacceptable risk threshold.

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    Convert project overruns and service outages into costs

    Use the tables below to quickly convert impacts typically measured in units of time to financial cost. Replace the values in the table with those that reflect your own costs.

    • While project overruns and service outages may have intangible impacts beyond the unexpected costs stemming from paying employees and lost revenue (such as adding complexity to project management and undermining the business’ confidence in IT), these measurements will provide adequate impact estimations for risk assessment.
    • Remember, complex risk events can be analyzed further with an expected cost assessment.
    Project Overruns Scale for the use of cost assessment with dollar amounts associated with impact levels. '$250,000 - Extreme', '$100,000 - High', '$60,000 - Moderate', '$35,000 - Low', '$10,000 - Negligible'.

    Project

    Time (days)

    20 days

    Number of employees

    8

    Average cost per employee (per day)

    $300

    Estimated cost

    $48,000
    Service Outages

    Service

    Time (hours)

    4 hours

    Lost revenue (per hour)

    $10,000

    Estimated cost

    $40,000

    Impact scale

    Low

    2.2.3 Select a technique to measure reputational cost (1 of 3)

    1-3 hours

    Realized risk events may have profound reputational costs that do not immediately impact your bottom line.

    Reputational cost can take several forms, including the internal and external perception of:
    1. Brand likeability
    2. Product quality
    3. Leadership capability
    4. Social responsibility

    Based on your industry and the nature of the risk, select one of the three techniques described in this section to incorporate reputational costs into your risk assessment.

    Technique #1 – Use financial indicators:

    For-profit companies typically experience reputational loss as a gradual decline in the strength of their brand, exclusion from industry groups, or lost revenue.

    If possible, use these measures to put a price on reputational loss:

    • Lost revenue attributable to reputation loss
    • Loss of market share attributable to reputation loss
    • Drops in share price attributable to reputation loss (for public companies)

    Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.

    • If you are not able to effectively translate all reputational costs into financial costs, proceed to techniques 2 and 3 on the following slides.

    2.2.3 Select a technique to measure reputational cost (2 of 3)

    1-3 hours
    It is common for public sector or not-for-profit organizations to have difficulty putting a price tag on intangible reputational costs.
    • For example, a government organization may be unable to directly quantify the cost of losing the confidence and/or support of the public.
    • A helpful technique is to reframe how reputation is assigned value.
    Technique #2 – Calculate the value of avoiding reputational cost:
    1. Imagine that the particular risk event you are assessing has occurred. Describe the resulting reputational cost using qualitative language.

    For example:

    A data breach, which caused the unsanctioned disclosure of 2,000 client files, has inflicted high reputational costs on the organization. These have impacted the organization in the following ways:

    • Loss of organizational trust in IT
    • IT’s reputation as a value provider to the organization is tarnished
    • Loss of client trust in the organization
    • Potential for a public reprimand of the organization by the government to restore public trust
  • Then, determine (hypothetically) how much money the organization would be willing to spend to prevent the reputational cost from being incurred.
  • Match this dollar value to the corresponding level on the impact scale created in Activity 2.2.2.
  • 2.2.3 Select a technique to measure reputational cost (3 of 3)

    1-3 hours

    If you feel that the other techniques have not reflected reputational impacts in the overall severity level of the risk, create a parallel scale that roughly matches your financial impact scale.

    Technique #3 – Create a parallel scale for reputational impact:

    Visibility is a useful metric for measuring reputational impact. Visibility measures how widely knowledge of the risk event has spread and how negatively the organization is perceived. Visibility has two main dimensions:

    • Internal vs. External
    • Low Amplification vs. High Amplification
    • Internal/External: The further outside of the organization that the risk event is visible, the higher the reputational impact.
      Low/High Amplification: The greater the ability of the actor to communicate and amplify the occurrence of a risk event, the higher the reputational impact.
      After establishing a scale for reputational impact, test whether it reflects the severity of the financial impact levels in the financial impact scale.

    • For example, if the media learns about a recent data breach, does that feel like a $100,000 loss?
    Example:
    Scale for the use of cost assessment  of reputational impact with dimension combinations associated with impact levels. 'External, High Amp, (regulators, lawsuits) - Extreme', 'Internal, High Amp, (CEO) - Low', 'Internal, Low Amp (IT) - Negligible'.

    2.2.4 Create a likelihood scale

    1-3 hours

    Instructions:
    1. Create a scale to assess the likelihood that a risk event will occur over a given period of time.
      • Info-Tech recommends assessing the likelihood that the risk event will occur over a period of one year (the IT risk council should be reassessing the risk event no less than once per year).
    2. Ensure that the likelihood scale contains the same number of levels as the financial impact scale (3, 4, 5, 7, or 9).
    3. The example provided is likely to satisfy most IT departments; however, you may customize the distribution of likelihood values to reflect the organization’s aversion towards uncertainty.
      • For example, an extremely risk-averse organization may consider any risk event with a likelihood greater than 20% to have a “High” likelihood of occurrence.
    4. Attach the same labels used for the financial impact scale (Low, Moderate, High, etc.)

    Record the risk impact scale in section 5.3 of the Risk Management Program Manual

    Scale to assess the likelihood that a risk event will occur. '80-99% - Extreme', '60-79% - High', '40-59% - Moderate' '20-39% - Low', '1-19% - Negligible'.

    Info-Tech Insight

    Note: Info-Tech endorses the use of likelihood values (1-99%) rather than frequency (3 times per year) as a measurement.
    For an explanation of why likelihood values lead to more precise and robust risk assessment, see the Appendix.

    2.2.5 Risk severity level assessment

    6-10 hours

    Input: Risk events identified

    Output: Assessed the likelihood of occurrence and impact for all identified risk events

    Materials: Risk Register Tool

    Participants: IT risk council, Relevant business stakeholders, Representation from senior management team, Business risk owner

    Instructions:

    1. Document the “Risk Category” and “Existing Controls.” in the Risk Register Tool.
      • (See the slide following this activity for tips on identifying existing controls.)
    2. Assign each risk event a likelihood and impact level.
      • Remember, you are assessing the impact that a risk event will have on the organization as a whole, not just on IT.
    3. When assigning a financial impact level to a risk event, factor in the likely number of instances that the event will occur within the time frame for which you are assessing (usually one year).
      • For risk events like third-party service outages that typically occur a few times each year, assign them an impact level that reflects the likelihood of financial impact the risk event will have over the entire year.
      • E.g. If your organization is likely to experience two major service outages next year and each outage costs the organization approximately $15,000, the total financial impact is $30,000.

    Record results in the Risk Register Tool

    2.2.5 Risk severity level assessment (continued)

    Instructions (continued):
    1. Assign a risk owner to non-negligible risk events.
      • For organizations that practice ongoing risk management and frequently reassess their risk portfolio (minimum once per year), risk ownership does not need to be assigned to “Negligible” or low-level risks.
      • View the following slides for advice on how to select a risk owner and information on their responsibilities.
    2. As you input the first few likelihood and impact values, compare them to one another to ensure consistency and accuracy:
      • Is a service outage really twice as impactful as our primary software provider going out of business?
      • Is a data breach far more likely than a ›1 hour web-services outage?
    Tips for Selecting Likelihood Values:

    Does ~10% sound right?

    Test a likelihood estimate by assessing the truth of the following statements:

    • The risk event will likely occur once in the next ten years (if the environment remains nearly identical).
    • If ten organizations existed that were nearly identical to our own, it is likely that one out of ten would experience the risk event this year.

    Screenshot of a risk severity level assessment.

    Identify current risk controls

    Consider how IT is already addressing key risks.

    Types of current risk control

    Tactical controls

    Apply to individual risks only.

    Example: A tactical control for backup/replication failure is faster WAN lines.

    Tactical risk control Strategic controls

    Apply to multiple risks.

    Example: A strategic control for backup/replication failure is implementing formal DR plans.

    Strategic risk control
    Risk event Risk event Risk event

    Screenshot of the column headings on the risk severity level assessment with 'Current Controls' highlighted.
    Consider both tactical and strategic controls already in place when filling out risk event information in the Risk Register Tool.

    Info-Tech Insight

    Identifying existing risk controls (past risk responses) provides a clear picture of the measures already in place to avoid, mitigate, or transfer key risks. This reveals opportunities to improve existing risk controls, or where new strategies are needed, to reduce risk severity levels below business thresholds.

    Assign a risk owner for each risk event

    Designate a member of the IT risk council to be responsible for each risk event.

    Selecting the Appropriate Risk Owner

    Use the following considerations to determine the best owner for each risk:

    • The risk owner should be familiar with the process, project, or IT function related to the risk event.
    • The risk owner should have access to the necessary data to monitor and measure the severity of the risk event.
    • The risk owner’s performance assessment should reflect their ability to demonstrate the ongoing management of their assigned risk events.

    Screenshot of the column headings on the risk severity level assessment with 'Risk Owner' highlighted.

    Risk Owner Responsibilities

    Risk ownership means that an individual is responsible for the following activities:

    • Monitoring the threat or vulnerability for changes in the likelihood of occurrence and/or likely impact.
    • Monitoring changes in the market and external environment that may alter the severity of the risk event.
    • Monitoring changes of closely related risks with interdependencies.
    • Developing and using key risk indicators (KRIs) to measure changes in risk severity.
    • Regularly reporting changes in risk severity to the IT risk council.
    • If necessary, escalating the risk event to other IT risk council personnel or senior management for reassessment.
    • Monitoring risk severity levels for risk events after a risk response has been implemented.

    Use Info-Tech’s Risk Costing Tool to calculate the expected cost of IT’s high-priority risks (optional)

    Sample of the Risk Costing Tool.

    Use this tool to:

    1. Conduct a deeper analysis of severe risks.
      • Determine specific likelihood and financial impact values to communicate the severity of the risk in the Expected Cost tab.
      • Identify the maximum financial impact that the risk event may inflict.
    2. Assess the effectiveness of multiple risk responses for each risk event.
      • Determine how proposed risk events will change the likelihood of occurrence and financial impact of the risk event.
    3. Incorporate risk proximity into your cost-benefit analysis of risk responses.
      • Illustrate how spending decisions will impact the expected cost of the risk event over time.

    2.2.6 Expected cost assessment (optional)

    Assign likelihood and financial impact values to high-priority risks.

    Select risks with these characteristics:

    Strongly consider conducting an expected cost assessment for risk events that meet one or more of the following criteria.

    The risk:

    • Has been assigned to the highest risk severity level.
    • Has exposed the organization previously and had severe implications.
    • Exceeds the organization’s threshold for financial impact.
    • Involves an IT function that is highly visible to the business.
    • Will likely require risk response actions that will exceed current IT budgetary constraints.
    • Is conducive to expected cost assessment:
      • There is general consensus on likelihood estimates.
      • There is general consensus on financial impact estimates.
      • Historical data exists to support estimates.
    Determine which risks require a deeper assessment:

    Info-Tech recommends conducting a second-level assessment for 5-15% of your IT risk register.

    Communicating the expected cost of high-priority risks significantly increases awareness of IT risks by the business.

    Communicating risks to the business using their language also increases the likelihood that risk responses will receive the necessary support and investment


    Record the list of risk events requiring second-level assessment in the Risk Costing Tool.

    • Transfer the likelihood and impact levels for each event into the Risk Costing Tool using data from the Risk Register Tool.

    2.2.6 Expected cost assessment (continued)

    Assign likelihood and financial impact values to high-priority risks.

    Instructions:
    1. Go through the list of prioritized risks in the Risk Costing Tool one by one. Indicate the likelihood and impact level (from the Risk Register Tool) for the risk event being assessed.
    2. Record likelihood values (1-99%) and impact values ($) from participants.
      • Only record values from individuals that indicate they are fairly confident with their estimates.
      • Keep likelihood estimates to values that are multiples of five.
    3. Estimate and record the maximum impact that the risk event could inflict.
      • See Appendix III for information on how the possibility of high-impact scenarios may influence your decision making.
    4. Discuss the estimates provided. Eliminate outliers and retracted estimates.
      • If you are unable to achieve consensus, take the average of the values provided.
    5. If you are having difficulty arriving at a likelihood or impact value, select the median value of the level assigned to the risk during the risk severity level assessment.
      • E.g. Risk event assigned to likelihood level “Moderate” (20-39%). Select a likelihood value of 30%.

    Screenshot of the column headings on the risk severity level assessment with 'Optional Inherent Likelihood Parameters' and 'Optional Inherent Impact Parameters' highlighted.

    Who should participate?
    • Depending on the size of your IT risk council, you may want to consider conducting this exercise in a smaller group.
    • Ideally, you should try to find the right balance between ensuring that the necessary experience and knowledge is in the room while insulating the exercise from outlier opinions, noise, and distractions.

    Evaluate likelihood and impact

    Refine your risk assessment process by developing more accurate measurements of likelihood and impact.

    Intersubjective likelihood

    The goal of the expected cost assessment is to develop robust intersubjective estimates of likelihood and financial impact.

    By aggregating a number of expert opinions of what they deem to be the “correct” value, you will arrive at a collectively determined value that better reflects reality than an individual opinion.

    Example: The Delphi Method

    The Delphi Method is a common technique to produce a judgement that is representative of the collective opinion of a group.

    • Participants are sent a series of sequential questionnaires (typically by email).
    • The first questionnaire asks them what the likelihood, likely impact, and expected cost is for a specific risk event.
    • Data from the questionnaire is compiled and then communicated in a subsequent questionnaire, which encourages participants to restate or revise their estimates given the group’s judgements.
    • With each successive questionnaire, responses will typically converge around a single intersubjective value.
    Justifying Your Estimates:

    When asked to explain the numbers you arrived at during the risk assessment, pointing to an assessment methodology gives greater credibility to your estimates.

    • Assign one individual to take notes during the assessment exercise.
    • Have them document the main rationale behind each value and the level of consensus.

    Info-Tech Insight

    The underlying assumption behind intersubjective forecasting is that group judgements are more accurate than individual judgements. However, this may not be the case at all.

    Sometimes, a single expert opinion is more valuable than many uninformed opinions. Defining whose opinion is valuable and whose is not is an unpleasant exercise; therefore, selecting the right personnel to participate in the exercise is crucially important.

    Build an IT Risk Management Program

    Phase 3

    Monitor, Respond, and Report on IT Risk

    Phase 1

    • 1.1 Review IT Risk Management Fundamentals
    • 1.2 Establish a Risk Governance Framework

    Phase 2

    • 2.1 Identify IT Risks
    • 2.2 Assess and Prioritize IT Risks

    Phase 3

    • 3.1 Develop Risk Responses and Monitor IT Risks
    • 3.2 Report IT Risk Priorities

    This phase will walk you through the following activities:

    • Develop key risk indicators (KRIs) and escalation protocols
    • Establish the reporting schedule
    • Identify and assess risk responses
    • Analyze risk response cost-benefit
    • Create multi-year cost projections
    • Obtain executive approval for risk action plans
    • Socialize the Risk Report
    • Transfer ownership of risk responses to project managers
    • Finalize the Risk Management Program Manual

    This phase involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Risk business owner

    Step 3.1

    Monitor IT Risks and Develop Risk Responses

    Activities
    • 3.1.1 Develop key risk indicators (KRIs) and escalation protocols
    • 3.1.2 Establish the reporting schedule
    • 3.1.3 Identify and assess risk responses
    • 3.1.4 Risk response cost-benefit analysis
    • 3.1.5 Create multi-year cost projections

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team
    • Business risk owner

    Outcomes of this step

    • Completed risk event action plans
    • Risk responses identified and assessed for top risks
    • Risk response selected for top risks

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Use Info-Tech’s Risk Event Action Plan to manage high-priority risks

    Manage risks in between risk assessments and create a paper trail for key risks that exceed the unacceptable risk threshold. Use a new form for every high-priority risk that requires tracking.

    Risk Event Action Plan Sample of the Risk Event Action Plan deliverable.

    Obtaining sign-off from the senior leadership team or from the ERM office is an important step of the risk management process. The Risk Event Action Plan ensures that high-priority risks are closely monitored and that changes in risk severity are detected and reported.

    Clear documentation is a way to ensure that critical information is shared with management so that they can make informed risk decisions. These reports should be succinct yet comprehensive; depending on time and resources, it is good practice to fill out this form and obtain sign-off for the majority of IT risks.

    3.1.1 Develop key risk indicators (KRIs) and escalation protocols

    The risk owner should be held accountable for monitoring their assigned risks but may delegate responsibility for these tasks.

    Instructions:
    1. Design key risk indicators (KRIs) for risks that measure changes in their severity and document them in the Risk Event Action Plan.
      • See the following slide for examples.
    2. Clearly document the risk owner and the individual(s) carrying out risk monitoring activities (delegates) in the Risk Event Action Plan.

    Note: Examples of KRIs can be found on the following slide.

    What are KRIs?
    • KRIs should be observable metrics that alert the IT risk council and management when risk severity exceeds acceptable risk thresholds.
    • KRIs should serve as tripwires or early-warning indicators that trigger further actions to be taken on the risk.
    • Further actions may include:
      • Escalation to the risk owner (if delegated) or to a member of the senior leadership team.
      • Reporting to the IT risk council or IT steering committee.
      • Reassessment.
      • Updating the risk monitoring schedule.

    Document KRIs, escalation thresholds, and escalation protocols for each risk in a Risk Event Action Plan.

    Developing KRIs for success

    Visualization of KRI development, from the 'Risk Event' to the 'Intermediate Steps' with 'KRI Measurements' to the image of a growing seed.

    Examples of KRIs

    • Number of resources who quit or were fired who had access to critical data
    • Number of risk mitigation initiatives unfunded
    • Changes in time horizon of mitigation implementation
    • Number of employees who did not report phishing attempts
    • Amount of time required to get critical operations access to necessary data
    • Number of days it takes to implement a new regulation or compliance control

    3.1.2 Establish the reporting schedule

    For each risk event, document how frequently the risk owner must report to the IT risk council in the Risk Event Action Plan.

    • A clear reporting schedule enforces accountability for each risk event, ensuring that risk owners are fulfilling their monitoring responsibilities.
    • The ongoing discussion of risks between assessment cycles also increases overall awareness of how IT risks are not static but constantly evolving.
    Reporting Risk Event
    Weekly reports to ITRC Risk event severity represented as a thermometer with levels 'Extreme', 'High', 'Moderate', 'Low', and 'Negligible'.
    Bi-weekly reports to ITRC
    Monthly reports to ITRC
    Report to ITRC only if KRI thresholds triggered
    No reports; reassessed bi-annually

    Use Info-Tech’s tools to identify, analyze, and select risk responses

    1

    (Mandatory)
    Tool

    Screenshot of the Risk Register Tool.

    Risk Register Tool

    Information
    • Develop risk responses for all risk events pre-populated on the “2. Risk Register” sheet of the Risk Register Tool.
    • Document the root cause of the risk (Activity 3.1.3) and other contributing factors (Activity 3.1.4).
    • Identify risk responses (Activity 3.1.5).
    • Predict the effectiveness of the risk response, if implemented, by estimating the residual likelihood and impact of the risk (Activity 3.1.5).
    • The tool will calculate the residual severity of the risk after applying the risk response.

    2

    (Optional)
    Tool

    Screenshot of the Risk Costing Tool.

    Risk Costing Tool

    Information
    • Continue your second-level risk analysis for top risks for which you calculated expected cost in section 2.2.
    • Activity 3.1.5:
      • Identify between one and four risk response options for each risk.
      • Develop precise values for residual likelihood and impact.
      • Compare expected cost of the risk event to expected residual cost.
      • Select the risk response to recommend to senior leadership and document it in the Risk Register Tool.

    Determine the root cause of IT risks

    Root cause analysis

    Use the “Five Whys” methodology to identify the root cause and contributing/exacerbating factors for each risk event.

    Diagnosing the root cause of a risk as well as the environmental factors that increase its potential impact and likelihood of occurring allow you to identify more effective risk responses.

    Risk responses that only address the symptoms of the risk are less likely to succeed than responses that address the core issue.

    Concentric circles with 'Root Cause' at the center, 'Contributing Factors' around it, and 'Symptoms' on the outer circle.

    Example of 'The Five Whys Methodology', tracing symptoms to their root cause. In 'Symptoms' we see 'Risk Event: Network outage', Why? 'Network congestion', Why? Then on to 'Contributing Factors' the answer is 'Inadequate bandwidth for latency-sensitive applications', Why? 'Increased business use of latency-sensitive applications', Why? And finally to the 'Root Cause', 'Business units rely on 'real-time' data gathered from latency-sensitive applications', Why?

    Identify factors that contribute to the severity of the risk

    Environmental factors interact with the root cause to increase the likelihood or impact of the risk event.

    What factors matter?

    Identify relevant actors and assets that amplify or diminish the severity of the risk.

    Actors

    • Internal (business units)
    • External (vendor, regulator, market, competitor, hostile actor)

    Assets/Resources

    • Infrastructure
    • Applications
    • Processes
    • Information/data
    • Personnel
    • Reputation
    • Operations
    Develop risk responses that target contributing factors.
    Root cause:
    Business units rely on “real-time” data gathered from latency-sensitive applications

    Actors: Enterprise App users (Finance, Product Development, Product Management)

    Asset/resource: Applications, network

    Risk response:
    Decrease the use of latency-sensitive applications.

    X

    Decreasing the use of key apps contradicts business objectives.

    Contributing factors:
    Unreliable router software

    Actors: Network provider, router vendor, router software vendor, IT department

    Asset/resource: Network, router, router software

    Risk response:
    Replace the vendor that provides routers and router software.

    Replacing the vendor would reduce network outages at a relatively low cost.

    Symptoms:
    Network outage

    Actors: All business units, network provider

    Asset/resource: Network, business operations, employee productivity

    Risk response:
    Replace legacy systems.

    X

    Replacing legacy systems would be too costly.

    3.1.3 Identify and assess risk responses

    Instructions:
    Complete the following steps for each risk event.
    1. Identify a risk response action that will help reduce the likelihood of occurrence or the impact if the event were to occur.
      • Indicate the type of risk response (avoidance, mitigation, transfer, acceptance, or no risk exists).
    2. Assign each risk response action a residual likelihood level and a residual impact level.
      • This is the same step performed in Activity 2.2.6, when initial likelihood and impact levels were determined; however, now you are estimating the likelihood and impact of the risk event after the risk response action has been implemented successfully.
      • The Risk Register Tool will generate a residual risk severity level for each risk event.
    3. Identify the potential Risk Action Owner (Project Manager) if the response is selected and turned into an IT project, and document this in the Risk Register Tool.
    Document the following in the Risk Event Action Plan for each risk event:
      • Risk response actions
      • Residual likelihood and impact levels
      • Residual risk severity level
    • Review the following slides about the four types of risk response to help complete the activity.
      1. Avoidance
      2. Mitigation
      3. Transfer
      4. Acceptance

    Record the results in the Risk Event Action Plan.

    Take actions to avoid the risk entirely

    Risk Avoidance

    • Risk avoidance involves taking evasive maneuvers to avoid the risk event.
    • Risk avoidance targets risk likelihood, decreasing the likelihood of the risk event occurring.
    • Since risk avoidance measures are fairly drastic, the likelihood is often reduced to negligible levels.
    • However, risk avoidance response actions often sacrifice potential benefits to eliminate the possibility of the risk entirely.
    • Typically, risk avoidance measures should only be taken for risk events with extremely high severity and when the severity (expected cost) of the risk event exceeds the cost (benefits sacrificed) of avoiding the risk.

    Example

    Risk event: Information security vulnerability from third-party cloud services provider.

    • Risk avoidance action: Store all data in-house.
    • Benefits sacrificed: Cost savings, storage flexibility, etc.
    Stock photo of a person hikiing along a damp, foggy, valley path.

    Pursue projects that reduce the likelihood or impact of the risk event

    Risk Mitigation

    • Risk mitigation actions are risk responses that reduce the likelihood and impact of the risk event.
    • Risk mitigation actions can be to either implement new controls or enhance existing ones.
    Example 1

    Most risk responses will reduce both the likelihood of the risk event occurring and its potential impact.

    Example

    Mitigation: Purchase and implement enterprise mobility management (EMM) software with remote wipe capability.

    • EMM reduces the likelihood that sensitive data is accessed by a nefarious actor.
    • The remote-wipe capability reduces the impact by closing the window that sensitive data can be accessed from.
    Example 2

    However, some risk responses will have a greater effect on decreasing the likelihood of a risk event with little effect on decreasing impact.

    Example

    Mitigation: Create policies that restrict which personnel can access sensitive data on mobile devices.

    • This mitigation decreases the number of corporate phones that have access to (or are storing) sensitive data, thereby decreasing the likelihood that a device is compromised.
    Example 3

    Others will reduce the potential impact without decreasing its likelihood of occurring.

    Example

    Mitigation: Use robust encryption for all sensitive data.

    • Corporate-issued mobile phones are just as likely to fall into the hands of nefarious actors, but the financial impact they can inflict on the organization is greatly reduced.

    Pursue projects that reduce the likelihood or impact of the risk event (continued)

    Use the following IT functions to guide your selection of risk mitigation actions:

    Process Improvement

    Key processes that would most directly improve the risk profile:

    • Change Management
    • Project Management
    • Vendor Management
    Infrastructure Management
    • Disaster Recovery Plan/Business Continuity Plan
    • Redundancy and Resilience
    • Preventative Maintenance
    • Physical Environment Security
    Personnel
    • Greater staff depth in key areas
    • Increased discipline around documentation
    • Knowledge Management
    • Training
    Rationalization and Simplification

    This is a foundational activity, as complexity is a major source of risk:

    • Application Rationalization – reducing the number of applications
    • Data Management – reducing the volume and locations of data

    Transfer risks to a third party

    Risk transfer: the exchange of uncertain future costs for fixed present costs.

    Insurance

    The most common form of risk transfer is the purchase of insurance.

    • The uncertain future cost of an IT risk event can be transferred to an insurance company who assumes the risk in exchange for insurance premiums.
    • The most common form of IT-relevant insurance is cyberinsurance.

    Not all risks can be insured. Insurable risks typically possess the following five characteristics:

    1. The loss must be accidental (the risk event cannot be insured if it could have been avoided by taking reasonable actions).
    2. The insured cannot profit from the occurrence of the risk event.
    3. The loss must be able to be measured in monetary terms.
    4. The organization must have an insurable interest (it must be the party that incurs the loss).
    5. An insurance company must offer insurance against that risk.
    Other Forms of Risk Transfer

    Other forms of risk transfer include:

    • Self-insurance
      • Appropriate funds can be set aside in advance to address the financial impact of a risk event should it occur.
    • Warranties
    • Contractual transfer
      • The financial impact of a risk event can be transferred to a third party through clauses agreed to in a contract.
      • For example, a vendor can be contractually obligated to assume all costs resulting from failing to secure the organization’s data.
    • Example email addressing fields of an IT Risk Transfer to an insurance company.

    Accept risks that fall below established thresholds

    Risk Acceptance

    Accepting a risk means tolerating the expected cost of a risk event. It is a conscious and deliberate decision to retain the threat.

    You may choose to accept a risk event for one of the following three reasons:

    1. The risk severity (expected cost) of the risk event falls below acceptability thresholds and does not justify an investment in a risk avoidance, mitigation, or transfer measure.
    2. The risk severity (expected cost) exceeds acceptability thresholds but all effective risk avoidance, mitigation, and transfer measures are ineffective or prohibitively expensive.
    3. The risk severity (expected cost) exceeds acceptability thresholds but there are no feasible risk avoidance, mitigation, and transfer measures to be implemented.

    Info-Tech Insight

    Constant monitoring and the assignment of responsibility and accountability for accepted risk events is crucial for effective management of these risks. No IT risk should be accepted without detailed documentation outlining the reasoning behind that decision and evidence of approval by senior management.

    3.1.4 Risk response cost-benefit analysis (optional)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    This helps IT make risk-conscious investment decisions that fall within the IT budget and helps the organization make sound budgetary decisions for risk response projects that cannot be addressed by IT’s existing budget.

    Instructions:
    1. Reopen the Risk Costing Tool. For each risk that you conducted an expected cost assessment in section 2.2 for, find the Excel sheet that corresponds to the risk number (e.g. R001).
    2. Identify between one and four risk response options for the risk event and document them in the Risk Costing Tool.
      • The “Risk Response 1” field will be automatically populated with expected cost data for a scenario where no action was taken (risk acceptance). This will serve as a baseline for comparing alternative responses.
      • For the following steps, go through the risk responses one by one.
    3. Estimate the first-year cost for the risk response.
      • This cost should reflect initial capital expenditures and first-year operating expenditures.
    Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with 'Capital Expenditures' and 'Operating Expenditures' highlighted.

    Record the results in the Risk Costing Tool.

    3.1.4 Risk response cost-benefit analysis (continued)

    The purpose of a cost-benefit analysis (CBA) is to guide financial decision making.

    Instructions:

    1. Estimate residual risk likelihood and financial impact for Year 1 with the risk response in place.
      • Rather than estimating the likelihood level (low, medium, high), determine a precise likelihood value of the risk event occurring once the response has been implemented.
      • Estimate the dollar value of financial impacts if the risk event were to occur with the risk response in place.
      • Screenshot of the Risk Response cost-benefit-analysis from the Risk Costing Tool with figured for 'Financial Impact' and 'Probability' highlighted. The tool will calculate the expected residual cost of the risk event: (Financial Impact x Likelihood) - Costs = Expected Residual Cost
    2. Select the highest value risk response and document it in the Risk Register Tool.
    3. Document your analysis and recommendations in the Risk Event Action Plan.

    Note: See Activity 3.1.5 to build multi-year cost projections for risk responses.

    3.1.5 Create multi-year cost projections (optional)

    Select between risk response options by projecting their costs and benefits over multiple years.

    • It can be difficult to choose between risk response options that require different payment schedules. A risk response project with costs spread out over more than one year (e.g. incremental upgrades to an IT system) may be more advantageous than a project with costs concentrated up front that may cost less in the long run (e.g. replacing the system).
    • However, the impact that risk response projects have on reducing risk severity is not necessarily static. For example, an expensive project like replacing a system may drastically reduce the risk severity of a system failure. Whereas, incremental system upgrades may only marginally reduce risk severity in the short term but reach similar levels as a full system replacement in a few years.
    Instructions:

    Calculate expected cost for multiple years using the Risk Costing Tool for:

    • Risk events that are subject to change in severity over time.
    • Risk responses that reduce the severity of the risk gradually.
    • Risk responses that cannot be implemented immediately.

    Copy and paste the graphs into the Risk Report and the Risk Event Action Plan for the risk event.

    Sample charts on the cost of risk responses from the Risk Costing Tool.

    Record the results in the Risk Costing Tool.

    Step 3.2

    Report IT Risk Priorities

    Activities
    • 3.2.1 Obtain executive approval for risk action plans
    • 3.2.2 Socialize the Risk Report
    • 3.2.3 Transfer ownership of risk responses to project managers
    • 3.2.4 Finalize the Risk Management Program Manual

    This step involves the following participants:

    • IT risk council
    • Relevant business stakeholders
    • Representation from senior management team

    Outcomes of this step

    • Obtained approval for risk action plans
    • Communicated IT’s risk recommendations to senior leadership
    • Embedded risk management into day-to-day IT operations

    Monitor, Respond, and Report on IT Risk

    Step 3.1 Step 3.2

    Effectively deliver IT risk expertise to the business

    Communicate IT risk management in two directions:

    1. Up to senior leadership (and ERM if applicable)
    2. Down to IT employees (embedding risk awareness)
    3. Visualization of communicating Up to 'Senior Leadership' and Down to 'IT Personnel'.

    Create a strong paper trail and obtain sign-off for the ITRC’s recommendations.

    Now that you have collected all of the necessary raw data, you must communicate your insights and recommendations effectively.

    A fundamental task of risk management is communicating risk information to senior management. It is your responsibility to enable them to make informed risk decisions. This can be considered upward communication.

    The two primary goals of upward communication are:

    1. Transferring accountability for high-priority IT risks to the ERM or to senior leadership.
    2. Obtaining funds for risk response projects recommended by the ITRC.

    Good risk management also has a trickle-down effect impacting all of IT. This can be considered downward communication.

    The two primary goals of downward communication are:

    1. Fostering a risk-aware IT culture.
    2. Ensuring that the IT risk management program maintains momentum and runs effectively.

    3.2.1 Obtain executive approval for risk action plans

    Best Practices and Key Benefits

    Best practice is for all acceptable risks to also be signed-off by senior leadership. However, for ITRCs that brainstorm 100+ risks, this may not be possible. If this is the case, prioritize accepted risks that were assessed to be closest to the organization’s thresholds.

    By receiving a stamp of approval for each key risk from senior management, you ensure that:

    1. The organization is aware of important IT risks that may impact business objectives.
    2. The organization supports the risk assessment conducted by the ITRC.
    3. The organization supports the plan of action and monitoring responsibilities proposed by the ITRC.
    4. If a risk event were to occur, the organization holds ultimate accountability.
    Sample of the Risk Event Action Plan template.

    Task:
    All IT risks that were flagged for exceeding the organization’s severity thresholds must obtain sign-off by the CIO or another member of the senior leadership team.

    • In the assessment phase, you evaluated risks using severity thresholds approved by the business and determined whether or not they justified a risk response.
    • Whether your recommendation was to accept the risk or to analyze possible risk responses, the business should be made aware of most IT risks.

    3.2.2 Socialize the risk report

    Create a succinct, impactful document that summarizes the outcomes of risk assessment and highlights the IT risk council’s top recommendations to the senior leadership team.

    The Risk Report contains:
    • An executive summary page highlighting the main takeaways for senior management:
      • A short summary of results from the most recent risk assessment
      • Dashboard
      • A list of top 10 risks ordered from most severe to least
    • Subsequent individual risk analyses (1 to 10)
      • Detailed risk assessment data
      • Risk responses
      • Risk response analysis
      • Multi-year cost projection (see the following slide)
      • Dashboard
      • Recommendations
    Sample of the Risk Report template.

    Risk Report

    Pursue projects that reduce the likelihood or impact of the risk event

    Encourage risk awareness to extend the benefits of risk management to every aspect of IT.

    Benefits of risk awareness:

    • More preventative and proactive approaches to IT projects are discussed and considered.
    • Changes to the IT threat landscape are more likely to be detected, communicated, and acted upon.
    • IT possesses a realistic perception of its ability to perform functions and provide services.
    • Contingency plans are put in place to hedge against risk events.
    • Fewer IT risks go unidentified.
    • CIOs and business executives make better risk decisions.

    Consequences of low risk awareness:

    • False confidence about the number of IT risks impacting the organization and their severity.
    • Risk-relevant information is not communicated to the ITRC, which may result in inaccurate risk assessments.
    • Confusion surrounding whose responsibility it is to consider how risk impacts IT decision making.
    • Uncertainty and panic when unanticipated risks impact the IT department and the organization.

    Embedding risk management in the IT department is a full-time job

    Take concrete steps to increase risk-aware decision making in IT.

    The IT risk council plays an instrumental role in fostering a culture of risk awareness throughout the IT department. In addition to periodic risk assessments, fulfilling reporting requirements, and undertaking ongoing monitoring responsibilities, members of the ITRC can take a number of actions to encourage other IT employees to adopt a risk-focused approach, particularly at the project planning stage.

    Embed risk management in project planning

    Make time for discussing project risks at every project kick-off.
    • A main benefit of including senior personnel from across IT in the ITRC is that they are able to disseminate the IT risk council’s findings to their respective practices.
    • At project kick-off meetings, schedule time to identify and assess project-specific risks.
    • Encourage the project team to identify strategies to reduce the likelihood and impact of those risks and document these in the project charter.
    • Lead by example by being clear and open about what constitutes acceptable and unacceptable risks.

    Embed risk management with employee

    Train IT staff on the ITRC’s planned responses to specific risk events.
    • If a response to a particular risk event is not to implement a project but rather to institute new policies or procedures, ensure that changes are communicated to employees and that they receive training.
    Provide risk management education opportunities.
    • Remember that a more risk-aware IT employee provides more value to the organization.
    • Invest in your employees by encouraging them to pursue education opportunities like receiving risk management accreditation or providing them with educational experiences such as workshops, seminars, and eLearning.

    Embedding risk management in the IT department is a full-time job (continued)

    Encourage risk awareness by adjusting performance metrics and job titles.

    Performance metrics:

    Depending on the size of your IT department and the amount of resources dedicated to ongoing risk management, you may consider embedding risk management responsibilities into the performance assessments of certain ITRC members or other IT personnel.

    • Personalize the risk management program metrics you have documented in your Risk Management Program Manual.
    • Evidence that KPIs are monitored and frequently reported is also a good indicator that risk owners are fulfilling their risk management responsibilities.
    • Info-Tech Insight

      If risk management responsibilities are not built into performance assessments, it is less likely that they will invest time and energy into these tasks. Adding risk management metrics to performance assessments directly links good job performance with good risk management, making it more likely that ITRC activities and initiatives gain traction throughout the IT department.

    Job descriptions:

    Changing job titles to reflect the focus of an individual’s role on managing IT risk may be a good way to distinguish personnel tasked with developing KRIs and monitoring risks on a week-to-week basis.

    • Some examples include IT Risk Officer, IT Risk Manager, and IT Risk Analyst.

    3.2.3 Transfer ownership of risk responses to project managers

    Once risk responses have obtained approval and funding, it is time to transform them into fully-fledged projects.

    Image of a hand giving a key to another hand and a circle split into quadrants of Governance with 'Governance of Risks' being put into 'Governance of Projects'.

    3.2.4 Finalize the Risk Management Program Manual

    Go back through the Risk Management Program Manual and ensure that the material will accurately reflect your approach to risk management going forward.

    Remember, the program manual is a living document that should be evolving alongside your risk management program, reflecting best practices, knowledge, and experiences accrued from your own assessments and experienced risk events.

    The best way to ensure that the program manual continues to guide and document your risk management program is to make it the focal point of every ITRC meeting and ensure that one participant is tasked with making necessary adjustments and additions.

    Sample of the Risk Management Program Manual. Risk Management Program Manual

    “Upon completing the Info-Tech workshop, the deliverables that we were left with were really outstanding. We put together a 3-year project plan from a high level, outlining projects that will touch upon our high risk areas.” (Director of Security & Risk, Water Management Company)

    Don’t allow your risk management program to flatline

    54% of small businesses haven’t implemented controls to respond to the threat of cyber attacks (Source: Insurance Bureau of Canada, 2021)

    Don’t be lulled into a false sense of security. It might be your greatest risk.

    So you’ve identified the most important IT risks and implemented projects to protect IT and the business.

    Unfortunately, your risk assessment is already outdated.

    Perform regular health checks to keep your finger on the pulse of the key risks threatening the business and your reputation.

    To continue the momentum of your newly forged IT risk management program, read Info-Tech’s research on conducting periodic risk assessments and “health checks”:

    Revive Your Risk Management Program With a Regular Health Check

    • Complete Info-Tech’s Risk Management Health Check to seize the momentum you created by building a robust IT risk management program and create a process for conducting periodic health checks and embedding ongoing risk management into every aspect of IT.
    • Our focus is on using data to make IT risk assessment less like an art and more like a science. Ongoing data-driven risk management is self-improving and grounded in historical data.

    Appendix I: Familiarize yourself with key risk terminology

    Review important risk management terms and definitions.

    Risk

    An uncertain event or set of events which, should it occur, will have an effect on the achievement of objectives. A risk consists of a combination of the likelihood of a perceived threat or opportunity occurring and the magnitude of its impact on objectives (Office of Government Commerce, 2007).

    Threat

    An event that can create a negative outcome (e.g. hostile cyber/physical attacks, human errors).

    Vulnerability

    A weakness that can be taken advantage of in a system (e.g. weakness in hardware, software, business processes).

    Risk Management

    The systematic application of principles, approaches, and processes to the tasks of identifying and assessing risks, and then planning and implementing risk responses. This provides a disciplined environment for proactive decision making (Office of Government Commerce, 2007).

    Risk Category

    Distinct from a risk event, a category is an abstract profile of risk. It represents a common group of risks. For example, you can group certain types of risks under the risk category of IT Operations Risks.

    Risk Event

    A specific occurrence of an event that falls under a particular risk category. For example, a phishing attack is a risk event that falls under the risk category of IT Security Risks.

    Risk Appetite

    An organization’s attitude towards risk taking, which determines the amount of risk that it considers acceptable. Risk appetite also refers to an organization’s willingness to take on certain levels of exposure to risk, which is influenced by the organization’s capacity to financially bear risk.

    Enterprise Risk Management

    (ERM) – A strategic business discipline that supports the achievement of an organization’s objectives by addressing the full spectrum of organizational risks and managing the combined impact of those risks as an interrelated risk portfolio (RIMS, 2015).

    Appendix II: Likelihood vs. Frequency

    Why we measure likelihood, not frequency:

    The basic formula of Likelihood x Impact = Severity is a common methodology used across risk management frameworks. However, some frameworks measure likelihood using Frequency rather than Likelihood.

    Frequency is typically measured as the number of instances an event occurs over a given period of time (e.g. once per month).

    • For risk assessment, historical data regarding the frequency of a risk event is commonly used to indicate the likelihood that the event will happen in the future.

    Likelihood is a numerical representation of the “degree of belief” that the risk event will occur in a given future timeframe (e.g. 25% likelihood that the event will occur within the next year).

    False Objectivity

    While some may argue that frequency provides an objective measurement of likelihood, it is well understood in the field of likelihood theory that historical data regarding the frequency of a risk event may have little bearing over the likelihood of that event happening in the future. Frequency is often an indication of future likelihood but should not be considered an objective measurement of it.

    Likelihood scales that use frequency underestimate the magnitude of risks that lack historical precedent. For example, an IT department that has never experienced a high-impact data breach would adopt a very low likelihood score using the frequentist approach. However, if all of the organization’s major competitors have suffered a major breach within the last two years, they ought to possess a much higher degree of belief that the risk event will occur within the next year.

    Likelihood is a more comprehensive measurement of future likelihood, as frequency can be used to inform the selection of a likelihood value. The process of selecting intersubjective likelihood values will naturally internalize historical data such as the frequency that the event occurred in the past. Further, the frequency that the event is expected to occur in the future can be captured by the expected impact value. For example, a risk event that has an expected impact per occurrence of $10,000 that is expected to occur three times over the next year has an expected impact of $30,000.

    Appendix III: Should max impacts sway decision making?

    Don’t just fixate on the most likely impact – be aware of high-impact outcomes.

    During assessment, risks are evaluated according to their most likely financial impact.

    • For example, a service outage will likely last for two hours and may have an expected cost of $14,000.

    Naturally, focusing on the most likely financial impact will exclude higher impacts that – while theoretically possible – are so unlikely that they do not warrant any real consideration.

    • For example, it is possible that a service outage could last for days; however, the likelihood for such an event may be well below 1%.

    While the risk severity level assessment allows you to present impacts as a range of values (e.g. $50,000 to $75,000), the expected cost assessment requires you to select specific values.

    • However, this analysis may fail to consider much higher potential impacts that have non-negligible likelihood values (likelihood values that you cannot ignore).
    • What you consider “non-negligible” will depend on your organizational risk tolerance/appetite.

    Sometimes called Black Swan events or Fat-Tailed outcomes, high-impact events may occur when the far right of the likelihood distribution – or the “tail” – is thicker than a normal distribution (see fig. 2).

    • A good example is a data breach. While small to medium impacts are far more likely to occur than a devastating intrusion, the high-impact scenario cannot be ignored completely.

    For risk events that contain non-negligible likelihoods (too high to be ignored) consider elevating the risk severity level or expected cost.

    Figure 1 is a graph presenting a 'Normal Likelihood Distribution', the axes being 'Likelihood' and 'Financial Impact'.
    Figure 2 is a graph presenting a 'Fat-Tailed Likelihood Distribution' with a point at the top of the parabola labelled 'Most Likely Impact' but with a much wider bottom labelled 'Fat-Tailed Outcomes', the axes being 'Likelihood' and 'Financial Impact'.

    Leverage Info-Tech’s research on security and compliance risk to identify additional risk events

    Title card of the Info-tech blueprint 'Take Control of Compliance Improvement to Conquer Every Audit' with subtitle 'Don't gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.


    Take Control of Compliance Improvement to Conquer Every Audit

    Info-Tech Insight

    Don’t gamble recklessly with external compliance. Play a winning system and take calculated risks to stack the odds in your favor.

    Take an agile approach to analyze your gaps and prioritize your remediations. You don’t always have to be fully compliant as long as your organization understands and can live with the consequences.

    Stock photo of a woman sitting at a computer surrounded by rows of computers.


    Develop and Implement a Security Risk Management Program

    Info-Tech Insight

    Security risk management equals cost effectiveness.

    Time spent upfront identifying and prioritizing risks can mean the difference between spending too much and staying on budget.

    Research Contributors and Experts

    Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Christine Coz
    Executive Counsellor
    Info-Tech Research Group

    Milena Litoiu
    Principal Research Director
    Info-Tech Research Group

    Scott Magerfleisch
    Executive Advisor
    Info-Tech Research Group

    Aadil Nanji
    Research Director
    Info-Tech Research Group

    Andy Neill
    Associate Vice-President of Research
    Info-Tech Research Group

    Daisha Pennie
    IT Risk Management
    Oklahoma State University

    Ken Piddington
    CIO and Executive Advisor
    MRE Consulting

    Frank Sewell
    Research Director
    Info-Tech Research Group

    Andrew Sharpe
    Research Director
    Info-Tech Research Group

    Chris Warner
    Consulting Director- Security
    Info-Tech Research Group

    Sterling Bjorndahl
    Director of IT Operations
    eHealth Saskatchewan

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst
    Info-Tech Research Group

    Tamara Dwarika
    Internal Auditor
    A leading North American Utility

    Anne Leroux
    Director
    ES Computer Training

    Ian Mulholland
    Research Director
    Info-Tech Research Group

    Michel Fossé
    Consulting Services Manager
    IBM Canada (LGS)

    Petar Hristov
    Research Director
    Info-Tech Research Group

    Steve Woodward
    Research Director
    CEO, Cloud Perspectives

    *Plus 10 additional interviewees who wish to remain anonymous.

    Bibliography

    “2021 State of the CIO.” IDG, 28 January 2021. Web.

    “4 Reasons Why CIOs Lose Their Jobs.” Silverton Consulting, 2012. Web.

    Beasley, Mark, Bruce Branson, and Bonnie Hancock. “The State of Risk Oversight,” AICPA, April 2021. Web.

    COBIT 2019. ISACA, 2019. Web.

    “Cognyte jeopardized its database exposing 5 billion records, including earlier data breaches.” SecureBlink, 21 June 2021. Web.

    Culp, Steve. “Accenture 2019 Global Risk Management Study, Financial Services Report.” Accenture, 2019. Web.

    Curtis, Patchin, and Mark Carey. “Risk Assessment in Practice.” COSO Committee of Sponsoring Organizations of the Treadway Commission, Deloitte & Touche LLP, 2012. Web.

    “Cyber Risk Management.” Insurance Bureau of Canada (IBC), 2022. Web.

    Eccles, Robert G., Scott C. Newquist, and Roland Schatz. “Reputation and Its Risks.” Harvard Business Review, February 2007. Web.

    Eden, C. and F. Ackermann. Making Strategy: The Journey of Strategic Management. Sage Publications, 1998.

    “Enterprise Risk Management Maturity Model.” OECD, 9 February 2021. Web.

    Ganguly, Saptarshi, Holger Harreis, Ben Margolis, and Kayvaun Rowshankish. “Digital Risks: Transforming risk management for the 2020s.” McKinsey & Company, 10 February 2017. Web.

    “Governance Institute of Australia Risk Management Survey 2020.” Governance Institute of Australia, 2020. Web.

    “Guidance on Enterprise Risk Management.” COSO, 2022. Web.

    Henriquez, Maria. “The Top 10 Data Breaches of 2021” Security Magazine, 9 December 2021. Web.

    Holmes, Aaron. “533 million Facebook users’ phone numbers and personal data have been leaked online.” Business Insider, 3 April 2021. Web.

    Bibliography

    “Integrated Risk and Compliance Management for Banks and Financial Services Organizations: Benefits of a Holistic Approach.” MetricStream, 2022. Web.

    “ISACA’s Risk IT Framework Offers a Structured Methodology for Enterprises to Manage Information and Technology Risk.” ISACA, 25 June 2020. Web.

    ISO 31000 Risk Management. ISO, 2018. Web.

    Lawton, George. “10 Enterprise Risk Management Trends in 2022.” TechTarget, 2 February 2022. Web.

    Levenson, Michael. “MGM Resorts Says Data Breach Exposed Some Guests’ Personal Information.” The New York Times, 19 February 2020. Web.

    Management of Risk (M_o_R): Guidance for Practitioners. Office of Government Commerce, 2007. Web.

    “Many small businesses vulnerable to cyber attacks.” Insurance Bureau of Canada (IBC), 5 October 2021.

    Maxwell, Phil. “Why risk-informed decision-making matters.” EY, 3 December 2019. Web.

    “Measuring and Mitigating Reputational Risk.” Marsh, September 2014. Web.

    Natarajan, Aarthi. “The Top 6 Business Risks you should Prepare for in 2022.” Diligent, 22 December 2021. Web.

    “Operational Risk Management Excellence – Get to Strong Survey: Executive Report.” KMPG and RMA, 2014. Web.

    “Third-party risk is becoming a first priority challenge.” Deloitte, 2022. Web.

    Thomas, Adam, and Dan Kinsella. “Extended Enterprise Risk Management Survey, 2020.” Deloitte, 2021. Web.

    Treasury Board Secretariat. “Guide to Integrated Risk Management.” Government of Canada, 12 May 2016. Web.

    Webb, Rebecca. “6 Reasons Data is Key for Risk Management.” ClearRisk, 13 January 2021. Web.

    “What is Enterprise Risk Management (ERM)?” RIMS, 2015. Web.

    Wiggins, Perry. “Do you spend enough time assessing strategic risks?” CFO, 26 January 2022. Web.

    Prepare for Post-Quantum Cryptography

    • Buy Link or Shortcode: {j2store}268|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Fault-tolerant quantum computers, capable of breaking existing encryption algorithms and cryptographic systems, are widely expected to be available sooner than originally projected.
    • Data considered secure today may already be at risk due to the threat of harvest-now-decrypt-later schemes.
    • Many current security controls will be completely useless, including today's strongest encryption techniques.

    Our Advice

    Critical Insight

    The advent of quantum computing is closer than you think: some nations have already demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer provide sufficient protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Impact and Result

    • Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications.
    • Organizations need to act now to begin their transformation to quantum-resistant encryption.
    • Data security (especially for sensitive data) should be an organization’s top priority. Organizations with particularly critical information need to be on top of this quantum movement.

    Prepare for Post-Quantum Cryptography Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for Post-Quantum Cryptography Storyboard – Research to help organizations to prepare and implement quantum-resistance cryptography solutions.

    Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications. Organizations need to act now to begin their transformation to quantum-resistant encryption.

    • Prepare for Post-Quantum Cryptography Storyboard
    [infographic]

    Further reading

    Prepare for Post-Quantum Cryptography

    It is closer than you think, and you need to act now.

    Analyst Perspective

    It is closer than you think, and you need to act now.

    The quantum realm presents itself as a peculiar and captivating domain, shedding light on enigmas within our world while pushing the boundaries of computational capabilities. The widespread availability of quantum computers is expected to occur sooner than anticipated. This emerging technology holds the potential to tackle valuable problems that even the most powerful classical supercomputers will never be able to solve. Quantum computers possess the ability to operate millions of times faster than their current counterparts.

    As we venture further into the era of quantum mechanics, organizations relying on encryption must contemplate a future where these methods no longer suffice as effective safeguards. The astounding speed and power of quantum machines have the potential to render many existing security measures utterly ineffective, including the most robust encryption techniques used today. To illustrate, a task that currently takes ten years to crack through a brute force attack could be accomplished by a quantum computer in under five minutes.

    Amid this transition into a quantum future, the utmost priority for organizations remains data security, particularly safeguarding sensitive information. Organizations must proactively prepare for the development of countermeasures and essential resilience measures to attain a state of being "quantum safe."

    This is a picture of Alan Tang

    Alan Tang
    Principal Research Director, Security and Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Anticipated advancements in fault-tolerant quantum computers, surpassing existing encryption algorithms and cryptographic systems, are expected to materialize sooner than previously projected. The timeframe for their availability is diminishing daily.
    • Data that is presently deemed secure faces potential vulnerability due to the emergence of harvest-now-decrypt-later strategies.
    • Numerous contemporary security controls, including the most robust encryption techniques, have become obsolete and offer little efficacy.

    Common Obstacles

    • The complexity involved makes it challenging for organizations to incorporate quantum-resistant cryptography into their current IT infrastructure.
    • The endeavor of transitioning to quantum-resilient cryptography demands significant effort and time, with the specific requirements varying for each organization.
    • A lack of comprehensive understanding regarding the cryptographic technologies employed in existing IT systems poses difficulties in identifying and prioritizing systems for upgrading to post-quantum cryptography.

    Info-Tech's Approach

    • The development of quantum-resistant cryptography capabilities is essential for safeguarding the security and integrity of critical applications.
    • Organizations must proactively initiate their transition toward quantum-resistant encryption to ensure data protection.
    • Ensuring the security of corporate data assets should be of utmost importance for organizations, with special emphasis on those possessing highly critical information in light of the advancements in quantum technology.

    Info-Tech Insight

    The advent of quantum computing (QC) is closer than you think: some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Evolvement of QC theory and technologies

    1900-1975

    1976-1997

    1998-2018

    2019-Now

    1. 1900: Max Planck – The energy of a particle is proportional to its frequency: E = hv, where h is a relational constant.
    2. 1926: Erwin Schrödinger – Since electrons can affect each other's states, their energies change in both time and space. The total energy of a particle is expressed as a probability function.
    1. 1976: Physicist Roman Stanisław Ingarden publishes the paper "Quantum Information Theory."
    2. 1980: Paul Benioff describes the first quantum mechanical model of a computer.
    3. 1994: Peter Shor publishes Shor's algorithm.
    1. 1998: A working 2-qubit NMR quantum computer is used to solve Deutsch's problem by Jonathan A. Jones and Michele Mosca at Oxford University.
    2. 2003: DARPA Quantum Network becomes fully operational.
    3. 2011: D-Wave claims to have developed the first commercially available quantum computer, D-Wave One.
    4. 2018: the National Quantum Initiative Act was signed into law by President Donald Trump.
    1. 2019: A paper by Google's quantum computer research team was briefly available, claiming the project has reached quantum supremacy.
    2. 2020: Chinese researchers claim to have achieved quantum supremacy, using a photonic peak 76-qubit system known as Jiuzhang.
    3. 2021: Chinese researchers reported that they have built the world's largest integrated quantum communication network.
    4. 2022: The Quantinuum System Model H1-2 doubled its performance claiming to be the first commercial quantum computer to pass quantum volume 4096.

    Info-Tech Insight

    The advent of QC will significantly change our perception of computing and have a crucial impact on the way we protect our digital economy using encryption. The technology's applicability is no longer a theory but a reality to be understood, strategized about, and planned for.

    Fundamental physical principles and business use cases

    Unlike conventional computers that rely on bits, quantum computers use quantum bits or qubits. QC technology surpasses the limitations of current processing powers. By leveraging the properties of superposition, interference, and entanglement, quantum computers have the capacity to simultaneously process millions of operations, thereby surpassing the capabilities of today's most advanced supercomputers.

    A 2021 Hyperion Research survey of over 400 key decision makers in North America, Europe, South Korea, and Japan showed nearly 70% of companies have some form of in-house QC program.

    Three fundamental QC physical principles

    1. Superposition
    2. Interference
    3. Entanglement

    This is an image of two headings, Optimization; and Simulation. there are five points under each heading, with an arrow above pointing left to right, labeled Qbit Count.

    Info-Tech Insight

    Organizations need to reap the substantial benefits of QC's power, while simultaneously shielding against the same technologies when used by cyber adversaries.

    Percentage of Surveyed Companies That Have QC Programs

    • 31% Have some form of in-house QC program
    • 69% Have no QC program

    Early adopters and business value

    QC early adopters see the promise of QC for a wide range of computational workloads, including machine learning applications, finance-oriented optimization, and logistics/supply chain management.

    This is an image of the Early Adopters, and the business value drivers.

    Info-Tech Insight

    Experienced attackers are likely to be the early adopters of quantum-enabled cryptographic solutions, harnessing the power of QC to exploit vulnerabilities in today's encryption methods. The risks are particularly high for industries that rely on critical infrastructure.

    The need of quantum-safe solution is immediate

    Critical components of classical cryptography will be at risk, potentially leading to the exposure of confidential and sensitive information to the general public. Business, technology, and security leaders are confronted with an immediate imperative to formulate a quantum-safe strategy and establish a roadmap without delay.

    Case Study – Google, 2019

    In 2019, Google claimed that "Our Sycamore processor takes about 200 seconds to sample one instance of a quantum circuit a million times—our benchmarks currently indicate that the equivalent task for a state-of-the-art classical supercomputer would take approximately 10,000 years."
    Source: Nature, 2019

    Why You Should Start Preparation Now

    • The complexity with integrating QC technology into existing IT infrastructure.
    • The effort to upgrade to quantum-resilient cryptography will be significant.
    • The amount of time remaining will decrease every day.

    Case Study – Development in China, 2020

    On December 3, 2020, a team of Chinese researchers claim to have achieved quantum supremacy, using a photonic peak 76-qubit system (43 average) known as Jiuzhang, which performed calculations at 100 trillion times the speed of classical supercomputers.
    Source: science.org, 2020

    Info-Tech Insight

    The emergence of QC brings forth cybersecurity threats. It is an opportunity to regroup, reassess, and revamp our approaches to cybersecurity.

    Security threats posed by QC

    Quantum computers have reached a level of advancement where even highly intricate calculations, such as factoring large numbers into their primes, which serve as the foundation for RSA encryption and other algorithms, can be solved within minutes.

    Threat to data confidentiality

    QC could lead to unauthorized decryption of confidential data in the future. Data confidentiality breaches also impact improperly disposed encrypted storage media.

    Threat to authentication protocols and digital governance

    A recovered private key, which is derived from a public key, can be used through remote control to fraudulently authenticate a critical system.

    Threat to data integrity

    Cybercriminals can use QC technology to recover private keys and manipulate digital documents and their digital signatures.

    Example:

    Consider RSA-2048, a widely used public-key cryptosystem that facilitates secure data transmission. In a 2021 survey, a majority of leading authorities believed that RSA-2048 could be cracked by quantum computers within a mere 24 hours.
    Source: Quantum-Readiness Working Group, 2022

    Info-Tech Insight

    The development of quantum-safe cryptography capabilities is of utmost importance in ensuring the security and integrity of critical applications' data.

    US Quantum Computing Cybersecurity Preparedness Act

    The US Congress considers cryptography essential for the national security of the US and the functioning of the US economy. The Quantum Computing Cybersecurity Preparedness Act was introduced on April 18, 2022, and became a public law (No: 117-260) on December 21, 2022.

    Purpose

    The purpose of this Act is to encourage the migration of Federal Government information technology systems to quantum-resistant cryptography, and for other purposes.

    Scope and Exemption

    • Scope: Systems of government agencies.
    • Exemption: This Act shall not apply to any national security system.

    Main Obligations

    Responsibilities

    Requirements
    Inventory Establishment Not later than 180 days after the date of enactment of this Act, the Director of OMB, shall issue guidance on the migration of information technology to post-quantum cryptography.
    Agency Reports "Not later than 1 year after the date of enactment of this Act, and on an ongoing basis thereafter, the head of each agency shall provide to the Director of OMB, the Director of CISA, and the National Cyber Director— (1) the inventory described in subsection (a)(1); and (2) any other information required to be reported under subsection (a)(1)(C)."
    Migration and Assessment "Not later than 1 year after the date on which the Director of NIST has issued post-quantum cryptography standards, the Director of OMB shall issue guidance requiring each agency to— (1) prioritize information technology described under subsection (a)(2)(A) for migration to post-quantum cryptography; and (2) develop a plan to migrate information technology of the agency to post-quantum cryptography consistent with the prioritization under paragraph (1)."

    "It is the sense of Congress that (1) a strategy for the migration of information technology of the Federal Government to post-quantum cryptography is needed; and (2) the government wide and industry-wide approach to post- quantum cryptography should prioritize developing applications, hardware intellectual property, and software that can be easily updated to support cryptographic agility." – Quantum Computing Cybersecurity Preparedness Act

    The development of post-quantum encryption

    Since 2016, the National Institute of Standards and Technology (NIST) has been actively engaged in the development of post-quantum encryption standards. The objective is to identify and establish standardized cryptographic algorithms that can withstand attacks from quantum computers.

    NIST QC Initiative Key Milestones

    Date Development
    Dec. 20, 2016 Round 1 call for proposals: Announcing request for nominations for public-key post-quantum cryptographic algorithms
    Nov. 30, 2017 Deadline for submissions – 82 submissions received
    Dec. 21, 2017 Round 1 algorithms announced (69 submissions accepted as "complete and proper")
    Jan. 30, 2019 Second round candidates announced (26 algorithms)

    July 22, 2020

    Third round candidates announced (7 finalists and 8 alternates)

    July 5, 2022

    Announcement of candidates to be standardized and fourth round candidates
    2022/2024 (Plan) Draft standards available

    Four Selected Candidates to be Standardized

    CRYSTALS – Kyber

    CRYSTALS – Dilithium

    FALCON

    SPHINCS+

    NIST recommends two primary algorithms to be implemented for most use cases: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures). In addition, the signature schemes FALCON and SPHINCS+ will also be standardized.

    Info-Tech Insight

    There is no need to wait for formal NIST PQC standards selection to begin your post-quantum mitigation project. It is advisable to undertake the necessary steps and allocate resources in phases that can be accomplished prior to the finalization of the standards.

    Prepare for post-quantum cryptography

    The advent of QC is closer than you think: some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    This is an infographic showing the three steps: Threat is Imminent; Risks are Profound; and Take Acton Now.

    Insight summary

    Overarching Insight

    The advent of QC is closer than you think as some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Business Impact Is High

    The advent of QC will significantly change our perception of computing and have a crucial impact on the way we protect our digital economy using encryption. The technology's applicability is no longer a theory but a reality to be understood, strategized about, and planned for.

    It's a Collaborative Effort

    Embedding quantum resistance into systems during the process of modernization requires collaboration beyond the scope of a Chief Information Security Officer (CISO) alone. It is a strategic endeavor shaped by leaders throughout the organization, as well as external partners. This comprehensive approach involves the collective input and collaboration of stakeholders from various areas of expertise within and outside the organization.

    Leverage Industry Standards

    There is no need to wait for formal NIST PQC standards selection to begin your post-quantum mitigation project. It is advisable to undertake the necessary steps and allocate resources in phases that can be accomplished prior to the finalization of the standards.

    Take a Holistic Approach

    The advent of QC poses threats to cybersecurity. It's a time to regroup, reassess, and revamp.

    Blueprint benefits

    IT Benefits

    Business Benefits

    • This blueprint will help organizations to discover and then prioritize the systems to be upgraded to post-quantum cryptography.
    • This blueprint will enable organizations to integrate quantum-resistant cryptography into existing IT infrastructure.
    • Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications.
    • This blueprint will help organizations to save effort and time needed upgrade to quantum-resilient cryptography.
    • Organizations will reap the substantial benefits of QC's power, while simultaneously shielding against the same technologies when used by cyber adversaries.
    • Avoid reputation and brand image by preventing data breach and leakage.
    • This blueprint will empower organizations to protect corporate data assets in the post-quantum era.
    • Be compliant with various security and privacy laws and regulations.

    Info-Tech Project Value

    Time, value, and resources saved to obtain buy-in from senior leadership team using our research material:

    1 FTEs*10 days*$100,000/year = $6,000

    Time, value, and resources saved to implement quantum-resistant cryptography using our research guidance:

    2 FTEs* 30 days*$100,000/year = $24,000

    Estimated cost and time savings from this blueprint:

    $6,000 + $24,000 =$30,000

    Get prepared for a post-quantum world

    The advent of sufficiently powerful quantum computers poses a risk of compromising or weakening traditional forms of asymmetric and symmetric cryptography. To safeguard data security and integrity for critical applications, it is imperative to undertake substantial efforts in migrating an organization's cryptographic systems to post-quantum encryption. The development of quantum-safe cryptography capabilities is crucial in this regard.

    Phase 1 - Prepare

    • Obtain buy-in from leadership team.
    • Educate your workforce about the upcoming transition.
    • Create defined projects to reduce risks and improve crypto-agility.

    Phase 2 - Discover

    • Determine the extent of your exposed data, systems, and applications.
    • Establish an inventory of classical cryptographic use cases.

    Phase 3 - Assess

    • Assess the security and data protection risks posed by QC.
    • Assess the readiness of transforming existing classical cryptography to quantum-resilience solutions.

    Phase 4 - Prioritize

    • Prioritize transformation plan based on criteria such as business impact, near-term technical feasibility, and effort, etc.
    • Establish a roadmap.

    Phase 5 - Mitigate

    • Implement post-quantum mitigations.
    • Decommissioning old technology that will become unsupported upon publication of the new standard.
    • Validating and testing products that incorporate the new standard.

    Phase 1 – Prepare: Protect data assets in the post-quantum era

    The rise of sufficiently powerful quantum computers has the potential to compromise or weaken conventional asymmetric and symmetric cryptography methods. In anticipation of a quantum-safe future, it is essential to prioritize crypto-agility. Consequently, organizations should undertake specific tasks both presently and in the future to adequately prepare for forthcoming quantum threats and the accompanying transformations.

    Quantum-resistance preparations must address two different needs:

    Reinforce digital transformation initiatives

    To thrive in the digital landscape, organizations must strengthen their digital transformation initiatives by embracing emerging technologies and novel business practices. The transition to quantum-safe encryption presents a unique opportunity for transformation, allowing the integration of these capabilities to evolve business transactions and relationships in innovative ways.

    Protect data assets in the post-quantum era

    Organizations should prioritize supporting remediation efforts aimed at ensuring the quantum safety of existing data assets and services. The implementation of crypto-agility enables organizations to respond promptly to cryptographic vulnerabilities and adapt to future changes in cryptographic standards. This proactive approach is crucial, as the need for quantum-safe measures existed even before the complexities posed by QC emerged.

    Preparation for the post-quantum world has been recommended by the US government and other national bodies since 2016.

    In 2016, NIST, the National Security Agency (NSA), and Central Security Service stated in their Commercial National Security Algorithm Suite and QC FAQ: "NSA believes the time is now right [to start preparing for the post-quantum world] — consistent with advances in quantum computing."
    Source: Cloud Security Alliance, 2021

    Phase 1 – Prepare: Key tasks

    Preparing for quantum-resistant cryptography goes beyond simply acquiring knowledge and conducting experiments in QC. It is vital for senior management to receive comprehensive guidance on the challenges, risks, and potential mitigations associated with the post-quantum landscape. Quantum and post-quantum education should be tailored to individuals based on their specific roles and the impact of post-quantum mitigations on their responsibilities. This customized approach ensures that individuals are equipped with the necessary knowledge and skills relevant to their respective roles.

    Leadership Buy-In

    • Get senior management commitment to post-quantum project.
    • Determine the extent of exposed data, systems, and applications.
    • Identify near-term, achievable cryptographic maturity goals, creating defined projects to reduce risks and improve crypto-agility.

    Roles and Responsibilities

    • The ownership should be clearly defined regarding the quantum-resistant cryptography program.
    • This should be a cross-functional team within which members represent various business units.

    Awareness and Education

    • Senior management needs to understand the strategic threat to the organization and needs to adequately address the cybersecurity risk in a timely fashion.
    • Educate your workforce about the upcoming transition. All training and education should seek to achieve awareness of the following items with the appropriate stakeholders.

    Info-Tech Insight

    Embedding quantum resistance into systems during the process of modernization requires collaboration beyond the scope of a CISO alone. It is a strategic endeavor shaped by leaders throughout the organization, as well as external partners. This comprehensive approach involves the collective input and collaboration of stakeholders from various areas of expertise within and outside the organization.

    Phase 2 – Discover: Establish a data protection inventory

    During the discovery phase, it is crucial to locate and identify any critical data and devices that may require post-quantum protection. This step enables organizations to understand the algorithms in use and their specific locations. By conducting this thorough assessment, organizations gain valuable insights into their existing infrastructure and cryptographic systems, facilitating the implementation of appropriate post-quantum security measures.

    Inventory Core Components

    1. Description of devices and/or data
    2. Location of all sensitive data and devices
    3. Criticality of the data
    4. How long the data or devices need to be protected
    5. Effective cryptography in use and cryptographic type
    6. Data protection systems currently in place
    7. Current key size and maximum key size
    8. Vendor support timeline
    9. Post-quantum protection readiness

    Key Things to Consider

    • The accuracy and thoroughness of the discovery phase are critical factors that contribute to the success of a post-quantum project.
    • It is advisable to conduct this discovery phase comprehensively across all aspects, not solely limited to public-key algorithms.
    • Performing a data protection inventory can be a time-consuming and challenging phase of the project. Breaking it down into smaller subtasks can help facilitate the process.
    • Identifying all information can be particularly challenging since data is typically scattered throughout an organization. One approach to begin this identification process is by determining the inputs and outputs of data for each department and team within the organization.
    • To ensure accountability and effectiveness, it is recommended to assign a designated individual as the ultimate owner of the data protection inventory task. This person should have the necessary responsibilities and authority to successfully accomplish the task.

    Phase 3 – Assess: The workflow

    Quantum risk assessment entails evaluating the potential consequences of QC on existing security measures and devising strategies to mitigate these risks. This process involves analyzing the susceptibility of current systems to attacks by quantum computers and identifying robust security measures that can withstand QC threats.

    Risk Assessment Workflow

    This is an image of the Risk Assessment Workflow

    By identifying the security gaps that will arise with the advent of QC, organizations can gain insight into the substantial vulnerabilities that core business operations will face when QC becomes a prevalent reality. This proactive understanding enables organizations to prepare and implement appropriate measures to address these vulnerabilities in a timely manner.

    Phase 4 – Prioritize: Balance business value, security risks, and effort

    Organizations need to prioritize the mitigation initiatives based on various factors such as business value, level of security risk, and the effort needed to implement the mitigation controls. In the diagram below, the size of the circle reflects the degree of effort. The bigger the size, the more effort is needed.

    This is an image of a chart where the X axis represents Security Risk level, and the Y axis is Business Value.

    QC Adopters Anticipated Annual Budgets

    This is an image of a bar graph showing the Anticipated Annual Budgets for QC Adopters.
    Source: Hyperion Research, 2022

    Hyperion's survey found that the range of expected budget varies widely.

    • The most selected option, albeit by only 38% of respondents, was US$5 million to US$15 million.
    • About one-third of respondents foresaw annual budgets that exceeded US$15 million, and one-fifth expected budgets to exceed US$25 million.

    Build your risk mitigation roadmap

    2 hours

    1. Review the quantum-resistance initiatives generated in Phase 3 – Assessment.
    2. With input from all stakeholders, prioritize the initiatives based on business value, security risks, and effort using the 2x2 grid.
    3. Review the position of all initiatives and adjust accordingly considering other factors such as dependency, etc.
    4. Place prioritized initiatives to a wave chart.
    5. Assign ownership and target timeline for each initiative.

    This is an image the Security Risk Vs. Business value graph, above an image showing Initiatives Numbered 1-7, divided into Wave 1; Wave 2; and Wave 3.

    Input

    • Data protection inventory created in phase 2
    • Risk assessment produced in phase 3
    • Business unit leaders' and champions' understanding (high-level) of challenges posed by QC

    Output

    • Prioritization of quantum-resistance initiatives

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • Pen/whiteboard markers

    Participants

    • Quantum-resistance program owner
    • Senior leadership team
    • Business unit heads
    • Chief security officer
    • Chief privacy officer
    • Chief information officer
    • Representatives from legal, risk, and governance

    Phase 5 – Mitigate: Implement quantum-resistant encryption solutions

    To safeguard against cybersecurity risks and threats posed by powerful quantum computers, organizations need to adopt a robust defense-in-depth approach. This entails implementing a combination of well-defined policies, effective technical defenses, and comprehensive education initiatives. Organizations may need to consider implementing new cryptographic algorithms or upgrading existing protocols to incorporate post-quantum encryption methods. The selection and deployment of these measures should be cost-justified and tailored to meet the specific needs and risk profiles of each organization.

    Governance

    Implement solid governance mechanisms to promote visibility and to help ensure consistency

    • Update policies and documents
    • Update existing acceptable cryptography standards
    • Update security and privacy audit programs

    Industry Standards

    • Stay up to date with newly approved standards
    • Leverage industry standards (i.e. NIST's post-quantum cryptography) and test the new quantum-safe cryptographic algorithms

    Technical Mitigations

    Each type of quantum threat can be mitigated using one or more known defenses.

    • Physical isolation
    • Replacing quantum-susceptible cryptography with quantum-resistant cryptography
    • Using QKD
    • Using quantum random number generators
    • Increasing symmetric key sizes
    • Using hybrid solutions
    • Using quantum-enabled defenses

    Vendor Management

    • Work with key vendors on a common approach to quantum-safe governance
    • Assess vendors for possible inclusion in your organization's roadmap
    • Create acquisition policies regarding quantum-safe cryptography

    Research Contributors and Experts

    This is a picture of Adib Ghubril

    Adib Ghubril
    Executive Advisor, Executive Services
    Info-Tech Research Group

    This is a picture of Erik Avakian

    Erik Avakian
    Technical Counselor
    Info-Tech Research Group

    This is a picture of Alaisdar Graham

    Alaisdar Graham
    Executive Counselor
    Info-Tech Research Group

    This is a picture of Carlos Rivera

    Carlos Rivera
    Principal Research Advisor
    Info-Tech Research Group

    This is a picture of Hendra Hendrawan

    Hendra Hendrawan
    Technical Counselor
    Info-Tech Research Group

    This is a picture of Fritz Jean-Louis

    Fritz Jean-Louis
    Principal Cybersecurity Advisor
    Info-Tech Research Group

    Bibliography

    117th Congress (2021-2022). H.R.7535 - Quantum Computing Cybersecurity Preparedness Act. congress.gov, 21 Dec 2022.
    Arute, Frank, et al. Quantum supremacy using a programmable superconducting processor. Nature, 23 Oct 2019.
    Bernhardt, Chris. Quantum Computing for Everyone. The MIT Press, 2019.
    Bob Sorensen. Quantum Computing Early Adopters: Strong Prospects For Future QC Use Case Impact. Hyperion Research, Nov 2022.
    Candelon, François, et al. The U.S., China, and Europe are ramping up a quantum computing arms race. Here's what they'll need to do to win. Fortune, 2 Sept 2022.
    Curioni, Alessandro. How quantum-safe cryptography will ensure a secure computing future. World Economic Forum, 6 July 2022.
    Davis, Mel. Toxic Substance Exposure Requires Record Retention for 30 Years. Alert presented by CalChamber, 18 Feb 2022.
    Eddins, Andrew, et al. Doubling the size of quantum simulators by entanglement forging. arXiv, 22 April 2021.
    Gambetta, Jay. Expanding the IBM Quantum roadmap to anticipate the future of quantum-centric supercomputing. IBM Research Blog, 10 May 2022.
    Golden, Deborah, et al. Solutions for navigating uncertainty and achieving resilience in the quantum era. Deloitte, 2023.
    Grimes, Roger, et al. Practical Preparations for the Post-Quantum World. Cloud Security Alliance, 19 Oct 2021.
    Harishankar, Ray, et al. Security in the quantum computing era. IBM Institute for Business Value, 2023.
    Hayat, Zia. Digital trust: How to unleash the trillion-dollar opportunity for our global economy. World Economic Forum, 17 Aug 2022.
    Mateen, Abdul. What is post-quantum cryptography? Educative, 2023.
    Moody, Dustin. Let's Get Ready to Rumble—The NIST PQC 'Competition.' NIST, 11 Oct 2022.
    Mosca, Michele, Dr. and Dr. Marco Piani. 2021 Quantum Threat Timeline Report. Global Risk Institute, 24 Jan 2022.
    Muppidi, Sridhar and Walid Rjaibi. Transitioning to Quantum-Safe Encryption. Security Intelligence, 8 Dec 2022.
    Payraudeau, Jean-Stéphane, et al. Digital acceleration: Top technologies driving growth in a time of crisis. IBM Institute for Business Value, Nov 2020.
    Quantum-Readiness Working Group (QRWG). Canadian National Quantum-Readiness- Best Practices and Guidelines. Canadian Forum for Digital Infrastructure Resilience (CFDIR), 17 June 2022.
    Rotman, David. We're not prepared for the end of Moore's Law. MIT Technology Review, 24 Feb 2020.
    Saidi, Susan. Calculating a computing revolution. Roland Berger, 2018.
    Shorter., Ted. Why Companies Must Act Now To Prepare For Post-Quantum Cryptography. Forbes.com, 11 Feb 2022.
    Sieger, Lucy, et al. The Quantum Decade, Third edition. IBM, 2022.
    Sorensen, Bob. Broad Interest in Quantum Computing as a Driver of Commercial Success. Hyperion Research, 17 Nov 2021.
    Wise, Jason. How Much Data is Created Every Day in 2022? Earthweb, 22 Sept 2022.
    Wright, Lawrence. The Plague Year. The New Yorker, 28 Dec 2020.
    Yan, Bao, et al. Factoring integers with sublinear resources on a superconducting quantum processor. arXiv, 23 Dec 2022.
    Zhong, Han-Sen, et al. Quantum computational advantage using photons. science.org, 3 Dec 2020.

    Reduce Risk With Rock-Solid Service-Level Agreements

    • Buy Link or Shortcode: {j2store}365|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Organizations can struggle to understand what service-level agreements (SLAs) are required and how they can differ depending on the service type. In addition, these other challenges can also cloud an organization’s knowledge of SLAs:

    • No standardized SLAs documents, service levels, or metrics
    • Dealing with lost productivity and revenue due to persistent downtime
    • Not understanding SLAs components and what service levels are required for a particular service
    • How to manage the SLA and hold the vendor accountable

    Our Advice

    Critical Insight

    SLAs need to have clear, easy-to-measure objectives, to meet expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to its obligations.

    Impact and Result

    This project will provide several benefits and learnings for almost all IT workers:

    • Better understanding of an SLA framework and required SLA elements
    • Standardized service levels and metrics aligned to the organization’s requirements
    • Reduced time in reviewing, evaluating, and managing service provider SLAs

    Reduce Risk With Rock-Solid Service-Level Agreements Research & Tools

    Start here – Read our Executive Brief

    Understand how to resolve your challenges with SLAs and their components and ensuring adequate metrics. Learn how to create meaningful SLAs that meet your requirements and manage them effectively.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand SLA elements – Understand the elements of SLAs, service types, service levels, metrics/KPIs, monitoring, and reporting

    • SLA Checklist
    • SLA Evaluation Tool

    2. Create requirements – Create your own SLA criteria and templates that meet your organization’s requirements

    • SLA Template & Metrics Reference Guide

    3. Manage obligations – Learn the SLA Management Framework to track providers’ performance and adherence to their commitments.

    • SLO Tracker & Trending Tool

    Infographic

    Workshop: Reduce Risk With Rock-Solid Service-Level Agreements

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Elements of SLAs

    The Purpose

    Understand key components and elements of an SLA.

    Key Benefits Achieved

    Properly evaluate an SLA for required elements.

    Activities

    1.1 SLA overview, objectives, SLA types, service levels

    1.2 SLA elements and objectives

    1.3 SLA components: monitoring, reporting, and remedies

    1.4 SLA checklist review

    Outputs

    SLA Checklist 

    Evaluation Process

    SLA Checklist

    Evaluation Process

    SLA Checklist

    Evaluation Process

    SLA Checklist

    Evaluation Process

    2 Create SLA Criteria and Management Framework

    The Purpose

    Apply knowledge of SLA elements to create internal SLA requirements.

    Key Benefits Achieved

    Templated SLAs that meet requirements.

    Framework to manage SLOs.

    Activities

    2.1 Creating SLA criteria and requirements

    2.2 SLA templates and policy

    2.3 SLA evaluation activity

    2.4 SLA Management Framework

    2.5 SLA monitoring, tracking, and remedy reconciliation

    Outputs

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Internal SLA Management Framework

    Evaluation of current SLAs

    SLA tracking and trending

    Further reading

    Reduce Risk With Rock-Solid Service-Level Agreements

    Hold Service Providers more accountable to their contractual obligations with meaningful SLA components & remedies

    EXECUTIVE BRIEF

    Analyst Perspective

    Reduce Risk With Rock-Solid Service-Level Agreements

    Every year organizations outsource more and more IT infrastructure to the cloud, and IT operations to managed service providers. This increase in outsourcing presents an increase in risk to the CIO to save on IT spend through outsourcing while maintaining required and expected service levels to internal customers and the organization. Ensuring that the service provider constantly meets their obligations so that the CIO can meet their obligation to the organization can be a constant challenge. This brings forth the importance of the Service Level Agreement.

    Research clearly indicates that there is a general lack of knowledge when comes to understanding the key elements of a Service Level Agreement (SLA). Even less understanding of the importance of the components of Service Levels and the Service Level Objectives (SLO) that service provider needs to meet so that the outsourced service consistently meets requirements of the organization. Most service providers are very good at providing the contracted service and they all are very good at presenting SLOs that are easy to meet with very few or no ramifications if they don’t meet their objectives. IT leaders need to be more resolute in only accepting SLOs that are meaningful to their requirements and have meaningful, proactive reporting and associated remedies to hold service providers accountable to their obligations.

    Ted Walker

    Principal Research Director, Vendor Practice

    Info-Tech Research Group

    Executive Brief

    Vendors provide service level commitments to customers in contracts to show a level of trust, performance, availability, security, and responsiveness in an effort create a sense of confidence that their service or platform will meet your organization’s requirements and expectations. Sifting through these promises can be challenging for many IT Leaders. Customers struggle to understand and evaluate what’s in the SLA – are they meaningful and protect your investment? Not understanding the details of SLAs applicable to various types of Service (SaaS, MSP, Service Desk, DR, ISP) can lead to financial and compliance risk for the organization as well as poor customer satisfaction.

    This project will provide IT leadership the knowledge & tools that will allow them to:

    • Understand what SLAs are and why they need them.
    • Develop standard SLAs that meet the organization’s requirements.
    • Negotiate meaningful remedies aligned to Service Levels metrics or KPIs.
    • Create SLA monitoring & reporting and remedies requirements to hold the provider accountable.

    This research:

    1. Is designed for:
    • The CIO or CFO who needs to better understand their provider’s SLAs.
    • The CIO or BU that could benefit from improved service levels.
    • Vendor management who needs to standardize SLAs for the organization IT leadership that needs consistent service levels to the business
    • The contract manager who needs a better understanding of contact SLAs
  • Will help you:
    • Understand what a Service Level Agreement is and what it’s for
    • Learn what the components are of an SLA and why you need them
    • Create a checklist of required SLA elements for your organization
    • Develop standard SLA template requirements for various service types
    • Learn the importance of SLA management to hold providers accountable
  • Will also assist:
    • Vendor management
    • Procurement and sourcing
    • Organizations that need to understand SLAs within contract language
    • With creating standardized monitoring & reporting requirements
    • Organizations get better position remedies & credits to hold vendors accountable to their commitments
  • Reduce Risk With Rock-Solid Service-Level Agreements (SLAs)

    Hold service providers more accountable to their contractual obligations with meaningful SLA components and remedies

    The Problem

    IT Leadership doesn't know how to evaluate an SLA.

    Misunderstanding of obligations given the type of service provided (SAAS, IAAS, DR/BCP, Service Desk)

    Expectations not being met, leading to poor service from the provider.

    No way to hold provider accountable.

    Why it matters

    SLAS are designed to ensure that outsourced IT services meet the requirements and expectations of the organization. Well-written SLAs with all the required elements, metrics, and remedies will allow IT departments to provide the service levels to their customer and avoid financial and contractual risk to the organization.

    The Solution

    1. Understand the key service elements within an SLA
    • Develop a solid understanding of the key elements within an SLA and why they're important.
  • Establish requirements to create SLA criteria
    • Prioritize contractual services and establish concise SLA checklists and performance metrics.
  • Manage SLA obligations to ensure commitments are met
    • Review the five steps for effective SLA management to track provider performance and deal with chronic issues.
  • Service types

    • Availability/Uptime
    • Response Times
    • Resolution Time
    • Accuracy
    • First-Call Resolution

    Agreement Types

    • SaaS/IaaS
    • Service Desk
    • MSP
    • Co-Location
    • DR/BCP
    • Security Ops

    Performance Metrics

    • Reporting
    • Remedies & Credits
    • Monitoring
    • Exclusion

    Example SaaS Provider

    • Response Times ✓
    • Availability/Uptime ✓
    • Resolution Time ✓
    • Update Times ✓
    • Coverage Time ✓
    • Monitoring ✓
    • Reporting ✓
    • Remedies/Credits ✓

    SLA Management Framework

    1. SLO Monitoring
    • SLOs must be monitored by the provider, otherwise they can't be measured.
  • Concise Reporting
    • This is the key element for the provider to validate their performance.
  • Attainment Tracking
    • Capturing SLO metric attainment provides performance trending for each provider.
  • Score carding
    • Tracking details provide input into overall vendor performance ratings.
  • Remedy Reconciliation
    • From SLO tracking, missed SLOs and associated credits needs to be actioned and consumed.
  • Executive Summary

    Your Challenge

    To understand which SLAs are required for your organization and how they can differ depending on the service type. In addition, these other challenges can also cloud your knowledge of SLAs

    • No standardized SLA documents, Service levels, or metrics
    • Dealing with lost productivity & revenue due to persistent downtime
    • Understanding SLA components and what service levels are requires for a particular service
    • How to manage the SLA and hold the vendor accountable

    Common Obstacles

    There are several unknowns that SLA can present to different departments within the organization:

    • Little knowledge of what service levels are required
    • Not knowing SLO standards for a service type
    • Lack of resources to manage vendor obligations
    • Negotiating required metrics/KPIs with the provider
    • Low understanding of the risk that poor SLAs can present to the organization

    Info-Tech's Approach

    Info-Tech has a three-step approach to effective SLAs

    • Understand the elements of an SLA
    • Create Requirements for your organization
    • Manage the SLA obligations

    There are some basic components that every SLA should have – most don’t have half of what is required

    Info-Tech Insight

    SLAs need to have clear, easy to measure objectives to meet your expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to their obligations.

    Your challenge

    This research is designed to help organizations gain a better understanding of what an SLA is, understand the importance of SLAs in IT contracts, and ensure organizations are provided with rock-solid SLAs that meet their requirements and not just what the vendor wants to provide.

    • Vendors can make SLAs weak and difficult to understand; sometimes the metrics are meaningless. Not fully understanding what makes up a good SLA can bring unknown risks to the organization.
    • Managing vendor SLA obligations effectively is important. Are adequate resources available? Does the vendor provide manual vs. automated processes and which do you need? Is the process proactive from the vendor or reactive from the customer?

    SLAs come in many variations and for many service types. Understanding what needs to be in them is one of the keys to reducing risk to your organization.

    “One of the biggest mistakes an IT leader can make is ignoring the ‘A’ in SLA,” adds Wendy M. Pfeiffer, CIO at Nutanix. “

    An agreement isn’t a one-sided declaration of IT capabilities, nor is it a one-sided demand of business requirements,” she says. “An agreement involves creating a shared understanding of desired service delivery and quality, calculating costs related to expectations, and then agreeing to outcomes in exchange for investment.” (15 SLA mistakes IT leaders still make | CIO)

    Common obstacles

    There are typically a lot of unknowns when it comes to SLAs and how to manage them.

    Most organizations don’t have a full understanding of what SLAs they require and how to ensure they are met by the vendor. Other obstacles that SLAs can present are:

    • Inadequate resources to create and manage SLAs
    • Poor awareness of standard or required SLA metrics/KPIs
    • Lack of knowledge about each provider’s commitment as well as your obligations
    • Low vendor willingness to provide or negotiate meaningful SLAs and credits
    • The know-how or resources to effectively monitor and manage the SLA’s performance

    SLAs need to address your requirements

    55% of businesses do not find all of their service desk metrics useful or valuable (Freshservice.com)

    27% of businesses spend four to seven hours a month collating metric reports (Freshservice.com)

    Executive Summary

    Info-Tech’s Approach

    • Understand the elements of an SLA
      • Availability
      • Monitoring
      • Response Times
      • SLO Calculation
      • Resolution Time
      • Reporting
      • Milestones
      • Exclusions
      • Accuracy
      • Remedies & Credits
    • Create standard SLA requirements and criteria
      • SLA Element Checklist
      • Corporate Requirements and Standards
      • SLA Templates and Policy
    • Effectively Manage the SLA Obligations
      • SLA Management Framework
        • SLO Monitoring
        • Concise Reporting
        • Attainment Tracking
        • Score Carding
        • Remedy Reconciliation

    Info-Tech’s three phase approach

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 1

    Understand SLA Elements

    Phase Content:

    • 1.1 What are SLAs, types of SLAs, and why are they needed?
    • 1.2 Elements of an SLA
    • 1.3 Obligation management monitoring, Reporting requirements
    • 1.4 Exclusions
    • 1.5 SLAs vs. SLOs vs. SLIs

    Outcome:

    This phase will present you with an understanding of the elements of an SLA: What they are, why you need them, and how to validate them.

    Phase 2

    Create Requirements

    Phase Content:

    • 2.1 Create a list of your SLA criteria
    • 2.2 Develop SLA policy & templates
    • 2.3 Create a negotiation strategy
    • 2.4 SLA Overachieving discussion

    Outcome:

    This phase will leverage knowledge gained in Phase 1 and guide you through the creation of SLA requirements, criteria, and templates to ensure that providers meet the service level obligations needed for various service types to meet your organization’s service expectations.

    Phase 3

    Manage Obligations

    Phase Content:

    • 3.1 SLA Monitoring, Tracking
    • 3.2 Reporting
    • 3.3 Vendor SLA Reviews & Optimizing
    • 3.4 Performance management

    Outcome:

    This phase will provide you with an SLA management framework and the best practices that will allow you to effectively manage service providers and their SLA obligations.

    Insight summary

    Overarching insight

    SLAs need to have clear, easy-to-measure objectives to meet your expectations and service level requirements, including meaningful reporting and remedies to hold the provider accountable to their obligations.

    Phase 1 insight

    Not understanding the required elements of an SLA and not having meaningful remedies to hold service providers accountable to their obligations can present several risk factors to your organization.

    Phase 2 insight

    Creating standard SLA criteria for your organization’s service providers will ensure consistent service levels for your business units and customers.

    Phase 3 insight

    SLAs can have appropriate SLOs and remedies but without effective management processes they could become meaningless.

    Tactical insight

    Be sure to set SLAs that are easily measurable from regularly accessible data and that are straight forward to interpret.

    Tactical insight

    Beware of low, easy to attain service levels and metrics/KPIs. Service levels need to meet your expectations and needs not the vendor’s.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    SLA Tracker & Trending Tool

    Track the provider’s SLO attainment and see how their performance is trending over time

    SLA Evaluation Tool

    Evaluate SLA service levels, metrics, credit values, reporting, and other elements

    SLA Template & Metrics Reference Guide

    Reference guide for typical SLA metrics with a generic SLA Template

    Service-Level Agreement Checklist

    Complete SLA component checklist for core SLA and contractual elements.

    Key deliverable:

    Service-Level Agreement Evaluation Tool

    Evaluate each component of the SLA , including service levels, metrics, credit values, reporting, and processes to meet your requirements

    Blueprint objectives

    Understand the components of an SLA and effectively manage their obligations

    • To provide an understanding of different types of SLAs, their required elements, and what they mean to your organization. How to identify meaningful service levels based on service types. We will break down the elements of the SLA such as service types and define service levels such as response times, availability, accuracy, and associated metrics or KPIs to ensure they are concise and easy to measure.
    • To show how important it is that all metrics have remedies to hold the service provider accountable to their SLA obligations.

    Once you have this knowledge you will be able to create and negotiate SLA requirements to meet your organization’s needs and then manage them effectively throughout the term of the agreement.

    InfoTech Insight:

    Right-size your requirements and create your SLO criteria based on risk mitigation and create measurements that motivate the desired behavior from the SLA.

    Blueprint benefits

    IT Benefits

    • An understanding of standard SLA service levels and metrics
    • Reduced financial risk through clear and concise easy-to-measure metrics and KPIs
    • Improved SLA commitments from the service provider
    • Meaningful reporting and remedies to hold the provider accountable
    • Service levels and metrics that meet your requirements to support your customers

    Business Benefits

    • Better understanding of an SLA framework and required SLA elements
    • Improved vendor performance
    • Standardized service levels and metrics aligned to your organization’s requirements
    • Reduced time in reviewing and comprehending vendor SLAs
    • Consistent performance from your service providers

    Measure the value of this blueprint

    1. Dollars Saved
    • Improved performance from your service provider
    • Reduced financial risk through meaningful service levels & remedies
    • Dollars gained through:
      • Reconciled credits from obligation tracking and management
      • Savings due to automated processes
  • Time Saved
    • Reduced time in creating effective SLAs through requirement templates
    • Time spent tracking and managing SLA obligations
    • Reduced negotiation time
    • Time spent tracking and reconciling credits
  • Knowledge Gained
    • Understanding of SLA elements, service levels, service types, reporting, and remedies
    • Standard metrics and KPIs required for various service types and levels
    • How to effectively manage the service provider obligations
    • Tactics to negotiate appropriate service levels to meet your requirements
  • Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way wound help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between three to six calls over the course of two to three months.

    Phase 1 - Understand

    • Call #1: Scope requirements, objectives, and your specific SLA challenges

    Phase 2 - Create Requirements

    • Call #2: Review key SLA and how to identify them
    • Call #3: Deep dive into SLA elements and why you need them
    • Call #4: Review your service types and SLA criteria
    • Call #5: Create internal SLA requirements and templates

    Phase 3 - Management

    • Call #6: Review SLA Management Framework
    • Call #7: Review and create SLA Reporting and Tracking

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2
    Understanding SLAs SLA Templating & Management
    Activities

    1.1 SLA overview, objectives, SLA types, service levels

    1.2 SLA elements and objectives

    1.3 SLA components – monitoring, reporting, remedies

    1.4 SLA Checklist review

    2.1 Creating SLA criteria and requirements

    2.2 SLA policy & template

    2.3 SLA evaluation activity

    2.4 SLA management framework

    2.5 SLA monitoring, tracking, remedy reconciliation

    Deliverables
    1. SLA Checklist
    2. SLA policy & template creation
    3. SLA management gap analysis
    1. Evaluation of current SLAs
    2. SLA tracking and trending
    3. Create internal SLA management framework

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 1

    Phase 1

    Understand SLA Elements

    Phase Steps

    • 1.1 What are SLAs, the types of SLAs, and why are they needed?
    • 1.2 Elements of an SLA
    • 1.3 Obligation management monitoring, Reporting requirements
    • 1.4 Exclusions and exceptions
    • 1.5 SLAs vs. SLOs vs. SLIs

    Create Requirements

    Manage Obligations

    1.1 What are SLAs, the types of SLAs, and why are they needed?

    SLA Overview

    What is a Service Level Agreement?

    An SLA is an overarching contractual agreement between a service provider and a customer (can be external or internal) that describes the services that will be delivered by the provider. It describes the service levels and associated performance metrics and expectations, how the provider will show it has attained the SLAs, and defines any remedies or credits that would apply if the provider fails to meet its commitments. Some SLAs also include a change or revision process.

    SLAs come in a few forms. Some are unique, separate, standalone documents that define the service types and levels in more detail and is customized to your needs. Some are separate documents that apply to a service and are web posted or linked to an MSA or SSA. The most common is to have them embedded in, or as an appendix to an MSA or SSA. When negotiating an MSA it’s generally more effective to negotiate better service levels and metrics at the same time.

    Objectives of an SLA

    To be effective, SLAs need to have clearly described objectives that define the service type(s) that the service provider will perform, along with commitment to associated measurable metrics or KPIs that are sufficient to meet your expectations. The goal of these service levels and metrics is to ensure that the service provider is committed to providing the service that you require, and to allow you to maintain service levels to your customers whether internal or external.

    1.1 What are SLAs, the types of SLAs, and why are they needed?

    Key Elements of an SLA

    Principle service elements of an SLA

    There are several more common service-related elements of an SLA. These generally include:

    • The Agreement – the document that defines service levels and commitments.
    • The service types – the type of service being provided by the vendor. These can include SaaS, MSP, Service Desk, Telecom/network, PaaS, Co-Lo, BCP, etc.
    • The service levels – these are the measurable performance objectives of the SLA. They include availability (uptime), response times, restore times, priority level, accuracy level, resolution times, event prevention, completion time, etc.
    • Metrics/KPIs – These are the targets or commitments associated to the service level that the service provider is obligated to meet.
    • Other elements – Reporting requirements, monitoring, remedies/credit values and process.

    Contractual Construct Elements

    These are construct components of an SLA that outline their roles and responsibilities, T&Cs, escalation process, etc.

    In addition, there are several contractual-type elements including, but not limited to:

    • A statement regarding the purpose of the SLA.
    • A list of services being supplied (service types).
    • An in-depth description of how services will be provided and when.
    • Vendor and customer requirements.
    • Vendor and customer obligations.
    • Acknowledgment/acceptance of the SLA.
    • They also list each party’s responsibilities and how issues will be escalated and resolved.

    Common types of SLAs explained

    Service-level SLA

    • This service-level agreement construct is the Service-based SLA. This SLA covers an identified service for all customers in general (for example, if an IT service provider offers customer response times for a service to several customers). In a service-based agreement, the response times would be the same and apply to all customers using the service. Any customer using the service would be provided the same SLA – in this case the same defined response time.

    Customer-based SLA

    • A customer-based SLA is a unique agreement with one customer. The entire agreement is defined for one or all service levels provided to a particular customer (for example, you may use several services from one telecom vendor). The SLAs for these services would be covered in one contract between you and the vendor, creating a unique customer-based vendor agreement. Another scenario could be where a vendor offers general SLAs for its services but you negotiate a specific SLA for a particular service that is unique or exclusive to you. This would be a customer-based SLA as well.

    Multi-level SLA

    • This service-level agreement construct is the multi-level SLA. In a multi-level SLA, components are defined to the organizational levels of the customer with cascading coverage to sublevels of the organization. The SLA typically entails all services and is designed to the cover each sub-level or department within the organization. Sometimes the multi-level SLA is known as a master organization SLA as it cascades to several levels of the organization.

    InfoTech Insight: Beware of low, easy to attain Service levels and metrics/KPIs. Service levels need to meet your requirements, expectations, and needs not the vendor’s.

    1.2 Elements of SLA-objectives, service types, and service levels

    Objectives of Service Levels

    The objective of the service levels and service credits are to:

    • Ensure that the services are of a consistently high quality and meet the requirements of the customer
    • Provide a mechanism whereby the customer can attain meaningful recognition of the vendors failure to deliver the level of service for which it was contracted to deliver
    • Incentivize the vendor or service provider to comply with and to expeditiously provide a remedy for any failure to attain the service levels committed to in the SLA
    • To ensure that the service provider fulfills the defined objectives of the outsourced service

    Service types

    There are several service types that can be part of an SLA. Service types are the different nature of services associated with the SLA that the provider is performing and being measured against. These can include:

    Service Desk, SaaS, PaaS, IaaS, ISP/Telecom/Network MSP, DR & BCP, Co-location security ops, SOW.

    Each service type should have standard service level targets or obligations that can vary depending on your requirements and reliance on the service being provided.

    Service levels

    Service levels are measurable targets, metrics, or KPIs that the service provider has committed to for the particular service type. Service levels are the key element of SLAs – they are the performance expectations set between you and the provider. The service performance of the provider is measured against the service level commitments. The ability of the provider to consistently meet these metrics will allow your organization to fully benefit from the objectives of the service and associated SLAs. Most service levels are time related but not all are.

    Common service levels are:

    Response times, resolution times per percent, restore/recovery times, accuracy, availability/uptime, completion/milestones, updating/communication, latency.

    Each service level has standard or minimum metrics for the provider. The metrics, or KPIs, should be relatively easy to measure and report against on a regular basis. Service levels are generally negotiable to meet your requirements.

    1.2.1 Activity SLA Checklist Tool

    1-2 hours

    Input

    • SLA content, Service elements
    • Contract terms & exclusions
    • Service metrices/KPIs

    Output

    • A concise list of SLA components
    • A list of missing SLA elements
    • Evaluation of the SLA

    Materials

    • Comprehensive checklist
    • Service provider SLA
    • Internal templates or policies

    Participants

    • Vendor or contract manager
    • IT or business unit manager
    • Legal
    • Finance

    Using this checklist will help you review a provider’s SLA to ensure it contains adequate service levels and remedies as well as contract-type elements.

    Instructions:

    Use the checklist to identify the principal service level elements as well as the contractual-type elements within the SLA.

    Review the SLA and use the dropdowns in the checklist to verify if the element is in the SLA and whether it is within acceptable parameters as well the page or section for reference.

    The checklist contains a list of service types that can be used for reference of what SLA elements you should expect to see in that service type SLA.

    Download the SLA Checklist Tool

    1.3 Monitoring, reporting requirements, remedies/credit process

    Monitoring & Reporting

    As mentioned, well-defined service levels are key to the success of the SLA. Validating that the metrics/KPIs are being met on a consistent basis requires regular monitoring and reporting. These elements of the SLA are how you hold the provider accountable to the SLA commitments and obligations. To achieve the service level, the service must be monitored to validate that timelines are met and accuracy is achieved.

    • Data or details from monitoring must then be presented in a report and delivered to the customer in an agreed-upon format. These formats can be in a dashboard, portal, spreadsheet, or csv file, and they must have sufficient criteria to validate the service-level metric. Reports should be kept for future review and to create historical trending.
    • Monitoring and reporting should be the responsibility of the service provider. This is the only way that they can validate to the customer that a service level has been achieved.
    • Reporting criteria and delivery timelines should be defined in the SLA and can even have a service level associated with it, such as a scheduled report delivery on the fifth day of the following month.
    • Reports need to be checked and balanced. When defining report criteria, be sure to define data source(s) that can be easily validated by both parties.
    • Report criteria should include compliance requirements, target metric/KPIs, and whether they were attained.
    • The report should identify any attainment shortfall or missed KPIs.

    Too many SLAs do not have these elements as often the provider tries to put the onus on the customer to monitor their performance of the service levels. .

    1.3.1 Monitoring, reporting requirements, remedies/credit process

    Remedies and Credits

    Service-level reports validate the performance of the service provider to the SLA metrics or KPIs. If the metrics are met, then by rights, the service provider is doing its job and performing up to expectations of the SLA and your organization.

    • What if the metrics are not being met either periodically or consistently? Solving this is the goal of remedies. Remedies are typically monetary costs (in some form) to the provider that they must pay for not meeting a service-level commitment. Credits can vary significantly and should be aligned to the severity of the missed service level. Sometimes there no credits offered by the vendor. This is a red flag in an SLA.
    • Typically expressed as a monetary credit, the SLA will have service levels and associated credits if the service-level metric/KPI is not met during the reporting period. Credits can be expressed in a dollar format, often defined as a percentage of a monthly fee or prorated annual fee. Although less common, some SLAs offer non-financial credits. These could include: an extension to service term, additional modules, training credits, access to a higher support level, etc.
    • Regardless of how the credit is presented, this is typically the only way to hold your provider accountable to their commitments and to ensure they perform consistently to expectations. You must do a rough calculation to validate the potential monetary value and if the credit is meaningful enough to the provider.

    Research shows that credit values that equate to just a few dollars, when you are paying the provider tens of thousands of dollars a month for a service or product, the credit is insignificant and therefore doesn’t incent the provider to achieve or maintain a service level.

    1.3.2 Monitoring, reporting requirements, remedies/credit process

    Credit Process

    Along with meaningful credit values, there must be a defined credit calculation method and credit redemption process in the SLA.

    Credit calculation. The credit calculation should be simple and straight forward. Many times, we see providers define complicated methods of calculating the credit value. In some cases complicated service levels require higher effort to monitor and report on, but this shouldn’t mean that the credit for missing the service level needs to require the same effort to calculate. Do a sample credit calculation to validate if the potential credit value is meaningful enough or meets your requirements.

    Credit redemption process. The SLA should define the process of how a credit is provided to the customer. Ideally the process should be fairly automated by the service provider. If the report shows a missed service level, that should trigger a credit calculation and credit value posted to account followed by notification. In many SLAs that we review, the credit process is either poorly defined or not defined at all. When it is defined, the process typically requires the customer to follow an onerous process and submit a credit request that must then be validated by the provider and then, if approved, posted to your account to be applied at year end as long as you are in complete compliance with the agreement and up-to-date on your account etc. This is what we need to avoid in provider-written SLAs. You need a proactive process where the service provider takes responsibility for missing an SLA and automatically assigns an accurate credit to your account with an email notice.

    Secondary level remedies. These are remedies for partial performance. For example, the platform is accessible but some major modules are not working (i.e.: the payroll platform is up and running and accessible but the tax table is not working properly so you can’t complete your payroll run on-time). Consider the requirement of a service level, metric, and remedy for critical components of a service and not just the platform availability.

    Info-Tech Insight SLA’s without adequate remedies to hold the vendor accountable to their commitments make the SLAs essentially meaningless.

    1.4 Exclusions indemnification, force majeure, scheduled maintenance

    Contract-Related Exclusions

    Attaining service-level commitments by the provider within an SLA can depend on other factors that could greatly influence their performance to service levels. Most of these other factors are common and should be defined in the SLA as exclusions or exceptions. Exceptions/exclusions can typically apply to credit calculations as well. Typical exceptions to attaining service levels are:

    • Denial of Service (DoS) attacks
    • Communication/ISP outage
    • Outages of third-party hosting
    • Actions or inactions of the client or third parties
    • Scheduled maintenance but not emergency maintenance
    • Force majeure events which can cover several different scenarios

    Attention should be taken to review the exceptions to ensure they are in fact not within the reasonable control of the provider. Many times the provider will list several exclusions. Often these are not reasonable or can be avoided, and in most cases, they allow the service provider the opportunity to show unjustified service-level achievements. These should be negotiated out of the SLA.

    1.5 Activity SLA Evaluation Tool

    1-2 hours

    Input

    • SLA content
    • SLA elements
    • SLA objectives
    • SLO calculation methods

    Output

    • Rating of the SLA service levels and objectives
    • Overall rating of the SLA content
    • Targeted list of required improvements

    Materials

    • SLA comprehensive checklist
    • Service provider SLA

    Participants

    • Vendor or contract manager
    • IT manager or leadership
    • Application or business unit manager

    The SLA Evaluation Tool will allow you evaluate an SLA for content. Enter details into the tool and evaluate the service levels and SLA elements and components to ensure the agreement contains adequate SLOs to meet your organization’s service requirements.

    Instructions:

    Review and identify SLA elements within the service provider’s SLA.

    Enter service-level details into the tool and rate the SLOs.

    Enter service elements details, validate that all required elements are in the SLA, and rate them accordingly.

    Capture and evaluate service-level SLO calculations.

    Review the overall rating for the SLA and create a targeted list for improvements with the service provider.

    Download the SLA Evaluation Tool

    1.5 Clarification: SLAs vs. SLOs vs. SLIs

    SLA – Service-Level Agreement The promise or commitment

    • This is the formal agreement between you and your service provider that contains their service levels and obligations with measurable metrics/KPIs and associated remedies. SLAs can be a separate or unique document, but are most commonly embedded within an MSA, SOW, SaaS, etc. as an addendum or exhibit.

    SLO – Service-Level Objective The goals or targets

    • This service-level agreement construct is the customer-based SLA. A Customer-based SLA is a unique agreement with one customer. The entire agreement is defined for one or all service levels provided to a particular customer. For example, you may use several services from one telecom vendor. The SLAs for these services would be covered in one contract between you and the Telco vendor, creating a unique customer-based to vendor agreement. Another scenario: a vendor offers general SLAs for its services and you negotiate a specific SLA for a particular service that is unique or exclusive to you. This would be a customer-based SLA as well.

    Other common names are Metrics and Key Performance Indicators (KPIs )

    SLI – Service-Level Indicator How did we do? Did we achieve the objectives?

    • An SLI is the actual metric attained after the measurement period. SLI measures compliance with an SLO (service level objective). So, for example, if your SLA specifies that your systems will be available 99.95% of the time, your SLO is 99.95% uptime and your SLI is the actual measurement of your uptime. Maybe it’s 99.96%. maybe 99.99% or even 99.75% For the vendor to be compliant to the SLA, the SLI(s) must meet or exceed the SLOs within the SLA document.

    Other common names: attainment, results, actual

    Info-Tech Insight:

    Web-posted SLAs that are not embedded within a signed MSA, can present uncertainty and risk as they can change at any time and typically without direct notice to the customer

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 2

    Understand SLA Elements

    Phase 2

    Create Requirements

    Phase Steps

    • 2.1 Create a list of your SLA criteria
    • 2.2 Develop SLA policy & templates
    • 2.3 Create a negotiation strategy
    • 2.4 SLA overachieving discussion

    Manage Obligations

    2.1 Create a list of your SLA criteria

    Principle Service Elements

    With your understanding of the types of SLAs and the elements that comprise a well-written agreement

    • The next step is to start to create a set of SLA criteria for service types that your organization outsources or may require in the future.
    • This criteria should define the elements of the SLA with tolerance levels that will require the provider to meet your service expectations.
    • Service levels, metrics/KPIs, associated remedies and reporting criteria. This criteria could be captured into table-like templates that can be referenced or inserted into service provider SLAs.
    • Once you have defined minimum service-level criteria, we recommend that you do a deeper review of the various service provider types that your organization has in place. The goal of the review is to understand the objective of the service type and associated service levels and then compare them to your requirements for the service to meet your expectations. Service levels and KPIs should be no less than if your IT department was providing the service with its own resources and infrastructure.
    • Most IT departments have service levels that they are required to meet with their infrastructure to the business units or organization, whether it’s App delivery, issue or problem resolution, availability etc. When any of these services are outsourced to an external service provider, you need to make all efforts to ensure that the service levels are equal to or better than the previous or existing internal expectations.
    • Additionally, the goal is to identify service levels and metrics that don’t meet your requirements or expectations and/or service levels that are missing.

    2.2 Develop SLA policies and templates

    Contract-type Elements

    After creating templates for minimum-service metrics & KPIs, reporting criteria templates, process, and timing, the next step should be to work on contract-type elements and additional service-level components. These elements should include:

    • Reporting format, criteria, and timelines
    • Monitoring requirements
    • Minimum acceptable remedy or credits process; proactive by provider vs. reactive by customer
    • Roles & responsibilities
    • Acceptable exclusion details
    • Termination language for persistent failure to meet SLOs

    These templates or criteria minimums can be used as guidelines or policy when creating or negotiating SLAs with a service provider.

    Start your initial element templates for your strategic vendors and most common service types: SaaS, IaaS, Service Desk, SecOps, etc. The goal of SLA templates is to create simple minimum guidelines for service levels that will allow you to meet your internal SLAs and expectations. Having SLA templates will show the service provider that you understand your requirements and may put you in a better negotiating position when reviewing with the provider.

    When considering SLO metrics or KPIs consider the SMART guidance:

    Simple: A KPI should be easy to measure. It should not be complicated, and the purpose behind recording it must be documented and communicated.

    Measurable: A KPI that cannot be measured will not help in the decision-making process. The selected KPIs must be measurable, whether qualitatively or quantitatively. The procedure for measuring the KPIs must be consistent and well-defined.

    Actionable: KPIs should contribute to the decision-making process of your organization. A KPI that does not make any such contributions serves no purpose.

    Relevant: KPIs must be related to operations or functions that a security team seeks to assess.

    Time-based: KPIs should be flexible enough to demonstrate changes over time. In a practical sense, an ideal KPI can be grouped together by different time intervals.

    (Guide for Security Operations Metrics)

    2.2.1 Activity: Review SLA Template & Metrics Reference Guide

    1-2 hours

    Input

    • Service level metrics
    • List of who is accountable for PPM decisions

    Output

    • SLO templates for service types
    • SLA criteria that meets your organization’s requirements

    Materials

    • SLA Checklist
    • SLA criteria list with SLO & credit values
    • PPM Decision Review Workbook

    Participants

    • Vendor manager
    • IT leadership
    • Procurement or contract manager
    1. Review the SLA Template and Metrics Reference Guide for common metrics & KPIs for the various service types. Each Service Type tab has SLA elements and SLO metrics typically associated with the type of service.
    2. Some service levels have common or standard credits* that are typically associated with the service level or metric.
    3. Use the SLA Template to enter service levels, metrics, and credits that meet your organization’s criteria or requirements for a given service type.

    Download the SLA Template & Metrics Reference Guide

    *Credit values are not standard values, rather general ranges that our research shows to be the typical ranges that credit values should be for a given missed service level

    2.3 Create a negotiation strategy

    Once you have created service-level element criteria templates for your organization’s requirements, it’s time to document a negotiation position or strategy to use when negotiating with service providers. Not all providers are flexible with their SLA commitments, in fact most are reluctant to change or create “unique” SLOs for individual customers. Particularly cloud vendors providing IaaS, SaaS, or PaaS, SLAs. ISP/Telcom, Co-Lo and DR/BU providers also have standard SLOs that they don’t like to stray far from. On the other hand, security ops (SIEM), service desk, hardware, and SOW/PS providers who are generally contracted to provide variable services are somewhat more flexible with their SLAs and more willing to meet your requirements.

    • Service providers want to avoid being held accountable to SLOs, and their SLAs are typically written to reflect that.

    The goal of creating internal SLA templates and policies is to set a minimum baseline of service levels that your organization is willing to accept, and that will meet their requirements and expectations for the outsourced service. Using these templated SLOs will set the basis for negotiating the entire SLA with the provider. You can set the SLA purpose, objectives, roles, and responsibilities and then achieve these from the service provider with solid SLOs and associated reporting and remedies.

    Info-Tech Insight

    Web-posted SLAs that are not embedded within a signed MSA can present uncertainty and risk as they can change at any time and typically without direct notice to the customer

    2.3.1 Negotiating strategy guidance

    • Be prepared. Create a negotiating plan and put together a team that understands your organization’s requirements for SLA.
    • Stay informed. Request provider’s recent performance data and negotiate SLOs to the provider’s average performance.
    • Know what you need. Corporate SLA templates or policies should be positioned to service providers as baseline minimums.
    • Show some flexibility. Be willing to give up some ground on one SLO in exchange for acceptance of SLOs that may be more important to your organization.
    • Re-group. Have a fallback position or Plan B. What if the provider can’t or won’t meet your key SLOs? Do you walk?
    • Do your homework. Understand what the typical standard SLOs are for the type of service level.

    2.4 SLO overachieving incentive discussion

    Monitoring & Reporting

    • SLO overachieving metrics are seen in some SLAs where there is a high priority for a service provider to meet and or exceed the SLOs within the SLA. These are not common terms but can be used to improve the overall service levels of a provider. In these scenarios the provider is sometimes rewarded for overachieving on the SLOs, either consistently or on a monthly or quarterly basis. In some cases, it can make financial sense to incent the service provider to overachieve on their commitments. Incentives can drive behaviors and improved performance by the provider that can intern improve the benefits to your organization and therefore justify an incent of some type.
    • Example: You could have an SLO for invoice accuracy. If not achieved, it could cost the vendor if they don’t meet the accuracy metric, however if they were to consistently overachieve the metric it could save accounts payable hours of time in validation and therefore you could pass on some of these measurable savings to the provider.
    • Overachieving incentives can add complexity to the SLA so they need to be easily measurable and simple to manage.
    • Overachieving incentives can also be used in provider performance improvement plans, where a provider might have poor trending attainment and you need to have them improve their performance in a short period of time. Incentives typically will motivate provider improvement and generally will cost much less than replacing the provider.
    • There is another school of thought that you shouldn’t have to pay a provider for doing their job; however, others are of the opinion that incentives or bonuses improve the overall performance of individuals or teams and are therefore worth consideration if both parties benefit from the over performance.

    Reduce Risk With Rock-Solid Service-Level Agreements

    Phase 3

    Understand SLA Elements

    Create Requirements

    Phase 3

    Manage Obligations

    Phase Steps

    • 3.1 SLA monitoring and tracking
    • 3.2 Reporting
    • 3.3 Vendor SLA reviews & optimizing
    • 3.4 Performance management

    3.1 SLA monitoring, tracking, and remedy reconciliation

    The next step to effective SLAs is the management component. It could be fruitless if you were to spend your time and efforts negotiating your required service levels and metrics and don’t have some level of managing the SLA. In that situation you would have no way of knowing if the service provider is attaining their SLOs.

    There are several key elements to effective SLA management:

    • SLO monitoring
    • Simple, concise reporting
    • SLO attainment tracking
    • Score carding & trending
    • Remedy reconciliation

    SLA Management framework

    SLA Monitoring → Concise Reporting → Attainment Tracking → Score Carding →Remedy Reconciliation

    “A shift we’re beginning to see is an increased use of data and process discovery tools to measure SLAs,” says Borowski of West Monroe. “While not pervasive yet, these tools represent an opportunity to identify the most meaningful metrics and objectively measure performance (e.g., cycle time, quality, compliance). When provided by the client, it also eliminates the dependency on provider tools as the source-of-truth for performance data.” – Stephanie Overby

    3.1 SLA management framework

    SLA Performance Management

    • SLA monitoring provides data for SLO reports or dashboards. Reports provide attainment data for tacking over time. Attainment data feeds scorecards and allows for trending analysis. Missed attainment data triggers remedies.
    • All service providers monitor their systems, platforms, tickets, agents, sensors etc. to be able to do their jobs. Therefore, monitoring is readily available from your service provider in some form.
    • One of the key purposes of monitoring is to generate data into internal reports or dashboards that capture the performance metrics of the various services. Therefore, service-level and metric reports are readily available for all of the service levels that a service provider is contracted or engaged to provide.
    • Monitoring and reporting are the key elements that validate how your service provider is meeting its SLA obligations and thus are very important elements of an SLA. SLO report data becomes attainment data once the metric or KPI has been captured.
    • As a component of effective SLA management, this attainment data needs to be tracked/recorded in an easy-to-read format or table over a period of time. Attainment data can then be used to generate scorecards and trending reports for your review both internally and with the provider as required.
    • If attainment data shows that the service provider is meeting their SLA obligations, then the SLA is meeting your requirements and expectations. If on the other hand, attainment data shows that obligations are not being met, then actions must be taken to hold the service provider accountable. The most common method is through remedies that are typically in the form of a credit through a defined process (see Sec. 1.3). Any credits due for missed SLOs should also be tracked and reported to stakeholders and accounting for validation, reconciliation, and collection.

    3.2 Reporting

    Monitoring & Reporting

    • Many SLAs are silent on monitoring and reporting elements and require that the customer, if aware or able, to monitor the providers service levels and attainment and create their own KPI and reports. Then if SLOs are not met there is an arduous process that the customer must go through to request their rightful credit. This manual and reactive method creates all kinds of risk and cost to the customer and they should make all attempts to ensure that the service provider proactively provides SLO/KPI attainment reports on a regular basis.
    • Automated monitoring and reporting is a common task for many IT departments. There is no reason that a service provider can’t send reports proactively in a format that can be easily interpreted by the customer. The ideal state would be to capture KPI report data into a customer’s internal service provider scorecard.
    • Automated or automatic credit posting is another key element that service providers tend to ignore, primarily in hopes that the customer won’t request or go through the trouble of the process. This needs to change. Some large cloud vendors already have automated processes that automatically post a credit to your account if they miss an SLO. This proactive credit process should be at the top of your negotiation checklist. Service providers are avoiding thousands of credit dollars every year based on the design of their credit process. As more customers push back and negotiate more efficient credit processes, vendors will soon start to change and may use it as a differentiator with their service.

    3.2.1 Performance tracking and trending

    What gets measured gets done

    SLO Attainment Tracking

    A primary goal of proactive and automated reporting and credit process is to capture the provider’s attainment data into a tracker or vendor scorecard. These tracking scorecards can easily create status reports and performance trending of service providers, to IT leadership as well as feed QBR agenda content.

    Remedy Reconciliation

    Regardless of how a credit is processed it should be tracked and reconciled with internal stakeholders and accounting to ensure credits are duly applied or received from the provider and in a timely manner. Tracking and reconciliation must also align with your payment terms, whether monthly or annually.

    “While the adage, ‘You can't manage what you don't measure,’ continues to be true, the downside for organizations using metrics is that the provider will change their behavior to maximize their scores on performance benchmarks.” – Rob Lemos

    3.2.1 Activity SLA Tracker and Trending Tool

    1-2 hours setup

    Input

    • SLO metrics/KPIs from the SLA
    • Credit values associated with SLO

    Output

    • Monthly SLO attainment data
    • Credit tracking
    • SLO trending graphs

    Materials

    • Service provider SLO reports
    • Service provider SLA
    • SLO Tracker & Trending Tool

    Participants

    • Contract or vendor managers
    • Application or service managers
    • Service provider

    An important activity in the SLA management framework is to track the provider’s SLO attainment on a monthly or quarterly basis. In addition, if an SLO is missed, an associated credit needs to be tracked and captured. This activity allows you to capture the SLOs from the SLA and track them continually and provide data for trending and review at vendor performance meetings and executive updates.

    Instructions: Enter SLOs from the SLA as applicable.

    Each month, from the provider’s reports or dashboards, enter the SLO metric attainment.

    When an SLO is met, the cell will turn green. If the SLO is missed, the cell will turn red and a corresponding cell in the Credit Tracker will turn green, meaning that a credit needs to be reconciled.

    Use the Trending tab to view trending graphs of key service levels and SLOs.

    Download the SLO Tracker and Trending Tool

    3.3 Vendor SLA reviews and optimizing

    Regular reviews should be done with providers

    Collecting attainment data with scorecards or tracking tools provides summary information on the performance of the service provider to their SLA obligations. This information should be used for regular reviews both internally and with the provider.

    Regular attainment reviews should be used for:

    • Performance trending upward or downward
    • Identifying opportunities to revise or improve SLOs
    • Optimizing SLO and processes
    • Creating a Performance Improvement Plan (PIP) for the service provider

    Some organizations choose to review SLA performance with providers at regular QBRs or at specific SLA review meetings

    This should be determined based on the criticality, risk, and strategic importance of the provider’s service. Providers that provide essential services like ERP, payroll, CRM, HRIS, IaaS etc. should be reviewed much more regularly to ensure that any decline in service is identified early and addressed properly in accordance with the service provider. Negative trending performance should also be documented for consideration at renewal time.

    3.4 Performance management

    Dealing with persistent poor performance and termination

    Service providers that consistently miss key service level metrics or KPIs present financial and security risk to the organization. Poor performance of a service provider reflects directly on the IT leadership and will affect many other business aspects of the organization including:

    • Ability to conduct day-to-day business activities
    • Meet internal obligations and expectations
    • Employee productivity and satisfaction
    • Maintain corporate policies or industry compliance
    • Meet security requirements

    Communication is key. Poor performance of a service provider needs to be dealt with in a timely manner in order to avoid more critical impact of the poor performance. Actions taken with the provider can also vary depending again on the criticality, risk, and strategic importance of the provider’s service.

    Performance reviews should provide the actions required with the goal of:

    • Making the performance problems into opportunities
    • Working with the provider to create a PIP with aggressive timelines and ramifications if not attained
    • Non-renewal or termination consideration, if feasible including provider replacement options, risk, costs, etc.
    • SLA renegotiation or revisions
    • Warning notifications to the service provider with concise issues and ramifications

    To avoid the issues and challenges of dealing with chronic poor performance, consider a Persistent or Chronic Failure clause into the SLA contract language. These clauses can define chronic failure, scenarios, ramifications there of, and defined options for the client including increased credit values, non-monetary remedies, and termination options without liability.

    Info-Tech Insight

    It’s difficult to prevent chronic poor performance but you can certainly track it and deal with it in a way that reduces risk and cost to your organization.

    SLA Hall of Shame

    Crazy service provider SLA content collection

    • Excessive list of unreasonable exclusions
    • Subcontractors’ behavior could be excluded
    • Downtime credit, equal to downtime percent x the MRC
    • Controllable FM events (internal labor issues, health events)
    • Difficult downtime or credit calculations that don’t make sense
    • Credits are not valid if agreement is terminated early or not renewed
    • Customer is not current on their account, SLA or credits do not count/apply
    • Total downtime = to prorated credit value (down 3 hrs = 3/720hrs = 0.4% credit)
    • SLOs don’t apply if customer fails to report the issue or request a trouble ticket
    • Downtime during off hours (overnight) do not count towards availability metrics
    • Different availability commitments based on different support-levels packages
    • Extending the agreement term by the length of downtime as a form of a remedy

    SLA Dos and Don’ts

    Dos

    • Do negotiate SLOs to vendor’s average performance
    • Do strive for automated reporting and credit processes
    • Do right-size and create your SLO criteria based on risk mitigation
    • Do review SLA attainment results with strategic service providers on a regular basis
    • Do ensure that all key elements and components of an SLA are present in the document or appendix

    Don'ts

    • Don’t accept the providers response that “we can’t change the SLOs for you because then we’d have to change them for everyone”
    • Don’t leave SLA preparation to the last minute. Give it priority as you negotiate with the provider
    • Don’t create complex SLAs with numerous service levels and SLOs that need to be reported and managed
    • Don’t aim for absolute perfection. Rather, prioritize which service levels are most important to you for the service

    Summary of Accomplishment

    Problem Solved

    Knowledge Gained

    • Understanding of the elements and components of an SLA
    • A list of SLO metrics aligned to service types that meet your organization’s criteria
    • SLA metric/KPI templates
    • SLA Management process for your provider’s service objectives
    • Reporting and tracking process for performance trending

    Deliverables Completed

    • SLA component and contract element checklist
    • Evaluation or service provider SLAs
    • SLA templates for strategic service types
    • SLA tracker for strategic service providers

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Improve IT-Business Alignment Through an Internal SLA

    • Understand business requirements, clarify current capabilities, and enable strategies to close service-level gaps.

    Data center Co-location SLA & Service Definition Template

    • In essence, the SLA defines the “product” that is being purchased, permitting the provider to rationalize resources to best meet the needs of varied clients, and permits the buyer to ensure that business requirements are being met.

    Ensure Cloud Security in IaaS, PaaS, and SaaS Environments

    • Keep your information security risks manageable when leveraging the benefits of cloud computing.

    Bibliography

    Henderson, George. “3 Most Common Types of Service Level Agreement (SLA).” Master of Project Academy. N.d. Web.

    “Guide to Security Operations Metrics.” Logsign. Oct 5, 2020. Web.

    Lemos, Rob. “4 lessons from SOC metrics: What your SpecOps team needs to know.” TechBeacon. N.d. Web.

    “Measuring and Making the Most of Service Desk Metrics.” Freshworks. N.d. Web.

    Overby, Stephanie. “15 SLA Mistakes IT Leaders Still Make.” CIO. Jan 21, 2021.

    IT Metrics and Dashboards During a Pandemic

    • Buy Link or Shortcode: {j2store}118|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement

    The ways you measure success as a business are based on the typical business environment, but during a crisis like a pandemic, the business environment is rapidly changing or significantly different.

    • How do you assess the scope of the risk?
    • How do you quickly align your team to manage new risks?
    • How do you remain flexible enough to adapt to a rapidly changing situation?

    Our Advice

    Critical Insight

    Measure what you have the data for and focus on managing the impacts to your employees, customers, and suppliers. Be willing to make decisions based on imperfect data. Don’t forget to keep an eye on the long-term objectives and remember that how you act now can reflect on your business for years to come.

    Impact and Result

    Use Info-Tech’s approach to:

    • Quickly assess the risk and identify critical items to manage.
    • Communicate what your decisions are based on so teams can either quickly align or challenge conclusions made from the data.
    • Quickly adjust your measures based on new information or changing circumstances.
    • Use the tools you already have and keep it simple.

    IT Metrics and Dashboards During a Pandemic Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to develop your temporary crisis dashboard.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Consider your organizational goals

    Identify the short-term goals for your organization and reconsider your long-term objectives.

    • Crisis Temporary Measures Dashboard Tool

    2. Build a temporary data collection and dashboard method

    Determine your tool for data collection and your data requirements and collect initial data.

    3. Implement a cadence for review and action

    Determine the appropriate cadence for reviewing the dashboard and action planning.

    [infographic]

    Explore the Secrets of IBM Software Contracts to Optimize Spend and Reduce Compliance Risk

    • Buy Link or Shortcode: {j2store}141|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • IBM customers want to make effective use of their paid-up licenses to avoid overspending and stay compliant with agreements.
    • Each IBM software product is subject to different rules.
    • Clients control and have responsibility for aligning usage and payments. Over time, the usage of the software may be out of sync with what the client has paid for, resulting in either overspending or violation of the licensing agreement.
    • IBM audits software usage in order to generate revenue from non-compliant customers.

    Our Advice

    Critical Insight

    • You have a lot of work to do if you haven’t been paying attention to your IBM software.
    • Focus on needs first. Conduct and document a thorough requirements assessment. Well-documented needs will be your core asset in negotiation.
    • Know what’s in IBM’s terms and conditions. Failure to understand these can lead to major penalties after an audit.
    • Review your agreements and entitlements quarterly. IBM may have changed the rules, and you have almost certainly changed your usage.

    Impact and Result

    • Establish clear licensing requirements.
    • Maintain an effective process for managing your IBM license usage and compliance.
    • Identify any cost-reduction opportunities.
    • Prepare for penalty-free IBM audits.

    Explore the Secrets of IBM Software Contracts to Optimize Spend and Reduce Compliance Risk Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why you need to invest effort in managing usage and licensing of your IBM software.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review terms and conditions for your IT contract

    Use Info-Tech’s licensing best practices to avoid the common mistakes of overspending on IBM licensing or failing an IBM audit.

    • IBM Passport Advantage Software RFQ Template
    • IBM 3-Year Bundled Price Analysis Tool
    [infographic]

    Mandate Data Valuation Before It’s Mandated

    • Buy Link or Shortcode: {j2store}121|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $25,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Data can be valuable if used properly or dangerous when mishandled.
    • The organization needs to understand the value of their data before they can establish proper data management practice.
    • Data is not considered a capital asset unless there is a financial transaction (e.g. buying or selling data assets).
    • Data valuation is not easy, and it costs money to collect, store, and maintain data.

    Our Advice

    Critical Insight

    • Data always outlives people, processes, and technology. They all come and go, while data remains.
    • Oil is a limited resource, data is not. Contrary to oil, data is likely to grow over time.
    • Data is likely to outlast all other current popular financial instruments including currency, assets, or commodities.
    • Data is used internally and externally and can easily be replicated or combined.
    • Data is beyond currency, assets, or commodities and needs to be a category of its own.

    Impact and Result

    • Every organization must calculate the value of their data. This will enable organizations to become truly data-driven.
    • Too much time has been spent arguing different methods of valuation. An organization must settle on valuation that is acceptable to all its stakeholders.
    • Align data governance and data management to data valuation. Often organizations struggle to justify data initiatives due to lack of visibility in data valuation.
    • Establish appropriate roles and responsibilities and ensure alignment to a common set of goals as a foundation to get the most accurate future data valuation for your organization.
    • Assess organization data assets and implementation roadmap that considers the necessary competencies and capabilities and their dependencies in moving towards the higher maturity of data assets.

    Mandate Data Valuation Before It’s Mandated Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the value associated with the organization's data. Review Info-Tech’s methodology for assessing data value and justifying your data initiatives with a value proposition.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Demystify data valuation

    Understand the benefits of data valuation.

    • Mandate Data Valuation Before It’s Mandated – Phase 1: Demystify Data Valuation

    2. Data value chain

    Learn about the data value chain framework and preview the step-by-step guide to start collecting data sources.

    • Mandate Data Valuation Before It’s Mandated – Phase 2: Data Value Chain

    3. Data value assessment

    Mature your data valuation by putting in the valuation dimensions and metrics. Establish documented results that can be leveraged to demonstrate value in your data assets.

    • Mandate Data Valuation Before It’s Mandated – Phase 3: Data Value Assessment
    [infographic]

    Workshop: Mandate Data Valuation Before It’s Mandated

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Value of Data Valuation

    The Purpose

    Explain data valuation approach and value proposition.

    Key Benefits Achieved

    A clear understanding and case for data valuation.

    Activities

    1.1 Review common business data sources and how the organization will benefit from data valuation assessment.

    1.2 Understand Info-Tech’s data valuation framework.

    Outputs

    Organization data valuation priorities

    2 Capture Organization Data Value Chain

    The Purpose

    Capture data sources and data collection methods.

    Key Benefits Achieved

    A clear understanding of the data value chain.

    Activities

    2.1 Assess data sources and data collection methods.

    2.2 Understand key insights and value proposition.

    2.3 Capture data value chain.

    Outputs

    Data Valuation Tool

    3 Data Valuation Framework

    The Purpose

    Leverage the data valuation framework.

    Key Benefits Achieved

    Capture key data valuation dimensions and align with data value chain.

    Activities

    3.1 Introduce data valuation framework.

    3.2 Discuss key data valuation dimensions.

    3.3 Align data value dimension to data value chain.

    Outputs

    Data Valuation Tool

    4 Plan for Continuous Improvement

    The Purpose

    Improve organization’s data value.

    Key Benefits Achieved

    Continue to improve data value.

    Activities

    4.1 Capture data valuation metrics.

    4.2 Define data valuation for continuous monitoring.

    4.3 Create a communication plan.

    4.4 Define a plan for continuous improvements.

    Outputs

    Data valuation metrics

    Data Valuation Communication Plan

    Cost-Reduction Planning for IT Vendors

    • Buy Link or Shortcode: {j2store}73|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $12,733 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Unprecedented health and economic conditions are putting extreme pressure and controls on expense management.
    • IT needs to implement proactive measures to reduce costs with immediate results.
    • IT must sustain these reductions beyond the near term since no one knows how long the current conditions will last.

    Our Advice

    Critical Insight

    • Proactively initiating a “War on Waste” (WoW) to reduce the expenses and costs in areas that do not impact operational capabilities of IT is an easy way to reduce IT expenditures.
    • This is accomplished by following the principle “Stop Doing Stupid Stuff” (SDSS), which many organizations deemphasize or overlook during times of growth and prosperity.
    • Initiating a WoW and SDSS program with passion, creativity, and urgency will deliver short-term cost reductions.

    Impact and Result

    • Pinpoint and implement tactical countermeasures and savings opportunities to reduce costs immediately (Reactive: <3 months).
    • Identify and deploy proven practices to capture and sustain expense reduction throughout the mid-term (Proactive: 3-12months).
    • Create a long-term strategy to improve flexibility, make changes more swiftly, and quickly generate cost-cutting opportunities (Strategic: >12 months).
    • Use Info-Tech’s 4 R’s Framework (Required, Removed, Rescheduled, and Reduced) and guiding principles to develop your cost-reduction roadmap.

    Cost-Reduction Planning for IT Vendors Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here – read the Storyboard

    Read our concise Executive Brief to find out how you can reduce your IT cost in the short term while establishing a foundation for long-term sustainment of IT cost containment.

    • Cost-Reduction Planning for IT Vendors Storyboard
    • Cost-Cutting Classification and Prioritization Tool
    [infographic]

    IBM i Migration Considerations

    • Buy Link or Shortcode: {j2store}109|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    IBM i remains a vital platform and now many CIOs, CTOs, and IT leaders are faced with the same IBM i challenges regardless of industry focus: how do you evaluate the future viability of this platform, assess the future fit and purpose, develop strategies, and determine the future of this platform for your organization?

    Our Advice

    Critical Insight

    For organizations that are struggling with the iSeries/IBM i platform, resourcing challenges are typically the culprit. An aging population of RPG programmers and system administrators means organizations need to be more pro-active in maintaining in-house expertise. Migrating off the iSeries/IBM i platform is a difficult option for most organizations due to complexity, switching costs in the short term, and a higher long-term TCO.

    Impact and Result

    The most common tactic is for the organization to better understand their IBM i options and adopt some level of outsourcing for the non-commodity platform retaining the application support/development in-house. To make the evident, obvious; the options here for the non-commodity are not as broad as with commodity server platforms. Options include co-location, onsite outsourcing, managed and public cloud services.

    IBM i Migration Considerations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. IBM i Migration Considerations – A brief deck that outlines key migration options for the IBM i platforms.

    This project will help you evaluate the future viability of this platform; assess the fit, purpose, and price; develop strategies for overcoming potential challenges; and determine the future of this platform for your organization.

    • IBM i Migration Considerations Storyboard

    2. Infrastructure Outsourcing IBM i Scoring Tool – A tool to collect vendor responses and score each vendor.

    Use this scoring sheet to help you define and evaluate IBM i vendor responses.

    • Infrastructure Outsourcing IBM i Scoring Tool
    [infographic]

    Further reading

    IBM i Migration Considerations

    Don’t be overwhelmed by IBM i migration options.

    Executive Summary

    Your Challenge

    IBM i remains a vital platform and now many CIO, CTO, and IT leaders are faced with the same IBM i challenges regardless of industry focus; how do you evaluate the future viability of this platform, assess the future fit and purpose, develop strategies, and determine the future of this platform for your organization?

    Common Obstacles

    For organizations that are struggling with the iSeries/IBM i platform, resourcing challenges are typically the culprit. An aging population of RPG programmers and system administrators means organizations need to be more proactive in maintaining in-house expertise. Migrating off the iSeries/IBM i platform is a difficult option for most organizations due to complexity, switching costs in the short term, and a higher long-term TCO.

    Info-Tech Approach

    The most common tactic is for the organization to better understand its IBM i options and adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house. To make the evident, obvious: the options here for the non-commodity are not as broad as with commodity server platforms. Options include co-location, onsite outsourcing, managed hosting, and public cloud services.

    Info-Tech Insight

    “For over twenty years, IBM was ‘king,’ dominating the large computer market. By the 1980s, the world had woken up to the fact that the IBM mainframe was expensive and difficult, taking a long time and a lot of work to get anything done. Eager for a new solution, tech professionals turned to the brave new concept of distributed systems for a more efficient alternative. On June 21, 1988, IBM announced the launch of the AS/400, their answer to distributed computing.” (Dale Perkins)

    Review

    We help IT leaders make the most of their IBM i environment.

    Problem Statement:

    The IBM i remains a vital platform for many businesses and continues to deliver exceptional reliability and performance and play a key role in the enterprise. With the limited resources at hand, CIOs and the like must continually review and understand their migration path with the same regard as any other distributed system roadmap.

    This research is designed for:

    • IT strategic direction decision makers
    • IT managers responsible for an existing iSeries or IBM i platform
    • Organizations evaluating platforms for mission-critical applications

    This research will help you:

    1. Evaluate the future viability of this platform.
    2. Assess the fit, purpose, and price.
    3. Develop strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    The “fit for purpose” plot

    Thought Model

    We will investigate the aspect of different IBM i scenarios as they impact business, what that means, and how that can guide the questions that you are asking as you move to an aligned IBM i IT strategy. Our model considers:

    • Importance to Business Outcomes
      • Important to strategic objectives
      • Provides competitive advantage
      • Non-commodity IT service or process
      • Specialized in-house knowledge required
    • Vendor’s Performance Advantage
      • Talent or access to skills
      • Economies of scale or lower cost at scale
      • Access to technology

    Info-Tech Insights

    With multiple control points to be addressed, care must be taken in simplifying your options while addressing all concerns to ease operational load.

    Map different 'IBM i' scenarios with axes 'Importance to Business Outcomes - Low to High' and 'Vendor’s Performance Advantage - Low to High'. Quadrant labels are '[LI/LA] Potentially Outsource: Service management, Help desk, desk-side support, Asset management', '[LI/HA] Outsource: Application & Infra Support, Web Hosting, SAP Support, Email Services, Infrastructure', '[HI/LA] Insource (For Now): Application development tech support', and '[HI/HA] Potentially Outsource: Onshore or offshore application maintenance'.

    IBM i environments are challenging

    “The IBM i Reality” – Darin Stahl

    Most members relying on business applications/workloads running on non-commodity platforms (zSeries, IBM i, Solaris, AIX, etc.) are first motivated to get out from under the perceived higher costs for the hardware platform.

    An additional challenge for non-commodity platforms is that from an IT Operations Management perspective they become an island with a diminishing number of integrated operations skills and solutions such as backup/restore and monitoring tools.

    The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support and development in-house.

    Key challenges with current IBM i environments:
    1. DR Requirements
      Understand what the business needs are and where users and resources are located.
    2. Market Lack of Expertise
      Skilled team members are hard to find.
    3. Cost Management
      There is a perceived cost disadvantage to managing on-prem solutions.
    4. Aging Support Teams
      Current support teams are aging with little backfill in skill and experience.

    Understand your options

    Co-Location

    A customer transitions their hardware environment to a provider’s data center. The provider can then manage the hardware and “system.”

    Onsite Outsourcing

    A provider will support the hardware/system environment at the client’s site.

    Managed Hosting

    A customer transitions their legacy application environment to an off-prem hosted, multi-tenanted environment.

    Public Cloud

    A customer can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings “re-host.”

    Co-Location

    Provider manages the data center hardware environment.

    Abstract

    Here a provider manages the system data center environment and hardware; however, the client’s in-house IBM i team manages the IBM i hardware environment and the system applications. The client manages all of the licenses associated with the platform as well as the hardware asset management considerations. This is typically part of a larger services or application transformation. This effectively outsources the data center management while maintaining all IBM i technical operations in-house.

    Advantages

    • On-demand bandwidth
    • Cost effective
    • Secure and compliant environment
    • On-demand remote “hands and feet” services
    • Improved IT DR services
    • Data center compliance

    Considerations

    • Application transformation
    • CapEx cost
    • Fluctuating network bandwidth costs
    • Secure connectivity
    • Disaster recovery and availability of vendor
    • Company IT DR and BC planning
    • Remote system maintenance (HW)

    Info-Tech Insights

    This model is extremely attractive for organizations looking to reduce their data center management footprint. Idea for the SMB.

    Onsite Sourcing

    A provider will support the hardware/system environment at the client’s site.

    Abstract

    Here a provider will support and manage the hardware/system environment at the client’s site. The provider may acquire the customer’s hardware and provide software licenses. This could also include hiring or “rebadging” staff supporting the platform. This type of arrangement is typically part of a larger services or application transformation. While low risk, it is not as cost-effective as other deployment models.

    Advantages

    • Managed environment within company premises
    • Cost effective (OpEx expense)
    • Economies of scale
    • On-demand “as-a-service” model
    • Improved IT DR staffing services
    • 24x7 monitoring and support

    Considerations

    • Outsourced IT talent
    • Terms and contract conditions
    • IT staff attrition
    • Increased liability
    • Modified technical support and engagement
    • Secure connectivity and communication
    • Internal problem and change management

    Info-Tech Insights

    Depending on the application lifecycle and viability, in-house skill and technical depth is a key consideration when developing your IBM i strategy.

    Managed Hosting

    Transition legacy application environment to an off-prem hosted multi-tenanted environment.

    Abstract

    This type of arrangement is typically part of an application migration or transformation. In this model, a client can “re-platform” the application into an off-premises-hosted provider platform. This would yield many of the cloud benefits however in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.

    Advantages

    • Turns CapEx into OpEx
    • Reduces in-house need for diminishing or scarce human resources
    • Allows the enterprise to focus on the value of the IBM i platform through the reduction of system administrative toil
    • Improved IT DR services
    • Data center compliance

    Considerations

    • Application transformation
    • Network bandwidth
    • Contract terms and conditions
    • Modified technical support and engagement
    • Secure connectivity and communication
    • Technical security and compliance
    • Limited providers; reduced options

    Info-Tech Insights

    There is a difference between a “re-host” and “re-platform” migration strategy. Determine which solution aligns to the application requirements.

    Public Cloud

    Leverage “public cloud” alternatives with AWS, Google, or Microsoft AZURE.

    Abstract

    This type of arrangement is typically part of a larger migration or application transformation. While low risk, it is not as cost-effective as other deployment models. In this model, client can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings “re-host.” This would yield many of the cloud benefits however in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux).

    Advantages

    • Remote workforce accessibility
    • OpEx expense model
    • Improved IT DR services
    • Reduced infrastructure and system administration
    • Vendor management
    • 24x7 monitoring and support

    Considerations

    • Contract terms and conditions
    • Modified technical support and engagement
    • Secure connectivity and communication
    • Technical security and compliance
    • Limited providers; reduced options
    • Vendor/cloud lock-in
    • Application migration/”re-platform”
    • Application and system performance

    Info-Tech Insights

    This model is extremely attractive for organizations that consume primarily cloud services and have a large remote workforce.

    Understand your vendors

    • To best understand your options, you need to understand what IBM i services are provided by the industry vendors.
    • Within the following slides, you will find a defined activity with a working template that will create “vendor profiles” for each vendor.
    • As a working example, you can review the following partners:
    • Connectria (United States)
    • Rowton IT Solutions Ltd (United Kingdom)
    • Mid-Range (Canada)

    Info-Tech Insights

    Creating vendor profiles will help quickly filter the solution providers that directly meet your IBM i needs.

    Vendor Profile #1

    Rowton IT

    Summary of Vendor

    “Rowton IT thrive on creating robust and simple solutions to today's complex IT problems. We have a highly skilled and motivated workforce that will guarantee the right solution.

    Working with select business partners, we can offer competitive and cost effective packages tailored to suit your budget and/or business requirements.

    Our knowledge and experience cover vast areas of IT including technical design, provision and installation of hardware (Wintel and IBM Midrange), technical engineering services, support services, IT project management, application testing, documentation and training.”

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✖ Co-Location Services
    • ✔ Public Cloud Services (AWS)

    URL
    rowtonit.com

    Regional Coverage:
    United Kingdom

    Logo for RowtonIT.com.

    Vendor Profile #2

    Connectria

    Summary of Vendor

    “Every journey starts with a single step and for Connectria, that step happened to be with the world’s largest bank, Deutsche Bank. Followed quickly by our second client, IBM. Since then, we have added over 1,000 clients worldwide. For 25 years, each customer, large or small, has relied on Connectria to deliver on promises made to make it easy to do business with us through flexible terms, scalable solutions, and straightforward pricing. Join us on our journey.”

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✔ Co-Location Services
    • ✔ Public Cloud Services (AWS)

    URL
    connectria.com

    Regional Coverage:
    United States

    Logo for Connectria.

    Vendor Profile #3

    Mid-Range

    Summary of Vendor

    “Founded in 1988 and profitable throughout all of those 31 years, we have a solid track record of success. At Mid-Range, we use our expertise to assess your unique needs, in order to proactively develop the most effective IT solution for your requirements. Our full-service approach to technology and our diverse and in-depth industry expertise keep our clients coming back year after year.

    Serving clients across North America in a variety of industries, from small and emerging organizations to large, established enterprises – we’ve seen it all. Whether you need hardware or software solutions, disaster recovery and high availability, managed services or hosting or full ERP services with our JD Edwards offerings – we have the methods and expertise to help.”

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✔ Co-Location Services
    • ✔ Public Cloud Services (AWS)

    URL
    midrange.ca

    Regional Coverage:
    Canada

    Logo for Mid-Range.

    Activity

    Understand your vendor options

    Activities:
    1. Create your vendor profiles
    2. Score vendor responses
    3. Develop and manage your vendor agenda

    This activity involves the following participants:

    • IT strategic direction decision makers
    • IT managers responsible for an existing iSeries or IBM i platform

    Outcomes of this step:

    • Vendor Profile Template
    • Completed IT Infrastructure Outsourcing Scoring Tool

    Info-Tech Insights

    This check-point process creates transparency around agreement costs with the business and gives the business an opportunity to re-evaluate its requirements for a potentially leaner agreement.

    1. Create your vendor profiles

    Define what you are looking for:

    • Create a vendor profile for every vendor of interest.
    • Leverage our starting list and template to track and record the advantages of each vendor.

    Mindshift

    First National Technology Solutions

    Key Information Systems

    MainLine

    Direct Systems Support

    T-Systems

    Horizon Computer Solutions Inc.

    Vendor Profile Template

    [Vendor Name]

    Summary of Vendor

    [Vendor Summary]
    *Detail the Vendor Services as a Summary*

    IBM i Services

    • ✔ IBM Power Hardware Sales
    • ✔ Co-Managed Services
    • ✔ DR/High Available Config
    • ✔ Full Managed Services
    • ✔ Co-Location Services
    • ✔ Public Cloud Services (AWS)
    *Itemize the Vendor Services specific to your requirements*

    URL
    https://www.url.com/
    *Insert the Vendor URL*

    Regional Coverage:
    [Country\Region]
    *Insert the Vendor Coverage & Locations*

    *Insert the Vendor Logo*

    2. Score your vendor responses

    Use the IT Infrastructure Outsourcing Scoring Tool to manage vendor responses.
    Use Info-Tech’s IT Infrastructure Outsourcing Scoring Tool to systematically score your vendor responses.

    The overall quality of the IBM i questions can help you understand what it might be like to work with the vendor.

    Consider the following questions:

    • Is the vendor clear about what it’s able to offer? Is its response transparent?
    • How much effort did the vendor put into answering the questions?
    • Does the vendor seem like someone you would want to work with?

    Once you have the vendor responses, you will select two or three vendors to continue assessing in more depth leading to an eventual final selection.

    Screenshot of the IT Infrastructure Outsourcing Scoring Tool's Scoring Sheet. There are three tables: 'Scoring Scale', 'Results', and one with 'RFP Questions'. Note on Results table says 'Top Scoring Vendors', and note on questions table says 'List your IBM i questions (requirements)'.

    Info-Tech Insights

    Watch out for misleading scores that result from poorly designed criteria weightings.

    3. Develop your vendor agenda

    Vendor Conference Call

    Develop an agenda for the conference call. Here is a sample agenda:
    • Review the vendor questions.
    • Go over answers to written vendor questions previously submitted.
    • Address new vendor questions.

    Commonly Debated Question:
    Should vendors be asked to remain anonymous on the call or should each vendor mention their organization when they join the call?

    Many organizations worry that if vendors can identify each other, they will price fix. However, price fixing is extremely rare due to its consequences and most vendors likely have a good idea which other vendors are participating in the bid. Another thought is that revealing vendors could either result in a higher level of competition or cause some vendors to give up:

    • A vendor that hears its rival is also bidding may increase the competitiveness of its bid and response.
    • A vendor that feels it doesn’t have a chance may put less effort into the process.
    • A vendor that feels it doesn’t have real competition may submit a less competitive or detailed response than it otherwise would have.

    Vendor Workshop

    A vendor workshop day is an interactive way to provide context to your vendors and to better understand the vendors’ offerings. The virtual or in-person interaction also offers a great way to understand what it’s like to work with each vendor and decide whether you could build a partnership with them in the long run.

    The main focus of the workshop is the vendors’ service solution presentation. Here is a sample agenda for a two-day workshop:

    Day 1
    • Meet and greet
    • Welcome presentation with objectives, acquisition strategy, and company overview
    • Overview of the current IT environment, technologies, and company expectations
    • Question and answer session
    • Site walk
    Day 2
    • Review Day 1 activities
    • Vendor presentations and solution framing
    Use the IT Infrastructure Outsourcing Scoring Tool to manage vendor responses.

    Related Info-Tech Research

    Effectively Acquire Infrastructure Services
    Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

    Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery
    There are very few IT infrastructure components you should be housing internally – outsource everything else.

    Build Your Infrastructure Roadmap
    Move beyond alignment: Put yourself in the driver’s seat for true business value.

    Define Your Cloud Vision
    Make the most of cloud for your organization.

    Document Your Cloud Strategy
    Drive consensus by outlining how your organization will use the cloud.

    Create a Right-Sized Disaster Recovery Plan
    Close the gap between your DR capabilities and service continuity requirements.

    Create a Better RFP Process
    Improve your RFPs to gain leverage and get better results.

    Research Authors

    Photo of Darin Stahl, Principal Research Advisor, Info-Tech Research Group.Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Principal Research Advisor within the Infrastructure Practice and leveraging 38+ years of experience, his areas of focus include: IT Operations Management, Service Desk, Infrastructure Outsourcing, Managed Services, Cloud Infrastructure, DRP/BCP, Printer Management, Managed Print Services, Application Performance Monitoring (APM), Managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

    Photo of Troy Cheeseman, Practice Lead, Info-Tech Research Group.Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy has over 24 years of experience and has championed large, enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT Operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) start-ups.

    Research Contributors

    Photo of Dan Duffy, President & Owner, Mid-Range.Dan Duffy, President & Owner, Mid-Range

    Dan Duffy is the President and Founder of Mid-Range Computer Group Inc., an IBM Platinum Business Partner. Dan and his team have been providing the Canadian and American IBM Power market with IBM infrastructure solutions including private cloud, hosting and disaster recovery, high availability and data center services since 1988. He has served on numerous boards and associations including the Toronto Users Group for Mid-Range Systems (TUG), the IBM Business Partners of the Americas Advisory Council, the Cornell Club of Toronto, and the Notre Dame Club of Toronto. Dan holds a Bachelor of Science from Cornell University.

    Photo of George Goodall, Executive Advisor, Info-Tech Research Group.George Goodall, Executive Advisor, Info-Tech Research Group

    George Goodall is an Executive Advisor in the Research Executive Services practice at Info-Tech Research Group. George has over 20 years of experience in IT consulting, enterprise software sales, project management, and workshop delivery. His primary focus is the unique challenges and opportunities in organizations with small and constrained IT operations. In his long tenure at Info-Tech, George has covered diverse topics including voice communications, storage, and strategy and governance.

    Bibliography

    “Companies using IBM i (formerly known as i5/OS).” Enlyft, 21 July 2021. Web.

    Connor, Clare. “IBM i and Meeting the Challenges of Modernization.” Ensono, 22 Mar. 2022. Web.

    Huntington, Tom. “60+ IBM i User Groups and Communities to Join?” HelpSystems, 16 Dec. 2021. Web.

    Perkins, Dale. “The Road to Power Cloud: June 21st 1988 to now. The Journey Continues.” Mid-Range, 1 Nov. 2021. Web.

    Prickett Morgan, Timothy. “How IBM STACKS UP POWER8 AGAINST XEON SERVERS.” The Next Platform, 13 Oct. 2015. Web.

    “Why is AS/400 still used? Four reasons to stick with a classic.” NTT, 21 July 2016. Web.

    Appendix

    Public Cloud Provider Notes

    Appendix –
    Cloud
    Providers


    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    AWS

    Appendix –
    Cloud
    Providers



    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    Google

    • Google Cloud console supports IBM Power Systems.
    • This offering provides cloud instances running on IBM Power Systems servers with PowerVM.
    • The service uses a per-day prorated monthly subscription model for cloud instance plans with different capacities of compute, memory, storage, and network. Standard plans are listed below and custom plans are possible.
    • There is no IBM i offering yet that we are aware of.
    • For AIX on Power, this would appear to be a better option than AWS (Converge Enterprise Cloud with IBM Power for Google Cloud).

    Appendix –
    Cloud
    Providers



    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    Azure

    • Azure has partners using the Azure Dedicated Host offerings to deliver “native support for IBM POWER Systems to Azure data centres” (PowerWire).
    • Microsoft has installed Power servers in an couple Azure data centers and Skytap manages the IBM i, AIX, and Linux environments for clients.
    • As far as I am aware there is no ability to install IBM i or AIX within an Azure Dedicated Host via the retail interfaces – these must be worked through a partner like Skytap.
    • The cloud route for IBM i or AIX might be the easiest working with Skytap and Azure. This would appear to be a better option than AWS in my opinion.

    Appendix –
    Cloud
    Providers



    “IBM Power (IBM i and AIX) workloads are also available in the so-called ‘cloud.’” (Darin Stahl)

    IBM

    Develop a Project Portfolio Management Strategy

    • Buy Link or Shortcode: {j2store}331|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $111,064 Average $ Saved
    • member rating average days saved: 33 Average Days Saved
    • Parent Category Name: Project Management Office
    • Parent Category Link: /project-management-office
    • As an IT leader, you oversee a project environment in which the organizational demand for new products, services, and enhancements far outweighs IT’s resource capacity to adequately deliver on everything.
    • As a result, project throughput suffers. IT starts a lot of projects, but has constant difficulties delivering the bulk of them on time, on budget, in scope, and of high quality. What’s more, many of the projects that consume IT’s time are of questionable value to the business.
    • You need a project portfolio management (PPM) strategy to help bring order to IT’s project activity. With the right PPM strategy, you can ensure that you’re driving the throughput of the best projects and maximizing stakeholder satisfaction with IT.

    Our Advice

    Critical Insight

    • IT leaders commonly conflate PPM and project management, falsely believing that they already have a PPM strategy via their project management playbook. While the tactical focus of project management can help ensure that individual projects are effectively planned, executed, and closed, it is no supplement for the insight into “the big picture” that a PPM strategy can provide.
    • Many organizations falter at PPM by mistaking a set of processes for a strategy. While processes are no doubt important, without an end in mind – such as that provided by a deliberate strategy – they inevitably devolve into inertia or confusion.
    • Executive layer buy-in is a critical prerequisite for the success of a PPM strategy. Without it, any efforts to reconcile supply and demand, and improve the strategic value of IT’s project activity, could be quashed by irresponsible, non-compliant stakeholders.

    Impact and Result

    • Manage the portfolio as more than just the sum of its parts. Create a coherent strategy to maximize the sum of values that projects deliver as a whole – as a project portfolio, rather than a collection of individual projects.
    • Get to value early. Info-Tech’s methodology tackles one of PPM’s most pressing challenges upfront by helping you to articulate a strategy and get executive buy-in for it before you define your process goals. When senior management understands why a PPM strategy is necessary and of value to them, the path to implementation is much more stable.
    • Create PPM processes you can sustain. Translate your PPM strategy into specific, tangible near-term and long-term goals, which are realized through a suite of project portfolio management processes tailored to your organization and its culture.

    Develop a Project Portfolio Management Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a project portfolio management strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop a Project Portfolio Management Strategy – Executive Brief
    • Develop a Project Portfolio Management Strategy – Phases 1-3

    1. Get executive buy-in for your PPM strategy

    Choose the right PPM strategy for your organization and get executive buy-in before you start to set PPM process goals.

    • Develop a Project Portfolio Management Strategy – Phase 1: Get Executive Buy-In for Your PPM Strategy
    • PPM High-Level Supply-Demand Calculator
    • PPM Strategic Plan Template
    • PPM Strategy-Process Goals Translation Matrix Template

    2. Align PPM processes to your strategic goals

    Use the advice and tools in this phase to align the PPM processes that make up the infrastructure around projects with your new PPM strategy.

    • Develop a Project Portfolio Management Strategy – Phase 2: Align PPM Processes to Your Strategic Goals
    • PPM Strategy Development Tool

    3. Complete your PPM strategic plan

    Refine your PPM strategic plan with inputs from the previous phases by adding a cost-benefit analysis and PPM tool recommendation.

    • Develop a Project Portfolio Management Strategy – Phase 3: Complete Your PPM Strategic Plan
    • Project Portfolio Analyst / PMO Analyst
    [infographic]

    Workshop: Develop a Project Portfolio Management Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Get Executive Buy-In for Your PPM Strategy

    The Purpose

    Choose the right PPM strategy for your organization and ensure executive buy-in.

    Set process goals to address PPM strategic expectations and steer the PPM strategic plan.

    Key Benefits Achieved

    A right-sized PPM strategy complete with executive buy-in for it.

    A prioritized list of PPM process goals.

    Activities

    1.1 Assess leadership mandate.

    1.2 Determine potential resource capacity.

    1.3 Create a project inventory.

    1.4 Prepare to communicate your PPM strategy to key stakeholders.

    1.5 Translate each strategic goal into process goals.

    1.6 Set metrics and preliminary targets for PPM process goals.

    Outputs

    Choice of PPM strategy and the leadership mandate

    Analysis of current project capacity

    Analysis of current project demand

    PPM Strategic Plan – Executive Brief

    PPM strategy-aligned process goals

    Metrics and long-term targets for PPM process goals

    2 Align PPM Processes to Your Strategic Goals

    The Purpose

    Examine your current-state PPM processes and create a high-level description of the target-state process for each of the five PPM processes within Info-Tech’s PPM framework.

    Build a sound business case for implementing the new PPM strategy by documenting roles and responsibilities for key PPM activities as well as the time costs associated with them.

    Key Benefits Achieved

    Near-term and long-term goals as well as an organizationally specific wireframe for your PPM processes.

    Time cost assumptions for your proposed processes to ensure sustainability.

    Activities

    2.1 Develop and refine the project intake, prioritization, and approval process.

    2.2 Develop and refine the resource management process.

    2.3 Develop and refine the portfolio reporting process.

    2.4 Develop and refine the project closure process

    2.5 Develop and refine the benefits realization process.

    Outputs

    Process capability level

    Current-state PPM process description

    Retrospective examination of the current-state PPM process

    Action items to achieve the target states

    Time cost of the process at current and target states

    3 Complete Your PPM Strategic Plan

    The Purpose

    Perform a PPM tool analysis in order to determine the right tool to support your processes.

    Estimate the total cost-in-use of managing the project portfolio, as well as the estimated benefits of an optimized PPM strategy.

    Key Benefits Achieved

    A right-sized tool selection to help support your PPM strategy.

    A PPM strategy cost-benefit analysis.

    Activities

    3.1 Right-size the PPM tools for your processes.

    3.2 Conduct a cost-benefit analysis of implementing the new PPM strategy.

    3.3 Define roles and responsibilities for the new processes.

    3.4 Refine and consolidate the near-term action items into a cohesive plan.

    Outputs

    Recommendation for a PPM tool

    Cost-benefit analysis

    Roles and responsibilities matrix for each PPM process

    An implementation timeline for your PPM strategy

    Further reading

    Develop a Project Portfolio Management Strategy

    Drive IT project throughput by throttling resource capacity.

    Analyst Perspective

    “Tactics without strategy is the noise before defeat.” – Sun Tzŭ

    "Organizations typically come to project portfolio management (PPM) with at least one of two misconceptions: (1) that PPM is synonymous with project management and (2) that a collection of PPM processes constitutes a PPM strategy.

    Both foundations are faulty: project management and PPM are separate disciplines with distinct goals and processes, and a set of processes do not comprise a strategy – they should flow from a strategy, not precede one. When built upon these foundations, the benefits of PPM go unrealized, as the means (i.e. project and portfolio processes) commonly eclipse the ends of a PPM strategy – e.g. a portfolio better aligned with business goals, improved project throughput, increased stakeholder satisfaction, and so on.

    Start with the end in mind: articulate a PPM strategy that is truly project portfolio in nature, i.e. focused on the whole portfolio and not just the individual parts. Then, let your PPM strategy guide your process goals and help to drive successful outcomes, project after project." (Barry Cousins, Senior Director of Research, PMO Practice, Info-Tech Research Group)

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs who want to maximize IT’s fulfillment of both business strategic goals and operational needs.
    • CIOs who want to better manage the business and project sponsors’ expectations and satisfaction.
    • CIOs, PMO directors, and portfolio managers who want a strategy to set the best projects for the highest chance of success.

    This Research Will Help You:

    • Get C-level buy-in on a strategy for managing the project portfolio and clarify their expectations on how it should be managed.
    • Draft strategy-aligned, high-level project portfolio management process description.
    • Put together a strategic plan for improving PPM processes to reclaim wasted project capacity and increase business satisfaction of IT.

    This Research Will Also Assist:

    • Steering committee and C-suite management who want to maximize IT’s value to business.
    • Project sponsors who seek clarity and fairness on pushing their projects through a myriad of priorities and objectives.
    • CIOs, PMO directors, and portfolio managers who want to enable data-driven decisions from the portfolio owners.

    This Research Will Help Them:

    • Optimize IT’s added value to the business through project delivery.
    • Provide clarity on how IT’s project portfolio should be managed and the expectations for its management.
    • Improve project portfolio visibility by making trustworthy project portfolio data available, with which to steer the portfolio.

    Executive Summary

    Situation

    • As CIO, there are too many projects and not enough resource capacity to deliver projects on time, on budget, and in scope with high quality.
    • Prioritizing projects against one another is difficult in the face of conflicting priorities and agenda; therefore, projects with dubious value/benefits consume resource capacity.

    Complication

    • Not all IT projects carry a direct value to business; IT is accountable for keeping the lights on and it consumes a significant amount of resources.
    • Business and project sponsors approve projects without considering the scarcity of resource capacity and are frustrated when the projects fail to deliver or linger in the backlog.

    Resolution

    • Create a coherent strategy to maximize the total value that projects deliver as a whole portfolio, rather than a collection of individual projects.
    • Ensure that the steering committee or senior executive layer buys into the strategy by helping them understand why the said strategy is necessary, and more importantly, why the strategy is valuable to them.
    • Translate the strategic expectations to specific, tangible goals, which are realized through a suite of project portfolio management processes tailored to your organization and its culture.
    • Putting into place people, processes, and tools that are sustainable and manageable, plus a communication strategy to maintain the stakeholder buy-in.

    Info-Tech Insight

    1. Time is money; therefore, the portfolio manager is an accountant of time. It is the portfolio manager’s responsibility to provide the project portfolio owners with reliable data and close the loop on portfolio decisions.
    2. Business satisfaction is driven by delivering projects that align to and maximize business value. Use Info-Tech’s method for developing a PPM strategy and synchronize its definition of “best projects” with yours.

    Projects that deliver on strategic goals of the business is the #1 driver of business satisfaction for IT

    Info-Tech’s CIO Business Vision Survey (N=21,367) has identified a direct correlation between IT project success and overall business satisfaction with IT.

    Comparative rankings of IT services in two columns 'Reported Importance' and 'Actual Importance' with arrows showing where each service moved to in the 'Actual Importance' ranking. The highlighted move is 'Projects' from number 10 in 'Reported' to number 1 in 'Actual'. 'Reported' rankings from 1 to 12 are 'Network Infrastructure', 'Service Desk', 'Business Applications', 'Data Quality', Devices', 'Analytical Capability', 'Client-Facing Technology', 'Work Orders', 'Innovation Leadership', 'Projects', 'IT Policies', and 'Requirements Gathering'. 'Actual' rankings from 1 to 12 are 'Projects', 'Work Orders', 'Innovation Leadership', 'Business Applications', 'Requirements Gathering', 'Service Desk', 'Client-Facing Technology', 'Network Infrastructure', 'Analytical Capability', 'Data Quality', 'IT Policies', and 'Devices'.

    Reported Importance: Initially, when CIOs were asked to rank the importance of IT services, respondents ranked “projects” low on the list – 10 out of a possible 12.

    Actual Importance: Despite this low “reported importance,” of those organizations that were “satisfied” to “fully satisfied” with IT, the service that had the strongest correlation to high business satisfaction was “projects,” i.e. IT’s ability to help plan, support, and execute projects and initiatives that help the business achieve its strategic goals.

    On average, executives perceive IT as being poorly aligned with business strategy

    Info-Tech’s CIO Business Vision Survey data highlights the importance of IT projects in supporting the business achieve its strategic goals. However, Info-Tech’s CEO-CIO Alignment Survey (N=124) data indicates that CEOs perceive IT to be poorly aligned to business’ strategic goals:

    • 43% of CEOs believe that business goals are going unsupported by IT.
    • 60% of CEOs believe that improvement is required around IT’s understanding of business goals.
    • 80% of CIOs/CEOs are misaligned on the target role for IT.
    • 30% of business stakeholders* are supporters of their IT departments.
    • (Source: Info-Tech CIO/CEO Alignment Diagnostics, * N=32,536)

    Efforts to deliver on projects are largely hampered by causes of project failure outside a project manager’s control

    The most recent data from the Project Management Institute (PMI) shows that more projects are meeting their original goals and business intent and less projects are being deemed failures. However, at the same time, more projects are experiencing scope creep. Scope creeps result in schedule and cost overrun, which result in dissatisfied project sponsors, stakeholders, and project workers.

    Graph of data from Project Management Institute comparing projects from 2015 to 2017 that 'Met original goals/business intent', 'Experienced scope creep', and were 'Deemed failures'. Projects from the first two categories went up in 2017, while projects that were deemed failures went down.

    Meanwhile, the primary causes of project failures remain largely unchanged. Interestingly, most of these primary causes can be traced to sources outside of a project manager’s control, either entirely or in part. As a result, project management tactics and processes are limited in adequately addressing them.

    Relative rank

    Primary cause of project failure

    2015

    2016

    2017

    Trend

    Change in organization's priorities 1st 1st 1st Stable
    Inaccurate requirements gathering 2nd 3rd 2nd Stable
    Change in project objectives 3rd 2nd 3rd Stable
    Inadequate vision/goal for project 6th 5th 4th Rising
    Inadequate/poor communication 5th 7th 5th Stable
    Poor change management 11th 9th 6th Rising
    (Source: Project Management Institute, Pulse of the Profession, 2015-2017)

    Project portfolio management (PPM) can improve business alignment of projects and reduce chance of project failure

    PPM is about “doing the right things.”

    The PMI describes PPM as:

    Interrelated organizational processes by which an organization evaluates, selects, prioritizes, and allocates its limited internal resources to best accomplish organizational strategies consistent with its vision, mission, and values. (PMI, Standard for Portfolio Management, 3rd ed.)

    Selecting and prioritizing projects with the strongest alignment to business strategy goals and ensuring that resources are properly allocated to deliver them, enable IT to:

    1. Improve business satisfaction and their perception of IT’s alignment with the business.
    2. Better engage the business and the project customers.
    3. Minimize the risk of project failure due to changing organizational/ project vision, goals, and objectives.

    "In today’s competitive business environment, a portfolio management process improves the linkage between corporate strategy and the selection of the ‘right’ projects for investment. It also provides focus, helping to ensure the most efficient and effective use of available resources." (Lou Pack, PMP, Senior VP, ICF International (PMI, 2015))

    PPM is a common area of shortcomings for IT, with much room for improvement

    Info-Tech’s IT Management & Governance Survey (N=879) shows that PPM tends to be regarded as neither an effective nor an important process amongst IT organizations.

    Two deviation from median charts highlighting Portfolio Management's ranking compared to other IT processes in 'Effectiveness scores' and 'Importance scores'. PPM ranks 37th out of 45 in Effectiveness and 33rd out of 45 in Importance.

    55% ... of IT organizations believe that their PPM processes are neither effective nor important.

    21% ... of IT organizations reported having no one responsible or accountable for PPM.

    62% ... of projects in organizations effective in PPM met/exceeded the expected ROI (PMI, 2015).

    In addition to PPM’s benefits, improving PPM processes presents an opportunity for getting ahead of the curve in the industry.

    Info-Tech’s methodology for developing a PPM strategy delivers extraordinary value, fast

    Our methodology is designed to tackle your hardest challenge first to deliver the highest-value part of the deliverable. For developing a PPM strategy, the biggest challenge is to get the buy-in of the executive layer.

    "Without senior management participation, PPM doesn’t work, and the organization is likely to end up with, or return to, a squeaky-wheel-gets-the-grease mindset for all those involved." (Mark Price Perry, Business Driven Project Portfolio Management)

    In the first step of the blueprint, you will be guided through the following steps:

    1. Choose the right PPM strategy: driven by the executives, supported by management.
    2. Objectively assess your current project portfolio with minimal effort to build a case for the PPM strategy.
    3. Engage the executive layer to get the critical prerequisite of a PPM strategy: their buy-in.

    A PPM strategic plan is the end deliverable of this blueprint. In the first step, download the pre-filled template with content that represents the most common case. Then, throughout the blueprint, customize with your data.

    Use this blueprint to develop, or refine, a PPM strategy that works for your organization

    Get buy-in for PPM strategy from decision makers.

    Buy-in from the owners of project portfolio (Steering Committee, C-suite management, etc.) is a critical prerequisite for any PPM strategy. This blueprint will give you the tools and templates to help you make your case and win the buy-in of portfolio owners.

    Connect strategic expectations to PPM process goals.

    This blueprint offers a methodology to translate the broad aim of PPM to practical, tactical goals of the five core PPM processes, as well as how to measure the results. Our methodology is supported with industry-leading frameworks, best practices, and our insider research.

    Develop your PPM processes.

    This blueprint takes you through a series of steps to translate the process goals into a high-level process description, as well as a business case and a roadmap for implementing the new PPM processes.

    Refine your PPM processes.

    Our methodology is also equally as applicable for making your existing PPM processes better, and help you draft a roadmap for improvement with well-defined goals, roles, and responsibilities.

    Info-Tech’s PPM model consists of five core processes

    There are five core processes in Info-Tech’s thought model for PPM.

    Info-Tech's Process Model detailing the steps and their importance in project portfolio management. Step 3: 'Status and Progress Reporting' sits above the others as a process of importance throughout the model. In the 'Intake' phase of the model are Step 1: 'Intake, Approval, and Prioritization' and Step 2: 'Resource Management'. In the 'Execution' phase is 'Project Management', the main highlighted section, and a part of Step 3, the overarching 'Status and Progress Reporting'. In the 'Closure' phase of the model are Step 4: 'Project Closure' and Step 5: 'Benefits Tracking'.

    These processes create an infrastructure around projects, which aims to enable:

    1. Initiation of the “best” projects with the right resources and project information.
    2. Timely and trustworthy reporting to facilitate the flow of information for better decision making.
    3. Proper closure of projects, releasing resources, and managing benefits realization.

    PPM has many moving pieces. To ensure that all of these processes work in harmony, you need a PPM strategy.

    De-couple project management from PPM to break down complexity and create flexibility

    Tailor project management (PM) processes to fit your projects.

    Info-Tech’s PPM thought model enables you to manage your project portfolio independent of your PM methodology or capability. Projects interact with PPM via:

    • A project charter that authorizes the use of resources and defines project benefits.
    • Status reports that feed up-to-date, trustworthy data to your project portfolio.
    • Acceptance of deliverables that enable proper project closure and benefits reporting.

    Info-Tech’s PPM strategy is applicable whether you use Agile, waterfall, or anything in between for PM.

    The process model from the previous page but with project management processes overlaid. The 'Intake' phase is covered by 'Project Charter'. The 'Execution' phase, or 'Project Management' is covered by 'Status report'. The 'Closure' phase is covered by 'Deliverable Acceptance'.

    Learn about project management approach for small projects in Info-Tech’s Tailor PM Processes to Fit Your Projects blueprint.

    Sample of the Info-Tech blueprint 'Tailor PM Processes to Fit Your Projects'.

    Info-Tech’s approach to PPM is informed by industry best practices and rooted in practical insider research

    Info-Tech uses PMI and ISACA frameworks for areas of this research.

    Logo for 'Project Management Institute (PMI)'.' Logo for 'COBIT 5 an ISACA Framework'.
    PMI’s Standard for Portfolio Management, 3rd ed. is the leading industry framework, proving project portfolio management best practices and process guidelines. COBIT 5 is the leading framework for the governance and management of enterprise IT.

    In addition to industry-leading frameworks, our best-practice approach is enhanced by the insights and guidance from our analysts, industry experts, and our clients.

    Logo for 'Info-Tech Research Group'.

    33,000+ Our peer network of over 33,000 happy clients proves the effectiveness of our research.

    1000+ Our team conducts 1,000+ hours of primary and secondary research to ensure that our approach is enhanced by best practices.

    Re-position IT as the “facilitator of business projects” for PPM success

    CASE STUDY

    Industry: Construction
    Source: Info-Tech Client

    Chaos in the project portfolio

    At first, there were no less than 14 teams of developers, each with their own methodologies and processes. Changes to projects were not managed. Only 35% of the projects were completed on time.

    Business drives, IT facilitates

    Anyone had the right to ask for something; however, converting ideas to a formal project demand required senior leadership within a business division getting on board with the idea.

    The CIO and senior leadership decided that projects, previously assigned to IT, were to be owned and driven by the business, as the projects are undertaken to serve its needs and rarely IT’s own. The rest of the organization understood that the business, not IT, was accountable for prioritizing project work: IT was re-positioned as a facilitator of business projects. While it was a long process, the result speaks for itself: 75% of projects were now being completed on time.

    Balancing the target mix of the project portfolio

    What about maintaining and feeding the IT infrastructure? The CIO reserved 40% of IT project capacity for “keeping the lights on,” and 20% for reactive, unplanned activities, with an aim to lower this percentage. With the rest of the time, IT facilitated business projects

    Three key drivers of project priority

    1. Does the project meet the overall company goals and objectives?
      “If they don't, we must ask why we are bothering with it.”
    2. Does the project address a regulatory or compliance need?
      “Half of our business is heavily regulated. We must focus on it.”
    3. Are there significant savings to be had?
      “Not soft; hard savings. Can we demonstrate that, after implementing this, can we see good hard results? And, can we measure it?”

    "Projects are dumped on IT, and the business abdicates responsibility. Flip that over, and say ‘that's your project’ and ‘how can we help you?’"

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Develop a PPM strategy – project overview

    1. Get executive buy-in for your PPM strategy

    2. Align PPM processes to your strategic goals

    3. Complete your PPM strategic plan

    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Choose the right PPM strategy for your organization

    1.2 Translate PPM strategy expectations to specific process goals

    2.1 Develop and refine project intake, prioritization, and resource management processes

    2.2 Develop and refine portfolio reporting, project closure, and benefits realization processes

    3.1 Select a right-sized PPM solution for supporting your new processes

    3.2 Finalize customizing your PPM Strategic Plan Template

    Guided Implementations

    • Scoping call: discuss current state of PPM and review strategy options.
    • How to wireframe realistic process goals, rooted in your PPM strategic expectations, that will be sustained by the organization.
    • Examine your current-state PPM process and create a high-level description of the target-state process for each of the five PPM processes (1-2 calls per each process).
    • Assess your PPM tool requirements to help support your processes.
    • Determine the costs and potential benefits of your PPM practice.
    Associated Activity icon

    Onsite Workshop

    Module 1:
    Set strategic expectations and realistic goals for the PPM strategy
    Module 2:
    Develop and refine strategy-aligned PPM processes
    Module 3:
    Compose your PPM strategic plan
    Phase 1 Outcome:
    • Analysis of the current state of PPM
    • Strategy-aligned goals and metrics for PPM processes
    Phase 2 Outcome:
    • PPM capability levels
    • High-level descriptions of near- and long-term target state
    Phase 3 Outcome:
    • PPM tool recommendations
    • Cost-benefit analysis
    • Customized PPM strategic plan

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

    Workshop Day 5

    Get leadership buy-in for PPM strategy Set PPM process goals and metrics with strategic expectations Develop and Refine PPM processes Develop and Refine PPM processes Complete the PPM strategic plan

    Activities

    • 1.1 Assess leadership mandate.
    • 1.2 Determine potential resource capacity.
    • 1.3 Create a project inventory.
    • 1.4 Communicate your PPM strategy to key stakeholders.
    • 2.1 Translate each strategic goal into process goals.
    • 2.2 Set metrics and preliminary targets for PPM process goals.
    • 3.1 Develop and refine the project intake, prioritization, and approval process.
    • 3.2 Develop and refine the resource management process.
    • 4.1 Develop and refine the portfolio reporting process.
    • 4.2 Develop and refine the project closure process.
    • 4.3 Develop and refine the benefits realization process.
    • 5.1 Right-size the PPM tools for your processes.
    • 5.2 Conduct a cost-benefit analysis of implementing the new PPM strategy.
    • 5.3 Define roles and responsibilities for the new processes.

    Deliverables

    1. Choice of PPM strategy and the leadership mandate
    2. Analysis of current project capacity
    3. Analysis of current project demand
    4. PPM Strategic Plan – Executive Brief
    1. PPM strategy-aligned process goals
    2. Metrics and long-term targets for PPM process goals
      For each of the five PPM processes:
    1. Process capability level
    2. Current-state PPM process description
    3. Retrospective examination of the current-state PPM process
    4. Action items to achieve the target states
    5. Time cost of the process at current and target states
    1. Recommendation for a PPM tool
    2. Cost-benefit analysis
    3. Roles and responsibilities matrix for each PPM process

    Develop a Project Portfolio Management Strategy

    PHASE 1

    Get Executive Buy-In for Your PPM Strategy

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Get executive buy-in for your PPM strategy

    Proposed Time to Completion: 2 weeks
    Step 1.1: Choose the right PPM strategy Step 1.2: Translate strategic expectations to process goals
    Start with an analyst kick-off call:
    • Scoping call to discuss the current state of PPM and review strategy options.
    Work with an analyst to:
    • Discuss how to wireframe realistic process goals, rooted in your PPM strategic expectations, that will be sustained by the organization.
    Then complete these activities…
    • Execute a leadership mandate survey.
    • Perform a high-level supply/demand analysis.
    • Prepare an executive presentation to get strategy buy-in.
    Then complete these activities…
    • Develop realistic process goals based in your PPM strategic expectations.
    • Set metrics and preliminary targets for your high-priority PPM process goals.
    With these tools & templates:
    • PPM High-Level Supply/Demand Calculator
    • PPM Strategic Plan Template
    With these tools & templates:
    • PPM Strategy-Process Translation Matrix

    Phase 1 Results & Insights

    • Executive layer buy-in is a critical prerequisite for the success of a top-down PPM strategy. Ensure your executives are onboard before proceeding to implement your PPM strategy.

    Prepare to get to value early with step 1.1 of this blueprint

    The first step of this blueprint will help you define your PPM strategy and get executive buy-in for it using section one of Info-Tech’s PPM Strategic Plan Template.

    Where traditional models of consulting can take considerable amounts of time before delivering value to clients, Info-Tech’s methodology for developing a PPM strategy gets you to value fast.

    In the first step of this blueprint, you will define your PPM strategy and prepare an executive presentation to get buy-in for the strategy. The presentation can be prepared in just a few hours.

    • The activities in step 1.1 of this blueprint will help you customize the slides in section 1 of Info-Tech’s PPM Strategic Plan Template.
    • Section one of the Template will then serve as your presentation document.

    Once you have received buy-in for your PPM strategy, the remainder of this blueprint will help you customize section 2 of the Template.

    • Section 2 of the Template will communicate:
      • Your processes and process goals.
      • Your near-term and long-term action items for implementing the strategy.
      • Your PPM tool requirements.
      • The costs and benefits of your PPM strategy.

    Download Info-Tech’s PPM Strategic Plan Template.

    Sample of Info-Tech's 'PPM Strategic Plan Template.'

    Step 1.1: Choose the right PPM strategy for your organization

    PHASE 1

    PHASE 2

    PHASE 3

    1.1 1.2 2.1 2.2 3.1 3.2
    Choose the right PPM strategy Translate strategy into process goals Define intake & resource mgmt. processes Define reporting, closure, & benefits mgmt. processes Select a right-sized PPM solution Finalize your PPM strategic plan

    This step will walk you through the following activities:

    • Perform a leadership mandate survey.
    • Choose your PPM strategy.
    • Calculate your resource capacity for projects.
    • Determine overall organizational demand for projects.
    • Prepare an executive presentation of the PPM strategy.

    This step involves the following participants:

    • CIO
    • PMO Director/Portfolio Manager
    • Project Managers
    • IT Managers

    Outcomes of this step

    • A PPM strategy
    • A resource supply/project demand analysis
    • An executive brief presentation
    • Executive buy-in for the PPM strategy

    “Too many projects, not enough resources” is the reality of most IT environments

    In today’s organizations, the desires of business units for new products and enhancements, and the appetites of senior leadership to approve more and more projects for those products and services, far outstrips IT’s ability to realistically deliver on everything.

    The vast majority of IT departments lack the resourcing to meet project demand – especially given the fact that day-to-day operational demands frequently trump project work.

    As a result, project throughput suffers – and with it, IT's reputation within the organization.

    A visualization of 'Project Demand' versus 'Resource supply' utilizing courtroom scales with numerous project titles weighing down the 'Project Demand' side and silhouettes of three little people raised aloft on the 'Resource supply' side.

    In these environments, a PPM strategy is required.

    A PPM strategy should enable executive decision makers to make sense of the excess of demand and give IT the ability to prioritize those projects that are of the most strategic value to the business.

    With the right PPM strategy, IT can improve project outcomes across its portfolio and drive business value – all while improving the workloads of IT project staff.

    Info-Tech has two PPM strategy options that you can start to deploy today

    This step will help you choose the most suitable option, depending on your project pain points and current level of executive engagement in actively steering the portfolio.

    Option A:
    Top-Down, Executive Driven Strategy

    Option B:
    Bottom-Up, Project Manager Driven Strategy

    Goals of this approach:
    • This approach is intended to assist decision makers in their job: choosing the right projects, committing to timelines for those projects, and monitoring/directing their progress.
    Goals of this approach:
    • This approach is primarily intended to ensure that projects are well managed in a standardized manner in order to provide project managers with clear direction.
    Who this approach is for:
    • IT departments looking to improve alignment of project demand and resource capacity.
    • IT departments wanting to prioritize strategically valuable work.
    • IT departments with sufficient executive backing and engagement with the portfolio.
    Who this approach is for:
    • IT departments that would not the get support for a top-down approach due to a disengaged executive layer.
    • IT departments that already have a top-down PPM strategy and feel they are sufficiently resourced to confront project demand.

    Each of these strategy options is driven by a set of specific strategic expectations to help communicate your PPM goals. See the following slides for an articulation of each strategy option.

    A top-down, executive driven strategy is the optimal route, putting leadership in a position to best conduct the portfolio

    Option A: Top-Down, Executive Driven Strategy

    Strategic Expectations:

    • Project Throughput: Maximize throughput of the best projects.
    • Portfolio Visibility: Ensure visibility of current and pending projects.
    • Portfolio Responsiveness: Make the portfolio responsive to executive steering when new projects and changing priorities need rapid action.
    • Resource Utilization: Minimize resource waste and optimize the alignment of skills to assignments.
    • Benefits Realization: Clarify accountability for post-project benefits attainment for each project, and facilitate the process of tracking/reporting those benefits.

    Info-Tech Insight

    Serve the executive with insight before you impede the projects with governance. This strategy option is where Info-Tech sees the most PPM success. A strategy focused at improving decision making at the executive layer will both improve project outcomes and help alleviate project workloads.

    A bottom-up strategy can help project managers and teams succeed where insight into the big picture is lacking

    Option B: Bottom-Up, Project Manager Driven Strategy

    Strategic Expectations:

    • Project Management Governance: All projects consuming IT resources will be continually validated in terms of best-practice process compliance.
    • Project Risk Management: Identify risks and related mitigation approaches for all high-risk areas.
    • Stakeholder Management: Ensure that project stakeholders are identified and involved.
    • Project Manager Resourcing: Provide project managers as needed.
    • Project-Level Visibility: Provide access to the details of project management processes (planning and progress) as needed.

    Info-Tech Insight

    Right-size governance to maximize success. Project management and governance success don’t necessarily equal project success. Project management processes should be a means to an end (i.e. successful project outcomes), and not an end in themselves. Ensure the ends justify the means.

    Most recurring project challenges require a top-down portfolio management approach

    While project management is a key ingredient to project success, tying to solve endemic project problems with project management alone won’t improve results over the long term.

    Why Top-Down is a better starting point than Bottom-Up.

    The most common IT project problems – schedule and budget overruns, scope creep, and poor quality – can ultimately, in the vast majority of cases, be traced back to bad decisions made at the portfolio level:

    • The wrong projects get greenlighted.
    • Shifting leadership priorities and operational demands make project plans and estimated delivery dates obsolete from the start.
    • Too many projects get approved when there are not enough resources to effectively work on them all.

    No amount of project management rigor can help alleviate these common root causes of project failure.

    With a top-down PPM strategy, however, you can make sure that leadership is informed and engaged in making the right project decisions and that project managers and teams are situated for success.

    "There is nothing so useless as doing efficiently that which should not be done at all." (Peter Drucker (quoted in Lessing))

    Info-Tech Insight

    Get Strategic About Project Success.

    The difference between project management and project portfolio management comes down to doing things right vs. doing the right things. Both are important, no doubt; but doing the wrong things well doesn’t provide much value to the business in the long run.

    Get insight into the big picture with a top-down strategy before imposing more administrative overhead on project managers and leads.

    Perform a leadership mandate assessment to gauge executive needs and expectations

    Associated Activity icon 1.1.1 – 15 to 30 minutes (prep time) 10 to 20 minutes (execution time)

    INPUT: Leadership expectations for portfolio and project management.

    OUTPUT: Leadership mandate bar chart

    Materials: Tab 6 of Info-Tech’s PPM High-Level Supply-Demand Calculator

    Participants: Portfolio manager (or equivalent), PPM strategy sponsor(s), CIO and other members of senior management

    Before choosing your strategy option, survey the organization’s leadership to assess what they’re expecting from the PPM strategy.

    Use the “Leadership Mandate Survey” (located on tab 6 of Info-Tech’s PPM High-Level Supply-Demand Calculator) to assess the degree to which your leadership expects the PPM strategy to provide outcomes across the following capabilities: portfolio reporting, project governance, and project management.

    • Deploy the 12-question survey via individual one-on-one meetings or group working sessions with your boss (the PPM strategy sponsor) as well as with the CIO and other senior managers from within IT and the business.
      • If you cannot connect with the executive layer for this survey, do your best to estimate their responses to complete the survey.
    • The survey should help distinguish if executives are looking for portfolio management or project management. It should be one input that informs your choice of strategy option A or B.
      • If leadership is looking primarily for project management, you should proceed to Info-Tech’s Tailor Project Management Processes that Fit Your Projects blueprint.

    Refer to the next slide for assistance analyzing the outputs in tab 6 and using them to inform your choice of strategy.

    How to make use of the results of the leadership survey

    Two possible result scenarios of the leadership survey. There are two bar graphs titled 'Leadership Mandate', each with an explanation of the scenario they belong to. In Scenario 1, the 'Leadership Mandate' graph has a descending trend with 'Portfolio Reporting' at the highest level, 'Project Governance' in the middle, and 'Project Management' at the lowest level. 'A result like this, with a higher portfolio reporting score, shows a higher need for a top-down approach and demonstrates well-balanced expectations for a PPM strategy from the leadership. There is greater emphasis put on the portfolio than there is project governance or project management.' In Scenario 2, the 'Leadership Mandate' graph has an ascending trend with 'Portfolio Reporting' at the lowest level, 'Project Governance' in the middle, and 'Project Management' at the highest level. 'If your graph looks like this, your executive leadership has placed greater importance on project governance and management. Completing a top-down PPM strategy may not meet their expectations at this time. In this situation, a bottom-up approach may be more applicable.'

    Customize Info-Tech’s PPM Strategic Plan Template. Insert screenshots of the survey and the bar graph from tab 6 of the PPM High-Level Supply-Demand Calculator onto slides 7 and 8, “PPM Strategy Leadership Mandate,” of the PPM Strategic Plan Template.

    Proceed with the right PPM strategy for your organization

    Based upon the results of the “Leadership Mandate Survey,” and your assessment of each strategy option as described in the previous slides, choose the strategy option that is right for your IT department/PMO at this time.

    "Without a strategic methodology, project portfolio planning is frustrating and has little chance of achieving exceptional business success." (G Wahl (quoted in Merkhofer))

    Option A:

    Those proceeding with Option A should continue with remainder of this blueprint. Update your strategy statement on slide 3 of your PPM Strategic Plan Template to reflect your choice

    Option B:

    Those proceeding with Option B should exit this blueprint and refer to Info-Tech’s Tailor Project Management Processes to Fit Your Projects blueprint to help define a project management standard operating procedure.

    Customize Info-Tech’s PPM Strategic Plan Template. If you’re proceeding with Option A, update slide 4, “Project Portfolio Management Strategy,” of your PPM Strategic Plan Template to reflect your choice of PPM strategy. If you’re proceeding with Option B, you may want to include your strategy statement in your Project Management SOP Template.

    The success of your top-down strategy will hinge on the quality of your capacity awareness and resource utilization

    A PPM strategy should facilitate alignment between project demand with resource supply. Use Info-Tech’s PPM High-Level Supply/Demand Calculator as a step towards this alignment.

    Info-Tech’s research shows that the ability to provide a centralized view of IT’s capacity for projects is one of the top PPM capabilities that contributes to overall project success.

    Accurate and reliable forecasts into IT’s capacity, coupled with an engaged executive layer making project approval and prioritization decisions based upon that capacity data, is the hallmark of an effective top-down PPM strategy.

    • Use Info-Tech’s PPM High-Level Supply/Demand Calculator to help improve visibility (and with it, organizational understanding) into project demand and IT resource supply.
    • The Calculator will help you determine IT’s actual capacity for projects and analyze organizational demand by taking an inventory of active and backlog projects.

    Download Info-Tech’s PPM High-Level Supply/Demand Calculator.

    Sample of Into-Tech's PPM High-Level Supply/Demand Calculator.

    Info-Tech Insight

    Where does the time go? The portfolio manager (or equivalent) should function as the accounting department for time, showing what’s available in IT’s human resources budget for projects and providing ongoing visibility into how that budget of time is being spent.

    Establish the total resource capacity of your portfolio

    Associated Activity icon 1.1.2 – 30 to 60 minutes

    INPUT: Staff resource types, Average work week, Estimated allocations

    OUTPUT: Breakdown of annual portfolio HR spend, Capacity pie chart

    Materials: PPM High-Level Supply/Demand Calculator, tab 3

    Participants: Portfolio manager (or equivalent), Resource and/or project managers

    Use tab 3 of the calculator to determine your actual HR portfolio budget for projects, relative to the organization’s non-project demands.

    • Tab 3 analyzes your resource supply asks you to consider how your staff spend their time weekly across four categories: out of office time, administrative time (e.g. meetings, training, checking email), keep-the-lights-on time (i.e. support and maintenance), and project time.
    • The screenshot below walks you through columns B to E of tab 3, which help calculate your potential capacity. This activity will continue on the next slide, where we will determine your realized capacity for project work from this potential capacity.
    Screenshot of tab 3 in the PPM High-Level Supply/Demand Calculator. It has 4 columns, 'Resource Type', '# People', 'Hours / Week', and 'Hours / Year', which are referred to in notes as columns B through E respectively. The note on 'Resource Type' reads '1. Compile a list of each of the roles within your department in column B'. The note on '# People' reads '2. In column C, provide the number of staff currently performing each role'. The note on 'Hours / Week' reads '3. In column D, provide a baseline for the number of hours in a typical work week for each role'. The note on 'Hours / Year' reads '4. Column E will auto-populate based on E and D. The total at the bottom of column E (row 26) constitutes your department’s total capacity'.

    Determine the project/non-project ratio for each role

    Associated Activity icon 1.1.2 (continued)

    The previous slide walked you through columns B to E of tab 3. This slide walks you through columns F to J, which ask you to consider how your potential capacity is spent.

    Screenshot of tab 3 in the PPM High-Level Supply/Demand Calculator. It has 6 columns, 'Hours / Year', 'Absence', 'Working Time / Year', 'Admin', 'KTLO', and 'Project Work', which, starting at 'Absence', are referred to in notes as columns F through J respectively. The note on 'Absence' reads '5. Enter the percentage of your total time across each role that is unavailable due to foreseeable out-of-office time (vacation, sick time, etc.) in column F. Industry standard runs anywhere from 12% to 16%, depending on your industry and geographical region'. The note on 'Working Time / Year' reads '6. Column G will auto-calculate to show your overall net capacity after out-of-office percentages have been taken off the top. These totals constitute your working time for the year'. The note on 'Admin' and 'KTLO' reads '6. Column G will auto-calculate to show your overall net capacity after out-of-office percentages have been taken off the top. These totals constitute your working time for the year'. The note on 'Project Work' reads '8. The project percentage in column J will auto-calculate based upon what’s leftover after your non-project working time allocations in columns H and I have been subtracted'.

    Review your annual portfolio capacity for projects

    Associated Activity icon 1.1.2 (continued)

    The previous slides walked you through the inputs for tab “3. Project Capacity.” This slide walks you through the outputs of the tab.

    Based upon the inputs from columns B to J, the rest of tab 3 analyzes how IT available time is spent across the time categories, highlighting how much of IT’s capacity is actually available for projects after admin work, support and maintenance work, and absences have been taken into account.

    A table and pie chart of output data from Tab 3 of the PPM High-Level Supply/Demand Calculator. Pie segments are labelled 'Admin', 'Absence', 'Project Capacity', and 'Keep The Lights On'.

    Customize Info-Tech’s PPM Strategic Plan Template. Update slide 10, “Current Project Capacity,” of your PPM Strategic Plan Template to include the outputs from tab 3 of the Calculator.

    Create an inventory of active and backlog projects to help gauge overall project demand

    Associated Activity icon 1.1.3 – 15 to 30 minutes

    INPUT: Number of active and backlog projects across different sizes

    OUTPUT: Total project demand in estimated hours of work effort

    Materials: PPM High-Level Supply/Demand Calculator, tab 4

    Participants: Portfolio manager (or equivalent), Project managers

    Where tab 3 of the Calculator gave you visibility into your overall resource supply for projects, tab 4 will help you establish insight into the demand side.

    • Before starting on tab 4, be sure to enter the required project size data on the set-up tab.
    • Using a list of current active projects, categorize the items on the list by size: small, medium, large, and extra large. Enter the number of projects in each category of project in column C of tab 4.
    • Using a list of on-hold projects, or projects that have been approved but not started, categorize the list by size and enter the number of projects in each category in column D.
    • In column E, estimate the number of new requests and projects across each size that you anticipate being added to the portfolio/backlog in the next 12 months. Use historical data from the past 12 to 24 months to inform your estimates.
    • In column F, estimate the number of projects that you anticipate being completed in each size category in the next 12 months. Take the current state of active projects into account as you make your estimates, as well as throughput data from the previous 12 to 24 months.
    Screenshot of tab 4 in the PPM High-Level Supply/Demand Calculator. It has 5 columns labelled 'Project Types' with values Small to Extra-Large, 'Number of active projects currently in the portfolio', 'Number of projects currently in the portfolio backlog', 'Number of new requests anticipated to be added to the portfolio/backlog in the next 12 months', and 'Number of projects expected to be delivered within the next 12 months'.

    Make supply and demand part of the conversation as you get buy-in for your top-down strategy

    Tab 5 of the Calculator is an output tab, visualizing the alignment (or lack thereof) of project demand and resource supply.

    Once tabs 3 and 4 are complete, use tab 5 to analyze the supply/demand data to help build your case for a top-down PPM strategy and get buy-in for it.

    Screenshots of Tab 5 in the PPM High-Level Supply/Demand Calculator. A bar chart obscures a table with the note 'The bar chart shows your estimated total project demand in person hours (in black) relative to your estimated total resource capacity for projects (in green)'. Notes on the table are 'The table below the bar chart shows your estimated annual project throughput rate (based upon the number of projects you estimated you would complete this year) as well as the rate at which portfolio demand will grow (based upon the number of new requests and projects you estimated for the next 12 months)' and 'If the “Total Estimated Project Demand (in hours) in 12 Months Time” number is more than your current demand levels, then you have a supply-demand problem that your PPM strategy will need to address'.

    Customize Info-Tech’s PPM Strategic Plan Template. Update slides 11 and 12, “Current Project Demand,” of your PPM Strategic Plan Template to include the outputs from tabs 4 and 5 of the Calculator.

    Recommended: Complete Info-Tech’s PPM Current State Scorecard to measure your resource utilization

    Associated Activity icon Contact your rep or call 1-888-670-8889

    This step is highly recommended but not required. Call 1-888-670-8889 to inquire about or request the PPM Diagnostics.

    Info-Tech’s PPM Current State Scorecard diagnostic provides a comprehensive view of your portfolio management strengths and weaknesses, including project portfolio management, project management, customer management, and resource utilization.

    Screenshots of Info-Tech's PPM Current State Scorecard diagnostic with a pie chart obscuring a table/key. The attached note reads 'In particular, the analysis of resource utilization in the PPM Current State Scorecard report, will help to complement the supply/demand analysis in the previous slides. The diagnostic will help you to analyze how, within that percentage of your overall capacity that is available for project work, your staff productively utilizes this time to successfully complete project tasks and how much of this time is lost within Info-Tech’s categories of resource waste.'

    Customize Info-Tech’s PPM Strategic Plan Template. Update slides 14 and 15, “Current State Resource Utilization” of your PPM Strategic Plan Template to include the resource utilization outputs from your PPM Current State Scorecard.

    Finalize section one of the PPM Strategic Plan Template and prepare to communicate your strategy

    Associated Activity icon 1.1.4 – 10 to 30 minutes

    INPUT: The previous activities from this step

    OUTPUT: An presentation communication your PPM strategy

    Materials: PPM Strategic Plan Template, section 1

    Participants: Portfolio manager (or equivalent)

    By now, you should be ready to complete section one of the PPM Strategic Plan Template.

    The purpose of this section of the Template is to capture the outputs of this step and use them to communicate the value of a top-down PPM strategy and to get buy-in for this strategy from senior management before you move forward to develop your PPM processes in the subsequent phases of this blueprint.

    • Within section one, update any of the text that is (in grey) to reflect the specifics of your organization – i.e. the name of your organization and department – and the specific outcomes of step 1.2 activities. In addition, replace the placeholders for a company logo with the logo of your company.
    • Replace the tool screenshots with the outputs from your version of the PPM High-Level Supply/Demand Calculator.
    • Proofread all of the text to ensure the content accurately reflects your outcomes. Edit the content as needed to more accurately reflect your outcomes.
    • Determine the audience for the presentation of your PPM strategy and make a logistical arrangement. Include PPM strategy sponsors, senior management from within IT and the business, and other important stakeholders.

    Get executive buy-in for your top-down PPM strategy

    Executive layer buy-in is a critical prerequisite for the success of a top-down PPM strategy. Ensure your executives are on board before preceding.

    You’re now ready to communicate your PPM strategy to your leadership team and other stakeholders.

    It is essential that you get preliminary buy-in for this strategy from the executive layer before you move forward to develop your PPM processes in the subsequent phases of this blueprint. Lack of executive engagement is one of the top barriers to PPM strategy success.

    • If you have gone through the preceding activities in this step, section one of your PPM Strategic Plan Template should now be ready to present.
    • As explained in 1.1.4, you should present this section to an audience of PPM strategy sponsors, C-suite executives, and other members of the senior management team.
    • Allow at least 60 minutes for the presentation – around 20 minutes to deliver the slide presentation and 40 minutes for discussion.
    • If you get sufficient buy-in by the end of the presentation, proceed to the next step of this blueprint. If buy-in is lacking, now might not be the right time for a top-down PPM strategy. Think about adopting a bottom-up approach until leadership is more engaged in the portfolio.

    "Gaining executive sponsorship early is key…It is important for the executives in your organization to understand that the PPM initiatives and the PMO organization are there to support (but never hinder) executive decision making." (KeyedIn Projects)

    Info-Tech Best Practice

    Engage(d) sponsorship. According to Prosci, the top factor in contributing to the success of a change initiative is active and visible executive sponsorship. Use this meeting to communicate to your sponsor(s) the importance of their involvement in championing the PPM strategy.

    A PPM strategic plan elevates PMO’s status to a business strategic partner

    CASE STUDY

    Industry: Public Administration
    Source: IAG / Info-Tech Interview

    Challenge

    The PMO operated in a way that is, in their self-assessment, reactive; project requests and capacity were not effectively managed. Perhaps due to this, the leadership team was not always visible, or regularly available, to PM leaders. This, in turn, complicated efforts to effectively manage their projects.

    Solution

    Establishing a simple prioritization methodology enabled the senior leadership to engage and effectively steer the project portfolio by strategic importance. The criteria and tool also gave the business units a clear understanding to promote the strategic value of each of their project requests.

    Results

    PM leaders now have the support and confidence of the senior leadership team to both proactively manage and deliver on strategic projects. This new prioritization model brought the PM Leader and senior leadership team in direct access with each other.

    "By implementing this new project intake and prioritization framework, we drastically improved our ability to predict, meet, and manage project requests and unit workload. We adopted a client-focused and client-centric approach that enabled all project participants to see their role and value in successful project delivery. We created methodologies that were easy to follow from the client participation perspective, but also as PM leaders, provided us with the metrics, planning, and proactive tools to meet and anticipate client project demand. The response from our clients was extremely positive, encouraging, and appreciative."

    Step 1.2: Translate PPM strategic expectations to process goals

    PHASE 1

    PHASE 2

    PHASE 3

    1.11.22.12.23.13.2
    Choose the right PPM strategyTranslate strategy into process goalsDefine intake & resource mgmt. processesDefine reporting, closure, & benefits mgmt. processesSelect a right-sized PPM solutionFinalize your PPM strategic plan

    This step will walk you through the following activities:

    • Determine process goals based upon your PPM strategy.
    • Set metrics and preliminary targets for your PPM processes.

    This step involves the following participants:

    • CIO
    • Steering Committee
    • Business Unit Leaders
    • PMO Director/Portfolio Manager

    Outcomes of this step

    • Stakeholder-prioritized PPM process goals
    • Metrics and targets for high-priority process goals

    Use the PPM strategy to set the direction for PPM processes that make up the infrastructure around projects

    PPM strategy enables you to answer any and all of these questions in a way that is consistent, cohesive, and aligned with one another.

    Info-Tech's PPM Process Model from earlier with notes overlaid asking a series of questions. The questions for '1. Intake, Approval, and Prioritization' are 'Who can request a project? How do you request a project? Who decides what to fund? What is the target investment mix? How will they decide?' The questions for '2. Resource Management' are 'Who assigns the resources? Who feeds the data on resources? How do we make sure it’s valid? How do we handle contingencies when projects are late, or if availability changes?' The questions for '3. Status and Progress Reporting' are 'What project information that should be reported? Who reports on project status? When? How?' The questions between 'Project Management' and '4. Project Closure' are 'Who declares that a project is done? Who validates it? Who is this reported to? Who terminates low-value projects? How will they decide?' The questions for '5. Benefits Tracking' are 'How do we validate the project benefits from the original business case? How do we track the benefits? Who reports it? When?'

    Set process goals to address PPM strategic expectations and steer the PPM strategic plan

    Associated Activity icon 1.2.1 – 2 hours

    INPUT: PPM strategy & expectations, Organizational strategy and culture

    OUTPUT: Prioritized list of strategy-aligned PPM process goals

    Materials: PPM Strategy-Process Translation Matrix

    Participants: CIO, Steering Committee, Business Unit Leaders, PMO Director/ Portfolio Manager

    This activity is designed for key departmental stakeholders to articulate how PPM processes should be developed or refined to meet the PPM strategic expectations.

    Participation of the key departmental stakeholders in this exercise is critical, e.g. CIO, Steering Committee, business unit leaders.

    Strategic Expectations x Processes = Process goals aligned to strategy
    Throughput Project Intake, Approval, & Prioritization
    Visibility Resource Management
    Responsiveness Status & Progress Reporting
    Resource Utilization Project Closure
    Benefits Benefits Realization

    Download Info-Tech’s PPM Strategy-Process Goals Translation Matrix Template.

    Use Info-Tech’s Translation Matrix to systematically articulate strategy-aligned PPM process goals

    Supporting Tool icon 1.2.1 – PPM Strategy-Process Translation Matrix, tab 2

    Formula: To answer “[question]” in a way that we can [strategic expectation], it will be important to [process goal].

    Example 1:
    To answer the question “who can request a project, and how?” in a way that we can maximize the throughput of the best projects, it will be important to standardize the project request process.

    Example 2:
    To answer the question “how will they decide what to fund?” in a way that we can maximize the throughput of the best projects, it will be important to reach a consensus on project prioritization criteria.

    Example 3:
    To answer the question “how will we track the projected benefits?” in a way that we can maximize the throughput of the best projects, it will be important to double-check the validity of benefits before projects are approved.

    Screenshot of Tab 2 in Info-Tech's PPM Strategy-Process Translation Matrix tool. There is a table with notes overlaid 'Enter the process goals in the appropriate question–strategic expectation slot' and 'Assign a priority, from the most important (1) to the least important (5)'.

    Set metrics and preliminary targets for your high-priority PPM process goals

    Associated Activity icon 1.2.2 – 1-2 hours

    INPUT: Prioritized list of strategy-aligned PPM process goals, Organizational strategy and culture

    OUTPUT: Metrics and targets for high-priority PPM process goals

    Materials: PPM Strategy-Process Translation Matrix

    Participants: CIO, Steering Committee, Business Unit Leaders, PMO Director/ Portfolio Manager

    Your highest-priority process goals and their corresponding strategy expectations are displayed in tab 3 of the PPM Strategy-Process Translation Matrix template (example below).

    Through a group discussion, document what will be measured to decide the achievement of each process goal, as well as your current estimate and the long-term target. If necessary, adjust the approximate target duration.

    Screenshot of Tab 3 in Info-Tech's PPM Strategy-Process Translation Matrix tool. There is a table with 6 columns 'PPM Process', 'High-priority Process Goals', 'Strategy Expectation', 'How will you measure success?', 'Current Estimate', and 'Long-Term Target'; they are referred to in notes as columns B through G respectively. Overlaid notes are 'Columns C and D will auto-populate based upon your inputs from tab 2. The five PPM process areas are arranged vertically in column B and your top-five process goals from each area appear in column C.' 'Use column E to brainstorm how you might measure the success of each process goal at your organization. These can be tentative for now and refined over time.' 'Determine current metrics for each process goals and long-term target metrics in columns F and G.'

    Project-client-centered approach to PPM process design improves client satisfaction and team confidence

    CASE STUDY

    Industry: Public Administration
    Source: IAG / Info-Tech Interview

    Challenge

    Reactive instead of proactive

    "We had no effective means of tracking project intake requests vs. capacity. We struggled using ad hoc processes and methods which worked to meet immediate needs, but we quickly realized that they were ineffective in tracking critical project metrics, key performance indicators (KPIs), or performance measures...In short, we were being reactive, instead of proactive."

    The result was a disorganized portfolio that led to low client satisfaction and team morale.

    Solution

    Examine processes “through the eyes of the client”

    With the guiding principle of “through the eyes of the client,” PPM processes and tools were developed to formalize project intake, prioritization, and capacity planning. All touchpoints between client and PPM processes were identified, and practices for managing client expectations were put in place. A client satisfaction survey was formulated as part of the post-project assessment and review.

    Results

    Client-centered processes improved client satisfaction and team confidence

    People, processes, and tools are now aligned to support client demand, manage client expectations, measure project KPIs, and perform post-project analysis. A standard for client satisfaction metrics was put in place. The overwhelmingly positive feedback has increased team confidence in their ability to deliver quality efforts.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Barry Cousins.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of activity 1.1.2 'Determine your actual resource capacity for projects'. Determine your actual resource capacity for projects

    Work with Info-Tech analysts to define your project vs. non-project ratio to help define how much of your overall resource capacity is actual available for projects.

    Sample of activity 1.2.1 'Set realistic PPM process goals'. Set realistic PPM process goals

    Leverage Info-Tech facilitators to help walk you through our PPM framework and define achievable process goals that are rooted in your current PPM maturity levels and organizational culture.

    Develop a Project Portfolio Management Strategy

    PHASE 2

    Align PPM Processes to Your Strategic Goals

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Align PPM processes to your strategic goals

    Proposed Time to Completion: 2-4 weeks
    Step 2.1: Develop intake & resource mgmt. processes Step 2.2: Define reporting, closure, & benefits processes
    Work with an analyst to:
    • Assess your current intake, prioritization, and resource management processes and wireframe a sustainable target state for each capability.
    Work with an analyst to:
    • Analyze your current portfolio reporting, project closure, and benefits realization processes and wireframe a sustainable target state for each capability.
    Then complete these activities…
    • Set near-term and long-term goals.
    • Draft high-level steps within your target-state processes.
    • Document your process steps and roles and responsibilities.
    Then complete these activities…
    • Set near-term and long-term goals.
    • Draft high-level steps within your target-state processes.
    • Document your process steps and roles and responsibilities.
    With these tools & templates:
    • PPM Strategy Development Tool
    • PPM Strategic Plan Template
    With these tools & templates:
    • PPM Strategy Development Tool
    • PPM Strategic Plan Template

    Phase 2 Results & Insights

    • The means of project and portfolio management (i.e. processes) shouldn’t eclipse the ends – strategic goals. Root your process in your PPM strategic goals to realize PPM benefits (e.g. optimized portfolio value, improved project throughput, increased stakeholder satisfaction).

    Read first: Overview of the methodology for articulating new strategy-aligned PPM processes

    In the previous step of the blueprint, key department stakeholders established the PPM process goals, metrics, and targets in a way that aligns with the overall PPM strategy. In this phase, we draft a high-level description of the five PPM processes that reflect those goals using the following methodology:

    Methodology at a glance

    1. Articulate the current state of the process.
    2. Examine the process against the strategy-aligned goals.
    3. Create short- and long-term action items to refine the current process and meet the strategy-aligned targets.
    4. Develop a high-level target-state description of the PPM process.
    5. Estimate costs-in-use of the target-state process.

    Out-of-scope topics

    • Draft a detailed target-state description of the PPM process. Avoid falling into the “analysis paralysis” trap and keep the discussion focused on the overall PPM strategy.
    • PPM tools to support the process. This discussion will take place in the next phase of the blueprint.

    INPUT

    –›

    PROCESS

    –›

    OUTPUT

    • Strategy-aligned process goals, metrics, and targets (Activity 1.2.1)
    • Knowledge of current process
    • Knowledge of organizational culture and structure
    • Capability level assessment
    • Table-top design planning activity
    • Start-stop-continue retrospective
    • High-level description of the target state
    • PPM Strategy Development Tool
    • High-level descriptions of current and target states
    • Short- and long-term action items for improving the process
    • Cost-in-use of the current- and target-state processes

    Download Info-Tech’s PPM Strategy Development Tool

    Build a sound business case for implementing the new PPM strategy with realistic costs and benefits of managing your project portfolio.

    Time spent on managing the project portfolio is an investment. Like any other business endeavors, the benefits must outweigh the costs to be worth doing.

    As you draft a high-level description of the PPM processes in this phase of the blueprint, use Info-Tech’s PPM Strategy Development Tool to track the estimate the cost-in-use of the process. In the next phase, this information will be inform a cost-benefit analysis, which will be used to support your plan to implement the PPM strategy.

    Download Info-Tech’s PPM Strategy Development Tool.

    Screenshots of Info-Tech's PPM Strategy Development Tool including a Cost-Benefit Analysis with tables and graphs.

    Step 2.1: Develop and refine project intake, prioritization, and resource management processes

    PHASE 1

    PHASE 2

    PHASE 3

    1.11.22.12.23.13.2
    Choose the right PPM strategyTranslate strategy into process goalsDefine intake & resource mgmt. processesDefine reporting, closure, & benefits mgmt. processesSelect a right-sized PPM solutionFinalize your PPM strategic plan

    This step will walk you through the following activities:

    • Determine your process maturity.
    • Benchmark current processes against strategy-aligned goals.
    • Set near- and long-term action items.
    • Draft a high-level description of your target state.
    • Document your new processes.

    This step involves the following participants:

    • PMO Director/Portfolio Manager
    • Project Managers
    • Resource Managers
    • Business Analysts

    Outcomes of this step

    • A definition of current and target state maturity levels for intake, prioritization, and resource management
    • Near-term and long-term process goals for intake, prioritization, and resource management
    • A high-level wireframe for your intake, prioritization, and resource management process steps

    Project intake, prioritization, and approval: Get projects with the highest value done first

    Give your organization the voice to say “no” (or “not yet”) to new projects.

    Questions

    • Who can request a project?
    • How do you request a project?
    • Who decides what to fund?
    • What is the target investment mix?
    • How will they decide?

    Benefits

    • Maximize value of time spent on project work by aligning projects with priorities and stakeholder needs.
    • Finish the projects you start by improving alignment of intake and prioritization with resource capacity.
    • Improve stakeholder satisfaction by managing expectations with consistent, streamlined processes.

    Challenges

    • Stakeholders who benefit from political or ad hoc prioritization processes will resist or circumvent formal intake processes.
    • Many organizations lack sufficient awareness of resource capacity necessary to align intake with availability.

    A graph highlighting the sweet spot of project intake decision making. The vertical axis is 'Rigor and Effort' increasing upward, and the horizontal axis is 'Quality and Effectiveness of Decisions' increasing to the right. The trend line starts at 'Gut Feel' with low 'Rigor and Effort', and gradually curves upward to 'Analysis Paralysis' at the top. A note with an arrow pointing to a midway point in the line reads 'The sweet spot changes between situations and types of decisions'.

    Info-Tech Insight

    This process aims to control the project demand. A balance between rigor and flexibility is critical in order to avoid the “analysis paralysis” as much as the “gut feel” approach.

    Funnel project requests into a triage system for project intake

    Info-Tech recommends following a four-step process for managing project intake.

    1. Requestor fills out form and submits the request into the funnel.
    2. Requests are triaged into the proper queue.
      1. Divert non-project request.
      2. Quickly assess value and urgency.
      3. Assign specialist to follow up on request.
      4. Inform the requestor.
    3. Business analyst starts to gather preliminary requirements.
      1. Follow up with sponsors to validate and define scope.
      2. Estimate size and determine project management rigor required.
      3. Start to develop an initial business case.
    4. Requestor is given realistic expectations for approval process.

    Info-Tech Best Practice

    An excess number of intake channels is the tell-tale sign of a project portfolio in distress. The PMO needs to exercise and enforce discipline on stakeholders. PMO should demand proper documentation and diligence from stakeholders before proceeding with requests.

    Maintain reliable resourcing data with a recurrent project intake, prioritization, and approval practice

    Info-Tech recommends following a five-step process for managing project intake, prioritization, and approval.

    A diagram of Info-Tech's five-step process for managing project intake. There are four groups that may be involved in any one step, they are laid out on the side as row headers that each step's columns may fall into, 'Resources', 'Business Analysts', 'PMO', and 'Governance Layer'. The first step is 'Collect project requests' which involves 'Resources'. Step 2 is 'Screen project requests' which involves 'Business Analysts' and 'PMO'. A part of the step that may be applicable to some organizations is 'Concept approval' involving 'Governance Layer'. Step 3 is 'Develop business case' which involves 'Business Analysts' and 'PMO'. A part of the step that may be applicable to some organizations is 'Get a project sponsor' involving 'Governance Layer'. Step 4 is 'Prioritize project' which involves 'Business Analysts' and 'PMO'. Step 5 is 'Approve (greenlight) project' which involves 'Business Analysts', 'PMO', and 'Governance Layer', with an attached note that reads 'Ensure that up-to-date project portfolio information is available (project status, resource forecast, etc.)'. All of these steps lead to 'Initiate project, commit resources, etc.'

    Info-Tech Insight

    “Approval” can be a dangerous word in project and portfolio management. Use it carefully. Clarify precisely what is being “approved” at each step in the process, what is required to pass each gate, and how long the process will take.

    Determine your project intake, prioritization, and approval process maturity

    Associated Activity icon 2.1.1a – 10 minutes

    INPUT: Organizational strategy and culture

    OUTPUT: Project intake, prioritization, and approval capability level

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Kick-off the discussion about the project intake, prioritization, and approval process by reading the capability level descriptions below and discussing which level currently applies to you the most.

    Capability Level Descriptions

    Capability Level 5: Optimized We have effective intake processes with right-sized administrative overhead. Work is continuously prioritized to keep up with emerging challenges and opportunities.
    Capability Level 4: Aligned We have very strong intake processes. Project approvals are based on business cases and aligned with future resource capacity.
    Capability Level 3: Engaged Processes are in place to track project requests and follow up on them. Priorities are periodically re-evaluated, based largely on the best judgment of one or several executives.
    Capability Level 2: Defined Some processes are in place, but there is no capacity to say no to new projects. There is a backlog, but little or no method for grooming it.
    Capability Level 1: Unmanaged Our organization has no formal intake processes in place. Most work is done reactively, with little ability to prioritize project work proactively.

    Benchmark the current project intake, prioritization, and approval process against strategy-aligned goals

    Associated Activity icon 2.1.1b – 1-2 hours

    INPUT: Documentation describing the current process (e.g. standard operating procedures), Process goals from activity 1.2.1

    OUTPUT: Retrospective review of current process

    Materials: 4x6” recipe cards, Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Conduct a table-top planning exercise to map out the process currently in place.

    1. Use white 4”x6” recipe cards to write unique steps of a process. Use the intake, prioritization, and approval process from the previous slides as a guide.
    2. Use green cards to write artifacts or deliverables that result from a step.
    3. Use pink cards to write issues, problems, or risks.
    4. Discuss how the process could better achieve the strategy-aligned goals from activity 1.2.1. Keep a list of possible changes in the form of a start-stop-continue retrospective (example below) on a whiteboard.
    Start Stop Continue
    • Simplify business cases
    • Send emails to requestor to manage expectations
    • Accept verbal project requests
    • Approve “pet projects”
    • Monthly prioritization meetings
    • Evaluate prioritization criteria

    Set near- and long-term action items for the project intake, prioritization, and approval process

    Associated Activity icon 2.1.1c – 30 minutes - 1 hour

    INPUT: Outcome of the retrospective review, Process goals and metrics from activity 1.2.1

    OUTPUT: Action items for evolving the process to a target state

    Materials: Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Analyze each item in the start-stop-continue retrospective to compile a set of near-term and long-term action items.

    The near-term plan should include steps that are within the authority of the PMO and do not require approval or investment outside of that authority. The long-term plan should include steps that may require a longer approval process, buy-in of external stakeholders, and the investment of time and money.
    Near-Term Action Items Long-Term Action Items
    For example:
    • Limit the number of channels available to request new projects.
    • Revise the intake form.
    • Establish a regular triage process.
    For example:
    • Establish a comprehensive scorecard and business case scoring process at the steering committee level.
    • Limit the rate of approval to be aligned with resource capacity.

    Review and customize slide 23, “Project intake, prioritization, and approval: action items,” in Info-Tech’s PPM Strategic Plan Template.

    Draft a high-level description of the intake, prioritization, and approval process at a target state

    Associated Activity icon 2.1.1d – 1-2 hours

    INPUT: Action items for evolving the process to a target state

    OUTPUT: High-level description of the process at the target state

    Materials: Whiteboard, PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    1. Break down the process into several tasks at a high level. Avoid getting into too much detail by limiting the number of steps.
    2. An example of high-level breakdown: project intake, prioritization, and approval
      Collect project requests –› Screen requests –› Develop business case –› Prioritize project –› Approve project

    3. Describe each task by answering the following questions. Document your response in the PPM Strategic Plan Template.
    4. Question

      Description

      Input What information do you need to perform the work?
      Output What artifacts/deliverables are produced as a result?
      Frequency/Timing How often, and when, will the work be performed?
      Responsibility Who will perform the work?
      Accountability Who will approve the work and assume the ownership of any decisions?

    5. Record the time cost of each process using the PPM Strategy Development Tool; see next slide for instructions.

    Use the PPM Strategy Development Tool to track the time cost of the process

    Supporting Tool icon 2.1.1 – PPM Strategy Development Tool, Tab 3: Costing Assumptions

    Record the time cost of each high-level process task from Activity 2.1.1d.

    Screenshot of tab 3 from Info-Tech's PPM Strategy Development Tool with notes overlaid. Columns are 'ID', 'Task Description', 'Who does the task?', a super-column titled 'Current State' which includes 'How many times per year?', 'How many people?', and 'For how long?', a super-column titled 'Near-Term Target State' with the same three sub columns, and a super-column titled 'Long-Term Target State' with the same three sub columns. Notes for 'Who does the task?' read 'Choose executive, management or resource' and 'If task is done by more than one party, duplicate the task'. Notes for the 3 recurring sub columns are 'Estimate how many times in a year the task is performed (e.g. 120 project requests per year)', 'Indicate the number of people needed to perform the task each time', 'Estimate the average work-hours for the task… either in minutes or in hours', 'If a task is not applicable to a state (e.g. currently PMO does not screen project requests), leave the row blank', and 'For meetings, remember to indicate the number of people'.

    Document the high-level description for the new intake, prioritization, and approval process

    Associated Activity icon 2.1.1e – 30 minutes - 1 hour

    INPUT: High-level description of the process at the target state

    OUTPUT: Updated PPM strategic plan

    Materials: Whiteboard, PPM Strategic Plan Template

    Participants: PMO Director/ Portfolio Manager

    Update your PPM strategic plan with the new high-level description for the new project intake, prioritization, and approval process. Depending on your current process capability level, you may wish to include additional information on your strategic document, for example:

    • Updated prioritization scorecard.
    • Roles and responsibility matrix, identifying consulted and informed parties.

    Info-Tech has a dedicated blueprint to help you develop the high-level process description into a fully operationalized process. Upon completion of this PPM strategy blueprint, speak to an Info-Tech account manager or analyst to get started.

    Read Info-Tech’s Optimize Project Intake, Prioritization, and Approval blueprint.

    Review and customize slide 24, “Project intake, prioritization, and approval: target state,” in Info-Tech’s PPM Strategic Plan Template.

    Clarity in project prioritization process leads to enterprise-wide buy-in

    CASE STUDY

    Industry: Public Administration
    Source: IAG / Info-Tech Interview

    Challenge

    "Our challenge from the start was to better understand the strategic perspective and priorities of our client departments.

    In addition, much of the work requested was not aligned to corporate goals and efforts, and seemed to be contradictory, redundant, and lacking strategic focus."

    Complicating this challenge was the fact that work requests were being received via all means of communication, which made the monitoring and controlling of requests more difficult.

    Solution

    Client departments were consulted to improve the understanding of their strategic goals and priorities. Based on the consultation:

    • A new, enterprise-wide project prioritization criteria was developed.
    • Priority of project requests from all business areas are evaluated on a quarterly basis.
    • A prioritized list of projects are made available to the senior leadership team.

    Results

    "By creating and implementing a tool for departments to prioritize strategic efforts, we helped them consider the important overall project criteria and measure them uniformly, across all anticipated projects. This set a standard of assessment, prioritization, and ranking, which helped departments clearly see which efforts were supportive and matched their strategic goals."

    Resource management process ensures that projects get the resources they need

    Reclaim project capacity: properly allocate project work and establish more stable project timelines.

    Questions

    • Who assigns the resources?
    • Who feeds the data on resources?
    • How do we make sure it’s valid?
    • How do we handle contingencies when projects are late, or if availability changes?

    Benefits

    • Ensure that approved projects can be completed by aligning intake with real project capacity.
    • Reduce over-allocation of resources by allocating based on their proportion of project vs. non-project work.
    • Forecast future resource requirements by maintaining accurate resource capacity data.

    Challenges

    • Time tracking can be difficult when project workers balance project work with “keep the lights on” activities and other administrative work.
    • Continuous partial attention, interruptions, and distractions are a part of today’s reality that makes it very difficult to maximize productivity.
    A see-saw balancing 'Resource availability' on one side and 'Ongoing projects, Operational work, Administrative work, and Resource absence' on the other side.

    Maintain reliable resourcing data with a recurrent resource management practice

    Info-Tech recommends following a five-step process for resource management.

    A diagram of Info-Tech's five-step process for resource management. There are five groups that may be involved in any one step, they are laid out on the side as row headers that each step's columns may fall into, 'Resources', 'Resource Managers', 'Project Managers', 'PMO', and 'Governance Layer'. The first step is 'Collect resource availability' which involves 'Resources' and 'Resource Managers'. Step 2 is 'Collect resource demand' which involves 'Resource Managers', 'Project Managers' and 'PMO'. Step 3 is 'Identify need for reconciliation' which involves 'PMO'. Step 4 is 'Resolve conflicts and smoothen resource allocations' which involves 'Resource Managers', 'Project Managers' and 'PMO'. Step 5 is 'Report resource allocations and forecast' which involves all groups, with an attached note that reads 'Ensure that up-to-date information is available for project approval, portfolio reporting, closure, etc.'

    Info-Tech Insight

    This process aims to control the resource supply to meet the demand – project and non-project alike. Coordinate this process with the intake, approval, and prioritization process.

    Determine your resource management process capability level

    Associated Activity icon 2.1.2a – 10 minutes

    INPUT: Organizational strategy and culture

    OUTPUT: Resource management capability level

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Kick-off the discussion about the resource management process by reading the capability level descriptions below and discussing which level currently applies to you the most.

    Capability Level Descriptions

    Capability Level 5: OptimizedOur organization has an accurate picture of project versus non-project work loads and allocates resources accordingly. We periodically reclaim lost capacity through organizational and behavioral change.
    Capability Level 4: AlignedWe have an accurate picture of how much time is spent on project versus non-project work. We allocate resources to these projects accordingly. We are checking in on project progress bi-weekly.
    Capability Level 3: PixelatedWe are allocating resources to projects and tracking progress monthly. We have a rough estimate of how much time is spent on project versus non-project work.
    Capability Level 2: OpaqueWe match resources teams to projects and check in annually, but we do not forecast future resource needs or track project versus non-project work.
    Capability Level 1: UnmanagedOur organization expects projects to be finished, but there is no process in place for allocating resources or tracking project progress.

    Benchmark the current resource management process against strategy-aligned goals

    Associated Activity icon 2.1.2b – 1-2 hours

    INPUT: Documentation describing the current process (e.g. standard operating procedures), Process goals from activity 1.2.1

    OUTPUT: Retrospective review of current process

    Materials: 4x6” recipe cards, Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Conduct a table-top planning exercise to map out the process currently in place.

    1. Use white 4”x6” recipe cards to write unique steps of a process. Use the resource management process from the previous slides as a guide.
    2. Use green cards to write artifacts or deliverables that result from a step.
    3. Use pink cards to write issues, problems, or risks.
    4. Discuss how the process could better achieve the strategy-aligned goals from activity 1.2.1. Keep a list of possible changes in the form of a start-stop-continue retrospective (example below) on a whiteboard.
    Start Stop Continue
    • Collect project actuals
    • Make enhancements to the PPM tool in use
    • Over allocating resources
    • “Around the room” reporting at monthly meeting
    • Send project updates before resource management meetings

    Set near- and long-term action items for the resource management process

    Associated Activity icon 2.1.2c – 30 minutes - 1 hour

    INPUT: Outcome of the retrospective review, Process goals and metrics from activity 1.2.1

    OUTPUT: Action items for evolving the process to a target state

    Materials: Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Analyze each item in the start-stop-continue retrospective to compile a set of near-term and long-term action items.

    The near-term plan should include steps that are within the authority of the PMO and do not require approval or investment outside of that authority. The long-term plan should include steps that may require a longer approval process, buy-in of external stakeholders, and the investment of time and money.
    Near-Term Action Items Long-Term Action Items
    For example:
    • Determine the percentage of project vs. non-project work through implementation of a weekly survey.
    For example:
    • Reduce resource waste to 6%.
    • Forecast resource requirements monthly.
    • Implement a mid-market PPM tool.

    Review and customize slide 26, “Resource management: action items,” in Info-Tech’s PPM Strategic Plan Template.

    Draft a high-level description of the resource management process at a target state

    Associated Activity icon 2.1.2d – 1-2 hours

    INPUT: Action items for evolving the process to a target state

    OUTPUT: High-level description of the process at the target state

    Materials: Whiteboard, PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    1. Break down the process into several tasks at a high level. Avoid getting into too much detail by limiting the number of steps.
    2. An example of high-level breakdown: resource management
      Collect resource availability –› Collect resource demand –› Identify need for reconciliation –› Resolve conflicts and over-allocation –› Update resource forecast


    3. Describe each task by answering the following questions. Document your response in the PPM Strategic Plan Template.
    4. Question

      Description

      Input What information do you need to perform the work?
      Output What artifacts/deliverables are produced as a result?
      Frequency/Timing How often, and when, will the work be performed?
      Responsibility Who will perform the work?
      Accountability Who will approve the work and assume the ownership of any decisions?


    5. Record the time cost of each process using the PPM Strategy Development Tool.

    Document the high-level description for the new resource management process

    Associated Activity icon 2.1.2e – 30 minutes - 1 hour

    INPUT: High-level description of the process at the target state

    OUTPUT: Updated PPM strategic plan

    Materials: PPM Strategic Plan Template

    Participants: PMO Director/ Portfolio Manager

    Update your PPM strategic plan with the new high-level description for the new resource management process. Depending on your current process capability level, you may wish to include additional information on your strategic plan, for example:

    • Resource management meeting agenda template
    • Roles and responsibility matrix, identifying consulted and informed parties

    Info-Tech has a dedicated blueprint to help you develop the high-level process description into a fully operationalized process. Upon completion of this PPM strategy blueprint, speak to an Info-Tech account manager or analyst to get started.

    Read Info-Tech’s Develop a Resource Management for the New Reality blueprint.

    Review and customize slide 27, “Resource management: target state,” in Info-Tech’s PPM Strategic Plan Template.

    Step 2.2: Develop and refine portfolio reporting, project closure, and benefits realization processes

    PHASE 1

    PHASE 2

    PHASE 3

    1.11.22.12.23.13.2
    Choose the right PPM strategyTranslate strategy into process goalsDefine intake & resource mgmt. processesDefine reporting, closure, & benefits mgmt. processesSelect a right-sized PPM solutionFinalize your PPM strategic plan

    This step will walk you through the following activities:

    • Determine your process maturity.
    • Benchmark current processes against strategy-aligned goals.
    • Set near- and long-term action items.
    • Draft a high-level description of your target state.
    • Document your new processes.

    This step involves the following participants:

    • PMO Director/Portfolio Manager
    • Project Managers
    • Business Analysts

    Outcomes of this step

    • A definition of current and target state maturity levels for portfolio reporting, project closure, and benefits realization
    • Near-term and long-term process goals for portfolio reporting, project closure, and benefits realization
    • A high-level wireframe for your portfolio reporting, project closure, and benefits realization process steps

    Portfolio reporting process makes trustworthy data accessible for informing decisions

    Giving stakeholders the ability to make informed decisions is the most important function of managing the project portfolio.

    Questions

    • What project information should be reported?
    • Who reports on project status?
    • When and how do we report on the status of the project portfolio?

    Benefits

    • Reporting is the linchpin of any successful PPM strategy.
    • Timely and accurate status reports enable decision makers to address issues risks and issues before they create bigger problems.
    • Executive visibility can be achieved with or without a commercial tool using spreadsheets, a content management system such as SharePoint, or a combination of tools you already have.

    Challenges

    • Trying to increase detailed visibility too fast leads to difficulty gathering and maintaining data. As a result, reporting is rarely accurate and people quickly lose trust in the portfolio.
    • If you are planning to adopt a commercial tool, Info-Tech strongly recommends validating your organization’s ability to maintain a consistent reporting process using simple tools before investing in a more sophisticated system.

    Info-Tech Insight

    If you can only do one thing, establish frequently current reporting on project status. Reporting doesn’t have to be detailed or precise, as long as it’s accurate.

    Maintain reliable portfolio status data with a recurrent status and progress reporting practice

    Info-Tech recommends following a four-step process for portfolio status and progress reporting.

    A diagram of Info-Tech's four-step process for portfolio status and progress reporting. There are four groups that may be involved in any one step, they are laid out on the side as row headers that each step's columns may fall into, 'Resources', 'Project Managers', 'PMO', and 'Governance Layer'. The first step is 'Create project status reports' which involves 'Resources' and 'Project Managers'. Step 2 is 'Create a project portfolio status report' which involves 'Project Managers' and 'PMO', with a note that reads 'Ensure that up-to-date information is available for project approval, resource management, closure, etc.' Step 3 is 'Report on project portfolio status' which involves 'PMO' and 'Governance layer'. Step 4 is 'Act on portfolio steering decisions' which involves 'Resources', 'Project Managers' and 'PMO'.

    Start by establishing a regular reporting cadence with lightweight project status KPIs:

    Red Issue or risk that requires intervention For projects that are red or yellow, high-level status reports should be elaborated on with additional comments on budget, estimated hours/days until completion, etc.
    Yellow Issue or risk that stakeholders should be aware of
    Green No significant risks or issues

    Determine your resource management process capability level

    Associated Activity icon 2.2.1a – 10 minutes

    INPUT: Organizational strategy and culture

    OUTPUT: Portfolio reporting capability level

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers

    Kick-off the discussion about the portfolio reporting process by reading the capability level descriptions below and discussing which level currently applies to you the most.

    Capability Level Descriptions

    Capability Level 5: OptimizedWith the right tools, we can ensure that all projects are planned and maintained at a detailed task level with high-quality estimates, and that actual task progress is updated at least weekly.
    Capability Level 4: AlignedWe have the skills, knowledge, and resources needed to prepare a detailed cost-benefit analysis for all proposed projects. We track the progress throughout project execution.
    Capability Level 3: InterventionWith the right tools, we can ensure that project issues and risks are identified and addressed on a regular basis (e.g. at least monthly) for all projects.
    Capability Level 2: OversightWith the right tools, we can ensure that project status updates are revised on a regular basis (e.g. at least monthly) for all ongoing projects.
    Capability Level 1: ReactiveProject managers escalate issues directly with their direct supervisor or project sponsor because there is no formal PPM practice.

    Benchmark the current portfolio reporting process against strategy-aligned goals

    Associated Activity icon 2.2.1b – 1-2 hours

    INPUT: Documentation describing the current process (e.g. standard operating procedures), Process goals from activity 1.2.1

    OUTPUT: Retrospective review of current process

    Materials: 4x6” recipe cards, Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers

    Conduct a table-top planning exercise to map out the process currently in place.

    1. Use white 4”x6” recipe cards to write unique steps of a process. Use the portfolio reporting process from the previous slides as a guide.
    2. Use green cards to write artifacts or deliverables that result from a step.
    3. Use pink cards to write issues, problems, or risks.
    4. Discuss how the process could better achieve the strategy-aligned goals from activity 1.2.1. Keep a list of possible changes in the form of a start-stop-continue retrospective (example below) on a whiteboard.
    Start Stop Continue
    • Report on lightweight KPIs
    • Standardize the status reports
    • Project managers waiting too long before declaring a red status
    • Produce weekly project portfolio-wide report for senior leadership

    Set near- and long-term action items for the portfolio reporting process

    Associated Activity icon 2.2.1c – 30 minutes - 1 hour

    INPUT: Outcome of the retrospective review, Process goals and metrics from activity 1.2.1

    OUTPUT: Action items for evolving the process to a target state

    Materials: Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers

    Analyze each item in the start-stop-continue retrospective to compile a set of near-term and long-term action items.

    The near-term plan should include steps that are within the authority of the PMO and do not require approval or investment outside of that authority. The long-term plan should include steps that may require a longer approval process, buy-in of external stakeholders, and the investment of time and money.
    Near-Term Action Items Long-Term Action Items
    For example:
    • Establish a reporting process that can be consistently maintained using lightweight KPIs.
    • Provide a simple dashboard that stakeholders can use to see their project status reports at a high level.
    For example:
    • Adopt a commercial tool for maintaining consistent status reports.
    • Support the tool with training and a mandate of adoption among all users.

    Review and customize slide 29, “Portfolio reporting: action items,” in Info-Tech’s PPM Strategic Plan Template.

    Draft a high-level description of the portfolio reporting process at a target state

    Associated Activity icon 2.2.1d – 1-2 hours

    INPUT: Action items for evolving the process to a target state

    OUTPUT: High-level description of the process at the target state

    Materials: Whiteboard, PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers

    1. Break down the process into several tasks at a high level. Avoid getting into too much detail by limiting the number of steps.
    2. An example of high-level breakdown: portfolio reporting
      Create project status reports –› Create a project portfolio status report –› Report on project portfolio status –› Act on portfolio steering decisions


    3. Describe each task by answering the following questions. Document your response in the PPM Strategic Plan Template.
    4. Question

      Description

      InputWhat information do you need to perform the work?
      OutputWhat artifacts/deliverables are produced as a result?
      Frequency/TimingHow often, and when, will the work be performed?
      ResponsibilityWho will perform the work?
      AccountabilityWho will approve the work and assume the ownership of any decisions?

    5. Record the time cost of each process using the PPM Strategy Development Tool.

    Document the high-level description for the new portfolio reporting process

    Associated Activity icon 2.2.1e – 30 minutes - 1 hour

    INPUT: High-level description of the process at the target state

    OUTPUT: Updated PPM strategic plan

    Materials: PPM Strategic Plan Template

    Participants: PMO Director/ Portfolio Manager

    Update your PPM strategic plan with the new high-level description for the new portfolio reporting process. Depending on your current process capability level, you may wish to include additional information on your strategic plan, for example:

    • Updated project status report template with new KPIs.
    • Documentation of requirements for improved PPM dashboards and reports.

    Info-Tech has a dedicated blueprint to help you develop the high-level process description into a fully operationalized process. Upon completion of this PPM strategy blueprint, speak to an Info-Tech account manager or analyst to get started.

    Read Info-Tech’s Enhance PPM Dashboards and Reports blueprint.

    Review and customize slide 30, “Portfolio reporting: target state,” in Info-Tech’s PPM Strategic Plan Template.

    Streamlined status reporting improves portfolio visibility for executives, enabling data-driven steering of the portfolio

    CASE STUDY

    Industry: Public Administration
    Source: IAG / Info-Tech Interview

    Challenge

    The client had no effective real-time reporting in place to summarize their work efforts. In addition, the client struggled with managing existing resources against the ability to deliver on the requested project workload.

    Existing project reporting processes were manually intensive and lacked mature reporting capabilities.

    Solution

    Through a short and effective engagement, IAG conducted surveys and facilitated interviews to identify the information needed by each stakeholder. From this analysis and industry best practices, IAG developed scorecards, dashboards, and project summary reports tailored to the needs of each stakeholder group. This integrated reporting tool was then made available on a central portal for PPM stakeholders.

    Results

    Stakeholders can access project scorecard and dashboard reports that are available at any given time.

    Resource reporting enabled the PMO to better balance client demand with available project capacity and forecast any upcoming deficiencies in resourcing that affect project delivery.

    Project closure at the portfolio level controls throughput and responsiveness of the portfolio

    Take control over projects that linger on, projects that don’t provide value, and projects that do not align with changing organizational priority.

    Questions

    • Who declares that a project is done?
    • Who validates it?
    • Who is this reported to?
    • Who terminates low-value projects?
    • How will they decide that a project is too low value to continue?

    Benefits

    • Minimize post-implementation problems by ensuring clean handoffs, with clear responsibilities for ongoing support and maintenance.
    • Drive continuous improvement by capturing and applying lessons learned.
    • Increase the project portfolio’s responsiveness to change by responding to emerging opportunities and challenges.

    Challenges

    • Completion criteria and “definition of done” need to be well defined and done so at project initiation.
    • Scope changes need to be managed and documented throughout the project.
    • Portfolio responsiveness requires deep cultural changes that will be met with confusion and resistance from some stakeholders.

    Info-Tech Insight

    Although “change in organizational priority” is the most frequently cited cause of project failure (PMI Pulse of Profession, 2017), closing projects that don’t align with organizational priority ought to be a key PPM goal. Therefore, don’t think of it as project failure; instead, think of it as PPM success.

    Maintain the health of the project portfolio with a repeatable project closure process

    Info-Tech recommends following a four-step process for project closure.

    A diagram of Info-Tech's four-step process for project closure. There are five groups that may be involved in any one step, they are laid out on the side as row headers that each step's columns may fall into, 'Resources', 'Resource Managers', 'Project Managers', 'PMO', and 'Governance Layer'. The first steps are 'Complete project' which involves 'Project Managers', and 'Terminate low value projects' which involves 'PMO' and 'Governance layer'. Step 2 is 'Validate project closure' which involves 'Project Managers' and 'PMO', with a note that reads 'This includes facilitating the project sponsor sign-off, accepting and archiving lessons learned documents, etc.' The third steps are 'Conduct post-project work' which involves 'Project Managers' and 'PMO', and 'Update resource availability' which includes 'Resource Managers'. Step 4 is 'Conduct post-implementation review' which involves all groups.

    Info-Tech Best Practice

    Post-implementation review checks which benefits (including those set out in the business case) have been achieved and identifies opportunities for further improvement. Without it, it can be difficult to demonstrate that investment in a project was worthwhile.

    Determine your project closure process capability level

    Associated Activity icon 2.2.2a – 10 minutes

    INPUT: Organizational strategy and culture

    OUTPUT: Project closure capability level

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Business Analysts

    Kick-off the discussion about the project closure process by reading the capability level descriptions below and discussing which level currently applies to you the most.

    Capability Level Descriptions

    Capability Level 5: OptimizedProject closure is centrally managed and supports post-project benefits tracking.
    Capability Level 4: AlignedProject closure is centrally managed at the portfolio level to ensure completion/acceptance criteria are satisfied.
    Capability Level 3: EngagedProject closure is confirmed at the portfolio level, but with minimal enforcement of satisfaction of completion/acceptance criteria.
    Capability Level 2: EncouragedProject managers often follow handoff and closure procedures, but project closure is not confirmed or governed at the portfolio level.
    Capability Level 1: UnmanagedProject closure is not governed at either the project or portfolio level.

    Benchmark the current project closure process against strategy-aligned goals

    Associated Activity icon 2.2.2b – 1-2 hours

    INPUT: Documentation describing the current process (e.g. standard operating procedures), Process goals from activity 1.2.1

    OUTPUT: Retrospective review of current process

    Materials: 4x6” recipe cards, Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Business Analysts

    Conduct a table-top planning exercise to map out the process currently in place.

    1. Use white 4”x6” recipe cards to write unique steps of a process. Use the project closure process from the previous slides as a guide.
    2. Use green cards to write artifacts or deliverables that result from a step.
    3. Use pink cards to write issues, problems, or risks.
    4. Discuss how the process could better achieve the strategy-aligned goals from activity 1.2.1. Keep a list of possible changes in the form of a start-stop-continue retrospective (example below) on a whiteboard.
    Start Stop Continue
    • Conduct reprioritization of projects at a regular cadence
    • Prune projects every year
    • Waive post-implementation review for time-constrained projects
    • Collect project post-mortem reports and curate in PMO SharePoint

    Set near- and long-term action items for the project closure process

    Associated Activity icon 2.2.2c – 30 minutes - 1 hour

    INPUT: Outcome of the retrospective review, Process goals and metrics from activity 1.2.1

    OUTPUT: Action items for evolving the process to a target state

    Materials: Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Analyze each item in the start-stop-continue retrospective to compile a set of near-term and long-term action items.

    The near-term plan should include steps that are within the authority of the PMO and do not require approval or investment outside of that authority. The long-term plan should include steps that may require a longer approval process, buy-in of external stakeholders, and the investment of time and money.
    Near-Term Action Items Long-Term Action Items
    For example:
    • Begin establishing project closure criteria in the project initiation process.
    • Manage and document scope changes throughout the project.
    For example:
    • Institute a formal process to ensure that all projects are closed at the portfolio level and properly handed off to support and maintenance teams.

    Review and customize slide 32, “Project closure: action items,” in Info-Tech’s PPM Strategic Plan Template.

    Draft a high-level description of the project closure process at a target state

    Associated Activity icon 2.2.2d – 1-2 hours

    INPUT: Action items for evolving the process to a target state

    OUTPUT: High-level description of the process at the target state

    Materials: Whiteboard, PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    1. Break down the process into several tasks at a high level. Avoid getting into too much detail by limiting the number of steps.
    2. An example of high-level breakdown: project closure
      Complete or terminate projects –› Validate project closure –› Conduct post-project work –› Conduct post-implementation review


    3. Describe each task by answering the following questions. Document your response in the PPM Strategic Plan Template.
    4. Question

      Description

      Input What information do you need to perform the work?
      Output What artifacts/deliverables are produced as a result?
      Frequency/Timing How often, and when, will the work be performed?
      Responsibility Who will perform the work?
      Accountability Who will approve the work and assume the ownership of any decisions?


    5. Record the time cost of each process using the PPM Strategy Development Tool.

    Document the high-level description for the new project closure process

    Associated Activity icon 2.2.2e – 30 minutes - 1 hour

    INPUT: High-level description of the process at the target state

    OUTPUT: Updated PPM strategic plan

    Materials: PPM Strategic Plan Template

    Participants: PMO Director/ Portfolio Manager

    Update your PPM strategic plan with the new high-level description for the new project closure process. Depending on your current process capability level, you may wish to include additional information on your strategic plan, for example:

    • Updated project closure checklist.
    • Project value review meeting process document.
    • Post-implementation review process document.

    Info-Tech has several research notes that elaborate on aspects of project closure. Upon completion of this PPM strategy blueprint, speak to an Info-Tech account manager or analyst to get started.

    Read Info-Tech’s research notes on project closure:

    • The Importance of Conducting a Post Implementation Review
    • Five Key Steps to Mastering Project Closure
    • ‘Governance’ Will Kill Your Projects

    Review and customize slide 33, “Project closure: target state,” in Info-Tech’s PPM Strategic Plan Template.

    Validate the time and effort spent on projects with a benefits realization process

    Maximizing benefits from projects is the primary goal of PPM. Tracking and reporting on benefits post-project closes the loop on benefits.

    Questions

    • How do validate the project benefits from the original business case?
    • How do we track the benefits?
    • Who reports it? When?

    Benefits

    • Maximize benefits realization by identifying and addressing unforeseen issues or limitations to success.
    • Improve project approval and prioritization by improving validity of the business case definition process.

    Challenges

    • Project sponsors need to be willing to invest time – months and years post-project completion – to validate benefits realization.
    • Portfolio management needs to proactively work with sponsors to facilitate benefits tracking.
    • Business cases need to be well developed and documented to reflect real anticipated benefits.

    Too many projects fail to achieve the originally proposed benefits, and too few organizations are able to identify and address the root causes of those shortfalls.

    Info-Tech Insight

    In reality, benefits realization process extends across the entire project life cycle: during intake, during the execution of the project, and after project completion. Be mindful of this extended scope when you discuss benefits realization in the following activity.

    Keep project benefits front and center with a repeatable benefits realization process

    Info-Tech recommends following a four-step process for benefits realization.

    A diagram of Info-Tech's four-step process for benefits realization. There are four groups that may be involved in any one step, they are laid out on the side as row headers that each step's columns may fall into, 'Business Analysts', 'Project Managers', 'PMO', and 'Governance Layer'. The first step is 'Quantify and validate benefits in business case' which happens 'Before Project' and involves 'Business Analysts' and 'Project Managers'. Step 2 is 'Update projected project benefits' which happens 'During Project' and involves 'Project Managers' and 'PMO'. Step 3 is 'Hand-off benefits realization ownership' which happens at the end of project and involves 'Project Managers', 'PMO' and 'Governance layer'. Step 4 is 'Monitor and report on benefits' which happens 'After Project' and involves 'PMO' and 'Governance layer'.

    Info-Tech Insight

    At the heart of benefits realization is accountability: who is held accountable for projects that don’t realize the benefits and how? Without the buy-in from the entire executive layer team, addressing this issue is very difficult.

    Determine your benefits realization process capability level

    Associated Activity icon 2.2.3a – 10 minutes

    INPUT: Organizational strategy and culture

    OUTPUT: benefits realization capability level

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Kick-off the discussion about the benefits realization process by reading the capability level descriptions below and discussing which level currently applies to you the most.

    Capability Level Descriptions

    Capability Level 5: OptimizedProject sponsors and key stakeholders are accountable for stated project benefits before, during and after the project. There is a process to maximize the realization of project benefits.
    Capability Level 4: AlignedProject benefits are forecasted and taken into account for approval, updated when changes are made to the project, and monitored/reported after projects are completed.
    Capability Level 3: EngagedProject benefits are forecasted and taken into account for approval, and there is a loosely defined process to report on benefits realization.
    Capability Level 2: DefinedProject benefits are forecasted and taken into account for approval, but there is no process to monitor whether the said benefits are realized.
    Capability Level 1: UnmanagedProjects are approved and initiated without discussing benefits.

    Benchmark the current benefits realization process against strategy-aligned goals

    Associated Activity icon 2.2.3b – 1-2 hours

    INPUT: Documentation describing the current process (e.g. standard operating procedures), Process goals from activity 1.2.1

    OUTPUT: Retrospective review of current process

    Materials: 4x6” recipe cards, Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Conduct a table-top planning exercise to map out the process currently in place.

    1. Use white 4”x6” recipe cards to write unique steps of a process. Use the benefits realization process from the previous slides as a guide.
    2. Use green cards to write artifacts or deliverables that result from a step.
    3. Use pink cards to write issues, problems, or risks.
    4. Discuss how the process could better achieve the strategy-aligned goals from activity 1.2.1. Keep a list of possible changes in the form of a start-stop-continue retrospective (example below) on a whiteboard.
    StartStopContinue
    • Require “hard monetary value” in business benefits
    • Send project updates before resource management meetings

    Set near- and long-term action items for the benefits realization process

    Associated Activity icon 2.2.3c – 30 minutes - 1 hour

    INPUT: Outcome of the retrospective review, Process goals and metrics from activity 1.2.1

    OUTPUT: Action items for evolving the process to a target state

    Materials: Whiteboard

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Analyze each item in the start-stop-continue retrospective to compile a set of near-term and long-term action items.

    The near-term plan should include steps that are within the authority of the PMO and do not require approval or investment outside of that authority. The long-term plan should include steps that may require a longer approval process, buy-in of external stakeholders, and the investment of time and money.
    Near-Term Action Items Long-Term Action Items
    For example:
    • Create an “orientation for project sponsors” document.
    • Encourage project managers to re-validate project benefits on an ongoing basis and report any deviation.
    For example:
    • Recruit the finance department’s help in benefits tracking.
    • Require Finance’s sign-off on project benefits in business cases during intake.

    Review and customize slide 35, “Benefits realization: action items,” in Info-Tech’s PPM Strategic Plan Template.

    Draft a high-level description of the benefits realization process at a target state

    Associated Activity icon 2.2.3d – 1-2 hours

    INPUT: Action items for evolving the process to a target state

    OUTPUT: High-level description of the process at the target state

    Materials: Whiteboard, PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    1. Break down the process into several tasks at a high level. Avoid getting into too much detail by limiting the number of steps.
    2. An example of high-level breakdown: benefits realization
      Validate benefits in business case –› Update project benefits during execution –› Hand-off benefits ownership –› Monitor and report on benefits


    3. Describe each task by answering the following questions. Document your response in the PPM Strategic Plan Template.
    4. Question

      Description

      InputWhat information do you need to perform the work?
      OutputWhat artifacts/deliverables are produced as a result?
      Frequency/TimingHow often, and when, will the work be performed?
      ResponsibilityWho will perform the work?
      AccountabilityWho will approve the work and assume the ownership of any decisions?

    5. Record the time cost of each process using the PPM Strategy Development Tool.

    Document the high-level description for the new benefits realization process

    Associated Activity icon 2.2.3e – 30 minutes - 1 hour

    INPUT: High-level description of the process at the target state

    OUTPUT: Updated PPM strategic plan

    Materials: PPM Strategic Plan Template

    Participants: PMO Director/ Portfolio Manager

    Update your PPM strategic plan with the new high-level description for the new benefits realization process. Depending on your current process capability level, you may wish to include additional information on your strategic plan, for example:

    • Updated business plan templates.
    • Communication plan for project sponsors.

    Info-Tech has a dedicated blueprint to help you develop the high-level process description into a fully operationalized process. Upon completion of this PPM strategy blueprint, speak to an Info-Tech account manager or analyst to get started.

    Read Info-Tech’s Establish the Benefits Realization Process blueprint.

    Review and customize slide 36, “Benefits realization: target state,” in Info-Tech’s PPM Strategic Plan Template.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Barry Cousins.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of activity 2.1.1 'Align your project intake, prioritization, and approval process to the PPM strategy'. Align your project intake, prioritization, and approval process to the PPM strategy

    Examine the process at the current state and develop an action plan to improve it, with a high-level description of the process at a target state and its overhead costs. The outcome of this activity feeds into the overall PPM strategic plan.

    Sample of activity 2.1.2 'Align your resource management process to the PPM strategy'. Align your resource management process to the PPM strategy

    Examine the process at the current state and develop an action plan to improve it, with a high-level description of the process at a target state and its overhead costs. The outcome of this activity feeds into the overall PPM strategic plan.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Sample of activity 2.2.1 'Align your portfolio reporting process to the PPM strategy'.Align your portfolio reporting process to the PPM strategy

    Examine the process at the current state and develop an action plan to improve it, with a high-level description of the process at a target state and its overhead costs. The outcome of this activity feeds into the overall PPM strategic plan.

    Sample of activity 2.2.2 'Align your project closure process to the PPM strategy'.Align your project closure process to the PPM strategy

    Examine the process at the current state and develop an action plan to improve it, with a high-level description of the process at a target state and its overhead costs. The outcome of this activity feeds into the overall PPM strategic plan.

    Sample of activity 2.2.3 'Align your benefits realization process to the PPM strategy'.Align your benefits realization process to the PPM strategy

    Examine the process at the current state and develop an action plan to improve it, with a high-level description of the process at a target state and its overhead costs. The outcome of this activity feeds into the overall PPM strategic plan.

    Develop a Project Portfolio Management Strategy

    PHASE 3

    Complete Your PPM Strategic Plan

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Complete your PPM strategic plan

    Proposed Time to Completion: 2 weeks
    Step 3.1: Select a right-sized PPM solutionStep 3.2: Finalize your PPM Strategic Plan Template
    Work with an analyst to:
    • Assess your PPM tool requirements to help support your processes.
    Review findings with analyst:
    • Determine the costs and potential benefits of your PPM strategy.
    Then complete these activities…
    • Determine the functionality requirements of the PPM solution.
    • Estimate your PPM tool budget.
    • Review the tool assessment.
    Then complete these activities…
    • Estimate the total cost-in-use of managing the project portfolio.
    • Estimate the benefits of the PPM strategy.
    • Refine and consolidate the near-term action items into a cohesive implementation plan.
    With these tools & templates:
    • PPM Strategy Development Tool
    With these tools & templates:
    • PPM Strategy Development Tool
    • PPM Strategic Plan Template

    Phase 3 Insight:

    • Approach PPM as an evolving discipline that requires adaptability and long-term organizational change. Near-term process improvements should create stakeholder desire for better portfolio visibility and agility over the long term.

    Step 3.1: Select a right-sized PPM solution for supporting your new processes

    PHASE 1

    PHASE 2

    PHASE 3

    1.11.22.12.23.13.2
    Choose the right PPM strategyTranslate strategy into process goalsDefine intake & resource mgmt. processesDefine reporting, closure, & benefits mgmt. processesSelect a right-sized PPM solutionFinalize your PPM strategic plan

    This step will walk you through the following activities:

    • Determine the functionality requirements of a PPM solution in the near and long terms.
    • Estimate your PPM tool budget.
    • Review tool assessment.

    This step involves the following participants:

    • CIO
    • PMO Director/ Portfolio Manager
    • Project Managers
    • IT Managers

    Outcomes of this step

    • List of functional requirements for a PPM solution
    • An estimate budget and cost for supporting a PPM tool in the near and long terms
    • PPM tool requirements for the near and long terms

    Right-size your PPM solution/tool to fit your PPM processes

    Avoid a common pitfall: the disconnect between PPM processes and PPM tools.

    PPM tools act as both a receptacle for portfolio data generated by your processes and a source of portfolio data to drive your processes forward. Therefore, choosing a suitable PPM tool is critical to the success of your PPM strategy:

    • PPM tool inputs must match the type, level of detail, and amount of portfolio data generated by your PPM processes.
    • PPM tool outputs must be useful, insightful, easy to access, and easy to understand for people who engage in your PPM processes.

    User adoption is an often cited cause of failed PPM tool implementation:

    "The biggest problem is getting the team to work with the tool. We need to make sure that we’re not wasting time delving too far down into the tool, yet putting enough information to get useful information back." (IT Director, Financial Services)

    This final step of the blueprint will discuss the choice of PPM tools to ensure the success of PPM strategy by avoiding the process-tool disconnect.

    Common pitfalls for PPM tools

    • Purchasing and implementing a PPM tool before the process is defined and accepted.
    • Poor expectation setting: inability of tools to perform the necessary analysis.
    • Underleveraged: low user/process adoption.
    • Poor integration with the corporate finance function.
    • (WGroup, 2017)

    Leverage PPM tools to get the information you need

    An optimized PPM solution is the vehicle that provides decision makers with four key pieces of information they require when making decisions for your project portfolio:

    • Historical Insight – inform decision makers about how much time and resources have been spent to date, and benchmark the accuracy of prior project estimates and resource allocations.
    • Forecasting – provide a trustworthy estimate of demand on resources and current projects.
    • Portfolio Analytics – analyze portfolio data and generate easy-to-consume reports that provide answers to questions such as:
      • How big is our overall portfolio?
      • How much money/resource time is available?
      • How efficiently are we using our resources?
    • Project Visibility – provide a trustworthy report on the status of current projects and the resources working on them.

    Info-Tech Insight

    Without the proper information, decision makers are driving blind and are forced to make gut feel decisions as opposed to data-informed decisions. Implement a PPM solution to allocate projects properly and ensure time and money don’t vanish without being accounted for.

    Commercial PPM tools have more functionality but are more costly, complex, and difficult to adopt

    • Granular timesheet management
    • Workflow and team collaboration
    • Robust data and application integration
    • Advanced what-if planning
    • Mobile usability
    A map comparing commercial PPM tools by 'Functionality', 'Cost', and 'Difficulty to implement/adopt'. 'Functionality' and 'Difficulty to implement/adopt' share an axis and can be assumed to have a linear relationship. 'Spreadsheets' are low functionality and low cost. 'Google Sites' are low to middling functionality and low cost. 'SharePoint' is middling functionality with a slightly higher cost. The next three start at middling cost and above-average functionality and trend higher in both categories: 'Commercial Entry-Level PPM', 'Commercial Mid-Market PPM', and 'Commercial Enterprise PPM'.
    • Business case scoring and prioritization
    • Multi-user reporting and request portal
    • High-level resource management
    • Project status, cost, and risk tracking

    "Price tags [for PPM tools] vary considerably. Expensive products don't always provide more capability. Inexpensive products are generally low cost for good reason." (Merkhofer)

    Your PPM tool options are not limited to commercial offerings

    Despite the rapid growth in the commercial PPM tool market today, homegrown approaches like spreadsheets and intranet sites continue to be used as PPM tools.

    Kinds of PPM solutions used by Info-Tech clients

    A pie chart visualizing the kinds of PPM solutions that are used by Info-Tech clients. There are three sections, the largest of which is 'Spreadsheet-based, 46%', then 'Commercial, 33%', then 'No solution, 21%'. (Source: Info-Tech Research Group (2016), N=433)

    Category

    Characteristics

    PPM maturity

    Enterprise tool
    • Higher professional services requirements for enterprise deployment
    • Larger reference customers
    High
    Mid-market tool
    • Lower expectation of professional services engaged in initial deployment contract
    • Fewer globally recognizable reference clients
    • Faster deployments
    High
    Entry-level tool
    • Lower cost than mid-market & enterprise PPM tools
    • Limited configurability, reporting, and resource management functionalities
    • Compelling solutions to the organizations that wants to get a fast start to a trial deployment
    Intermediate
    Spreadsheet based
    • Little/no up-front cost, highly customizable to suit your organization’s needs
    • Varying degrees of sophistication
    • Few people in the organization may understand the logic behind the tool; knowledge may not be easily transferrable
    Intermediate Low

    Determine the functional requirements of the PPM solution

    Associated Activity icon 3.1.1 – 20 minutes

    INPUT: PPM strategic plan

    OUTPUT: Modified PPM strategic plan with a proposed choice of PPM tool

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, IT Managers

    Use the Tool Assessment tab (tab 4) of Info-Tech’s PPM Strategy Development Tool to rate and analyze functional requirements of your PPM solution.

    • Review the list of PPM features provided on column B of tab 4. You can add any desired features not listed.
    • Rate your near-term and long-term feature requirements using the drop-down menus in columns C and D. Your selections here will inform the tool selection bubble chart to the right of the features list.

    Screenshot showing the features list on tab 4 of the PPM Strategy Development Tool.

    Estimate your PPM tool budget

    Associated Activity icon 3.1.2 – 20 minutes

    INPUT: PPM strategic plan

    OUTPUT: Modified PPM strategic plan with a proposed choice of PPM tool

    Materials: PPM Strategy Development Tool

    Participants: CIO, PMO Director/ Portfolio Manager, Project Managers, IT Managers

    Enter the PPM tool budget information on the Tool Assessment tab of Info-Tech’s PPM Strategy Development Tool.

    • As a starting point, it can help to know that low-priced PPM tools cost around $1,000 per user per year. High-priced PPM tools cost around $3,000 per user per year.
    • Software-as-a-Service (SaaS)-based pricing for PPM solutions is increasingly popular. If you plan to purchase perpetual licensing, divide the total implementation and licensing cost by three years to be comparable with a three-year SaaS total cost of ownership analysis.

    Screenshot showing the tool assessment from the PPM Strategy Development Tool with 'Near-Term' and 'Long-Term' budget columns. Notes include 'Enter the number of fully licensed PPM users you expect to provision for and your estimated annual budget for a PPM tool', 'The tool assessment automatically calculates your annual budget per user, which is reflected in the bubble chart analysis (see next slide)'.

    Review the tool assessment graphic

    Associated Activity icon 3.1.3 – 20 minutes

    The map comparing commercial PPM tools from before, this time overlaid with 'Near-Term' and 'Long-Term' budgets as coloured circles. The vertical axis is 'Functionality Rating' and the horizontal axis is now 'Annual Cost/Budget per User'. 'Spreadsheets' are low functionality and low cost. 'Google Sites' are low to middling functionality and low cost. 'SharePoint' is middling functionality with a slightly higher cost. The 'Near-Term' budget circle covers those three tools. The next three start at middling cost and above-average functionality and trend higher in both categories: 'Commercial Entry-Level PPM', 'Commercial Mid-Market PPM', and 'Commercial Enterprise PPM'. The 'Long-Term' budget circle covers 'Commercial Mid-Market PPM'.

    If you are in one of the non-covered areas, consider revisiting your functional requirements and PPM strategy. You may need to lessen your expectations to be able to stay within your budget, or find a way to get more money.

    Keep in mind that the long-term goal can be to work towards a commercial tool, while the short-term goal would be to be able to maintain your portfolio in a simple spreadsheet first.

    Info-Tech Insight

    If you choose a commercial solution, you will need to gain executive buy-in in order to implement the tool; proceed to near-term and long-term plans to get the ball rolling on this decision.

    Review and customize slide 37, “Tools for PPM: proposed near- and long-term solutions,” in Info-Tech’s PPM Strategic Plan Template.

    Grow your own, or select and implement, a PPM solution with Info-Tech

    Whether you choose spreadsheet-based or commercially available PPM solutions, use Info-Tech’s research for scoping, designing, and implementing them.

    Info-Tech’s Grow Your Own PPM Solution blueprint will help you implement a highly evolved spreadsheet-based PPM solution. It features the Portfolio Manager 2017, a Microsoft Excel-based workbook that leverages its business intelligence features to provide a basis for implementing a scalable, highly customizable PPM tool with useful and easy-to-manipulate analytics.

    Read Info-Tech’s Grow Your Own PPM Solution blueprint.

    Info-Tech’s Select and Implement a PPM Solution blueprint is part of our Vendor Landscape research. Make sense of the diversity of PPM solutions available in today’s market, and choose the most appropriate solutions for your organization’s size and level of PPM maturity.

    Read Info-Tech’s Select and Implement a PPM Solution blueprint.

    A right-sized PPM strategy leads to a right-sized portfolio management tool based on Info-Tech’s template

    CASE STUDY

    Industry: Energy
    Source: Info-Tech Client

    “The approach makes it easy to run the portfolio without taking time away from the project themselves.” (IT Manager, Energy Resources Firm)

    Situation

    • A small IT department struggled with balancing project work with ongoing operational management and support work.
    • The department includes experienced and successful project managers and a mature, skilled team.
    • However, the nature of the department’s role has evolved to the point where the project and operational work demands have exceeded the available time.
    • Prioritization needed to become more centralized and formalized while management control of the work assignments became increasingly decentralized.

    Complication

    • Agile projects offer clear advantages by lightening the requirement for proactive planning. However, getting the staff to adapt would be challenging because of the overall workload and competing priorities.
    • Some of the team’s time needed to be carefully tracked and reported for time & materials-based billing, but the time sheet system was unsuited to their portfolio management needs.
    • Commercial PPM systems were ruled out because strict task management seemed unlikely to gain adoption.

    Resolution

    • The team deployed Info-Tech’s Project Portfolio Workbook, based on a Microsoft Excel template, and the Grow Your Own PPM Solution blueprint.
    • For the first time, executive leadership was given a 12-month forecast of resource capacity based on existing and pending project commitments. The data behind the capacity forecast was based on allocating people to projects with a percentage of their time for each calendar month.
    • The data behind the forecast is high level but easily maintainable.

    Step 3.2: Finalize customizing your PPM Strategic Plan Template

    PHASE 1

    PHASE 2

    PHASE 3

    1.11.22.12.23.13.2
    Choose the right PPM strategyTranslate strategy into process goalsDefine intake & resource mgmt. processesDefine reporting, closure, & benefits mgmt. processesSelect a right-sized PPM solutionFinalize your PPM strategic plan

    This step will walk you through the following activities:

    • Determine the costs of support your PPM strategic plan.
    • Estimate some of the benefits of your PPM strategic plan.
    • Perform a cost-benefit analysis.
    • Refine and consolidate the near-term action items into a cohesive plan.

    This step involves the following participants:

    • CIO
    • PMO Director/ Portfolio Manager
    • Project Managers
    • IT Managers

    Outcomes of this step

    • A cost/benefit analyst
    • An implementation action plan
    • A finalized PPM Strategic Plan Template

    Estimate the total cost-in-use of managing the project portfolio

    Supporting Tool icon 3.2.1 – PPM Strategy Development Tool, Tab 5: Costing Summary

    The time cost of PPM processes (tab 3) and PPM tool costs (tab 4) are summarized in this tab. Enter additional data to estimate the total PPM cost-in-use: the setup information and the current cost of PPM software tools.

    Screenshot of the PPM Strategy Development Tool, Tab 5: Costing Summary. Notes include 'If unknown, the overall HR budget of your project portfolio can be estimated as: (# FTEs) * (fully-loaded FTE cost per hour) * 1800', 'This is your total PPM cost-in-use'.

    Estimate the benefits of managing the project portfolio

    Supporting Tool icon 3.2.2 – PPM Strategy Development Tool, Tab 6: Benefits Assumptions

    The benefits of PPM processes are estimated by projecting the sources of waste on your resource capacity.

    1. Estimate the current extent of waste on your resource capacity. If you have completed Info-Tech’s PPM Current Score Scorecard, enter the data from the report.
    2. Screenshot of a Waste Assessment pie chart from the PPM Strategy Development Tool, Tab 6: Benefits Assumptions.
    3. Given your near- and long-term action items for improving PPM processes, estimate how each source of waste on your resource capacity will change.
    4. Screenshot of a Waste Assessment table titled 'These inputs represent the percentage of your overall portfolio budget that is wasted in each scenario' from the PPM Strategy Development Tool, Tab 6: Benefits Assumptions.

    Review the cost-benefit analysis results and update the PPM Strategic Plan Template

    Supporting Tool icon 3.2.3 – PPM Strategy Development Tool, Tab 7: Conclusion Screenshot of a 'PPM Strategy Cost-Benefit Analysis' from the PPM Strategy Development Tool, Tab 7: Conclusion. It has tables on top and bar charts underneath.

    This tab summarizes the costs and benefits of your PPM strategic plan.

    • Costs are estimated from wasted project capacity and time spent on PPM process work.
    • Benefits are estimated from the project capacity to be reclaimed as a result of improvements in PPM.
    • Return on investment is calculated by dividing the value of project capacity to be reclaimed by investment in PPM in addition to the current-state cost.

    Capture this summary in your PPM strategic plan.

    Customize slides 40 and 41, “Return on PPM investment,” in Info-Tech’s PPM Strategic Plan Template.

    Determine who will be responsible for coordinating the flow, collection, and reporting of portfolio data

    Supporting Tool icon 3.2.3 – Project Portfolio/PMO Analyst Job Description

    You will need to determine responsibilities and accountabilities for portfolio management functions within your team.

    If you do not have a clearly identifiable portfolio manager at this time, you will need to clarify who will wear which hats in terms of facilitating intake and prioritization, high-level capacity awareness, and portfolio reporting.

    • Use Info-Tech’s Project Portfolio Analyst Job Description Template to help clarify some of the required responsibilities to support your PPM strategy.
      • If you need to bring in an additional staff member to help support the strategy, you can customize the job description template to help advertise the position. Simply edit the text in grey within the template.
    • If you have other PPM tasks that you need to define responsibilities for, you can use the RASCI chart on the final tab of the PPM Strategy Develop Tool.

    Download Info-Tech’s Project Portfolio Analyst Job Description Template.

    Sample of Info-Tech's Project Portfolio Analyst Job Description Template.

    Refine and consolidate the near-term action items into a cohesive plan

    Associated Activity icon 3.2.4 – 30 minutes

    INPUT: Near-term action items

    OUTPUT: Near-term action plan

    Materials: PPM Strategy Development Tool

    Participants: PMO Director/ Portfolio Manager, Project Managers, Resource Managers, Business Analysts

    Collect the near-term action items for each of the five PPM processes and arrange them into a table that outlines the near-term action plan. Once it is compiled, adjust the timeline and responsibility so that the plan is coherent and realistic as a whole.

    Example:

    Outcome

    Action required

    Timeline

    Responsibility

    Determine the percentage distribution of project vs. non-project work Run a time audit survey with all project resources 2 weeks Resource managers
    Test a simple dashboard for project status Pilot Info-Tech’s Portfolio Manager 2017 workbook 2 weeks PMO Director

    "There is a huge risk of taking on too much too soon, especially with the introduction of specific tools and tool sets. There is also an element of risk involved that can lead to failure and disappointment with PPM if these tools are not properly introduced and supported." (Jim Carse, Director of the Portfolio Office, Queen’s University)

    Review and customize slide 43, “Summary of near-term action plan,” in Info-Tech’s PPM Strategic Plan Template.

    Finalize and publish your PPM strategic plan

    Table of Contents

    Read over the document to ensure its completeness and consistency.

    At this point, you have a PPM strategic plan that is actionable and realistic, which addresses the goals set by the senior leadership.

    The executive brief establishes the need for PPM strategy, the goals and metrics are set by members of the senior leadership that gave the initial buy-in, and the target states of PPM processes that meet those goals are described. Finally, the costs and benefits of the improved PPM practice are laid out in a way that can be validated.

    The next step for your PPM strategy is to use this document as a foundation for implementing and operationalizing the target-state PPM processes.

    Review and publish the document for your executive layer and key project stakeholders. Solicit their feedback.

    Info-Tech has a library of blueprints that will guide you through each of the five processes. Contact your Info-Tech account manager or Info-Tech analyst to get started.

    • Project Portfolio Management Strategy
      • Strategic Expectations
      • Overview
    • Leadership Mandate
    • Project Demand and Resource Supply
    • The Current State of Resource Utilization
    • PPM Processes
      • Project intake, prioritization, and approval
      • Resource management
      • Portfolio reporting
      • Project closure
      • Benefits realization
      • Tools for PPM
    • The Economic Impact of PPM
    • PPM Strategy Next Steps

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Barry Cousins.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of activity 3.1 'Scope the right-sized PPM solution for your PPM strategy'. Scope the right-sized PPM solution for your PPM strategy

    Use the PPM Strategy Development Tool to quickly determine our near- and long-term recommendation for your PPM solution.

    Sample of activity 3.2 'Conduct a cost-benefit analysis of your PPM strategic plan'. Conduct a cost-benefit analysis of your PPM strategic plan

    Using the time cost estimates of each process and the requirement for a PPM tool, Info-Tech helps you quantify the overhead costs of PPM and estimate the monetary benefits of reclaimed project capacity for your project portfolio.

    Insight breakdown

    Insight 1

    • Executive layer buy-in is a critical prerequisite for the success of a top-down PPM strategy. Ensure your executives are on board before preceding to implement your PPM strategy.

    Insight 2

    • The means of project and portfolio management (i.e. processes) shouldn’t eclipse the ends – strategic goals. Root your process in your PPM strategic goals to realize PPM benefits (e.g. optimized portfolio value, improved project throughput, increased stakeholder satisfaction).

    Insight 3

    • Without the proper information, decision makers are driving blind and are forced to make gut-feel decisions as opposed to data-informed decisions. Implement a PPM solution to allocate projects properly and ensure time and money don’t vanish without being accounted for.

    Summary of accomplishment

    Knowledge Gained

    • Info-Tech’s thought model on PPM processes that create an infrastructure around projects
    • Your current state of project portfolio: project capacity vs. project demand
    • Importance of gaining executive buy-in for installing the PPM practice

    Processes Optimized

    • Project intake, prioritization, and approval process
    • Resource management process
    • Portfolio reporting process
    • Project closure process
    • Benefits realization process

    Deliverables Completed

    • Choice of PPM strategy and the leadership mandate
    • Analysis of current project capacity and demand
    • PPM process goals and metrics, aligned to meet PPM strategic expectations
    • PPM process capability levels
    • Retrospective examination of current state, near/long-term action items for improvement, and high-level descriptions of the five PPM processes
    • Recommendation of PPM tools to support the processes
    • Estimate of PPM overhead costs
    • Cost-benefit analysis of PPM practice
    • PPM strategic plan

    Related Info-Tech Research

    • Develop a Project Portfolio Management Strategy
    • Grow Your Own PPM Solution
    • Optimize Project Intake, Approval, and Prioritization
    • Develop a Resource Management Strategy for the New Reality
    • Manage a Minimum-Viable PMO
    • Establish the Benefits Realization Process
    • Manage an Agile Portfolio
    • Establish the Benefits Realization Process
    • Project Portfolio Management Diagnostic Program
      The Project Portfolio Management Diagnostic Program is a low-effort, high-impact program designed to help project owners assess and improve their PPM practices. Gather and report on all aspects of your PPM environment in order to understand where you stand and how you can improve.

    Research contributors and experts

    Photo of Kiron D. Bondale PMP, PMI-RMP, CDAP, CDAI, Senior Project Portfolio Management Professional Kiron D. Bondale PMP, PMI-RMP, CDAP, CDAI
    Senior Project Portfolio Management Professional

    Kiron has worked in the project management domain for more than fifteen years managing multiple projects, leading Project Management Offices (PMO) and providing project portfolio management consulting services to over a hundred clients across multiple industries. He has been an active member of the Project Management Institute (PMI) since 1999 and served as a volunteer director on the Board of the PMI Lakeshore Chapter for six years. Kiron has published articles on project and project portfolio management in multiple journals and has delivered over a hundred webinar presentations on a variety of PPM and PM topics and has presented at multiple industry conferences. Since 2009, Kiron has been blogging on a weekly basis on project management topics and responds to questions daily in the LinkedIn PMI Project, Program and Portfolio Management discussion group.

    Photo of Shaun Cahill, Project Manager, Queen’s University Shaun Cahill, Project Manager &
    Jim Carse, Director of the Project Portfolio Office
    Queen’s University

    Research contributors and experts

    Photo of Amy Fowler Stadler, Managing Partner, Lewis Fowler Amy Fowler Stadler, Managing Partner
    Lewis Fowler

    Amy has more than 20 years of experience in business and technology, most recently owning her own management consulting firm since 2002, focused on business transformation, technology enablement, and operational improvement. Prior to that, she was at CenturyLink (formerly Qwest) as an IT Director, Perot Systems in various roles, and Information Handling Services, Inc. as a Software Development Product Manager.

    Amy holds a bachelor’s degree in Computer Science with a minor in Business Communications and is also a 2015 Hall of Fame inductee to Illinois State University College of Applied Science and Technology.

    Photo of Rick Morris, President, R2 Consulting LLC Rick Morris, President
    R2 Consulting LLC

    Rick A. Morris, PMP, is a certified Scrum Agile Master, Human Behavior Consultant, best-selling author, mentor, and evangelist for project management. Rick is an accomplished project manager and public speaker. His appetite for knowledge and passion for the profession makes him an internationally sought after speaker delivering keynote presentations for large conferences and PMI events around the world. He holds the PMP (Project Management Professional), MPM (Masters of Project Management), Scrum Agile Master, OPM3, Six Sigma Green Belt, MCITP, MCTS, MCSE, TQM, ATM-S, ITIL, and ISO certifications, and is a John Maxwell Certified Speaker, Mentor, and Coach. Rick is the Owner of R2 Consulting, LLC and has worked for organizations such as GE, Xerox, and CA, and has consulted with numerous clients in a wide variety of industries including financial services, entertainment, construction, non-profit, hospitality, pharmaceutical, retail, and manufacturing.

    Research contributors and experts

    Photo of Terry Lee Ricci PgMP, PfMP, PMP, PPM Practice Lead, IAG Consulting Terry Lee Ricci PgMP, PfMP, PMP, PPM Practice Lead
    IAG Consulting

    Terry is passionate and highly skilled at PMO transformation, developing high-performing teams that sustain long-term business results. Terry has a reputation built upon integrity, resourcefulness, and respect. She has the vision to implement long and short-term strategies, meeting both current and evolving business needs.

    Change Management/Business transformation: Terry has extensive background in PMO strategy development aligned to corporate goals. Many years in the PMO organization integration/transformation building or overhauling programs and processes.

    Governance: Terry loves to monitor and measure performance and outcomes and uses her collaborative style to successfully bring simplicity to complexity (technology – people – process). Performance optimization results are easy to use and clearly define who is doing what across functions. End results consistently align to business strategy while mitigating risks effectively.

    Comprehensive: A “through the ranks” executive with a comprehensive understanding of PMO operations, high-performance teams, and the respective business units they support.

    Photo of Alana Ruckstuhl MSc, IT Project Officer, Federal Economic Development Agency for Southern Ontario Alana Ruckstuhl MSc, IT Project Officer
    Federal Economic Development Agency for Southern Ontario

    Research contributors and experts

    Photo of Jay Wardle, Director of the PMO, Red Wing Shoes Co. Jay Wardle, Director of the PMO
    Red Wing Shoes Co.
    Photo of Bob White, Vice President/Chief Information Officer, ALM Holding Company Bob White, Vice President/Chief Information Officer
    ALM Holding Company

    As vice president and chief information officer for ALM Holding Company, Bob White directs all technology activity and support for three main verticals: road construction, energy management, and delivery and transportation. He has been with ALM Holding Company for one and a half years, focusing on PPM process improvement, cybersecurity initiatives, and IT service management.

    Prior to joining ALM, Bob was executive vice president/chief information officer at Ashley Furniture Industries, Inc. where he led the strategic direction, implementation, and management of information technology throughout the company’s global operations. Bob has also held VP/CIO positions at the Stride Rite Corporation and Timex Corporation.

    Bob holds a Master’s degree in Operations Management from the University of Arkansas and a Bachelor of Science degree in Industrial Engineering from Southern Illinois University.

    Bibliography

    Bersin, Josh. “Time to Scrap Performance Appraisals?” Forbes Magazine, 5 June 2013. Web. 30 Oct 2013.

    Cheese, Peter et al. “Creating an Agile Organization.” Accenture, Oct. 2009. Web. Nov. 2013.

    Croxon, Bruce et al. “Dinner Series: Performance Management with Bruce Croxon from CBC's 'Dragon's Den'” HRPA Toronto Chapter. Sheraton Hotel, Toronto, ON. 12 Nov. 2013. Panel discussion.

    Culbert, Samuel. “10 Reasons to Get Rid of Performance Reviews.” Huffington Post Business, 18 Dec. 2012. Web. 28 Oct. 2013.

    Denning, Steve. “The Case Against Agile: Ten Perennial Management Objections.” Forbes Magazine, 17 Apr. 2012. Web. Nov. 2013.

    Estis, Ryan. “Blowing up the Performance Review: Interview with Adobe’s Donna Morris.” Ryan Estis & Associates, 17 June 2013. Web. Oct. 2013.

    Gallup, Inc. “Gallup Study: Engaged Employees Inspire Company Innovation.” Gallup Management Journal, 12 Oct. 2006. Web. 12 Jan 2012.

    Gartside, David et al. “Trends Reshaping the Future of HR.” Accenture, 2013. Web. 5 Nov. 2013.

    KeyedIn Solutions. “Why PPM and PMOs Fail.” KeyedIn Projects, 2013. Ebook.

    Lessing, Lawrence. Free Culture. Lulu Press Inc.: 30 July 2016.

    Merkhofer, Lee. “Keys to Implementing Project Portfolio Management.” Lee Merkhofer Consulting, 2017.

    Perry, Mark Price. Business Driven Project Portfolio Management. J Ross Pub: 17 May 2011.

    Project Management Institute. “Pulse of the Profession 2015: Capturing the Value of Project Management.” PMI, Feb. 2015. Web.

    Project Management Institute. “Pulse of the Profession 2016: The High Cost of Low Performance.” PMI, 2016. Web.

    Project Management Institute. “Pulse of the Profession 2017: Success Rates Rise.” PMI, 2017. Web.

    Project Management Institute. The Standard for Portfolio Management – Third Edition. PMI: 1 Dec. 2012.

    WGroup. “Common Pitfalls in Project Portfolio Management – Part 2.” WGroup, 24 Jan. 2017. Web.

    The Small Enterprise Guide to People and Resource Management

    • Buy Link or Shortcode: {j2store}602|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • 52% of small business owners agree that labor quality is their most important problem, and 76% of executives expect the talent market to get even more challenging.
    • The problem? You can't compete on salary, training budgets are slim, you need people skilled in all areas, and even one resignation represents a large part of your workforce.

    Our Advice

    Critical Insight

    • The usual, reactive approach to workforce management is risky:
      • Optimizing tactics helps you hire faster, train more, and negotiate better contracts.
      • But fulfilling needs as they arise costs more, has greater risk of failure, and leaves you unprepared for future needs.
    • In a small enterprise where every resource counts, in which one hire represents 10% of your workforce, it is essential to get it right.

    Impact and Result

    • Workforce planning helps you anticipate future needs.
    • More lead time means better decisions at lower cost.
    • Small Enterprises benefit most, since every resource counts.

    The Small Enterprise Guide to People and Resource Management Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. The Small Enterprise Guide to People and Resource Management Deck – Find out why workforce planning is critical for small enterprises.

    Use this storyboard to lay the foundation of people and resources management practices in your small enterprise IT department.

    • The Small Enterprise Guide to People and Resource Management – Phases 1-3

    2. Workforce Planning Workbook – Use the tool to successfully complete all of the activities required to define and estimate your workforce needs for the future.

    Use these concise exercises to analyze your department’s talent current and future needs and create a skill sourcing strategy to fill the gaps.

    • Workforce Planning Workbook for Small Enterprises

    3. Knowledge Transfer Tools – Use these templates to identify knowledge to be transferred.

    Work through an activity to discover key knowledge held by an employee and create a plan to transfer that knowledge to a successor.

    • IT Knowledge Identification Interview Guide Template
    • IT Knowledge Transfer Plan Template

    4. Development Planning Tools – Use these tools to determine priority development competencies.

    Assess employees’ development needs and draft a development plan that fits with key organizational priorities.

    • IT Competency Library
    • Leadership Competencies Workbook
    • IT Employee Career Development Workbook
    • Individual Competency Development Plan
    • Learning Methods Catalog for IT Employees

    Infographic

    Workshop: The Small Enterprise Guide to People and Resource Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Lay Your Foundations

    The Purpose

    Set project direction and analyze workforce needs.

    Key Benefits Achieved

    Planful needs analysis ensures future workforce supports organizational goals.

    Activities

    1.1 Set workforce planning goals and success metrics.

    1.2 Identify key roles and competency gaps.

    1.3 Conduct a risk analysis to identify future needs.

    1.4 Determine readiness of internal successors.

    Outputs

    Work with the leadership team to:

    Extract key business priorities.

    Set your goals.

    Assess workforce needs.

    2 Create Your Workforce Plan

    The Purpose

    Conduct a skill sourcing analysis, and determine competencies to develop internally.

    Key Benefits Achieved

    A careful analysis ensures skills are being sourced in the most efficient way, and internal development is highly aligned with organizational objectives.

    Activities

    2.1 Determine your skill sourcing route.

    2.2 Determine priority competencies for development.

    Outputs

    Create a workforce plan.

    2.Determine guidelines for employee development.

    3 Plan Knowledge Transfer

    The Purpose

    Discover knowledge to be transferred, and build a transfer plan.

    Key Benefits Achieved

    Ensure key knowledge is not lost in the event of a departure.

    Activities

    3.1 Discover knowledge to be transferred.

    3.2 Identify the optimal knowledge transfer methods.

    3.3 Create a knowledge transfer plan.

    Outputs

    Discover tacit and explicit knowledge.

    Create a knowledge transfer roadmap.

    4 Plan Employee Development

    The Purpose

    Create a development plan for all staff.

    Key Benefits Achieved

    A well-structured development plan helps engage and retain employees while driving organizational objectives.

    Activities

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins.

    4.3 Build manager coaching skills.

    Outputs

    Assess employees.

    Prioritize development objectives.

    Plan development activities.

    Build management skills.

    Further reading

    The Small Enterprise Guide to People and Resource Management

    Quickly start getting the right people, with the right skills, at the right time

    Is this research right for you?

    Research Navigation

    Managing the people in your department is essential, whether you have three employees or 300. Depending on your available time, resources, and current workforce management maturity, you may choose to focus on the overall essentials, or dive deep into particular areas of talent management. Use the questions below to help guide you to the right Info-Tech resources that best align with your current needs.

    Question If you answered "no" If you answered "yes"

    Does your IT department have fewer than 15 employees, and is your organization's revenue less than $25 million (USD)?

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Follow the guidance in this blueprint.

    Does your organization require a more rigorous and customizable approach to workforce management?

    Follow the guidance in this blueprint.

    Review Info-Tech's archive of research for mid-sized and large enterprise clients.

    Analyst Perspective

    Workforce planning is even more important for small enterprises than large organizations.

    It can be tempting to think of workforce planning as a bureaucratic exercise reserved for the largest and most formal of organizations. But workforce planning is never more important than in small enterprises, where every individual accounts for a significant portion of your overall productivity.

    Without workforce planning, organizations find themselves in reactive mode, hiring new staff as the need arises. They often pay a premium for having to fill a position quickly or suffer productivity losses when a critical role goes unexpectedly vacant.

    A workforce plan helps you anticipate these challenges, come up with solutions to mitigate them, and allocate resources for the most impact, which means a greater return on your workforce investment in the long run.

    This blueprint will help you accomplish this quickly and efficiently. It will also provide you with the essential development and knowledge transfer tools to put your plan into action.

    This is a picture of Jane Kouptsova

    Jane Kouptsova
    Senior Research Analyst, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    52% of small business owners agree that labor quality is their most important problem.1

    Almost half of all small businesses face difficulty due to staff turnover.

    76% of executives expect the talent market to get even more challenging.2

    Common Obstacles

    76% of executives expect workforce planning to become a top strategic priority for their organization.2

    But…

    30% of small businesses do not have a formal HR function.3

    Small business leaders are often left at a disadvantage for hiring and retaining the best talent, and they face even more difficulty due to a lack of support from HR.

    Small enterprises must solve the strategic workforce planning problem, but they cannot invest the same time or resources that large enterprises have at their disposal.

    Info-Tech's Approach

    A modular, lightweight approach to workforce planning and talent management, tailored to small enterprises

    Clear activities that guide your team to decisive action

    Founded on your IT strategy, ensuring you have not just good people, but the right people

    Concise yet comprehensive, covering the entire workforce lifecycle from competency planning to development to succession planning and reskilling

    Info-Tech Insight

    Every resource counts. When one hire represents 10% of your workforce, it is essential to get it right.

    1CNBC & SurveyMonkey. 2ADP. 3Clutch.

    Labor quality is small enterprise's biggest challenge

    The key to solving it is strategic workforce planning

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in today's workforce, including pinpointing the human capital needs of the future.

    Linking workforce planning with strategic planning ensures that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    52%

    of small business owners agree that labor quality is their most important problem.1

    30%

    30% of small businesses have no formal HR function.2

    76%

    of senior leaders expect workforce planning to become the top strategic challenge for their organization.3

    1CNBC & SurveyMonkey. 2Clutch. 3ADP.

    Workforce planning matters more for small enterprises

    You know that staffing mistakes can cost your department dearly. But did you know the costs are greater for small enterprises?

    The price of losing an individual goes beyond the cost of hiring a replacement, which can range from 0.5 to 2 times that employee's salary (Gallup, 2019). Additional costs include loss of productivity, business knowledge, and team morale.

    This is a major challenge for large organizations, but the threat is even greater for small enterprises, where a single individual accounts for a large proportion of IT's productivity. Losing one of a team of 10 means 10% of your total output. If that individual was solely responsible for a critical function, your department now faces a significant gap in its capabilities. And the effect on morale is much greater when everyone is on the same close-knit team.

    And the threat continues when the staffing error causes you not to lose a valuable employee, but to hire the wrong one instead. When a single individual makes up a large percentage of your workforce, as happens on small teams, the effects of talent management errors are magnified.

    A group of 100 triangles is shown above a group of 10 triangles. In each group, one triangle is colored orange, and the rest are colored blue.

    Info-Tech Insight

    One bad hire on a team of 100 is a problem. One bad hire on a team of 10 is a disaster.

    This is an image of Info-Tech's small enterprise guide o people and resource management.

    Blueprint pre-step: Determine your starting point

    People and Resource management is essential for any organization. But depending on your needs, you may want to start at different stages of the process. Use this slide as a quick reference for how the activities in this blueprint fit together, how they relate to other workforce management resources, and the best starting point for you.

    Your IT strategy is an essential input to your workforce plan. It defines your destination, while your workforce is the vessel that carries you there. Ensure you have at least an informal strategy for your department before making major workforce changes, or review Info-Tech's guidance on IT strategy.

    This blueprint covers the parts of workforce management that occur to some extent in every organization:

    • Workforce planning
    • Knowledge transfer
    • Development planning

    You may additionally want to seek guidance on contract and vendor management, if you outsource some part of your workload outside your core IT staff.

    Track metrics

    Consider these example metrics for tracking people and resource management success

    Project Outcome Metric Baseline Target
    Reduced training costs Average cost of training (including facilitation, materials, facilities, equipment, etc.) per IT employee
    Reduced number of overtime hours worked Average hours billed at overtime rate per IT employee
    Reduced length of hiring period Average number of days between job ad posting and new hire start date
    Reduced number of project cancellations due to lack of capacity Total of number of projects cancelled per year
    Increased number of projects completed per year (project throughput) Total number of project completions per year
    Greater net recruitment rate Number of new recruits/Number of terminations and departures
    Reduced turnover and replacement costs Total costs associated with replacing an employee, including position coverage cost, training costs, and productivity loss
    Reduced voluntary turnover rate Number of voluntary departures/Total number of employees
    Reduced productivity loss following a departure or termination Team or role performance metrics (varies by role) vs. one year ago

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1:

    Scope requirements, objectives, and your specific challenges.

    Call #2: Assess current workforce needs.

    Call #4: Determine skill sourcing route.

    Call #6:

    Identify knowledge to be transferred.

    Call #8: Draft development goals and select activities.

    Call #3: Explore internal successor readiness.

    Call #5:Set priority development competencies.

    Call #7: Create a knowledge transfer plan.

    Call #9: Build managers' coaching & feedback skills.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 4 to 6 calls over the course of 3 to 4 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    1.Lay Your Foundations 2. Create Your Workforce Plan 3. Plan Knowledge Transfer 3. Plan Employee Development Next Steps and Wrap-Up (offsite)
    Activities

    1.1 Set workforce planning goals and success metrics

    1.2 Identify key roles and competency gaps

    1.3 Conduct a risk analysis to identify future needs

    1.4 Determine readiness of internal successors

    1.5 Determine your skill sourcing route

    1.6 Determine priority competencies for development

    3.1 Discover knowledge to be transferred

    3.2 Identify the optimal knowledge transfer methods

    3.3 Create a knowledge transfer plan

    4.1 Identify target competencies & draft development goals

    4.2 Select development activities and schedule check-ins

    4.3 Build manager coaching skills

    Outcomes

    Work with the leadership team to:

    1. Extract key business priorities
    2. Set your goals
    3. Assess workforce needs

    Work with the leadership team to:

    1. Create a workforce plan
    2. Determine guidelines for employee development

    Work with staff and managers to:

    1. Discover tacit and explicit knowledge
    2. Create a knowledge transfer roadmap

    Work with staff and managers to:

    1. Assess employees
    2. Prioritize development objectives
    3. Plan development activities
    4. Build management skills

    Info-Tech analysts complete:

    1. Workshop report
    2. Workforce plan record
    3. Action plan

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Each onsite day is structured with group working sessions from 9-11 a.m. and 1:30-3:30 p.m. and includes Open Analyst Timeslots, where our facilitators are available to expand on scheduled activities, capture and compile workshop results, or review additional components from our comprehensive approach.

    This is a calendar showing days 1-4, and times from 8am-5pm

    Phase 1

    Workforce Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Human resource partner (if applicable)

    Additional Resources

    Workforce Planning Workbook for Small Enterprises

    Phase pre-step: Gather resources and participants

    1. Ensure you have an up-to-date IT strategy. If you don't have a formal strategy in place, ensure you are aware of the main organizational objectives for the next 3-5 years. Connect with executive stakeholders if necessary to confirm this information.
      If you are not sure of the organizational direction for this time frame, we recommend you consult Info-Tech's material on IT strategy first, to ensure your workforce plan is fully positioned to deliver value to the organization.
    2. Consult with your IT team and gather any documentation pertaining to current roles and skills. Examples include an org chart, job descriptions, a list of current tasks performed/required, a list of company competencies, and a list of outsourced projects.
    3. Gather the right participants. Most of the decisions in this section will be made by senior leadership, but you will also need input from front-line managers. Ensure they are available on an as-needed basis. If your organization has an HR partner, it can also be helpful to involve them in your workforce planning process.

    Formal workforce planning benefits even small teams

    Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in your workforce today and plan for the human capital needs of the future.

    Your workforce plan is an extension of your IT strategy, ensuring that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.

    SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.

    The smaller the business, the more impact each individual's performance has on the overall success of the organization. When a given role is occupied by a single individual, the organization's performance in that function is determined wholly by one employee. Creating a workforce plan for a small team may seem excessive, but it ensures your organization is not unexpectedly hit with a critical competency gap.

    Right-size your workforce planning process to the size of your enterprise

    Small organizations are 2.2 times more likely to have effective workforce planning processes.1 Be mindful of the opportunities and risks for organizations of your size as you execute the project. How you build your workforce plan will not change drastically based on the size of your organization; however, the scope of your initiative, the size of your team, and the tactics you employ may vary.

    Small Organization

    Medium Organization

    Large Organization

    Project Opportunities

    • Project scope is much more manageable.
    • Communication and planning can be more manageable.
    • Fewer roles can clarify prioritization needs and promotability.
    • Project scope is more manageable.
    • Moderate budget for workforce planning initiatives is needed.
    • Communication and enforcement is easier.
    • Larger candidate pool to pull from.
    • Greater career path options for staff.
    • In-house expertise may be available

    Project Risks

    • Limited resources and time to execute the project.
    • In-house expertise is unlikely.
    • Competencies may be informal and not documented.
    • Limited overlap in responsibilities, resulting in fewer redundancies.
    • Limited staff with experience for the project.
    • Workforce planning may be a lower priority and difficult to generate buy-in for.
    • Requires more staff to manage workforce plan and execute initiatives.
    • Less collective knowledge on staff strengths may make career planning difficult.
    • Geographically dispersed business units make collaboration and communication difficult.

    1 McLean & Company Trends Report 2014

    1.1 Set project outcomes and success metrics

    1-3 hours

    1. As a group, brainstorm key pain points that the IT department experiences due to the lack of a workforce plan. Ask them to consider turnover, retention, training, and talent acquisition.
    2. Discuss any key themes that arise and brainstorm your desired project outcomes. Keep a record of these for future reference and to aid in stakeholder communication.
    3. Break into smaller groups (or if too small, continue as a single group):
      1. For each desired outcome, consider what metrics you could use to track progress. Keep your initial list of pain points in mind as you brainstorm metrics.
      2. Write each of the metric suggestions on a whiteboard and agree to track 3-5 metrics. Set targets for each metric. Consider the effort required to obtain and track the metric, as well as its reliability.
      3. Assign one individual for tracking the selected metrics. Following the meeting, that individual will be responsible for identifying the baseline and targets, and reporting on metrics progress.

    Input

    Output

    • List of workforce data available
    • List of workforce metrics to track the workforce plan's impact

    Materials

    Participants

    • Whiteboard/flip charts
    • Leadership team
    • Human resource partner (if applicable)

    1.2 Identify key roles and competency gaps

    1-3 hours

    1. As a group, identify all strategic, core, and supporting roles by reviewing the organizational chart:
      1. Strategic: What are the roles that must be filled by top performers and cannot be left vacant in order to meet strategic objectives?
      2. Core: What roles are important to drive operational excellence?
      3. Supporting: What roles are required for day-to-day work, but are low risk if the role is vacant for a period of time?
    2. Working individually or in small groups, have managers for each identified role define the level of competence required for the job. Consider factors such as:
      1. The difficulty or criticality of the tasks being performed
      2. The impact on job outcomes
      3. The impact on the performance of other employees
      4. The consequence of errors if the competency is not present
      5. How frequently the competency is used on the job
      6. Whether the competency is required when the job starts or can be learned or acquired on the job within the first six months
    3. Continue working individually and rate the level of proficiency of the current incumbent.
    4. As a group, review the assessment and make any adjustments.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Download the Workforce Planning Workbook for Small Enterprises

    1.2 Identify key roles and competency gaps

    Input Output
    • Org chart, job descriptions, list of current tasks performed/required, list of company competencies
    • List of competency gaps for key roles
    Materials Participants
    • Leadership team
    • Managers

    Conduct a risk-of-departure analysis

    A risk-of-departure analysis helps you plan for future talent needs by identifying which employees are most likely to leave the organization (or their current role).

    A risk analysis takes into account two factors: an employee's risk for departure and the impact of departure:

    Employees are high risk for departure if they:

    • Have specialized or in-demand skills (tenured employees are more likely to have this than recent hires)
    • Are nearing retirement
    • Have expressed career aspirations that extend outside your organization
    • Have hit a career development ceiling at your organization
    • Are disengaged
    • Are actively job searching
    • Are facing performance issues or dismissal OR promotion into a new role

    Employees are low risk for departure if they:

    • Are a new hire or new to their role
    • Are highly engaged
    • Have high potential
    • Are 5-10 years out from retirement

    If you are not sure where an employee stands with respect to leaving the organization, consider having a development conversation with them. In the meantime, consider them at medium risk for departure.

    To estimate the impact of departure, consider:

    • The effect of losing the employee in the near- and medium-term, including:
      • Impact on the organization, department, unit/team and projects
      • The cost (in time, resources, and productivity loss) to replace the individual
      • The readiness of internal successors for the role

    1.3 Conduct a risk analysis to identify future needs

    1-3 hours

    Preparation: Your estimation of whether key employees are at risk of leaving the organization will depend on what you know of them objectively (skills, age), as well as what you learn from development conversations. Ensure you collect all relevant information prior to conducting this activity. You may need to speak with employees' direct managers beforehand or include them in the discussion.

    • As a group, list all your current employees, and using the previous slide for guidance, rank them on two parameters: risk of departure and impact of departure, on a scale of low to high. Record your conclusions in a chart like the one on the right. (For a more in-depth risk assessment, use the "Risk Assessment Results" tab of the Key Roles Succession Planning Tool.)
    • Employees that fall in the "Mitigate" quadrant represent key at-risk roles with at least moderate risk and moderate impact. These are your succession planning priorities. Add these roles to your list of key roles and competency gaps, and include them in your workforce planning analysis.
    • Employees that fall in the "Manage" quadrants represent secondary priorities, which should be looked at if there is capacity after considering the "Mitigate" roles.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    This is an image of the Risk analysis for risk of departure to importance of departure.

    Info-Tech Insight

    Don't be afraid to rank most or all your staff as "high impact of departure." In a small enterprise, every player counts, and you must plan accordingly.

    1.3 Conduct a risk analysis to identify future needs

    Input Output
    • Employee data on competencies, skills, certifications, and performance. Input from managers from informal development conversations.
    • A list of first- and second-priority at-risk roles to carry forward into a succession planning analysis
    Materials Participants
    • Leadership team
    • Managers

    Determine your skill sourcing route

    The characteristics of need steer hiring managers to a preferred choice, while the marketplace analysis will tell you the feasibility of each option.

    Sourcing Options

    Preferred Options

    Final Choice

    four blue circles

    A right facing arrow

    Two blue circles A right facing arrow One blue circle
    State of the Marketplace

    State of the Marketplace

    Urgency: How soon do we need this skill? What is the required time-to-value?

    Criticality: How critical, i.e. core to business goals, are the services or systems that this skill will support?

    Novelty: Is this skill brand new to our workforce?

    Availability: How often, and at what hours, will the skill be needed?

    Durability: For how long will this skill be needed? Just once, or indefinitely for regular operations?

    Scarcity: How popular or desirable is this skill? Do we have a large enough talent pool to draw from? What competition are we facing for top talent?

    Cost: How much will it cost to hire vs. contract vs. outsource vs. train this skill?

    Preparedness: Do we have internal resources available to cultivate this skill in house?

    1.4 Determine your skill sourcing route

    1-3 hours

    1. Identify the preferred sourcing method as a group, starting with the most critical or urgent skill need on your list. Use the characteristics of need to guide your discussion. If more than one option seems adequate, carry several over to the next step.
    2. Consider the marketplace factors applicable to the skill in question and use these to narrow down to one final sourcing decision.
      1. If it is not clear whether a suitable internal candidate is available or ready, refer to the next activity for a readiness assessment.
    3. Be sure to document the rationale supporting your decision. This will ensure the decision can be clearly communicated to any stakeholders, and that you can review on your decision-making process down the line.

    Record this information in the Workforce Planning Workbook for Small Enterprises.

    Info-Tech Insight

    Consider developing a pool of successors instead of pinning your hopes on just one person. A single pool of successors can be developed for either one key role that has specialized requirements or even multiple key roles that have generic requirements.

    Input

    Output

    • List of current and upcoming skill gaps
    • A sourcing decision for each skill

    Materials

    Participants

    • Leadership team
    • Human resource partner (if applicable)

    1.5 Determine readiness of internal successors

    1-3 hours

    1. As a group, and ensuring you include the candidates' direct managers, identify potential successors for the first role on your list.
    2. Ask how effectively the potential successor would serve in the role today. Review the competencies for the key role in terms of:
      1. Relationship-building skills
      2. Business skills
      3. Technical skills
      4. Industry-specific skills or knowledge
    3. Determine what competencies the succession candidate currently has and what must be learned. Be sure you know whether the candidate is open to a career change. Don't assume – if this is not clear, have a development conversation to ensure everyone is on the same page.
    4. Finally, determine how difficult it will be for the successor to acquire missing skills or knowledge, whether the resources are available to provide the required development, and how long it will take to provide it.
    5. As a group, decide whether training an internal successor is a viable option for the role in question, considering the successor's readiness and the characteristics of need for the role. If a clear successor is not readily apparent, consider:
      1. If the development of the successor can be fast-tracked, or if some requirements can be deprioritized and the successor provided with temporary support from other employees.
      2. If the role in question is being discussed because the current incumbent is preparing to leave, consider negotiating an arrangement that extends the incumbent's employment tenure.
    6. Record the decision and repeat for the next role on your list.

    Info-Tech Insight

    A readiness assessment helps to define not just development needs, but also any risks around the organization's ability to fill a key role.

    Input

    Output

    • List of roles for which you are considering training internally
    • Job descriptions and competency requirements for the roles
    • List of roles for which internal successors are a viable option

    Materials

    Participants

    • Leadership team
    • Candidates' direct managers, if applicable

    Use alternative work arrangements to gain time to prepare successors

    Alternative work arrangements are critical tools that employers can use to achieve a mutually beneficial solution that mitigates the risk of loss associated with key roles.

    Alternative work arrangements not only support employees who want to keep working, but more importantly, they allow the business to retain employees that are needed in key roles who are departure risks due to retirement.

    Viewing retirement as a gradual process can help you slow down skill loss in your organization and ensure you have sufficient time to train successors. Retiring workers are becoming increasingly open to alternative work arrangements. Among employed workers aged 50-75, more than half planned to continue working part-time after retirement.
    Source: Statistics Canada.

    Flexible work options are the most used form of alternative work arrangement

    A bar graph showing the percent of organizations who implemented alternate work arrangement, for Flexible work options; Contract based work; Part time roles; Graduated retirement programs; Part year jobs or job sharing; Increased PTO for employees over a certain age.

    Source: McLean & Company, N=44

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Flexible work options Employees work the same number of hours but have flexibility in when and where they work (e.g. from home, evenings). Employees who work fairly independently with no or few direct reports. Employee may become isolated or disconnected, impeding knowledge transfer methods that require interaction or one-on-one time.
    Contract-based work Working for a defined period of time on a specific project on a non-salaried or non-wage basis. Project-oriented work that requires specialized knowledge or skills. Available work may be sporadic or specific projects more intensive than the employee wants. Knowledge transfer must be built into the contractual arrangement.
    Part-time roles Half days or a certain number of days per week; indefinite with no end date in mind. Employees whose roles can be readily narrowed and upon whom people and critical processes are not dependent. It may be difficult to break a traditionally full-time job down into a part-time role given the size and nature of associated tasks.
    Graduated retirement Retiring employee has a set retirement date, gradually reducing hours worked per week over time. Roles where a successor has been identified and is available to work alongside the incumbent in an overlapping capacity while he or she learns. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Choose the alternative work arrangement that works best for you and the employee

    Alternative Work Arrangement Description Ideal Use Caveats
    Part-year jobs or job sharing Working part of the year and having the rest of the year off, unpaid. Project-oriented work where ongoing external relationships do not need to be maintained. The employee is unavailable for knowledge transfer activities for a large portion of the year. Another risk is that the employee may opt not to return at the end of the extended time off with little notice.
    Increased paid time off Additional vacation days upon reaching a certain age. Best used as recognition or reward for long-term service. This may be a particularly useful retention incentive in organizations that do not offer pension plans. The company may not be able to financially afford to pay for such extensive time off. If the role incumbent is the only one in the role, this may mean crucial work is not being done.
    Altered roles Concentration of a job description on fewer tasks that allows the employee to focus on his or her specific expertise. Roles where a successor has been identified and is available to work alongside the incumbent, with the incumbent's new role highly focused on mentoring. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

    Phase 2

    Knowledge Transfer

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership/management team
    • Incumbent & successor

    Additional Resources

    IT Knowledge Identification Interview Guide Template

    Knowledge Transfer Plan Template

    Determine your skill sourcing route

    Knowledge transfer plans have three key components that you need to complete for each knowledge source:

    Define what knowledge needs to be transferred

    Each knowledge source has unique information which needs to be transferred. Chances are you don't know what you don't know. The first step is therefore to interview knowledge sources to find out.

    Identify the knowledge receiver

    Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:

    • How will this knowledge be used in the future?
    • What is the next career step for the knowledge receiver?
    • Are the receiver and the source going to be in the same location?

    Identify which knowledge transfer tactics you will use for each knowledge asset

    Not all tactics are good in every situation. Always keep the "knowledge type" (information, process, skills, and expertise), knowledge sources' engagement level, and the knowledge receiver in mind as you select tactics.

    Don't miss tacit knowledge

    There are two basic types of knowledge: "explicit" and "tacit." Ensure you capture both to get a well-rounded overview of the role.

    Explicit Tacit
    • "What knowledge" – knowledge can be articulated, codified, and easily communicated.
    • Easily explained and captured – documents, memos, speeches, books, manuals, process diagrams, facts, etc.
    • Learn through reading or being told.
    • "How knowledge" – intangible knowledge from an individual's experience that is more from the process of learning, understanding, and applying information (insights, judgments, and intuition).
    • Hard to verbalize, and difficult to capture and quantify.
    • Learn through observation, imitation, and practice.

    Types of explicit knowledge

    Types of tacit knowledge

    Information Process Skills Expertise

    Specialized technical knowledge.

    Unique design capabilities/methods/models.

    Legacy systems, details, passwords.

    Special formulas/algorithms/ techniques/contacts.

    • Specialized research & development processes.
    • Proprietary production processes.
    • Decision-making processes.
    • Legacy systems.
    • Variations from documented processes.
    • Techniques for executing on processes.
    • Relationship management.
    • Competencies built through deliberate practice enabling someone to act effectively.
    • Company history and values.
    • Relationships with key stakeholders.
    • Tips and tricks.
    • Competitor history and differentiators.

    e.g. Knowing the lyrics to a song, building a bike, knowing the alphabet, watching a YouTube video on karate.

    e.g. Playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate.

    Embed your knowledge transfer methods into day-to-day practice

    Multiple methods should be used to transfer as much of a person's knowledge as possible, and mentoring should always be one of them. Select your method according to the following criteria:

    Info-Tech Insight

    The more integrated knowledge transfer is in day-to-day activities, the more likely it is to be successful, and the lower the time cost. This is because real learning is happening at the same time real work is being accomplished.

    Type of Knowledge

    • Tacit knowledge transfer methods are often informal and interactive:
      • Mentoring
      • Multi-generational work teams
      • Networks and communities
      • Job shadowing
    • Explicit knowledge transfer methods tend to be more formal and one way:
      • Formal documentation of processes and best practices
      • Self-published knowledge bases
      • Formal training sessions
      • Formal interviews

    Incumbent's Preference/Successor's Preference

    Ensure you consult the employees, and their direct manager, on the way they are best prepared to teach and learn. Some examples of preferences include:

    1. Prefer traditional classroom learning, augmented with participation, critical reflection, and feedback.
    2. May get bored during formal training sessions and retain more during job shadowing.
    3. Prefer to be self-directed or self-paced, and highly receptive to e-learning and media.
    4. Prefer informal, incidental learning, tend to go immediately to technology or direct access to people. May have a short attention span and be motivated by instant results.
    5. May be uncomfortable with blogs and wikis, but comfortable with SharePoint.

    Cost

    Consider costs beyond the monetary. Some methods require an investment in time (e.g. mentoring), while others require an investment in technology (e.g. knowledge bases).

    The good news is that many supporting technologies may already exist in your organization or can be acquired for free.

    Methods that cost time may be difficult to get underway since employees may feel they don't have the time or must change the way they work.

    2.1 Create a knowledge transfer plan

    1-3 hours

    1. Working together with the current incumbent, brainstorm the key information pertaining to the role that you want to pass on to the successor. Use the IT Knowledge Identification Interview Guide Template to ensure you don't miss anything.
      • Consider key knowledge areas, including:
        • Specialized technical knowledge.
        • Specialized research and development processes.
        • Unique design capabilities/methods/models.
        • Special formulas/algorithms/techniques.
        • Proprietary production processes.
        • Decision-making criteria.
        • Innovative sales methods.
        • Knowledge about key customers.
        • Relationships with key stakeholders.
        • Company history and values.
      • Ask questions of both sources and receivers of knowledge to help determine the best knowledge transfer methods to use.
        • What is the nature of the knowledge? Explicit or tacit?
        • Why is it important to transfer?
        • How will the knowledge be used?
        • What knowledge is critical for success?
        • How will the users find and access it?
        • How will it be maintained and remain relevant and usable?
        • What are the existing knowledge pathways or networks connecting sources to recipients?
    2. Once the knowledge has been identified, use the information on the following slides to decide on the most appropriate methods. Be sure to consult the incumbent and successor on their preferences.
    3. Prioritize your list of knowledge transfer activities. It's important not to try to do too much too quickly. Focus on some quick wins and leverage the success of these initiatives to drive the project forward. Follow these steps as a guide:
      1. Take an inventory of all the tactics and techniques which you plan to employ. Eliminate redundancies where possible.
      2. Start your implementation with your highest risk role or knowledge item, using explicit knowledge transfer tactics. Interviews, use cases, and process mapping will give you some quick wins and will help gain momentum for the project.
      3. Then move forward to other tactics, the majority of which will require training and process design. Pick 1-2 other key tactics you would like to employ and build those out. For tactics that require resources or monetary investment, start with those that can be reused for multiple roles.

    Record your plan in the IT Knowledge Transfer Plan Template.

    Download the IT Knowledge Identification Interview Guide Template

    Download the Knowledge Transfer Plan Template

    Info-Tech Insight

    Wherever possible, ask employees about their personal learning styles. It's likely that a collaborative compromise will have to be struck for knowledge transfer to work well.

    2.1 Create a knowledge transfer plan

    Input

    Output

    • List of roles for which you need to transfer knowledge
    • Prioritized list of knowledge items and chosen transfer method

    Materials

    Participants

    • Leadership team
    • Incumbent
    • Successor

    Not every transfer method is effective for every type of knowledge

    Knowledge Type
    Tactic Explicit Tacit
    Information Process Skills Expertise
    Interviews Very Strong Strong Strong Strong
    Process Mapping Medium Very Strong Very Weak Very Weak
    Use Cases Medium Very Strong Very Weak Very Weak
    Job Shadow Very Weak Medium Very Strong Very Strong
    Peer Assist Strong Medium Very Strong Very Strong
    Action Review Medium Medium Strong Strong
    Mentoring Weak Weak Strong Very Strong
    Transition Workshop Strong Strong Strong Weak
    Storytelling Weak Weak Strong Very Strong
    Job Share Weak Weak Very Strong Very Strong
    Communities of Practice Strong Weak Very Strong Very Strong

    This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared against four different knowledge types.

    Not all techniques are effective for all types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.

    Employees' engagement can impact knowledge transfer effectiveness

    Level of Engagement
    Tactic Disengaged/ Indifferent Almost Engaged - Engaged
    Interviews Yes Yes
    Process Mapping Yes Yes
    Use Cases Yes Yes
    Job Shadow No Yes
    Peer Assist Yes Yes
    Action Review Yes Yes
    Mentoring No Yes
    Transition Workshop Yes Yes
    Storytelling No Yes
    Job Share Maybe Yes
    Communities of Practice Maybe Yes

    When considering which tactics to employ, it's important to consider the knowledge holder's level of engagement. Employees who you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.

    Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It's essential that motivations for knowledge transfer are communicated effectively.

    Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what's in it for them.

    Putting disengaged employees in a position where they are mentoring others can be a risk, as their negativity could influence others not to participate, or it could negate the work you're doing to create a positive knowledge sharing culture.

    Employees' engagement can impact knowledge transfer effectiveness

    Effort by Stakeholder

    Tactic

    Business Analyst

    IT Manager

    Knowledge Holder

    Knowledge Receiver

    Interviews

    These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process.

    Medium

    N/A

    Low

    Low

    Process Mapping

    Medium

    N/A

    Low

    Low

    Use Cases

    Medium

    N/A

    Low

    Low

    Job Shadow

    Medium

    Medium

    Medium

    Medium

    Peer Assist

    Medium

    Medium

    Medium

    Medium

    Action Review

    These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. It's important to gain stakeholder buy-in as it is key for success.

    Low

    Medium

    Medium

    Low

    Mentoring

    Medium

    High

    High

    Medium

    Transition Workshop

    Medium

    Low

    Medium

    Low

    Storytelling

    Medium

    Medium

    Low

    Low

    Job Share

    Medium

    High

    Medium

    Medium

    Communities of Practice

    High

    Medium

    Medium

    Medium

    Phase 3

    Development Planning

    Workforce Planning

    Knowledge Transfer

    Development Planning

    Identify needs, goals, metrics, and skill gaps.

    Select a skill sourcing strategy.

    Discover critical knowledge.

    Select knowledge transfer methods.

    Identify priority competencies.

    Assess employees.

    Draft development goals.

    Provide coaching & feedback.

    The Small Enterprise Guide to People and Resource Management

    Phase Participants

    • Leadership team
    • Managers
    • Employees

    Additional Resources

    Effective development planning hinges on robust performance management

    Your performance management framework is rooted in organizational goals and defines what it means to do any given role well.

    Your organization's priority competencies are the knowledge, skills and attributes that enable an employee to do the job well.

    Each individual's development goals are then aimed at building these priority competencies.

    Mission Statement

    To be the world's leading manufacturer and distributor of widgets.

    Business Goal

    To increase annual revenue by 10%.

    IT Department Objective

    To ensure reliable communications infrastructure and efficient support for our sales and development teams.

    Individual Role Objective

    To decrease time to resolution of support requests by 10% while maintaining quality.

    Info-Tech Insight

    Without a performance management framework, your employees cannot align their development with the organization's goals. For detailed guidance, see Info-Tech's blueprint Setting Meaningful Employee Performance Measures.

    What is a competency?

    The term "competency" refers to the collection of knowledge, skills, and attributes an employee requires to do a job well.

    Often organizations have competency frameworks that consist of core, leadership, and functional competencies.

    Core competencies apply to every role in the organization. Typically, they are tied to organizational values and business mission and/or vision.

    Functional competencies are at the department, work group, or job role levels. They are a direct reflection of the function or type of work carried out.

    Leadership competencies generally apply only to people managers in the organization. Typically, they are tied to strategic goals in the short to medium term

    Generic Functional
    • Core
    • Leadership
    • IT
    • Finance
    • Sales
    • HR

    Use the SMART model to make sure goals are reasonable and attainable

    S

    Specific: Be specific about what you want to accomplish. Think about who needs to be involved, what you're trying to accomplish, and when the goal should be met.

    M

    Measurable: Set metrics that will help to determine whether the goal has been reached.

    A

    Achievable: Ensure that you have both the organizational resources and employee capability to accomplish the goal.

    R

    Relevant: Goals must align with broader business, department, and development goals in order to be meaningful.

    T

    Time-bound: Provide a target date to ensure the goal is achievable and provide motivation.

    Example goal:

    "Learn Excel this summer."

    Problems:

    Not specific enough, not measurable enough, nor time bound.

    Alternate SMART goal:

    "Consult with our Excel expert and take the lead on creating an Excel tool in August."

    3.2 Identify target competencies & draft development goals

    1 hour

    Pre-work: Employees should come to the career conversation having done some self-reflection. Use Info-Tech's IT Employee Career Development Workbook to help employees identify their career goals.

    1. Pre-work: Managers should gather any data they have on the employee's current proficiency at key competencies. Potential sources include task-based assessments, performance ratings, supervisor or peer feedback, and informal conversation.

      Prioritize competencies. Using your list of priority organizational competencies, work with your employees to help them identify two to four competencies to focus on developing now and in the future. Use the Individual Competency Development Plan template to document your assessment and prioritize competencies for development. Consider the following questions for guidance:
      1. Which competencies are needed in my current role that I do not have full proficiency in?
      2. Which competencies are related to both my career interests and the organization's priorities?
      3. Which competencies are related to each other and could be developed together or simultaneously?
    2. Draft goals. Ask your employee to create a list of multiple simple goals to develop the competencies they have selected to work on developing over the next year. Identifying multiple goals helps to break development down into manageable chunks. Ensure goals are concrete, for example, if the competency is "communication skills," your development goals could be "presentation skills" and "business writing."
    3. Review goals:
      1. Ask why these areas are important to the employee.
      2. Share your ideas and why it is important that the employee develop in the areas identified.
      3. Ensure that the goals are realistic. They should be stretch goals, but they must be achievable. Use the SMART framework on the previous slide for guidance.

    Info-Tech Insight

    Lack of career development is the top reason employees leave organizations. Development activities need to work for both the organization and the employee's own development, and clearly link to advancing employees' careers either at the organization or beyond.

    Download the IT Employee Career Development Workbook

    Download the Individual Competency Development Plan

    3.2 Identify target competencies & draft development goals

    Input

    Output

    • Employee's career aspirations
    • List of priority organizational competencies
    • Assessment of employee's current proficiency
    • A list of concrete development goals

    Materials

    Participants

    • Employee
    • Direct manager

    Apply a blend of learning methods

    • Info-Tech recommends the 70-20-10 principle for learning and development, which places the greatest emphasis on learning by doing. This experiential learning is then supported by feedback from mentoring, training, and self-reflection.
    • Use the 70-20-10 principle as a guideline – the actual breakdown of your learning methods will need to be tailored to best suit your organization and the employee's goals.

    Spend development time and effort wisely:

    70%

    On providing challenging on-the-job opportunities

    20%

    On establishing opportunities for people to develop learning relationships with others, such as coaching and mentoring

    10%

    On formal learning and training programs

    Internal initiatives are a cost-effective development aid

    Internal Initiative

    What Is It?

    When to Use It

    Special Project

    Assignment outside of the scope of the day-to-day job (e.g. work with another team on a short-term initiative).

    As an opportunity to increase exposure and to expand skills beyond those required for the current job.

    Stretch Assignment

    The same projects that would normally be assigned, but in a shorter time frame or with a more challenging component.

    Employee is consistently meeting targets and you need to see what they're capable of.

    Training Others

    Training new or more junior employees on their position or a specific process.

    Employee wants to expand their role and responsibility and is proficient and positive.

    Team Lead On an Assignment

    Team lead for part of a project or new initiative.

    To prepare an employee for future leadership roles by increasing responsibility and developing basic managerial skills.

    Job Rotation

    A planned placement of employees across various roles in a department or organization for a set period of time.

    Employee is successfully meeting and/or exceeding job expectations in their current role.

    Incorporating a development objective into daily tasks

    What do we mean by incorporating into daily tasks?

    The next time you assign a project to an employee, you should also ask the employee to think about a development goal for the project. Try to link it back to their existing goals or have them document a new goal in their development plan.

    For example: A team of employees always divides their work in the same way. Their goal for their next project could be to change up the division of responsibility so they can learn each other's roles.

    Another example:

    "I'd like you to develop your ability to explain technical terms to a non-technical audience. I'd like you to sit down with the new employee who starts tomorrow and explain how to use all our software, getting them up and running."

    Info-Tech Insight

    Employees often don't realize that they are being developed. They either think they are being recognized for good work or they are resentful of the additional workload.

    You need to tell your employees that the activity you are asking them to do is intended to further their development.

    However, be careful not to sell mundane tasks as development opportunities – this is offensive and detrimental to engagement.

    Establish manager and employee accountability for following up

    Ensure that the employee makes progress in developing prioritized competencies by defining accountabilities:

    Tracking Progress

    Checking In

    Development Meetings

    Coaching & Feedback

    Employee accountability:

    • Employees need to keep track of what they learn.
    • Employees should take the time to reflect on their progress.

    Manager accountability:

    • Managers need to make the time for employees to reflect.

    Employee accountability:

    • Employees need to provide managers with updates and ask for help.

    Manager accountability:

    • Managers need to check in with employees to see if they need additional resources.

    Employee accountability:

    • Employees need to complete assessments again to determine whether they have made progress.

    Manager accountability:

    • Managers should schedule monthly meetings to discuss progress and identify next steps.

    Employee accountability:

    • Employees should ask their manager and colleagues for feedback after development activities.

    Manager accountability:

    • Managers can use both scheduled meetings and informal conversations to provide coaching and feedback to employees.

    3.3 Select development activities and schedule check-ins

    1-3 hours

    Pre-work: Employees should research potential development activities and come prepared with a range of suggestions.

    Pre-work: Managers should investigate options for employee development, such as internal training/practice opportunities for the employee's selected competencies and availability of training budget.

    1. Communicate your findings about internal opportunities and external training allowance to the employee. This can also be done prior to the meeting, to help guide the employee's own research. Address any questions or concerns.
    2. Review the employee's proposed list of activities, and identify priority ones based on:
      1. How effectively they support the development of priority competencies.
      2. How closely they match the employee's original goals.
      3. The learning methods they employ, and whether the chosen activities support a mix of different methods.
      4. The degree to which the employee will have a chance to practice new skills hands-on.
      5. The amount of time the activities require, balanced against the employee's work obligations.
    3. Guide the employee in selecting activities for the short and medium term. Establish an understanding that this list is tentative and subject to ongoing revision during future check-ins.
      1. If in doubt about whether the employee is over-committing, err on the side of fewer activities to start.
    4. Schedule a check-in for one month out to review progress and roadblocks, and to reaffirm priorities.
    5. Check-ins should be repeated regularly, typically once a month.

    Download the Learning Methods Catalog

    Info-Tech Insight

    Adopt a blended learning approach using a variety of techniques to effectively develop competencies. This will reinforce learning and accommodate different learning styles. See Info-Tech's Learning Methods Catalog for a description of popular experiential, relational, and formal learning methods.

    3.3 Select development activities and schedule check-ins

    Input

    Output

    • List of potential development activities (from employee)
    • List of organizational resources (from manager)
    • A selection of feasible development activities
    • Next check-in scheduled

    Materials

    Participants

    • Employee
    • Direct manager

    Tips for tricky conversations about development

    What to do if…

    Employees aren't interested in development:

    • They may have low aspiration for advancement.
    • Remind them about the importance of staying current in their role given increasing job requirements.
    • Explain that skill development will make their job easier and make them more successful at it; sell development as a quick and effective way to learn the skill.
    • Indicate your support and respond to concerns.

    Employees have greater aspiration than capability:

    • Explain that there are a number of skills and capabilities that they need to improve in order to move to the next level. If the specific skills were not discussed during the performance appraisal, do not hesitate to explain the improvements that you require.
    • Inform the employee that you want them to succeed and that by pushing too far and too fast they risk failure, which would not be beneficial to anyone.
    • Reinforce that they need to do their current job well before they can be considered for promotion.

    Employees are offended by your suggestions:

    • Try to understand why they are offended. Before moving forward, clarify whether they disagree with the need for development or the method by which you are recommending they be developed.
    • If it is because you told them they had development needs, then reiterate that this is about helping them to become better and that everyone has areas to develop.
    • If it is about the development method, discuss the different options, including the pros and cons of each.

    Coaching and feedback skills help managers guide employee development

    Coaching and providing feedback are often confused. Managers often believe they are coaching when they are just giving feedback. Learn the difference and apply the right approach for the right situation.

    What is coaching?

    A conversation in which a manager asks questions to guide employees to solve problems themselves.

    Coaching is:

    • Future-focused
    • Collaborative
    • Geared toward growth and development

    What is feedback?

    Information conveyed from the manager to the employee about their performance.

    Feedback is:

    • Past-focused
    • Prescriptive
    • Geared toward behavior and performance

    Info-Tech Insight

    Don't forget to develop your managers! Ensure coaching, feedback, and management skills are part of your management team's development plan.

    Understand the foundations of coaching to provide effective development coaching:

    Knowledge Mindset Relationship
    • Understand what coaching is and how to apply it:
    • Identify when to use coaching, feedback, or other people management practices, and how to switch between them.
    • Know what coaching can and cannot accomplish.
    • When focusing on performance, guide an employee to solve problems related to their work. When focusing on development, guide an employee to reach their own development goals.
    • Adopt a coaching mindset by subscribing to the following beliefs:
    • Employees want to achieve higher performance and have the potential to do so.
    • Employees have a unique and valuable perspective to share of the challenges they face as well as the possible solutions.
    • Employees should be empowered to realize solutions themselves to motivate them in achieving goals.
    • Develop a relationship of trust between managers and employees:
    • Create an environment of psychological safety where employees feel safe to be open and honest.
    • Involve employees in decision making and inform employees often.
    • Invest in employees' success.
    • Give and expect candor.
    • Embrace failure.

    Apply the "4A" behavior-focused coaching model

    Using a model allows every manager, even those with little experience, to apply coaching best practices effectively.

    Actively Listen

    Ask

    Action Plan

    Adapt

    Engage with employees and their message, rather than just hearing their message.

    Key active listening behaviors:

    • Provide your undivided attention.
    • Observe both spoken words and body language.
    • Genuinely try to understand what the employee is saying.
    • Listen to what is being said, then paraphrase back what you heard.

    Ask thoughtful, powerful questions to learn more information and guide employees to uncover opportunities and/or solutions.

    Key asking behaviors:

    • Ask open-ended questions.
    • Ask questions to learn something you didn't already know.
    • Ask for reasoning (the why).
    • Ask "what else?"

    Hold employees and managers accountable for progress and results.

    During check-ins, review each development goal to ensure employees are meeting their targets.

    Key action planning behaviors:

    Adapt to individual employees and situations.

    Key adapting behaviors:

    • Recognize employees' unique characteristics.
    • Appreciate the situation at hand and change your behavior and communication in order to best support the individual employee.

    Use the following questions to have meaningful coaching conversations

    Opening Questions

    • What's on your mind?
    • Do you feel you've had a good week/month?
    • What is the ideal situation?
    • What else?

    Problem-Identifying Questions

    • What is most important here?
    • What is the challenge here for you?
    • What is the real challenge here for you?
    • What is getting in the way of you achieving your goal?

    Problem-Solving Questions

    • What are some of the options available?
    • What have you already tried to solve this problem? What worked? What didn't work?
    • Have you considered all the possibilities?
    • How can I help?

    Next-Steps Questions

    • What do you need to do, and when, to achieve your goal?
    • What resources are there to help you achieve your goal? This includes people, tools, or even resources outside our organization.
    • How will you know when you have achieved your goal? What does success look like?

    The purpose of asking questions is to guide the conversation and learn something you didn't already know. Choose the questions you ask based on the flow of the conversation and on what information you would like to uncover. Approach the answers you get with an open mind.

    Info-Tech Insight

    Avoid the trap of "hidden agenda" questions, whose real purpose is to offer your own advice.

    Use the following approach to give effective feedback

    Provide the feedback in a timely manner

    • Plan the message you want to convey.
    • Provide feedback "just-in-time."
    • Ensure recipient is not preoccupied.
    • Try to balance the feedback; refer to successful as well as unsuccessful behavior.

    Communicate clearly, using specific examples and alternative behaviors

    • Feedback must be honest and helpful.
    • Be specific and give a recent example.
    • Be descriptive, not evaluative.
    • Relate feedback to behaviors that can be changed.
    • Give an alternative positive behavior.

    Confirm their agreement and understanding

    • Solicit their thoughts on the feedback.
    • Clarify if not understood; try another example.
    • Confirm recipient understands and accepts the feedback.

    Manager skill is crucial to employee development

    Development is a two-way street. This means that while employees are responsible for putting in the work, managers must enable their development with support and guidance. The latter is a skill, which managers must consciously cultivate.

    For more in-depth management skills development, see the Info-Tech "Build a Better Manager" training resources:

    Bibliography

    Anderson, Kelsie. "Is Your IT Department Prepared for the 4 Biggest Challenges of 2017?" 14 June 2017.
    Atkinson, Carol, and Peter Sandiford. "An Exploration of Older Worker Flexible Working Arrangements in Smaller Firms." Human Resource Management Journal, vol. 26, no. 1, 2016, pp. 12–28. Wiley Online Library.
    BasuMallick, Chiradeep. "Top 8 Best Practices for Employee Cross-Training." Spiceworks, 15 June 2020.
    Birol, Andy. "4 Ways You Can Succeed With a Staff That 'Wears Multiple Hats.'" The Business Journals, 26 Nov. 2013.
    Bleich, Corey. "6 Major Benefits To Cross-Training Employees." EdgePoint Learning, 5 Dec. 2018.
    Cancialosi, Chris. "Cross-Training: Your Best Defense Against Indispensable Employees." Forbes, 15 Sept. 2014.
    Cappelli, Peter, and Anna Tavis. "HR Goes Agile." Harvard Business Review, Mar. 2018.
    Chung, Kai Li, and Norma D'Annunzio-Green. "Talent Management Practices of SMEs in the Hospitality Sector: An Entrepreneurial Owner-Manager Perspective." Worldwide Hospitality and Tourism Themes, vol. 10, no. 4, Jan. 2018.
    Clarkson, Mary. Developing IT Staff: A Practical Approach. Springer Science & Business Media, 2012.
    "CNBC and SurveyMonkey Release Latest Small Business Survey Results." Momentive, 2019. Press Release. Accessed 6 Aug. 2020.
    Cselényi, Noémi. "Why Is It Important for Small Business Owners to Focus on Talent Management?" Jumpstart:HR | HR Outsourcing and Consulting for Small Businesses and Startups, 25 Mar. 2013.
    dsparks. "Top 10 IT Concerns for Small Businesses." Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support, 16 May 2017.
    Duff, Jimi. "Why Small to Mid-Sized Businesses Need a System for Talent Management | Talent Management Blog | Saba Software." Saba, 17 Dec. 2018.
    Employment and Social Development Canada. "Age-Friendly Workplaces: Promoting Older Worker Participation." Government of Canada, 3 Oct. 2016.
    Exploring Workforce Planning. Accenture, 23 May 2017.
    "Five Major IT Challenges Facing Small and Medium-Sized Businesses." Advanced Network Systems. Accessed 25 June 2020.
    Harris, Evan. "IT Problems That Small Businesses Face." InhouseIT, 17 Aug. 2016.
    Heathfield, Susan. "What Every Manager Needs to Know About Succession Planning." Liveabout, 8 June 2020.
    ---. "Why Talent Management Is an Important Business Strategy." Liveabout, 29 Dec. 2019.
    Herbert, Chris. "The Top 5 Challenges Facing IT Departments in Mid-Sized Companies." ExpertIP, 25 June 2012.
    How Smaller Organizations Can Use Talent Management to Accelerate Growth. Avilar. Accessed 25 June 2020.
    Krishnan, TN, and Hugh Scullion. "Talent Management and Dynamic View of Talent in Small and Medium Enterprises." Human Resource Management Review, vol. 27, no. 3, Sept. 2017, pp. 431–41.
    Mann Jackson, Nancy. "Strategic Workforce Planning for Midsized Businesses." ADP, 6 Feb. 2017.
    McCandless, Karen. "A Beginner's Guide to Strategic Talent Management (2020)." The Blueprint, 26 Feb. 2020.
    McFeely, Shane, and Ben Wigert. "This Fixable Problem Costs U.S. Businesses $1 Trillion." Gallup.com, 13 Mar. 2019.
    Mihelič, Katarina Katja. Global Talent Management Best Practices for SMEs. Jan. 2020.
    Mohsin, Maryam. 10 Small Business Statistics You Need to Know in 2020 [May 2020]. 4 May 2020.
    Ramadan, Wael H., and B. Eng. The Influence of Talent Management on Sustainable Competitive Advantage of Small and Medium Sized Establishments. 2012, p. 15.
    Ready, Douglas A., et al. "Building a Game-Changing Talent Strategy." Harvard Business Review, no. January–February 2014, Jan. 2014.
    Reh, John. "Cross-Training Employees Strengthens Engagement and Performance." Liveabout, May 2019.
    Rennie, Michael, et al. McKinsey on Organization: Agility and Organization Design. McKinsey, May 2016.
    Roddy, Seamus. "The State of Small Business Employee Benefits in 2019." Clutch, 18 Apr. 2019.
    SHRM. "Developing Employee Career Paths and Ladders." SHRM, 28 Feb. 2020.
    Strandberg, Coro. Sustainability Talent Management: The New Business Imperative. Strandberg Consulting, Apr. 2015.
    Talent Management for Small & Medium-Size Businesses. Success Factors. Accessed 25 June 2020.
    "Top 10 IT Challenges Facing Small Business in 2019." Your IT Department, 8 Jan. 2019.
    "Why You Need Workforce Planning." Workforce.com, 24 Oct. 2022.

    Identify and Build the Data & Analytics Skills Your Organization Needs

    • Buy Link or Shortcode: {j2store}301|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some common obstacles that could prevent you from identifying and building the data & analytics skills your organization needs include:

    • Lack of resources and knowledge to secure professionals with the right mix of D&A skills and right level of experience/skills
    • Lack of well-formulated and robust data strategy
    • Underestimation of the value of soft skills

    Our Advice

    Critical Insight

    Skill deficiency is frequently stated as a roadblock to realizing corporate goals for data & analytics. Soft skills and technical skills are complementary, and data & analytics teams need a combination of both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization’s data strategy to ensure the right skills are available at the right time and minimize pertinent risks.

    Impact and Result

    Follow Info-Tech's advice on the roles and skills needed to support your data & analytics strategic growth objectives and how to execute an actionable plan:

    • Define the skills required for each essential data & analytics role.
    • Identify the roles and skills gaps in alignment with your current data strategy.
    • Establish an action plan to close the gaps and reduce risks.

    Identify and Build the Data & Analytics Skills Your Organization Needs Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Build the Data & Analytics Skills Your Organization Needs Deck – Use this research to assist you in identifying and building roles and skills that are aligned with the organization’s data strategy.

    To generate business value from data, data leaders must first understand what skills are required to achieve these goals, identify the current skill gaps, and then develop skills development programs to enhance the relevant skills. Use Info-Tech's approach to identify and fill skill gaps to ensure you have the right skills at the right time.

    • Identify and Build the Data & Analytics Skills Your Organization Needs Storyboard

    2. Data & Analytics Skills Assessment and Planning Tool – Use this tool to help you identify the current and required level of competency for data & analytics skills, analyze gaps, and create an actionable plan.

    Start with skills and roles identified as the highest priority through a high-level maturity assessment. From there, use this tool to determine whether the organization’s data & analytics team has the key role, the right combination of skill sets, and the right level competency for each skill. Create an actionable plan to develop skills and fill gaps.

    • Data & Analytics Skills Assessment and Planning Tool
    [infographic]

    Further reading

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Blending soft skills with deep technical expertise is essential for building successful data & analytics teams.

    Analyst Perspective

    Blending soft skills with deep technical expertise is essential for building successful data & analytics teams.

    In today's changing environment, data & analytics (D&A) teams have become an essential component, and it is critical for organizations to understand the skill and talent makeup of their D&A workforce. Chief data & analytics officers (CDAOs) or other equivalent data leaders can train current data employees or hire proven talent and quickly address skills gaps.

    While developing technical skills is critical, soft skills are often left underdeveloped, yet lack of such skills is most likely why the data team would face difficulty moving beyond managing technology and into delivering business value.

    Follow Info-Tech's methodology to identify and address skills gaps in today's data workplace. Align D&A skills with your organization's data strategy to ensure that you always have the right skills at the right time.

    Ruyi Sun
    Research Specialist,
    Data & Analytics, and Enterprise Architecture
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some critical challenges organizations with skills deficiencies might face include:

    • Time loss due to delayed progress and reworking of initiatives
    • Poor implementation quality and low productivity
    • Reduced credibility of data leader and data initiatives

    Common Obstacles

    Some common obstacles that could prevent you from identifying and building the data and analytics (D&A) skills your organization needs are:

    • Lack of resources and knowledge to secure professionals with the right mixed D&A skills and the right experience/skill level
    • Lack of well-formulated and robust data strategy
    • Neglecting the value of soft skills and placing all your attention on technical skills

    Info-Tech's Approach

    Follow Info-Tech's guidance on the roles and skills required to support your D&A strategic growth objectives and how to execute an actionable plan:

    • Define skills required for each essential data and analytics role
    • Identify roles and skills gap in alignment with your current data strategy
    • Establish action plan to close the gaps and reduce risks

    Info-Tech Insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills required by your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    The rapidly changing environment is impacting the nature of work

    Scarcity of data & analytics (D&A) skills

    • Data is one of the most valuable organizational assets, and regardless of your industry, data remains the key to informed decision making. More than 75% of businesses are looking to adopt technologies like big data, cloud computing, and artificial intelligence (AI) in the next five years (World Economic Forum, 2023). As organizations pivot in response to industry disruptions and technological advancements, the nature of work is changing, and the demand for data expertise has grown.
    • Despite an increasing need for data expertise, organizations still have trouble securing D&A roles due to inadequate upskilling programs, limited understanding of the skills required, and more (EY, 2022). Notably, scarce D&A skills have been critical. More workers will need at least a base level of D&A skills to adequately perform their jobs.

    Stock image of a data storage center.

    Organizations struggle to remain competitive when skills gaps aren't addressed

    Organizations identify skills gaps as the key barriers preventing industry transformation:

    60% of organizations identify skills gaps as the key barriers preventing business transformation (World Economic Forum, 2023)

    43% of respondents agree the business area with the greatest need to address potential skills gaps is data analytics (McKinsey & Company, 2020)

    Most organizations are not ready to address potential role disruptions and close skills gaps:

    87% of surveyed companies say they currently experience skills gaps or expect them within a few years (McKinsey & Company, 2020)

    28% say their organizations make effective decisions on how to close skills gaps (McKinsey & Company, 2020)

    Neglecting soft skills development impedes CDOs/CDAOs from delivering value

    According to BearingPoint's CDO survey, cultural challenges and limited data literacy are the main roadblocks to a CDO's success. To drill further into the problem and understand the root causes of the two main challenges, conduct a root cause analysis (RCA) using the Five Whys technique.

    Bar Chart of 'Major Roadblocks to the Success of a CDO' with 'Limited data literacy' at the top.
    (Source: BearingPoint, 2020)

    Five Whys RCA

    Problem: Poor data literacy is the top challenge CDOs face when increasing the value of D&A. Why?

    • People that lack data literacy find it difficult to embrace and trust the organization's data insights. Why?
    • Data workers and the business team don't speak the same language. Why?
    • No shared data definition or knowledge is established. Over-extensive data facts do not drive business outcomes. Why?
    • Leaders fail to understand that data literacy is more than technical training, it is about encompassing all aspects of business, IT, and data. Why?
    • A lack of leadership skills prevents leaders from recognizing these connections and the data team needing to develop soft skills.

    Problem: Cultural challenge is one of the biggest obstacles to a CDO's success. Why?

    • Decisions are made from gut instinct instead of data-driven insights, thus affecting business performance. Why?
    • People within the organization do not believe that data drives operational excellence, so they resist change. Why?
    • Companies overestimate the organization's level of data literacy and data maturity. Why?
    • A lack of strategies in change management, continuous improvement & data literacy for data initiatives. Why?
    • A lack of expertise/leaders possessing these relevant soft skills (e.g. change management, etc.).

    As organizations strive to become more data-driven, most conversations around D&A emphasize hard skills. Soft skills like leadership and change management are equally crucial, and deficits there could be the root cause of the data team's inability to demonstrate improved business performance.

    Data cannot be fully leveraged without a cohesive data strategy

    Business strategy and data strategy are no longer separate entities.

    • For any chief data & analytics officer (CDAO) or equivalent data leader, a robust and comprehensive data strategy is the number one tool for generating measurable business value from data. Data leaders should understand what skills are required to achieve these goals, consider the current skills gap, and build development programs to help employees improve those skills.
    • Begin your skills development programs by ensuring you have a data strategy plan prepared. A data strategy should never be formulated independently from the business. Organizations with high data maturity will align such efforts to the needs of the business, making data a major part of the business strategy to achieve data centricity.
    • Refer to Info-Tech's Build a Robust and Comprehensive Data Strategy blueprint to ensure data can be leveraged as a strategic asset of the organization.

    Diagram of 'Data Strategy Maturity' with two arrangements of 'Data Strategy' and 'Business Strategy'. One is 'Aligned', the other is 'Data Centric.'

    Info-Tech Insight

    The process of achieving data centricity requires alignment between the data and business teams, and that requires soft skills.

    Follow Info-Tech's methodology to identify the roles and skills needed to execute a data strategy

    1. Define Key Roles and Skills

      Digital Leadership Skills, Soft Skills, Technical Skills
      Key Output
      • Defined essential competencies, responsibilities for some common data roles
    2. Uncover the Skills Gap

      Data Strategy Alignment, High-Level Data Maturity Assessment, Skills Gap Analysis
      Key Output
      • Data roles and skills aligned with your current data strategy
      • Identified current and target state of data skill sets
    3. Build an Actionable Plan

      Initiative Priority, Skills Growth Feasibility, Hiring Feasibility
      Key Output
      • Identified action plan to address the risk of data skills deficiency

    Info-Tech Insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    Research benefits

    Member benefits

    • Reduce time spent defining the target state of skill sets.
    • Gain ability to reassess the feasibility of execution on your data strategy, including resources and timeline.
    • Increase confidence in the data leader's ability to implement a successful skills development program that is aligned with the organization's data strategy, which correlates directly to successful business outcomes.

    Business benefits

    • Reduce time and cost spent hiring key data roles.
    • Increase chance of retaining high-quality data professionals.
    • Reduce time loss for delayed progress and rework of initiatives.
    • Optimize quality of data initiative implementation.
    • Improve data team productivity.

    Insight summary

    Overarching insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    Phase 1 insight

    Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.

    Phase 2 insight

    Understanding and knowing your organization's data maturity level is a prerequisite to assessing your current skill and determining where you must align in the future.

    Phase 3 insight

    One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A.

    While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.

    Tactical insight

    Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is four to six calls over the course of two to three months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Call #1: Understand common data & analytics roles and skills, and your specific objectives and challenges. Call #2: Assess the current data maturity level and competency of skills set. Identify the skills gap. Call #3: Identify the relationship between current initiatives and capabilities. Initialize the corresponding roadmap for the data skills development program.

    Call #4: (follow-up call) Touching base to follow through and ensure that benefits have received.

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 1

    Define Key Roles and Skills

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 1.1 Review D&A Skill & Role List in Data & Analytics Assessment and Planning Tool

    This phase involves the following participants:

    • Data leads

    Key resources for your data strategy: People

    Having the right role is a key component for executing effective data strategy.

    D&A Common Roles

    • Data Steward
    • Data Custodian
    • Data Owner
    • Data Architect
    • Data Modeler
    • Artificial Intelligence (AI) and Machine Learning (ML) Specialist
    • Database Administrator
    • Data Quality Analyst
    • Security Architect
    • Information Architect
    • System Architect
    • MDM Administrator
    • Data Scientist
    • Data Engineer
    • Data Pipeline Developer
    • Data Integration Architect
    • Business Intelligence Architect
    • Business Intelligence Analyst
    • ML Validator

    AI and ML Specialist is projected to be the fastest-growing occupation in the next five years (World Economic Forum, 2023).

    While tech roles take an average of 62 days to fill, hiring a senior data scientist takes 70.5 days (Workable, 2019). Start your recruitment cycle early for this demand.

    D&A Leader Roles

    • Chief Data Officer (CDO)/Chief Data & Analytics Officer (CDAO)
    • Data Governance Lead
    • Data Management Lead
    • Information Security Lead
    • Data Quality Lead
    • Data Product Manager
    • Master Data Manager
    • Content and Record Manager
    • Data Literacy Manager

    CDOs act as impactful change agents ensuring that the organization's data management disciplines are running effectively and meeting the business' data needs. Only 12.0% of the surveyed organizations reported having a CDO as of 2012. By 2022, this percentage had increased to 73.7% (NewVantage Partners, 2022).

    Sixty-five percent of respondents said lack of data literacy is the top challenge CDOs face today (BearingPoint, 2020). It has become imperative for companies to consider building a data literacy program which will require a dedicated data literacy team.

    Key resources for your data strategy: Skill sets

    Distinguish between the three skills categories.

    • Soft Skills

      Soft skills are described as power skills regarding how you work, such as teamwork, communication, and critical thinking.
    • Digital Leadership Skills

      Not everyone working in the D&A field is expected to perform advanced analytical tasks. To thrive in increasingly data-rich environments, however, every data worker, including leaders, requires a basic technological understanding and skill sets such as AI, data literacy, and data ethics. These are digital leadership skills.
    • Technical Skills

      Technical skills are the practical skills required to complete a specific task. For example, data scientists and data engineers require programming skills to handle and manage vast amounts of data.

    Info-Tech Insight

    Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.

    Soft skills aren't just nice to have

    They're a top asset in today's data workplace.

    Leadership

    • Data leaders with strong leadership abilities can influence the organization's strategic execution and direction, support data initiatives, and foster data cultures. Organizations that build and develop leadership potential are 4.2 times more likely to financially outperform those that do not (Udemy, 2022).

    Business Acumen

    • The process of deriving conclusions and insights from data is ultimately utilized to improve business decisions and solve business problems. Possessing business acumen helps provide the business context and perspectives for work within data analytics fields.

    Critical Thinking

    • Critical thinking allows data leaders at every level to objectively assess a problem before making judgment, consider all perspectives and opinions, and be able to make decisions knowing the ultimate impact on results.

    Analytical Thinking

    • Analytical thinking remains the most important skill for workers in 2023 (World Economic Forum, 2023). Data analytics expertise relies heavily on analytical thinking, which is the process of breaking information into basic principles to analyze and understand the logic and concepts.

    Design Thinking & Empathy

    • Design thinking skills help D&A professionals understand and prioritize the end-user experience to better inform results and assist the decision-making process. Organizations with high proficiency in design thinking are twice as likely to be high performing (McLean & Company, 2022).

    Learning Focused

    • The business and data analytics fields continue to evolve rapidly, and the skills, especially technical skills, must keep pace. Learning-focused D&A professionals continuously learn, expanding their knowledge and enhancing their techniques.

    Change Management

    • Change management is essential, especially for data leaders who act as change agents developing and enabling processes and who assist others with adjusting to changes with cultural and procedural factors. Organizations with high change management proficiency are 2.2 times more likely to be high performing (McLean & Company, 2022).

    Resilience

    • Being motivated and adaptable is essential when facing challenges and high-pressure situations. Organizations highly proficient in resilience are 1.8 times more likely to be high performing (McLean & Company, 2022).

    Managing Risk & Governance Mindset

    • Risk management ability is not limited to highly regulated institutions. All data workers must understand risks from the larger organizational perspective and have a holistic governance mindset while achieving their individual goals and making decisions.

    Continuous Improvement

    • Continuously collecting feedback and reflecting on it is the foundation of continuous improvement. To uncover and track the lessons learned and treat them as opportunities, data workers must be able to discover patterns and connections.

    Teamwork & Collaboration

    • Value delivery in a data-centric environment is a team effort, requiring collaboration across the business, IT, and data teams. D&A experts with strong collaborative abilities can successfully work with other teams to achieve shared objectives.

    Communication & Active Listening

    • This includes communicating with relevant stakeholders about timelines and expectations of data projects and associated technology and challenges, paying attention to data consumers, understanding their requirements and needs, and other areas of interest to the organization.

    Technical skills for everyday excellence

    Digital Leadership Skills

    • Technological Literacy
    • Data and AI Literacy
    • Cloud Computing Literacy
    • Data Ethics
    • Data Translation

    Data & Analytics Technical Competencies

    • Data Mining
    • Programming Languages (Python, SQL, R, etc.)
    • Data Analysis and Statistics
    • Computational and Algorithmic Thinking
    • AI/ML Skills (Deep Learning, Computer Vision, Natural Language Processing, etc.)
    • Data Visualization and Storytelling
    • Data Profiling
    • Data Modeling & Design
    • Data Pipeline (ETL/ELT) Design & Management
    • Database Design & Management
    • Data Warehouse/Data Lake Design & Management

    1.1 Review D&A Skill & Role List in the Data & Analytics Assessment and Planning Tool

    Sample of Tab 2 in the Data & Analytics Assessment and Planning Tool.

    Tab 2. Skill & Role List

    Objective: Review the library of skills and roles and customize them as needed to align with your organization's language and specific needs.

    Download the Data & Analytics Assessment and Planning Tool

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 2

    Uncover the Skills Gap

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 2.1 High-level assessment of your present data management maturity
    • 2.2 Interview business and data leaders to clarify current skills availability
    • 2.3 Use the Data & Analytics Assessment and Planning Tool to Identify your skills gaps

    This phase involves the following participants:

    • Data leads
    • Business leads and subject matter experts (SMEs)
    • Key business stakeholders

    Identify skills gaps across the organization

    Gaps are not just about assigning people to a role, but whether people have the right skill sets to carry out tasks.

    • Now that you have identified the essential skills and roles in the data workplace, move to Phase 2. This phase will help you understand the required level of competency, assess where the organization stands today, and identify gaps to close.
    • Using the Data & Analytics Assessment and Planning Tool, start with areas that are given the highest priority through a high-level maturity assessment. From there, three levels of gaps will be found: whether people are assigned to a particular position, the right combination of D&A skill sets, and the right competency level for each skill.
    • Lack of talent assigned to a position

    • Lack of the right combination of D&A skill sets

    • Lack of appropriate competency level

    Info-Tech Insight

    Understanding your organization's data maturity level is a prerequisite to assessing the skill sets you have today and determining where you need to align in the future.

    2.1 High-level assessment of your present data management maturity

    Identifying and fixing skills gaps takes time, money, and effort. Focus on bridging the gap in high-priority areas.

    Input: Current state capabilities, Use cases (if applicable), Data culture diagnostic survey results (if applicable)
    Output: High-level maturity assessment, Prioritized list of data management focused area
    Materials: Data Management Assessment and Planning Tool (optional), Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Objectives:

    Prioritize these skills and roles based on your current maturity levels and what you intend to accomplish with your data strategy.

    Steps:

    1. (Optional Step) Refer to the Build a Robust and Comprehensive Data Strategy blueprint. You can assess your data maturity level using the following frameworks and methods:
      • Review current data strategy and craft use cases that represent high-value areas that must be addressed for their teams or functions.
      • Use the data culture assessment survey to determine your organization's data maturity level.
    2. (Optional Step) Refer to the Create a Data Management Roadmap blueprint and Data Management Assessment and Planning Tool to dive deep into understanding and assessing capabilities and maturity levels of your organization's data management enablers and understanding your priority areas and specific gaps.
    3. If you have completed Data Management Assessment and Planning Tool, fill out your maturity level scores for each of the data management practices within it - Tab 3 (Current-State Assessment). Skip Tab 4 (High-Level Maturity Assessment).
    4. If you have not yet completed Data Management Assessment and Planning Tool, skip Tab 3 and continue with Tab 4. Assign values 1 to 3 for each capability and enabler.
    5. You can examine your current-state data maturity from a high level in terms of low/mid/high maturity using either Tabs 3 or 4.
    6. Suggested focus areas along the data journey:
      • Low Maturity = Data Strategy, Data Governance, Data Architecture
      • Mid Maturity = Data Literacy, Information Management, BI and Reporting, Data Operations Management, Data Quality Management, Data Security/Risk Management
      • High Maturity = MDM, Data Integration, Data Product and Services, Advanced Analytics (ML & AI Management).

    Download the Data & Analytics Assessment and Planning Tool

    2.2 Interview business and data leaders to clarify current skills availability

    1-2 hours per interview

    Input: Sample questions targeting the activities, challenges, and opportunities of each unit
    Output: Identified skills availability
    Materials: Whiteboard/Flip charts, Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Instruction:

    1. Conduct a deep-dive interview with each key data initiative stakeholder (data owners, SMEs, and relevant IT/Business department leads) who can provide insights on the skill sets of their team members, soliciting feedback from business and data leaders about skills and observations of employees as they perform their daily tasks.
    2. Populate a current level of competency for each skill in the Data & Analytics Assessment and Planning Tool in Tabs 5 and 6. Having determined your data maturity level, start with the prioritized data management components (e.g. if your organization sits at low data maturity level, start with identifying relevant positions and skills under data governance, data architecture, and data architecture elements).
    3. More detailed instructions on how to utilize the workbook are at the next activity.

    Key interview questions that will help you :

    1. Do you have personnel assigned to the role? What are their primary activities? Do the personnel possess the soft and technical skills noted in the workbook? Are you satisfied with their performance? How would you evaluate their degree of competency on a scale of "vital, important, nice to have, or none"? The following aspects should be considered when making the evaluation:
      • Key Performance Indicators (KPIs): Business unit data will show where the organization is challenged and will help identify potential areas for development.
      • Project Management Office: Look at successful and failed projects for trends in team traits and competencies.
      • Performance Reviews: Look for common themes where employees excel or need to improve.
      • Focus Groups: Speak with a cross section of employees to understand their challenges.
    2. What technology is currently used? Are there requirements for new technology to be bought and/or optimized in the future? Will the workforce need to increase their skill level to carry out these activities with the new technology in place?

    Download the Data & Analytics Assessment and Planning Tool

    2.3 Use the Data & Analytics Assessment and Planning Tool to identify skills gaps

    1-3 hours — Not everyone needs the same skill levels.

    Input: Current skills competency, Stakeholder interview results and findings
    Output: Gap identification and analysis
    Materials: Data & Analytics Assessment and Planning Tool
    Participants: Data leads

    Instruction:

    1. Select your organization's data maturity level in terms of Low/Mid/High in cell A6 for both Tab 5 (Soft Skills Assessment) and Tab 6 (Technical Skills Assessment) to reduce irrelevant rows.
    2. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to determine whether the data role exists in the organization. If yes, assign a current-state value from “vital, important, nice to have, or none” for each skill in the assessment tool. Info-Tech has specified the desired/required target state of each skill set.
    3. Once you've assigned the current-state values, the tool will automatically determine whether there is a gap in skill set.

    Download the Data & Analytics Assessment and Planning Tool

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 3

    Build an Actionable Plan

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 3.1 Use the Data & Analytics Assessment and Planning Tool to build your actionable roadmap

    This phase involves the following participants:

    • Data leads
    • Business leads and subject matter experts (SMEs)
    • Key business stakeholders

    Determine next steps and decision points

    There are three types of internal skills development strategies

    • There are three types of internal skills development strategies organizations can use to ensure the right people with the right abilities are placed in the right roles: reskill, upskill, and new hire.
    1. Reskill

      Reskilling involves learning new skills for a different or newly defined position.
    2. Upskill

      Upskilling involves building a higher level of competency in skills to improve the worker's performance in their current role.
    3. New hire

      New hire involves hiring workers who have the essential skills to fill the open position.

    Info-Tech Insight

    One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A. While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.

    How to determine when to upskill, reskill, or hire to meet your skills needs

    Reskill

    Reskilling often indicates a change in someone's career path, so this decision requires a goal aligned with both individuals and the organization to establish a mutually beneficial situation.

    When making reskilling decisions, organizations should also consider the relevance of the skill for different positions. For example, data administrators and data architects have similar skill sets, so reskilling is appropriate for these employees.

    Upskill

    Upskilling tends to focus more on the soft skills necessary for more advanced positions. A data strategy lead, for example, might require design thinking training, which enables leaders to think from different perspectives.

    Skill growth feasibility must also be considered. Some technical skills, particularly those involving cutting-edge technologies, require continual learning to maintain operational excellence. For example, a data scientist may require AI/ML skills training to incorporate use of modern automation technology.

    New Hire

    For open positions and skills that are too resource-intensive to reskill or upskill, it makes sense to recruit new employees. Consider, however, time and cost feasibility of hiring. Some positions (e.g. senior data scientist) take longer to fill. To minimize risks, coordinate with your HR department and begin recruiting early.

    Data & Analytics skills training

    There are various learning methods that help employees develop priority competencies to achieve reskilling or upskilling.

    Specific training

    The data team can collaborate with the human resources department to plan and develop internal training sessions aimed at specific skill sets.

    This can also be accomplished through external training providers such as DCAM, which provides training courses on data management and analytics topics.

    Formal education program

    Colleges and universities can equip students with data analytics skills through formal education programs such as MBAs and undergraduate or graduate degrees in Data Science, Machine Learning, and other fields.

    Certification

    Investing time and effort to obtain certifications in the data & analytics field allows data workers to develop skills and gain recognition for continuous learning and self-improvement.

    AWS Data Analytics and Tableau Data Scientist Certification are two popular data analytics certifications.

    Online learning from general providers

    Some companies offer online courses in various subjects. Coursera and DataCamp are two examples of popular providers.

    Partner with a vendor

    The organization can partner with a vendor who brings skills and talents that are not yet available within the organization. Employees can benefit from the collaboration process by familiarizing themselves with the project and enhancing their own skills.

    Support from within your business

    The data team can engage with other departments that have previously done skills development programs, such as Finance and Change & Communications, who may have relevant resources to help you improve your business acumen and change management skills.

    Info-Tech Insight

    Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.

    Data & Analytics skills reinforcement

    Don't assume learners will immediately comprehend new knowledge. Use different methods and approaches to reinforce their development.

    Innovation Space

    • Skills development is not a one-time event, but a continuous process during which innovation should be encouraged. A key aspect of being innovative is having a “fail fast” mentality, which means collecting feedback, recognizing when something isn't working, encouraging experimentation, and taking a different approach with the goal of achieving operational excellence.
    • Human-centered design (HCD) also yields innovative outcomes with a people-first focus. When creating skills development programs for various target groups, organizations should integrate a human-centered approach.

    Commercial Lens

    • Exposing people to a commercial way of thinking can add long-term value by educating people to act in the business' best interest and raising awareness of what other business functions contribute. This includes concepts such as project management, return on investment (ROI), budget alignment, etc.

    Checklists/Rubrics

    • Employees should record what they learn so they can take the time to reflect. A checklist is an effective technique for establishing objectives, allowing measurement of skills development and progress.

    Buddy Program

    • A buddy program helps employees gain and reinforce knowledge and skills they have learned through mutual support and information exchange.

    Align HR programs to support skills integration and talent recruitment

    With a clear idea of skills needs and an executable strategy for training and reinforcing of concepts, HR programs and processes can help the data team foster a learning environment and establish a recruitment plan. The links below will direct you to blueprints produced by McLean & Company, a division of Info-Tech Research Group.

    Workforce Planning

    When integrating the skills of the future into workforce planning, determine the best approach for addressing the identified talent gaps – whether to build, buy, or borrow.

    Integrate the future skills identified into the organization's workforce plan.

    Talent Acquisition

    In cases where employee development is not feasible, the organization's talent acquisition strategy must focus more on buying or borrowing talent. This will impact the TA process. For example, sourcing and screening must be updated to reflect new approaches and skills.

    If you have a talent acquisition strategy, assess how to integrate the new roles/skills into recruiting.

    Competencies/Succession Planning

    Review current organizational core competencies to determine if they need to be modified. New skills will help inform critical roles and competencies required in succession talent pools.

    If no competency framework exists, use McLean & Company's Develop a Comprehensive Competency Framework blueprint.

    Compensation

    Evaluate modified and new roles against the organization's compensation structure. Adjust them as necessary. Look at market data to understand compensation for new roles and skills.

    Reassess your base pay structure according to market data for new roles and skills.

    Learning and Development

    L&D plays a huge role in closing the skills gap. Build L&D opportunities to support development of new skills in employees.

    Design an Impactful Employee Development Program to build the skills employees need in the future.

    3.1 Use the Data & Analytics Assessment and Planning Tool to build an actionable plan

    1-3 hours

    Input: Roles and skills required, Key decision points
    Output: Actionable plan
    Materials: Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Instruction:

    1. On Tab 7 (Next Steps & Decision Points), you will find a list of tasks that correspond to roles that where there is a skills gap.
    2. Customize this list of tasks initiatives according to your needs.
    3. The Gantt chart, which will be generated automatically after assigning start and finish dates for each activity, can be used to structure your plan and guarantee that all the main components of skills development are addressed.

    Sample of Tab 7 in the Data & Analytics Assessment and Planning Tool.

    Download the Data & Analytics Assessment and Planning Tool

    Related Info-Tech Research

    Sample of the Create a Data Management Roadmap blueprint.

    Create a Data Management Roadmap

    • This blueprint will help you design a data management practice that will allow your organization to use data as a strategic enabler.

    Stock image of a person looking at data dashboards on a tablet.

    Build a Robust and Comprehensive Data Strategy

    • Put a strategy in place to ensure data is available, accessible, well-integrated, secured, of acceptable quality, and suitably visualized to fuel organization-wide decision making. Start treating data as strategic and corporate asset.

    Sample of the Foster Data-Driven Culture With Data Literacy blueprint.

    Foster Data-Driven Culture With Data Literacy

    • By thoughtfully designing a data literacy training program appropriate to the audience's experience, maturity level, and learning style, organizations build a data-driven and engaged culture that helps them unlock their data's full potential and outperform other organizations.

    Research Authors and Contributors

    Authors:

    Name Position Company
    Ruyi Sun Research Specialist Info-Tech Research Group

    Contributors:

    Name Position Company
    Steve Wills Practice Lead Info-Tech Research Group
    Andrea Malick Advisory Director Info-Tech Research Group
    Annabel Lui Principal Advisory Director Info-Tech Research Group
    Sherwick Min Technical Counselor Info-Tech Research Group

    Bibliography

    2022 Workplace Learning Trends Report.” Udemy, 2022. Accessed 20 June 2023.

    Agrawal, Sapana, et al. “Beyond hiring: How companies are reskilling to address talent gaps.” McKinsey & Company, 12 Feb. 2020. Accessed 20 June 2023.

    Bika, Nikoletta. “Key hiring metrics: Useful benchmarks for tech roles.” Workable, 2019. Accessed 20 June 2023.

    Chroust, Tomas. “Chief Data Officer – Leaders of data-driven enterprises.” BearingPoint, 2020. Accessed 20 June 2023.

    “Data and AI Leadership Executive Survey 2022.” NewVantage Partners, Jan 2022. Accessed 20 June 2023.

    Dondi, Marco, et al. “Defining the skills citizens will need in the future world of work.” McKinsey & Company, June 2021. Accessed 20 June 2023.

    Futschek, Gerald. “Algorithmic Thinking: The Key for Understanding Computer Science.” Lecture Notes in Computer Science, vol. 4226, 2006.

    Howard, William, et al. “2022 HR Trends Report.” McLean & Company, 2022. Accessed 20 June 2023.

    “Future of Jobs Report 2023.” World Economic Forum, May 2023. Accessed 20 June 2023.

    Knight, Michelle. “What is Data Ethics?” Dataversity, 19 May 2021. Accessed 20 June 2023.

    Little, Jim, et al. “The CIO Imperative: Is your technology moving fast enough to realize your ambitions?” EY, 22 Apr. 2022. Accessed 20 June 2023.

    “MDM Roles and Responsibilities.” Profisee, April 2019. Accessed 20 June 2023.

    “Reskilling and Upskilling: A Strategic Response to Changing Skill Demands.” TalentGuard, Oct. 2019. Accessed 20 June 2023.

    Southekal, Prashanth. “The Five C's: Soft Skills That Every Data Analytics Professional Should Have.” Forbes, 17 Oct. 2022. Accessed 20 June 2023.

    Modernize Enterprise Storage

    • Buy Link or Shortcode: {j2store}538|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Current storage solutions are nearing end of life, performance or capacity limits.
    • Data continues to grow at an exponential rate, and management complexity is growing even faster. Some kinds of data, like unstructured data, are leading factors in the exponential growth of data.
    • Emerging storage technologies and storage software/automation are disrupting the market and redefining the role of disk arrays, including how storage aligns with people and process.
    • Storage infrastructure budgets are not satisfying the exponential growth of data.

    Our Advice

    Critical Insight

    • Start with the data, not storage. Answer what is being stored and why before investigating the where and how of storage solutions.
    • Governance and archiving are not IT projects. These can have tremendous benefits for managing data growth but must involve the larger business.
    • More capacity is not a long-term solution. Data is growing faster than decreasing storage costs. Data and capacity mitigation strategies will help in more effective and efficient infrastructure utilization and cost reduction.

    Impact and Result

    • It’s about the data. Start with what is being supported and why. Decide on what and how data is stored before you decide on where. Let the needs of your workloads and governance requirements of your business drive your storage infrastructure decisions and the technologies you adopt.
    • Identify current and future capacity needs for current and future data drivers. Evaluating the ability of current infrastructure to meet these needs will help you discover necessary additions to meet these requirements.
    • Identify governance requirements and constraints that exist across the organization and are specific to workloads. Technology has to conform to these requirements and constraints, not the other way around.
    • Align people and process with technology changes. To effectively utilize the changes in storage, appropriate changes must be made to existing people and process.

    Modernize Enterprise Storage Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize enterprise storage, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the case for storage modernization

    Develop the business case for modernizing storage and assess your existing infrastructure for meeting data needs.

    • Modernize Enterprise Storage – Phase 1: Build the Case for Storage Modernization
    • Modernize Enterprise Storage Workbook

    2. Develop your storage technology needs and goals

    Review data governance, explore emerging storage technologies, and identify current and future storage needs.

    • Modernize Enterprise Storage – Phase 2: Develop Your Storage Technology Needs and Goals
    • Evaluate Hyperconverged Infrastructure for Your Infrastructure Roadmap
    • Evaluate Software-Defined Storage Solutions for Your Infrastructure Roadmap
    • Evaluate All Flash in Primary Storage for Your Infrastructure Roadmap
    • Infrastructure Roadmap Technology Assessment Tool

    3. Develop and communicate the roadmap, TCO, and RFP

    Communicate the roadmap with people, process, and technology initiatives, develop an RFP, and conduct a TCO.

    • Modernize Enterprise Storage – Phase 3: Develop and Communicate the Roadmap and RFP
    • Modernize Enterprise Storage Communications Report
    [infographic]

    Workshop: Modernize Enterprise Storage

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Business Case and Assess Current State

    The Purpose

    Identify a business case and need for storage modernization by assessing current and future storage needs.

    Key Benefits Achieved

    A clear understanding of the business expectations and needs of storage infrastructure.

    Activities

    1.1 Identify current storage pain points.

    1.2 Discuss storage modernization drivers.

    1.3 Identify data growth drivers.

    1.4 Determine relative growth burden.

    Outputs

    Alignment of storage modernization with organizational pain points

    Desired outcomes of storage modernization

    An understanding of growth impact across drivers

    An understanding of capacity and expansion needs

    2 Review Governance and Emerging Technologies

    The Purpose

    Review existing data governance.

    Explore emerging technologies and trends in the storage space.

    Key Benefits Achieved

    Review data governance objectives that must be met.

    Identify a shortlist of storage technologies and trends that may be of interest.

    Activities

    2.1 Shortlist interest in storage technologies.

    2.2 Prioritize shortlist of storage technologies.

    2.3 Identify solutions that meet data and governance needs.

    Outputs

    A starting point for research into new and emerging storage technologies

    Expressed interest in adopting storage technologies

    A list of storage solutions needed to deliver on future data and governance needs

    3 Identify Storage Needs and Develop Initiatives

    The Purpose

    Identify the people, process, and technology initiatives required to adopt new storage technologies.

    Key Benefits Achieved

    Align your organizational people and process with new and disruptive technologies to best take advantage of what these new technologies have to offer.

    Activities

    3.1 Complete future storage structure planning tool.

    3.2 Identify storage modernization technology initiatives.

    3.3 Identify storage modernization people initiatives.

    3.4 Identify storage modernization process initiatives.

    Outputs

    A understanding of the future state of your storage infrastructure

    Technology initiatives needed to adopt storage structure

    People initiatives needed to adopt storage structure

    Process initiatives needed to adopt storage structure

    4 Build a Roadmap and RFP, Calculate TCO

    The Purpose

    Develop an executive communications report.

    Conduct a TCO analysis comparing on-premises and cloud storage solutions.

    Key Benefits Achieved

    Communicate storage modernization goals and plans to stakeholders.

    Activities

    4.1 Prioritize storage modernization initiatives.

    4.2 Complete project timeline and build roadmap.

    4.3 Compare TCO of on-premises and cloud storage solutions.

    Outputs

    Alignment of people, process, and technology with storage adoption

    Communicate storage modernization goals and plans to stakeholders and executives

    Compare cost of on-premises and cloud storage alternatives

    Build your service map: What does your company do for your customers?

    • Large vertical image:
    • member rating overall impact: Large Impact
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    After three decades navigating the complexities of organizational resilience, one truth stands clearer than ever: you cannot truly protect what you do not deeply understand. And for any business, especially in today's dynamic landscape, what you do is ultimately about what you do for your customers. There is something that I see insufficiently matured or missing in many companies: building a comprehensive “service map.”

    Think about it. We pour resources into product development, marketing, and sales, yet how often do we collectively pause to articulate, across all departments, exactly what services we provide to our customers? It sounds simple, doesn't it? Yet, the reality is typically a fragmented understanding, siloed information, and a distinct lack of a holistic view, except by a few key people.

    Why is this clear view so critical? Because your customers don't interact with your internal departments; they interact with your services. They don't care about your organizational chart; they care about how seamlessly you meet their needs. Without a clear service map, you have blind spots. You miss opportunities for optimization, you introduce friction into customer journeys, and critically, you compromise your ability to recover when things go wrong. Resilience isn't just about bouncing back; it's about understanding what's truly essential to protect your customer relationships.

    Let's make this real.


    What services do banks offer? It’s far more than just “banking.” They provide:

    • Retail Banking: Current accounts, savings accounts, debit/credit cards, personal loans, mortgages.

    • Investment Services: Wealth management, brokerage, mutual funds, pension products.

    • Business Banking: Corporate loans, treasury services, payroll solutions, trade finance.

    • Digital Services: Online banking platforms, mobile apps, and payment gateways.

    • Advisory Services: Financial planning, retirement planning, and estate planning.

    Let's hone in on an often complex offering: a pension savings product where you contribute monthly. This isn't just a “product” on a shelf; it's a living, breathing service with a distinct customer journey.

    Imagine the customer journey for this:

    1. Customer Initiates Payment (or Automated Process Triggers): On the designated payment date, a SEPA Direct Debit instruction is initiated, pulling funds from the customer's linked bank account.

    2. Funds Transfer & Clearance: The funds travel through interbank networks, cleared and settled between the customer's bank and the financial institution’s holding accounts.

    3. Internal Reconciliation & Allocation: Upon receipt, the funds are reconciled against the customer's pension account number and allocated to their specific pension product.

    4. Investment Instruction: Based on the product's pre-defined investment strategy (e.g., a balanced fund, equity fund), an instruction is generated to purchase units in the underlying investments.

    5. Market Execution: The instruction is sent to the relevant trading desks or automated systems, which execute the purchase of shares, bonds, or other assets on the stock market at prevailing market prices.

    6. Confirmation & Update: Once the trade is settled, the customer's pension account is updated to reflect the new units purchased and the updated total value, often visible via an online portal or statement.


    For every single step in this service, your organization needs robust capabilities to make these steps visible and resilient to all stakeholders who “work around that service.” This isn't just for IT; it's for compliance, operations, customer service, and even marketing.

    Let's look at the same for a realtor company specializing in rental properties:

    • Service Map for property owners and landlords:

      • Property Listing & Marketing: Creating professional listings, photography, virtual tours, and advertising on various platforms (online portals, social media, and local networks).

      • Tenant Sourcing & Vetting: Conducting viewings, screening potential tenants (credit checks, employment verification, previous landlord references), and background checks.

      • Lease Agreement Management: Drafting, negotiating, and executing legally compliant rental contracts.

      • Property Maintenance & Repairs Coordination: Arranging routine maintenance, coordinating emergency repairs with vetted contractors, and overseeing work quality.

      • Property Inspections: Conducting periodic property inspections (move-in, routine, move-out) to ensure property condition and compliance with lease terms.

      • Compliance & Legal Guidance: Advising on landlord-tenant laws, health & safety regulations, and handling eviction processes if necessary.

      • Security Deposit Management: Collecting, holding, and returning security deposits in accordance with legal requirements.

    • Services for tenants:

      • Property Search & Matching: Assisting prospective tenants in finding suitable properties based on their needs and budget.

      • Viewing Scheduling: Arranging property viewings and providing access.

      • Application Processing: Guiding tenants through the application process and necessary documentation.

      • Lease Onboarding: Explaining lease terms, facilitating key handover, and conducting move-in inspections.

      • Maintenance Request Handling: A clear process for tenants to report maintenance issues and track resolution.

      • Emergency Support: Providing contact points and procedures for urgent property-related emergencies.

      • Lease Renewal & Move-out Support: Managing lease renewals, providing guidance on move-out procedures, and facilitating security deposit returns.

    Many of these will require automated systems. The customer-facing ones even more so. You need to understand the customer journeys for each entry in your service map.

    You need:

    • Comprehensive Monitoring & Alerting: Real-time visibility into every step of the journey, flagging anomalies or delays before they become customer-impacting issues. Build monitoring capabilities into the systems and build the operational capability to follow up on alerts and events. There are now products on the market that can do a lot of the heavy lifting for you. Be prepared to open your wallet. This is not cheap. I hear AI already rolling off the tongues: this is not cheap. For smaller service maps and customer journeys, consider using built-in tools and hiring a small team of people that can leverage the next points. For large institutions, let alone manufacturing, automation and continuous testing are key.

    • Centralized Knowledge Management: A single source of truth for service definitions, processes, dependencies, and known issues, accessible to everyone who needs it. No more tribal knowledge. For condensed setups, it can be as simple as a folder on a hard drive that contains your knowledge base articles (aka Word documents that explain the process, how it was set up, what you need to operate it etc.). Most businesses will use some form of knowledge management system that is a bit more sophisticated, perhaps even built-in to the IT Operations Management (ITOM) tooling. It's a shame it's called IT ops tooling, because you can equally use this for business process documentation. Just remember the last bullet below: DR and BCP. Your knowledge system is useless if you cannot get to it!   

    • Robust Development & Operations Processes: Seamless collaboration between development, operations, and business teams to make sure services are built, tested, deployed, and managed efficiently and reliably. It does not really matter if you want to use DevOps, or change/run, or scrum and squads, or anything in between. Pick what works in your culture. Also, it is not one-size-fits-all. Some systems are core and require a more strict regimen; others must be able to turn on a dime. But whatever you use: keep your service and the customer journey through it front and center. Build it so that you have clearly separated “stations” where something is done to fulfill the system. Make the mental analogy with a factory. It will keep each station atomic, so that when the time comes to make changes, you can do so without having to re-invent large parts of the value delivery chain. 

    • End-to-End Security Protocols: Protect sensitive customer data and financial transactions at every touchpoint throughout the journey. I mean, duh. You must. This is non-negotiable. This includes your backups. Large or small company, you must maintain backups. Use the 321 method: 3 copies of your data and setups on 2 different platforms or data storage carriers and 1 offsite. Your backups should include at least 1 immutable copy. That is a copy that cannot be altered. Large firms partner with their hosting companies to include that in the service offering; small companies have cheap options. I use 2 separate backup providers (total cost around €100/month at the time of writing in 2025) and my own disconnected storage carriers. I even use a backup provider and disconnected storage for my family's data (around €25/month).

    • Effective Disaster Recovery (DR) & Business Continuity Planning (BCP) Capabilities: Understanding critical service components, their recovery time objectives (RTOs), and recovery point objectives (RPOs) to ensure rapid restoration of service even after major disruptions. This isn't a theoretical exercise; it needs to be tested and proven. Your expectations also need to be realistic. 

    There are more elements to consider when building your service map and the customer journeys when it comes to resilience. Things like performance metrics, scalability, peak usage management, and so on. McKinsey wrote years ago, design for the storm, not the sunny days. That is right, but keep the design within the commercial service parameters. It is equally bad to overbuild to a $5 million system, if your expected revenue is less than $100,000 a year, than it is to use a $10,000 system to support a $5 million revenue stream. (I remember the Excel sheet from hell that actually supported a macro-economist at a large brokerage.) 

    Start mapping your services today. Start with what you feel are the most critical ones. You'll uncover inefficiencies, mitigate risks, and strengthen the very foundation of your customer relationships. You may even save some money.

    Diagnose and Optimize Your Lead Gen Engine

    • Buy Link or Shortcode: {j2store}567|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    88% of marketing professionals are unsatisfied with their ability to convert leads (Convince & Convert), but poor lead conversion is just a symptom of much deeper problems.

    Globally, B2B SaaS marketers without a well-running lead gen engine will experience:

    • A low volume of quality leads from their website.
    • A low conversion rate from their website visitors.
    • A long lead conversion time compared to competitors.
    • A low volume of organic website visitors.

    If treated without a root cause analysis, these symptoms often result in higher-than-average marketing spend and wasted resources. Without an accurate lead gen engine diagnostic tool and a strategy to fix the misfires, marketers will continue to waste valuable time and resources.

    Our Advice

    Critical Insight

    The lead gen engine is foundational in building profitable long-term customer relationships. It is the process through which marketers build awareness, trust, and loyalty. Without the ability to continually diagnose lead gen engine flaws, marketers will fail to optimize new customer relationship creation and long-term satisfaction and loyalty.

    Impact and Result

    With a targeted set of diagnostic tools and an optimization strategy, you will:

    • Uncover the critical weakness in your lead generation engine.
    • Develop a best-in-class lead gen engine optimization strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.
    • Build profitable long-term customer relationships.

    Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.

    Diagnose and Optimize Your Lead Gen Engine Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Diagnose and Optimize Your Lead Gen Engine Deck – A deck to help you diagnose what’s not working in your lead gen engine so that you can remedy issues and get back on track, building new customer relationships and driving loyalty.

    Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.

    • Diagnose and Optimize Your Lead Gen Engine Storyboard

    2. Lead Gen Engine Diagnostic Tool – An easy-to-use diagnostic tool that will help you pinpoint weakness within your lead gen engine.

    The diagnostic tool allows digital marketers to quickly and easily diagnose weakness within your lead gen engine.

    • Lead Gen Engine Diagnostic Tool

    3. Lead Gen Engine Optimization Strategy Template – A step-by-step document that walks you through how to properly optimize the performance of your lead gen engine.

    Develop a best-in-class lead gen engine optimization strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.

    • Lead Gen Engine Optimization Strategy Template

    Infographic

    Further reading

    Diagnose and Optimize Your Lead Gen Engine

    Quickly and easily pinpoint any weakness in your lead gen engine so that you stop wasting money and effort on ineffective advertising and marketing.

    EXECUTIVE BRIEF

    Analyst Perspective

    Quickly and easily pinpoint any weakness in your lead gen engine so that you stop wasting money and effort on ineffective advertising and marketing.

    The image contains a photo of Terra Higginson.

    Senior digital marketing leaders are accountable for building relationships, creating awareness, and developing trust and loyalty with website visitors, thereby delivering high-quality, high-value leads that Sales can easily convert to wins. Unfortunately, many marketing leaders report that their website visitors are low-quality and either disengage quickly or, when they engage further with lead gen engine components, they just don’t convert. These marketing leaders urgently need to diagnose what’s not working in three key areas in their lead gen engine to quickly remedy the issue and get back on track, building new customer relationships and driving loyalty. This blueprint will provide you with a tool to quickly and easily diagnose weakness within your lead gen engine. You can use the results to create a strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.

    Terra Higginson

    Marketing Research Director

    SoftwareReviews

    Executive Summary

    Your Challenge

    Globally, business-to-business (B2B) software-as-a-service (SaaS) marketers without a well-running lead gen engine will experience:

    • A low volume of quality leads from their website.
    • A low conversion rate from their website visitors.
    • A long lead conversion time compared to competitors.
    • A low volume of organic website visitors.

    88% of marketing professionals are unsatisfied with their ability to convert leads (Convince & Convert), but poor lead conversion is just a symptom of a much larger problem with the lead gen engine. Without an accurate lead gen engine diagnostic tool and a strategy to fix the leaks, marketers will continue to waste valuable time and resources.

    Common Obstacles

    Even though lead generation is a critical element of marketing success, marketers struggle to fix the problems with their lead gen engine due to:

    • A lack of resources.
    • A lack of budget.
    • A lack of experience in implementing effective lead generation strategies.

    Most marketers spend too much on acquiring leads and not enough on converting and keeping them. For every $92 spent acquiring customers, only $1 is spent converting them (Econsultancy, cited in Outgrow). Marketers are increasingly under pressure to deliver high-quality leads to sales but work under tight budgets with inadequate or inexperienced staff who don’t understand the importance of optimizing the lead generation process.

    SoftwareReviews’ Approach

    With a targeted set of diagnostic tools and an optimization strategy, you will:

    • Uncover the critical weakness in your lead generation engine.
    • Develop a best-in-class lead gen engine optimization strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.
    • Build profitable long-term customer relationships.

    Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.

    SoftwareReviews Insight

    The lead gen engine is foundational in building profitable long-term customer relationships. It is the process through which marketers build awareness, trust, and loyalty. Without the ability to continually diagnose lead gen engine flaws, marketers will fail to optimize new customer relationship creation and long-term satisfaction and loyalty.

    Your Challenge

    88% of marketing professionals are unsatisfied with their ability to convert leads, but poor lead conversion is just a symptom of much deeper problems.

    Globally, B2B SaaS marketers without a well-running lead gen engine will experience:

    • A low volume of organic website visitors.
    • A low volume of quality leads from their website.
    • A low conversion rate from their website visitors.
    • A longer lead conversion time than competitors in the same space.

    If treated without a root-cause analysis, these symptoms often result in higher-than-average marketing spend and wasted resources. Without an accurate lead gen engine diagnostic tool and a strategy to fix the misfires, marketers will continue to waste valuable time and resources.

    88% of marketers are unsatisfied with lead conversion (Convince & Convert).

    The image contains a diagram that demonstrates a flowchart of the areas where visitors fail to convert. It incorporates observations, benchmarks, and uses a flowchart to diagnose the root causes.

    Benchmarks

    Compare your lead gen engine metrics to industry benchmarks.

    For every 10,000 people that visit your website, 210 will become leads.

    For every 210 leads, 101 will become marketing qualified leads (MQLs).

    For every 101 MQLs, 47 will become sales qualified leads (SQLs).

    For every 47 SQLs, 23 will become opportunities.

    For every 23 opportunities, nine will become customers.

    .9% to 2.1%

    36% to 48%

    28% to 46%

    39% to 48%

    32% to 40%

    Leads Benchmark

    MQL Benchmark

    SQL Benchmark

    Opportunity Benchmark

    Closing Benchmark

    The percentage of website visitors that convert to leads.

    The percentage of leads that convert to marketing qualified leads.

    The percentage of MQLs that convert to sales qualified leads.

    The percentage of SQLs that convert to opportunities.

    The percentage of opportunities that are closed.

    Midmarket B2B SaaS Industry

    Source: “B2B SaaS Marketing KPIs,” First Page Sage, 2021

    Common obstacles

    Why do most organizations improperly diagnose a misfiring lead gen engine?

    Lack of Clear Starting Point

    The lead gen engine is complex, with many moving parts, and marketers and marketing ops are often overwhelmed about where to begin diagnosis.

    Lack of Benchmarks

    Marketers often call out metrics such as increasing website visitors, contact-to-lead conversions, numbers of qualified leads delivered to Sales, etc., without a proven benchmark to compare their results against.

    Lack of Alignment Between Marketing and Sales

    Definitions of a contact, a marketing qualified lead, a sales qualified lead, and a marketing influenced win often vary.

    Lack of Measurement Tools

    Integration gaps between the website, marketing automation, sales enablement, and analytics exist within some 70% of enterprises. The elements of the marketing (and sales) tech stack change constantly. It’s hard to keep up.

    Lack of Understanding of Marketing ROI

    This drives many marketers to push the “more” button – more assets, more emails, more ad spend – without first focusing on optimization and effectiveness.

    Lack of Resources

    Marketers have an endless list of to-dos that drive them to produce daily results. Especially among software startups and mid-sized companies, there are just not enough staff with the right skills to diagnose and fix today’s sophisticated lead gen engines.

    Implications of poor diagnostics

    Without proper lead gen engine diagnostics, marketing performs poorly

    • The lead gen engine builds relationships and trust. When a broken lead gen engine goes unoptimized, customer relationships are at risk.
    • When the lead gen engine isn’t working well, customer acquisition costs rise as more expensive sales resources are charged with prospect qualification.
    • Without a well-functioning lead gen engine, marketers lack the foundation they need to create awareness among prospects – growth suffers.
    • Marketers will throw money at content or ads to generate more leads without any real understanding of engine leakage and misfires – your cost per lead climbs and reduces marketing profitability.

    Most marketers are spending too much on acquiring leads and not enough on converting and keeping them. For every $92 spent acquiring customers, only $1 is spent converting them.

    Source: Econsultancy, cited in Outgrow

    Lead gen engine optimization increases the efficiency of your marketing efforts and has a 223% ROI.

    Source: WordStream

    Benefits of lead gen engine diagnostics

    Diagnosing your lead gen engine delivers key benefits:

    • Pinpoint weakness quickly. A quick and accurate lead gen engine diagnostic tool saves Marketing 50% of the effort spent uncovering the reason for low conversion and low-quality leads.
    • Optimize more easily. Marketing executives will save 70% of the time spent creating a lead gen optimization marketing strategy based upon the diagnostic findings.
    • Maximize marketing ROI. Build toward and maintain the golden 3:1 LTV:CAC (lifetime value to customer acquisition cost) ratio for B2B SaaS marketing.
    • Stop wasting money on ineffective advertising and marketing. Up to 75% of your marketing budget is being inefficiently spent if you are running on a broken lead gen engine.

    “It’s much easier to double your business by doubling your conversion rate than by doubling your traffic. Correct targeting and testing methods can increase conversion rates up to 300 percent.” – Jeff Eisenberg, IterateStudio

    Source: Lift Division

    True benefits of fixing the lead gen engine

    These numbers add up to a significant increase in marketing influenced wins.

    175%
    Buyer Personas Increase Revenue
    Source: Illumin8

    202%
    Personalized CTAs Increase Conversions
    Source: HubSpot

    50%
    Lead Magnets Increase Conversions
    Source: ClickyDrip

    79%
    Lead Scoring Increases Conversions
    Source: Bloominari

    50%
    Lead Nurturing Increases Conversions
    Source: KevinTPayne.com

    80%
    Personalized Landing Pages Increase Conversions
    Source: HubSpot

    Who benefits from an optimized lead gen engine?

    This Research Is Designed for:

    • Senior digital marketing leaders who are:
      • Looking to increase conversions.
      • Looking to increase the quality of leads.
      • Looking to increase the value of leads.

    This Research Will Help You:

    • Diagnose issues with your lead gen engine.
    • Create a lead gen optimization strategy and a roadmap.

    This Research Will Also Assist:

    • Digital marketing leaders and product marketing leaders who are:
      • Looking to decrease the effort needed by Sales to close leads.
      • Looking to increase leadership’s faith in Marketing’s ability to generate high-quality leads and conversions.

    This Research Will Help Them:

    • Align the Sales and Marketing teams.
    • Receive the necessary buy-in from management to increase marketing spend and headcount.
    • Avoid product failure.
    The image contains a screenshot of the thought model that is titled: Diagnose and Optimize your Lead Gen Engine. The image contains the screenshot of the previous image shown on Where Lead Gen Engines Fails, and includes new information. The flowchart connects to a box that says: STOP, Your engine is broken. It then explains phase 1, the diagnostic, and then phase 2 Optimization strategy.

    SoftwareReviews’ approach

    1. Diagnose Misfires in the Lead Gen Engine
    2. Identifying any areas of weakness within your lead gen engine is a fundamental first step in improving conversions, ROI, and lead quality.

    3. Create a Lead Gen Optimization Strategy
    4. Optimize your lead gen strategy with an easily customizable template that will provide your roadmap for future growth.

    The SoftwareReviews Methodology to Diagnose and Optimize Your Lead Gen Engine

    1. Lead Gen Engine Diagnostic

    2. Lead Gen Engine Optimization Strategy

    Phase Steps

    1. Select lead gen engine optimization steering committee & working team
    2. Gather baseline metrics
    3. Run the lead gen engine diagnostic
    4. Identify low-scoring areas & prioritize lead gen engine fixes
    1. Define the roadmap
    2. Create lead gen engine optimization strategy
    3. Present strategy to steering committee

    Phase Outcomes

    • Identify weakness within the lead gen engine.
    • Prioritize the most important fixes within the lead gen engine.
    • Create a best-in-class lead gen engine optimization strategy and roadmap that builds relationships, creates awareness, and develops trust and loyalty with website visitors.
    • Increase leadership’s faith in Marketing’s ability to generate high-quality leads and conversions.

    Insight Summary

    The lead gen engine is the foundation of marketing

    The lead gen engine is critical to building relationships. It is the foundation upon which marketers build awareness, trust, and loyalty.

    Misalignment between Sales and Marketing is costly

    Digital marketing leaders need to ensure agreement with Sales on the definition of a marketing qualified lead (MQL), as it is the most essential element of stakeholder alignment.

    Prioritization is necessary for today’s marketer

    By prioritizing the fixes within the lead gen engine that have the highest impact, a marketing leader will be able to focus their optimization efforts in the right place.

    Stop, your engine is broken

    Any advertising or effort expended while running marketing on a broken lead gen engine is time and money wasted. It is only once the lead gen engine is fixed that marketers will see the true results of their efforts.

    Tactical insight

    Without a well-functioning lead gen engine, marketers risk wasting valuable time and money because they aren’t creating relationships with prospects that will increase the quality of leads, conversion rate, and lifetime value.

    Tactical insight

    The foundational lead relationship must be built at the marketing level, or else Sales will be entirely responsible for creating these relationships with low-quality leads, risking product failure.

    Blueprint Deliverable:

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Lead Gen Engine Diagnostic

    An efficient and easy-to-use diagnostic tool that uncovers weakness in your lead gen engine.

    The image contains a screenshot of the Lead Gen Engine Diagnostic is shown.

    Key Deliverable:

    Lead Gen Engine Optimization Strategy Template

    The image contains a screenshot of the Lead Gen Engine Optimization Strategy.

    A comprehensive strategy for optimizing conversions and increasing the quality of leads.

    SoftwareReviews Offers Various Levels of Support to Meet Your Needs

    Included within Advisory Membership:

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Optional add-ons:

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Guided Implementation

    What does a typical GI on lead gen engine diagnostics look like?

    Diagnose Your Lead Gen Engine

    Call #1: Scope requirements, objectives, and specific challenges with your lead gen engine.

    Call #2: Gather baseline metrics and discuss the steering committee and working team.

    Call #3: Review results from baseline metrics and answer questions.

    Call #4: Discuss the lead gen engine diagnostic tool and your steering committee.

    Call #5: Review results from the diagnostic tool and answer questions.

    Develop Your Lead Gen Engine Optimization Strategy

    Call #6: Identify components to include in the lead gen engine optimization strategy.

    Call #7: Discuss the roadmap for continued optimization.

    Call #8: Review final lead gen engine optimization strategy.

    Call #9: (optional) Follow-up quarterly to check in on progress and answer questions.

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization. For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst. Your engagement managers will work with you to schedule analyst calls.

    Workshop Overview

    Day 1

    Day 2

    Activities

    Complete Lead Gen Engine Diagnostic

    1.1 Identify the previously selected lead gen engine steering committee and working team.

    1.2 Share the baseline metrics that were gathered in preparation for the workshop.

    1.3 Run the lead gen engine diagnostic.

    1.4 Identify low-scoring areas and prioritize lead gen engine fixes.

    Create Lead Gen Engine Optimization Strategy

    2.1 Define the roadmap.

    2.2 Create a lead gen engine optimization strategy.

    2.3 Present the strategy to the steering committee.

    Deliverables

    1. Lead gen engine diagnostic scorecard

    1. Lead gen engine optimization strategy

    Contact your account representative for more information.

    workshops@infotech.com1-888-670-8889

    Phase 1

    Lead Gen Engine Diagnostic

    Phase 1

    Phase 2

    1.1 Select lead gen engine steering committee & working team

    1.2 Gather baseline metrics

    1.3 Run the lead gen engine diagnostic

    1.4 Identify & prioritize low-scoring areas

    2.1 Define the roadmap

    2.2 Create lead gen engine optimization strategy

    2.3 Present strategy to steering committee

    This phase will walk you through the following activities:

    The diagnostic tool will allow you to quickly and easily identify the areas of weakness in the lead gen engine by answering some simple questions. The steps include:

    • Select the lead gen engine optimization committee and team.
    • Gather baseline metrics.
    • Run the lead gen engine diagnostic.
    • Identify and prioritize low-scoring areas.

    This phase involves the following participants:

    • Marketing lead
    • Lead gen engine steering committee

    Step 1.1

    Identify Lead Gen Engine Optimization Steering Committee & Working Team

    Activities

    1.1.1 Identify the lead gen engine optimization steering committee and document in the Lead Gen Engine Optimization Strategy Template

    1.1.2 Identify the lead gen engine optimization working team document in the Lead Gen Engine Optimization Strategy Template

    This step will walk you through the following activities:

    Identify the lead gen engine optimization steering committee.

    This step involves the following participants:

    • Marketing director
    • Leadership

    Outcomes of this step

    An understanding of who will be responsible and who will be accountable for accomplishing the lead gen engine diagnostic and optimization strategy.

    1.1.1 Identify the lead gen engine optimization steering committee

    1-2 hours

    1. The marketing lead should meet with leadership to determine who will make up the steering committee for the lead gen engine optimization.
    2. Document the steering committee members in the Lead Gen Engine Optimization Strategy Template slide entitled “The Steering Committee.”

    Input

    Output

    • Stakeholders and leaders across the various functions outlined on the next slide
    • List of the lead gen engine optimization strategy steering committee members

    Materials

    Participants

    • Lead Gen Engine Optimization Strategy Template
    • Marketing director
    • Executive leadership

    Download the Lead Gen Engine Optimization Strategy Template

    Lead gen engine optimization steering committee

    Consider the skills and knowledge required for the diagnostic and the implementation of the strategy. Constructing a cross-functional steering committee will be essential for the optimization of the lead gen engine. At least one stakeholder from each relevant department should be included in the steering committee.

    Required Skills/Knowledge

    Suggested Functions

    • Target Buyer
    • Product Roadmap
    • Brand
    • Competitors
    • Campaigns/Lead Gen
    • Sales Enablement
    • Media/Analysts
    • Customer Satisfaction
    • Data Analytics
    • Ad Campaigns
    • Competitive Intelligence
    • Product Marketing
    • Product Management
    • Creative Director
    • Competitive Intelligence
    • Field Marketing
    • Sales
    • PR/AR/Corporate Comms
    • Customer Success
    • Analytics Executive
    • Campaign Manager

    For small and mid-sized businesses (SMB), because employees wear many different hats, assign people that have the requisite skills and knowledge, not the role title.

    The image contains examples of small and mid-sized businesses, and the different employee recommendations.

    1.1.2 Identify the lead gen engine optimization working team

    1-2 hours

    1. The marketing director should meet with leadership to determine who will make up the working team for the lead gen engine optimization.
    2. Finalize selection of team members and fill out the slide entitled “The Working Team” in the Lead Gen Engine Optimization Strategy Template.

    Input

    Output

    • Executives and analysts responsible for execution of tasks across Marketing, Product, Sales, and IT
    • The lead gen engine optimization working team

    Materials

    Participants

    • The Lead Gen Engine Optimization Strategy Template
    • Marketing director
    • Executive leadership

    Download the Lead Gen Engine Optimization Strategy Template

    Lead gen engine working team

    Consider the working skills required for the diagnostic and implementation of the strategy and assign the working team.

    Required Skills/Knowledge

    Suggested Titles

    • SEO
    • Inbound Marketing
    • Paid Advertising
    • Website Development
    • Content Creation
    • Lead Scoring
    • Landing Pages
    • A/B Testing
    • Email Campaigns
    • Marketing and Sales Automation
    • SEO Analyst
    • Content Marketing Manager
    • Product Marketing Manager
    • Website Manager
    • Website Developer
    • Sales Manager
    • PR
    • Customer Success Manager
    • Analytics Executive
    • Campaign Manager

    Step 1.2

    Gather Baseline Metrics

    Activities

    1.2.1 Gather baseline metrics and document in the Lead Gen Engine Optimization Strategy Template

    This step will walk you through the following activities:

    Gather baseline metrics.

    This step involves the following participants:

    • Marketing director
    • Analytics lead

    Outcomes of this step

    Understand and document baseline marketing metrics.

    1.2.1 Gather baseline metrics and document in the Lead Gen Engine Optimization Strategy Template

    1-2 hours

    1. Use the example on the next slide to learn about the B2B SaaS industry-standard baseline metrics.
    2. Meet with the analytics lead to analyze and record the data within the “Baseline Metrics” slide of the Lead Gen Engine Optimization Strategy Template. The baseline metrics will include:
      • Unique monthly website visitors
      • Visitor to lead conversion rate
      • Lead to MQL conversion rate
      • Customer acquisition cost (CAC)
      • Lifetime customer value to customer acquisition cost (LTV to CAC) ratio
      • Campaign ROI

    Recording the baseline data allows you to measure the impact your lead gen engine optimization strategy has over the baseline.

    Input

    Output
    • Marketing and analytics data
    • Documentation of baseline marketing metrics

    Materials

    Participants

    • The lead gen engine optimization strategy
    • Marketing director
    • Analytics lead

    B2B SaaS baseline metrics

    Industry standard metrics for B2B SaaS in 2022

    Unique Monthly Visitors

    Industry standard is 5% to 10% growth month over month.

    Visitor to Lead Conversion

    Industry standard is between 0.9% to 2.1%.

    Lead to MQL Conversion

    Industry standard is between 36% to 48%.

    CAC

    Industry standard is a cost of $400 to $850 per customer acquired.

    LTV to CAC Ratio

    Industry standard is an LTV:CAC ratio between 3 to 6.

    Campaign ROI

    Email: 201%

    Pay-Per-Click (PPC): 36%

    LinkedIn Ads: 94%

    Source: “B2B SaaS Marketing KPIs,” First Page Sage, 2021

    Update the Lead Gen Optimization Strategy Template with your company’s baseline metrics.

    Download the Lead Gen Engine Optimization Strategy Template

    Step 1.3

    Run the Lead Gen Engine Diagnostic

    Activities

    1.3.1 Gather steering committee and working team to complete the Lead Gen Engine Diagnostic Tool

    This step will walk you through the following activities:

    Gather the steering committee and answer the questions within the Lead Gen Engine Diagnostic Tool.

    This step involves the following participants:

    • Lead gen engine optimization working team
    • Lead gen engine optimization steering committee

    Outcomes of this step

    Lead gen engine diagnostic and scorecard

    1.3.1 Gather the committee and team to complete the Lead Gen Engine Diagnostic Tool

    2-3 hours

    1. Schedule a two-hour meeting with the steering committee and working team to complete the Lead Gen Engine Diagnostic Tool. To ensure the alignment of all departments and the quality of results, all steering committee members must participate.
    2. Answer the questions within the tool and then review your company’s results in the Results tab.

    Input

    Output

    • Marketing and analytics data
    • Diagnostic scorecard for the lead gen engine

    Materials

    Participants

    • Lead Gen Engine Diagnostic Tool
    • Marketing director
    • Analytics lead

    Download the Lead Gen Engine Diagnostic Tool

    Step 1.4

    Identify & Prioritize Low-Scoring Areas

    Activities

    1.4.1 Identify and prioritize low-scoring areas from the diagnostic scorecard

    This step will walk you through the following activities:

    Identify and prioritize the low-scoring areas from the diagnostic scorecard.

    This step involves the following participants:

    • Marketing director

    Outcomes of this step

    A prioritized list of the lead gen engine problems to include in the Lead Gen Engine Optimization Strategy Template

    1.4.1 Identify and prioritize low-scoring areas from the diagnostic scorecard

    1 hour

    1. Transfer the results from the Lead Gen Engine Diagnostic Scorecard Results tab to the Lead Gen Engine Optimization Strategy Template slide entitled “Lead Gen Engine Diagnostic Scorecard.”
      • Results between 0 and 2 should be listed as high-priority fixes on the “Lead Gen Engine Diagnostic Scorecard” slide. You will use these areas for your strategy.
      • Results between 2 and 3 should be listed as medium-priority fixes on “Lead Gen Engine Diagnostic Scorecard” slide. You will use these areas for your strategy.
      • Results between 3 and 4 are within the industry standard and will require no fixes or only small adjustments.

    Input

    Output

    • Marketing and analytics data
    • Documentation of baseline marketing metrics

    Materials

    Participants

    • Lead Gen Engine Optimization Strategy Template
    • Marketing director
    • Analytics lead

    Download the Lead Gen Engine Diagnostic Tool

    Phase 2

    Lead Gen Engine Optimization Strategy

    Phase 1

    Phase 2

    1.1 Select lead gen engine steering committee & working team

    1.2 Gather baseline metrics

    1.3 Run the lead gen engine diagnostic

    1.4 Identify & prioritize low-scoring areas

    2.1 Define the roadmap

    2.2 Create lead gen engine optimization strategy

    2.3 Present strategy to steering committee

    This phase will walk you through the following activities:

    Create a best-in-class lead gen optimization strategy and roadmap based on the weaknesses found in the diagnostic tool. The steps include:

    • Define the roadmap.
    • Create a lead gen engine optimization strategy.
    • Present the strategy to the steering committee.

    This phase involves the following participants:

    • Marketing director

    Step 2.1

    Define the Roadmap

    Activities

    2.1.1 Create the roadmap for the lead gen optimization strategy

    This step will walk you through the following activities:

    Create the optimization roadmap for your lead gen engine strategy.

    This step involves the following participants:

    • Marketing director

    Outcomes of this step

    Strategy roadmap

    2.1.1 Create the roadmap for the lead gen optimization strategy

    1 hour

    1. Copy the results from "The Lead Gen Engine Diagnostic Scorecard" slide to the "Value, Resources & Roadmap Matrix" slide in the Lead Gen Engine Optimization Strategy Template. Adjust the Roadmap Quarter column after evaluating the internal resources of your company and expected value generated.
    2. Using these results, create your strategy roadmap by updating the slide entitled “The Strategy Roadmap” in the Lead Gen Engine Optimization Strategy Template.

    Input

    Output

    • Diagnostic scorecard
    • Strategy roadmap

    Materials

    Participants

    • Lead Gen Engine Optimization Strategy Template
    • Marketing Director

    Download the Lead Gen Engine Optimization Strategy Template

    Step 2.2

    Create the Lead Gen Engine Optimization Strategy

    Activities

    2.2.1 Customize your lead gen engine optimization strategy using the template

    This step will walk you through the following activities:

    Create a lead gen engine optimization strategy based on the results of your diagnostic scorecard.

    This step involves the following participants:

    Marketing director

    Outcomes of this step

    A leadership-facing lead gen optimization strategy

    2.2.1 Customize your lead gen engine optimization strategy using the template

    2-3 hours

    Review the strategy template:

    1. Use "The Strategy Roadmap" slide to organize the remaining slides from the Q1, Q2, and Q3 sections.
      1. Fixes listed in "The Strategy Roadmap" under Q1 should be placed within the Q1 section.
      2. Fixes listed in "The Strategy Roadmap" under Q2 should be placed within the Q2 section.
      3. Fixes listed in "The Strategy Roadmap" under Q3 should be placed within the Q3 section.

    Input

    Output

    • The strategy roadmap
    • Your new lead gen engine optimization strategy

    Materials

    Participants

    • Lead Gen Engine Optimization Strategy Template
    • Marketing director

    Download the Lead Gen Engine Optimization Strategy Template

    Step 2.3

    Present the strategy to the steering committee

    Activities

    2.3.1 Present the findings of the diagnostic and the lead gen optimization strategy to the steering committee.

    This step will walk you through the following activities:

    Get executive buy-in on the lead gen engine optimization strategy.

    This step involves the following participants:

    • Marketing director
    • Steering committee

    Outcomes of this step

    • Buy-in from leadership on the strategy

    2.3.1 Present findings of diagnostic and lead gen optimization strategy to steering committee

    1-2 hours

    1. Schedule a presentation to present the findings of the diagnostic, the lead gen engine optimization strategy, and the roadmap to the steering committee.
    InputOutput
    • Your company’s lead gen engine optimization strategy
    • Official outline of strategy and buy-in from executive leadership

    Materials

    Participants

    • Lead Gen Engine Optimization Strategy Template
    • Marketing director
    • Executive leadership
    • Steering committee

    Download the Lead Gen Engine Optimization Strategy Template

    Related SoftwareReviews Research

    Create a Buyer Persona and Journey

    Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.

    • Reduce time and treasure wasted chasing the wrong prospects.
    • Improve product-market fit.
    • Increase open and click-through rates in your lead gen engine.
    • Perform more effective sales discovery and increase eventual win rates.

    Optimize Lead Generation With Lead Scoring

    In today’s competitive environment, optimizing Sales’ resources by giving them qualified leads is key to B2B marketing success.

    • Lead scoring is a must-have capability for high-tech marketers.
    • Without lead scoring, marketers will see increased costs of lead generation and decreased SQL-to-opportunity conversion rates.
    • Lead scoring increases sales productivity and shortens sales cycles.

    Build a More Effective Go-to-Market Strategy

    Creating a compelling go-to-market strategy and keeping it current is a critical software company function – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.

    • Align stakeholders on a common vision and execution plan.
    • Build a foundation of buyer and competitive understanding.
    • Deliver a team-aligned launch plan that enables commercial success.

    Bibliography

    “11 Lead Magnet Statistics That Might Surprise You.” ClickyDrip, 28 Dec. 2020. Accessed April 2022.

    “45 Conversion Rate Optimization Statistics Every Marketer Should Know.” Outgrow, n.d. Accessed April 2022.

    Bailyn, Evan. “B2B SaaS Funnel Conversion Benchmarks.” First Page Sage, 24 Feb. 2021. Accessed April 2022.

    Bailyn, Evan. “B2B SaaS Marketing KPIs: Behind the Numbers.” First Page Sage, 1 Sept. 2021. Accessed April 2022.

    Conversion Optimization.” Lift Division, n.d. Accessed April 2022.

    Corson, Sean. “LTV:CAC Ratio [2022 Guide] | Benchmarks, Formula, Tactics.” Daasity, 3 Nov. 2021. Accessed April 2022.

    Dudley, Carrie. “What are personas?” Illumin8, 26 Jan. 2018. Accessed April 2022.

    Godin, Seth. “Permission Marketing.” Accenture, Oct. 2009. Accessed April 2022.

    Lebo, T. “Lead Conversion Statistics All B2B Marketers Need to Know.” Convince & Convert, n.d. Accessed April 2022.

    Lister, Mary. “33 CRO & Landing Page Optimization Stats to Fuel Your Strategy.” WordStream, 24 Nov. 2021. [Accessed April 2022].

    Nacach, Jamie. “How to Determine How Much Money to Spend on Lead Generation Software Per Month.” Bloominari, 18 Sept. 2018. Accessed April 2022.

    Needle, Flori. “11 Stats That Make a Case for Landing Pages.” HubSpot, 10 June 2021. Accessed April 2022.

    Payne, Kevin. “10 Effective Lead Nurturing Tactics to Boost Your Sales.” Kevintpayne.com, n.d. Accessed April 2022.

    Tam, Edwin. “ROI in Marketing: Lifetime Value (LTV) & Customer Acquisition Cost (CAC).” Construct Digital, 19 Jan. 2016. Accessed April 2022.

    CIO Priorities 2022

    • Buy Link or Shortcode: {j2store}328|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $31,499 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Understand how to respond to trends affecting your organization.
    • Determine your priorities based on current state and relevant internal factors.
    • Assign the right amount of resources to accomplish your vision.
    • Consider what new challenges outside of your control will demand a response.

    Our Advice

    Critical Insight

    A priority is created when external factors hold strong synergy with internal goals and an organization responds by committing resources to either avert risk or seize opportunity. These are the priorities identified in the report:

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Impact and Result

    Update your strategic roadmap to include priorities that are critical and relevant for your organization based on a balance of external and internal factors.

    CIO Priorities 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. CIO Priorities 2022 – A report on the key priorities for competing in the digital economy.

    Discover Info-Tech’s five priorities for CIOs in 2022.

    • CIO Priorities Report for 2022

    2. Listen to the podcast series

    Hear directly from our contributing experts as they discuss their case studies with Brian Jackson.

    • Frictionless hybrid working: How the Harvard Business School did it
    • Close call with ransomware: A CIO recounts a near security nightmare
    • How a financial services company dodged "The Great Resignation"
    • How Allianz took a blockchain platform from pilot to 1 million transactions
    • CVS Health chairman David Dorman on healthcare's hybrid future

    Infographic

    Further reading

    CIO Priorities 2022

    A jumble of business-related words. Info-Tech’s 2022 Tech Trends survey asked CIOs for their top three priorities. Cluster analysis of their open-ended responses shows four key themes:
    1. Business process improvements
    2. Digital transformation or modernization
    3. Security
    4. Supporting revenue growth or recovery

    Info-Tech’s annual CIO priorities are formed from proprietary primary data and consultation with our internal experts with CIO stature

    2022 Tech Trends Survey CIO Demographic N=123

    Info-Tech’s Tech Trends 2022 survey was conducted between August and September 2021 and collected a total of 475 responses from IT decision makers, 123 of which were at the C-level. Fourteen countries and 16 industries are represented in the survey.

    2022 IT Talent Trends Survey CIO Demographic N=44

    Info-Tech’s IT Talent Trends 2022 survey was conducted between September and October 2021 and collected a total of 245 responses from IT decision makers, 44 of which were at the C-level. A broad range of countries from around the world are represented in the survey.

    Internal CIO Panels’ 125 Years Of Combined C-Level IT Experience

    Panels of former CIOs at Info-Tech focused on interpreting tech trends data and relating it to client experiences. Panels were conducted between November 2021 and January 2022.

    CEO-CIO Alignment Survey Benchmark Completed By 107 Different Organizations

    Info-Tech’s CEO-CIO Alignment program helps CIOs align with their supervisors by asking the right questions to ensure that IT stays on the right path. It determines how IT can best support the business’ top priorities and address the gaps in your strategy. In 2021, the benchmark was formed by 107 different organizations.

    Build IT alignment

    IT Management & Governance Diagnostic Benchmark Completed By 320 Different Organizations

    Info-Tech’s Management and Governance Diagnostic helps IT departments assess their strengths and weaknesses, prioritize their processes and build an improvement roadmap, and establish clear ownership of IT processes. In 2021, the benchmark was formed by data from 320 different organizations.

    Assess your IT processes

    The CIO priorities are informed by Info-Tech’s trends research reports and surveys

    Priority: “The fact or condition of being regarded or treated as more important than others.” (Lexico/Oxford)

    Trend: “A general direction in which something is developing or changing.” (Lexico/Oxford)

    A sequence of processes beginning with 'Sensing', 'Hypothesis', 'Validation', and ending with 'Trends, 'Priorities'. Under Sensing is Technology Research, Interviews & Insights, Gathering, and PESTLE. Under Hypothesis is Near-Future Probabilities, Identify Patterns, Identify Uncertainties, and Identify Human Benefits. Under Validation is Test Hypothesis, Case Studies, and Data-Driven Insights. Under Trends is Technology, Talent, and Industry. Under Priorities is CIO, Applications, Infrastructure, and Security.

    Visit Info-Tech’s Trends & Priorities Research Center

    Image called 'Defining the CIO Priorities for 2022'. Image shows 4 columns, Implications, Resource Investment, Amplifiers, and Actions and Outcomes, with 2 dotted lines, labeled External Context and Internal Context, running through all 4 columns and leading to bottom-right label called CIO Priorities Formed

    The Five Priorities

    Priorities to compete in the digital economy

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Reduce friction in the hybrid operating model

    Priority 01 | APO07 Human Resources Management

    Deliver solutions that create equity between remote workers and office workers and make collaboration a joy.

    Hybrid work is here to stay

    CIOs must deal with new pain points related to friction of collaboration

    In 2020, CIOs adapted to the pandemic’s disruption to offices by investing in capabilities to enable remote work. With restrictions on gathering in offices, even digital laggards had to shift to an all-remote work model for non-essential workers.

    Most popular technologies already invested in to facilitate better collaboration

    • 24% Web Conferencing
    • 23% Instant Messaging
    • 20% Document Collaboration

    In 2022, the focus shifts to solving problems created by the new hybrid operating model where some employees are in the office and some are working remotely. Without the ease of collaborating in a central hub, technology can play a role in reducing friction in several areas:

    • Foster more connections between employees. Remote workers are less likely to collaborate with people outside of their department and less likely to spontaneously collaborate with their peers. CIOs should provide a digital employee experience that fosters collaboration habits and keeps workers engaged.
    • Prevent employee attrition. With more workers reevaluating their careers and leaving their jobs, CIOs can help employees feel connected to the overall purpose of the organization. Finding a way to maintain culture in the new context will require new solutions. While conference room technology can be a bane to IT departments, making hybrid meetings effortless to facilitate will be more important.
    • Provide new standards for mediated collaboration. Meeting isn’t as easy as simply gathering around the same table anymore. CIOs need to provide structure around how hybrid meetings are conducted to create equity between all participants. Business continuity processes must also consider potential outages for collaboration services so employees can continue the work despite a major outage.

    Three in four organizations have a “hybrid” approach to work. (Tech Trends 2022 Survey)

    In most organizations, a hybrid model is being implemented. Only 14.9% of organizations are planning for almost everyone to return to the office, and only 9.9% for almost everyone to work remotely.

    Elizabeth Clark

    CIO, Harvard Business School

    "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

    Photo of Elizabeth Clark, CIO, Harvard Business School.

    Listen to the Tech Insights podcast:
    Frictionless hybrid working: How the Harvard Business School did it

    Internal interpretation: Harvard Business School

    • March 2020
      The pandemic disrupts in-class education at Harvard Business School. Their case study method of instruction that depends on in-person, high-quality student engagement is at risk. While students and faculty completed the winter semester remotely, the Dean and administration make the goal to restore the integrity of the classroom experience with equity for both remote and in-person students.
    • May 2020
      A cross-functional task force of about 100 people work intensively, conducting seven formal experiments, 80 smaller tests, and hundreds of polling data points, and a technology and facilities solution is designed: two 4K video cameras capturing both the faculty and the in-class students, new ceiling mics, three 85-inch TV screens, and students joining the videoconference from their laptops. A custom Zoom room, combining three separate rooms, integrated all the elements in one place and integrated with the lecture capture system and learning management system.
    • October 2020
      Sixteen classrooms are renovated to install the new solution. Students return to the classroom but in lower numbers due to limits on in-room capacity, but students rotate between the in-person and remote experience.
    • September 2021
      Renovations for the hybrid solution are complete in 26 classrooms and HBS has determined this will be its standard model for the classroom. The case method of teaching is kept alive and faculty and students are thrilled with the results.
    • November 2021
      HBS is adapting its solution for the classroom to its conference rooms and has built out eight different rooms for a hybrid experience. The 4K cameras and TV screens capture all participants in high fidelity as well as the blackboard.

    Photo of a renovated classroom with Zoom participants integrated with the in-person students.
    The renovated classrooms integrate all students, whether they are participating remotely or in person. (Image courtesy of Harvard Business School.)

    Implications: Organization, Process, Technology

    External

    • Organization – About half of IT practitioners in the Tech Trends 2022 survey feel that IT leaders, infrastructure and operations teams, and security teams were “very busy” in 2021. Capacity to adapt to hybrid work could be constrained by these factors.
    • Process – Organizations that want employees to benefit from being back in the office will have to rethink how workers can get more value out of in-person meetings that also require videoconference participation with remote workers.
    • Technology – Fifty-four percent of surveyed IT practitioners say the pandemic raised IT spending compared to the projections they made in 2020. Much of that investment went into adapting to a remote work environment.

    Internal

    • Organization – HBS added 30 people to its IT staff on term appointments to develop and implement its hybrid classroom solutions. Hires included instructional designers, support technicians, coordinators, and project managers.
    • Process – Only 25 students out of the full capacity of 95 could be in the classroom due to COVID-19 regulations. On-campus students rotated through the classroom seats. An app was created to post last-minute seat availability to keep the class full.
    • Technology – A Zoom room was created that combines three rooms to provide the full classroom experience: a view of the instructor, a clear view of each student that enlarges when they are speaking, and a view of the blackboard.

    Resources Applied

    Appetite for Technology

    CIOs and their direct supervisors both ranked internal collaboration tools as being a “critical need to adopt” in 2021, according to Info-Tech’s CEO-CIO Alignment Benchmark Report.

    Intent to Invest

    Ninety-seven percent of IT practitioners plan to invest in technology to facilitate better collaboration between employees in the office and outside the office by the end of 2022, according to Info-Tech’s 2022 Tech Trends survey.

    “We got so many nice compliments, which you don’t get in IT all the time. You get all the complaints, but it’s a rare case when people are enthusiastic about something that was delivered.” (Elizabeth Clark, CIO, Harvard Business School)

    Harvard Business School

    • IT staff were reassigned from other projects to prioritize building a hybrid classroom solution. A cloud migration and other portfolio projects were put on pause.
    • The annual capital A/V investment was doubled. The amount of spend on conference rooms was tripled.
    • Employees were hired to the media services team at a time when other areas of the organization were frozen.

    Outcomes at Harvard Business School

    The new normal at Harvard Business School

    New normal: HBS has found its new default operating model for the classroom and is extending its solution to its operating environment.

    Improved CX: The high-quality experience for students has helped avoid attrition despite the challenges of the pandemic.

    Engaged employees: The IT team is also engaged and feels connected to the mission of the school.

    Photo of a custom Zoom room bringing together multiple view of the classroom as well as all remote students.
    A custom Zoom room brings together multiple different views of the classroom into one single experience for remote students. (Image courtesy of Harvard Business School.)

    From Priorities to Action

    Make hybrid collaboration a joy

    Align with your organization’s goals for collaboration and customer interaction, with the target of high satisfaction for both customers and employees. Invest in capital projects to improve the fidelity of conference rooms, develop and test a new way of working, and increase IT capacity to alleviate pressure points.

    Foster both asynchronous and synchronous collaboration approaches to avoid calendars filling up with videoconference meetings to get things done and to accommodate workers contributing from across different time zones.

    “We’ll always have hybrid now. It’s opened people’s eyes and now we’re thinking about the future state. What new markets could we explore?” (Elizabeth Clark, CIO, Harvard Business School)

    Take the next step

    Run Better Meetings
    Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.

    Prepare People Leaders for the Hybrid Work Environment
    Set hybrid work up for success by providing people leaders with the tools they need to lead within the new model.

    Hoteling and Hot-Desking: A Primer
    What you need to know regarding facilities, IT infrastructure, maintenance, security, and vendor solutions for desk hoteling and hot-desking.

    “Human Resources Management” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the Human Resources Management gap between importance and effectiveness. The difference is marked as Delta 2.3.

    Improve your ransomware readiness

    Priority 02 | APO13 Security Strategy

    Mitigate the damage of successful ransomware intrusions and make recovery as painless as possible.

    The ransomware crisis threatens every organization

    Prevention alone won’t be enough against the forces behind ransomware.

    Cybersecurity is always top of mind for CIOs but tends to be deprioritized due to other demands related to digital transformation or due to cost pressures. That’s the case when we examine our data for this report.

    Cybersecurity ranked as the fourth-most important priority by CIOs in Info-Tech’s 2022 Tech Trends survey, behind business process improvement, digital transformation, and modernization. Popular ways to prepare for a successful attack include creating offline backups, purchasing insurance, and deploying new solutions to eradicate ransomware.

    CIOs and their direct supervisors ranked “Manage IT-Related Security” as the third-most important top IT priority on Info-Tech’s CEO-CIO Alignment Benchmark for 2021, in support of business goals to manage risk, comply with external regulation, and ensure service continuity.

    Most popular ways for organizations to prepare for the event of a successful ransomware attack:

    • 25% Created offline backups
    • 18% Purchased cyberinsurance
    • 19% New tech to eradicate ransomware

    Whatever priority an organization places on cybersecurity, when ransomware strikes, it quickly becomes a red alert scenario that disrupts normal operations and requires all hands on deck to respond. Sophisticated attacks executed at wide scale demonstrate that security can be bypassed without creating an alert. After that’s accomplished, the perpetrators build their leverage by exfiltrating data and encrypting critical systems.

    CIOs can plan to mitigate ransomware attacks in several constructive ways:

    • Business impact analysis. Determine the costs of an outage for specific periods and the system and data recovery points in time.
    • Engage a partner for 24/7 monitoring. Gain real-time awareness of your critical systems.
    • Review your identity access management (IAM) policies. Use of multi-factor authentication and limiting access to only the roles that need it reduces ransomware risk.

    50% of all organizations spent time and money specifically to prevent ransomware in the past year. (Info-Tech Tech Trends 2022 Survey)

    John Doe

    CIO, mid-sized manufacturing firm in the US

    "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

    Blank photo.

    Listen to the Tech Insights podcast:
    Close call with ransomware: a CIO recounts a near security nightmare

    Internal interpretation: US-based, mid-sized manufacturing firm

    • May 1, 2021
      A mid-sized manufacturing firm (“The Firm”) CIO gets a call from his head of security about odd things happening on the network. A call is made to Microsoft for support. Later that night, the report is that an unwanted crypto-mining application is the culprit. But a couple of hours later, that assessment is proven wrong when it’s realized that hundreds of systems are staged for a ransomware attack. All the attacker has to do is push the button.
    • May 2, 2021
      The Firm disconnects all its global sites to cut off new pathways for the malware to infect. All normal operations cease for 24 hours. It launches its cybersecurity insurance process. The CIO engages a new security vendor, CrowdStrike, to help respond. Employees begin working from home if they can so they can make use of their own internet service. The Firm has cut off its public internet connectivity and is severed from cloud services such as Azure storage and collaboration software.
    • May 4, 2021
      The hackers behind the attack are revealed by security forensics experts. A state-sponsored agency in Russia set up the ransomware and left it ready to execute. It sold the staged attack to a cybercriminal group, Doppel Spider. According to CrowdStrike, the group uses malware to run “big game hunting operations” and targets 18 different countries including the US and multiple industries, including manufacturing.
    • May 10, 2021
      The Firm has totally recovered from the ransomware incident and avoided any serious breach or paying a ransom. The CIO worked more hours than at any other point in his career, logging an estimated 130 hours over the two weeks.
    • November 2021
      The Firm never previously considered itself a ransomware target but has now reevaluated that stance. It has hired a service provider to run a security operations center on a 24/7 basis. It's implemented a more sophisticated detection and response model and implemented multi-factor authentication. It’s doubled its security spend in 2021 and will invest more in 2022.

    “Now we take the approach that if someone does get in, we're going to find them out.” (John Doe, CIO, “The Firm”)

    Implications: Organization, Process, Technology

    External

    • Organization – Organizations must consider how their employees play a role in preventing ransomware and plan for training to recognize phishing and other common traps. They must make plans for employees to continue their work if systems are disrupted by ransomware.
    • Process – Backup processes across multiple systems should be harmonized to have both recent and common points to recover from. Work with the understanding IT will have to take systems offline if ransomware is discovered and there is no time to ask for permission.
    • Technology – Organizations can benefit from security services provided by a forensics-focused vendor. Putting cybersecurity insurance in place not only provides financial protection but also guidance in what to do and which vendors to work with to prevent and recover from ransomware.

    Internal

    • Organization – The Firm was prepared with a business continuity plan to allow many of its employees to work remotely, which was necessary because the office network was incapacitated for ten days during recovery.
    • Process – Executives didn’t seek to assign blame for the security incident but took it as a signal there were some new costs involved to stay in business. It initiated new outsource relationships and hired one more full-time employee to shore up security resources.
    • Technology – New ransomware eradication software was deployed to 2,000 computers. Scripted processes automated much of the work, but in some cases full system rebuilds were required. Backup systems were disconnected from the network as soon as the malware was discovered.

    Resources Applied

    Consider the Alternative

    Organizations should consider how much a ransomware attack on critical systems would cost them if they were down for a minimum of 24-48 hours. Plan to invest an amount at least equal to the costs of that downtime.

    Ask for ID

    Implementing across-the-board multi-factor authentication reduces chances of infection and is cheap, with enterprise solutions ranging from $2 to $5 per user on average. Be strict and deny access when connections don’t authenticate.

    “You'll never stop everything from getting into the network. You can still focus on stopping the bad actors, but then if they do make it in, make sure they don't get far.” (John Doe, CIO, “The Firm”)

    “The Firm” (Mid-Sized Manufacturer)

    • During the crisis, The Firm paused all activities and focused solely on isolating and eliminating the ransomware threat.
    • New outsourcing relationship with a vendor provides a 24/7 Security Operations Center.
    • One more full-time employee on the security team.
    • Doubled investment in security in 2021 and will spend more in 2022.

    Outcomes at “The Firm” (Mid-Sized Manufacturer)

    The new cost of doing business

    Real-time security: While The Firm is still investing in prevention-based security, it is also developing its real-time detection and response capabilities. When ransomware makes it through the cracks, it wants to know as soon as possible and stop it.

    Leadership commitment: The C-suite is taking the experience as a wake-up call that more investment is required in today’s threat landscape. The Firm rates security more highly as an overall organizational goal, not just something for IT to worry about.

    Stock photo of someone using their phone while sitting at a computer, implying multi-factor authentication.
    The Firm now uses multi-factor authentication as part of its employee sign-on process. For employees, authenticating is commonly achieved by using a mobile app that receives a secret code from the issuer.

    From Priorities to Action

    Cybersecurity is everyone’s responsibility

    In Info-Tech’s CEO-CIO Alignment Benchmark for 2021, the business goal of “Manage Risk” was the single biggest point of disagreement between CIOs and their direct supervisors. CIOs rank it as the second-most important business goal, while CEOs rank it as sixth-most important.

    Organizations should align on managing risk as a top priority given the severity of the ransomware threat. The threat actors and nature of the attacks are such that top leadership must prepare for when ransomware hits. This includes halting operations quickly to contain damage, engaging third-party security forensics experts, and coordinating with government regulators.

    Cybersecurity strategies may be challenged to be effective without creating some friction for users. Organizations should look beyond multi-layer prevention strategies and lean toward quick detection and response, spending evenly across prevention, detection, and response solutions.

    Take the next step

    Create a Ransomware Incident Response Plan
    Don’t be the next headline. Determine your current readiness, response plan, and projects to close gaps.

    Simplify Identity and Access Management
    Select and implement IAM and produce vendor RFPs that will contain the capabilities you need, including multi-factor authentication.

    Cybersecurity Series Featuring Sandy Silk
    More from Info-Tech’s Senior Workshop Director Sandy Silk in this video series created while she was still at Harvard University.

    Gap between CIOs and CEOs in points allocated to “Manage risk” as a top business goal

    A bar chart illustrating the gap between CIOs and CEOs in points allocated to 'Manage risk' as a top business goal. The difference is marked as Delta 1.5.

    Support an employee-centric retention strategy

    Priority 03 | ITRG02 Leadership, Culture & Values

    Avoid being a victim of “The Great Resignation” by putting employees at the center of an experience that will engage them with clear career path development, purposeful work, and transparent feedback.

    Defining an employee-first culture that improves retention

    The Great resignation isn’t good for firms

    In 2021, many workers decided to leave their jobs. Working contexts were disrupted by the pandemic and that saw non-essential workers sent home to work, while essential workers were asked to continue to come into work despite the risks of COVID-19. These disruptions may have contributed to many workers reevaluating their professional goals and weighing their values differently. At the same time, 2021 saw a surging economy and many new job opportunities to create a talent-hungry market. Many workers could have been motivated to take a new opportunity to increase their salary or receive other benefits such as more flexibility.

    Annual turnover rate for all us employees on the rise

    • 20% – Jan.-Aug. 2020, Dipped from 22% in 2019
    • 25% Jan.-Aug. 2021, New record high
    • Data from Visier Inc.

    When you can’t pay them, develop them

    IT may be less affected than other departments by this trend. Info-Tech’s 2022 IT Talent Trends Report shows that on average, estimated turnover rate in IT is lower than the rest of the organization. Almost half of respondents estimated their organization’s voluntary turnover rate was 10% or higher. Only 30% of respondents estimate that IT’s voluntary turnover rate is in the same range. However, CIOs working in industries with the highest turnover rates will have to work to keep their workers engaged and satisfied, as IT skills are easily transferred to other industries.

    49% ranked “enabling learning & development within IT” as high priority, more than any other single challenge. (IT Talent Trends 2022 Survey, N=227)

    A bar chart of 'Industries with highest turnover rates (%)' with 'Leisure and Hospitality' at 6.4%, 'Trade, Transportation & Utilities' at 3.6%, 'Professional and Business' at 3.3%, and 'Other Services' at 3.1%. U.S. Bureau of Labor Statistics, 2022.

    Jeff Previte

    Executive Vice-President of IT, CrossCountry Mortgage

    “We have to get to know the individual at a personal level … Not just talking about the business, but getting to know the person."

    Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

    Listen to the Tech Insights podcast:
    How a financial services company dodged ‘The Great Resignation’

    Internal interpretation: CrossCountry Mortgage

    • May 2019
      Jeff Previte joins Cleveland, Ohio-based CrossCountry Mortgage in the CIO role. The company faces a challenge with employee turnover, particularly in IT. The firm is a sales-focused organization and saw its turnover rate reach as high as 60%. Yet Previte recognized that IT had some meaningful goals to achieve and would need to attract – and retain – some higher caliber talent. His first objective in his new role was to meet with IT employees and business leadership to set priorities.
    • July 2019
      Previte takes a “people-first” approach to leadership and meets his staff face-to-face to understand their personal situations. He sets to work on defining roles and responsibilities in the organization, spending about a fifth of his time on defining the strategy.
    • June 2020
      Previte assigned his leadership team to McLean & Company’s Design an Impactful Employee Development Program. From there, the team developed a Salesforce tool called the Career Development Workbook. “We had some very passionate developers and admins that wanted to build a home-grown tool,” he says. It turns McLean & Company’s process into a digital tool employees can use to reflect on their careers and explore their next steps. It helps facilitate development conversations with managers.
    • January 2021
      CrossCountry Mortgage changes its approach to career development activities. Going to external conferences and training courses is reduced to just 30% of that effort. The rest is by doing hands-on work at the company. Previte aligned with his executives and road-mapped IT projects annually. Based on employee’s interests, opportunities are found to carve out time from usual day-to-day activities to spend time on a project in a new area. When there’s a business need, someone internally can be ready to transition roles.
    • June 2021
      In the two years since joining the company, Previte has reduced the turnover rate to just 12%. The IT department has grown to more adequately meet the needs of the business and employees are engaged with more opportunities to develop their careers. Instead of focusing on compensation, Previte focused more on engaging employees with a developmentally dedicated environment and continuous hands-on learning.

    “It’s come down to a culture shift. Folks have an idea of where we’re headed as an organization, where we’re headed as an IT team, and how their role contributes to that.” (Jeff Previte, EVP of IT, CrossCountry Mortgage)

    Implications: Organization, Process, Technology

    External

    • Organization – A high priority is being placed on improving IT’s maturity through its talent. Enabling learning and development in IT, enabling departmental innovation, and recruiting are the top three highest priorities according to IT Talent Trends 2022 survey responses.
    • Process – Recruiting is more challenging for industries that operate primarily onsite, according to McLean & Company's 2022 HR Trends Report. They face more challenges attracting applications, more rejected offers, and more candidate ghosting compared to remote-capable industries.
    • Technology – Providing a great employee experience through digital tools is more important as many organizations see a mix of workers in the office and at home. These tools can help connect colleagues, foster professional development, and improve the candidate experience.

    Internal

    • Organization – CrossCountry Mortgage faced a situation where IT employees did not have clarity on their roles and responsibilities. In terms of salary, it wasn’t offering at the high end compared to other employers in Cleveland.
    • Process – To foster a culture of growth and development, CrossCountry Mortgage put in place a performance assessment system that encouraged reflection and goal setting, aided by collaboration with a manager.
    • Technology – The high turnover rate was limiting CrossCountry Mortgage from achieving the level of maturity it needed to support the company’s goals. It ingrained its new PA process with a custom build of a Salesforce tool.

    Resources Applied

    Show me the money

    Almost six in ten Talent Trends survey respondents identified salary and compensation as the reason that employees resigned in the past year. Organizations looking to engage employees must first pay a fair salary according to market and industry conditions.

    Build me up

    Professional development and opportunity for innovative work are the next two most common reasons for resignations. Organizations must ensure they create enough capacity to allow workers time to spend on development.

    “Building our own solution created an element of engagement. There was a sense of ownership that the team had in thinking through this.” (Jeff Previte, CrossCountry Mortgage)

    CrossCountry Mortgage

    • Executive time: CIO spends 10-20% of his time on activities related to designing the approach.
    • Leveraged memberships with Info-Tech Research Group and McLean & Company to define professional development process.
    • Internal IT develops automated workflow in Salesforce.
    • Hired additional IT staff to build out overall capacity and create time for development activities.

    Outcomes at CrossCountry Mortgage

    Engaged IT workforce

    The Great Maturation: IT staff turnover rate dropped to 10-12% and IT talent is developing on the job to improve the department’s overall skill level. More IT staff on hand and more engaged workers mean IT can deliver higher maturity level results.

    Alignment achieved: Connecting IT’s initiatives to the vision of the C-suite creates a clear purpose for IT in its initiatives. Staff understand what they need to achieve to progress their careers and can grow while they work.

    Photo of employees from CrossCountry Mortgage assisting with a distribution event.
    Employees from CrossCountry Mortgage headquarters assist with a drive-thru distribution event for the Cleveland Food Bank on Dec. 17, 2021. (Image courtesy of CrossCountry Mortgage.)

    From Priorities to Action

    Staff retention is a leadership priority

    The Great Resignation trend is bringing attention to employee engagement and staff retention. IT departments are busier than ever during the pandemic as they work overtime to keep up with a remote workforce and new security threats. At the same time, IT talent is among the most coveted on the market.

    CIOs need to develop a people-first approach to improve the employee experience. Beyond compensation, IT workers need clarity in terms of their career paths, a direct connection between their work and the goals of the organization, and time set aside for professional development.

    Info-Tech’s 2021 benchmark for “Leadership, Culture & Values” shows that most organizations rate this capability very highly (9) but see room to improve on their effectiveness (6.9).

    Take the next step

    IT Talent Trends 2022
    See how IT talent trends are shifting through the pandemic and understand how themes like The Great Resignation has impacted IT.

    McLean & Company’s Modernize Performance Management
    Customize the building blocks of performance management to best fit organizational needs to impact individual and organizational performance, productivity, and engagement.

    Redesign Your IT Organizational Structure
    Define future-state work units, roles, and responsibilities that will enable the IT organization to complete the work that needs to be done.

    “Leadership, Culture & Values” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'Leadership, Culture & Values' gap between importance and effectiveness. The difference is marked as Delta 2.1.

    Design an automation platform

    Priority 04 | APO04 Innovation

    Position yourself to buy or build a platform that will enable new automation opportunities through seamless integration.

    Build it or buy it, but platform integration can yield great benefits

    Necessity is the mother of innovation

    When it’s said that digital transformation accelerated during the pandemic, what’s really meant is that processes that were formerly done manually became automated through software. In responses to the Tech Trends survey, CIOs say digital transformation was more of a focus during the pandemic, and eight in ten CIOs also say they shifted more than 20% of their organization’s processes to digital during the pandemic. Automating tasks through software can be called digitalization.

    Most organizations became more digitalized during the pandemic. But how they pursued it depends on their IT maturity. For digital laggards, partnering with a technology services platform is the path of least resistance. For sophisticated innovators, they can consider building a platform to address the specific needs of their business process. Doing so requires the foundation of an existing “digital factory” or innovation arm where new technologies can be tested, proofs of concept developed, and external partnerships formed. Patience is key with these efforts, as not every investment will yield immediate returns and some will fail outright.

    Build it or buy it, platform participants integrate with their existing systems through application programming interfaces (APIs). Organizations should determine their platform strategies based on maturity, then look to integrate the business processes that will yield the most gains.

    What role should you play in the platform ecosystem?

    A table with levels on the maturity ladder laid out as a sprint. Column headers are maturity levels 'Struggle', 'Support', 'Optimize', 'Expand', and 'Transform', row headers are 'Maturity' and 'Role'. Roles are assigned to one or many levels. 'Improve' is solely under Struggle. 'Integrate' spans from Support to Transform. 'Buy' spans Support to Expand. 'Build' begins midway through Expand and all of Transform. 'Partner' spans from Optimize to halfway through Transform.

    68% of CIOs say digital transformation became much more of a focus for their organization during the pandemic (Info-Tech Tech Trends 2022 Survey)

    Bob Crozier

    Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE

    "Smart contracts are really just workflows between counterparties."

    Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

    Listen to the Tech Insights podcast:
    How Allianz took a blockchain platform from pilot to 1 million transactions

    Internal interpretation: Allianz Technology

    • 2015
      After smart contracts are demonstrated on the Ethereum blockchain, Allianz and other insurers recognize the business value. There is potential to use the capability to administer a complex, multi-party contract where the presence of the reinsurer in the risk transfer ecosystem is required. Manual contracts could be turned into code and automated. Allianz organized an early proof of concept around a theoretical pandemic excessive loss contract.
    • 2018
      Allianz Chief Architect Bob Crozier is leading the Global Blockchain Center of Competence for Allianz. They educate Allianz on the value of blockchain for business. They also partner with a joint venture between the Technology University of Munich and the state of Bavaria. A cohort of Masters students is looking for real business problems to solve with open-source distributed ledger technology. Allianz puts its problem statement in front of the group. A student team presents a proof of concept for an international motor insurance claims settlement and it comes in second place at a pitch day competition.
    • 2019
      Allianz brings the concept back in-house, and its business leaders return to the concept. Startup Luther Systems is engaged to build a minimum-viable product for the solution, with the goal being a pilot involving three or four subsidiaries in different countries. The Blockchain Center begins communicating with 25 Allianz subsidiaries that will eventually deploy the platform.
    • 2020
      Allianz is in build mode on its international motor insurance claims platform. It leverages its internal Dev/SecOps teams based in Munich and in India.
    • May 2021
      Allianz goes live with its new platform on May 17, decommissioning its old system and migrating all live claims data onto the new blockchain platform. It sees 400 concurrent users go live across Europe.
    • January 2022
      Allianz mines its one-millionth block to its ledger on Jan. 19, with each block representing a peer-to-peer transaction across its 25 subsidiaries in different countries. The platform has settled hundreds of millions of dollars.

    Stock photo of two people arguing over a car crash.

    Implications: Organization, Process, Technology

    External

    • Organization – To explore emerging technologies like blockchain, organizations need staff that are accountable for innovation and have leeway to develop proofs of concept. External partners are often required to bring in fresh ideas and move quickly towards an MVP.
    • Process – According to the Tech Trends 2022 survey, 84% of CIOs consider automation a high-value digital capability, and 77% say identity verification is a high-value capability. A blockchain platform using smart contracts can deliver those.
    • Technology – The Linux Foundation’s Hyperledger Fabric is an open-source blockchain technology that’s become popular in the financial industry for its method of forming consensus and its modular architecture. It’s been adopted by USAA, MasterCard, and PayPal. It also underpins the IBM Blockchain Platform and is supported by Azure Blockchain.

    Internal

    • Organization – Allianz is a holding company that owns Allianz Technology and 25 operating entities across Europe. It uses the technology arm to innovate on the business process and creates shared platforms that its entities can integrate with to automate across the value chain.
    • Process – Initial interest in smart contracts on blockchain were funneled into a student competition, where a proof of concept was developed. Allianz partnered with a startup to develop an MVP, then developed the platform while aligning with its business units ahead of launch.
    • Technology – Allianz built its blockchain platform on Hyperledger Fabric because it was a permissioned system, unlike other public permissionless blockchains such as Ethereum, and because its mining mechanism was much more energy efficient compared to other blockchains using Proof of Work consensus models.

    Resources Applied

    Time to innovate

    Exploring emerging technology for potential use cases is difficult for staff tasked with running day-to-day operations. Organizations serious about innovation create a separate team that can focus on “moonshot” projects and connect with external partners.

    Long-term ROI

    Automation of new business processes often requires a high upfront initial investment for a long-term efficiency gain. A proof of concept should demonstrate clear business value that can be repeated often and for a long period.

    “My next project has to deliver in the tens of millions of value in return. The bar is high and that’s what it should be for a business of our size.” (Bob Crozier, Allianz)

    Allianz

    • Several operating entities from different countries supplied subject matter expertise and helped with the testing process.
    • Allianz Technology team has eight staff members. It is augmented by Luther Systems and the team at industry group B3i.
    • Funding of less than $5 million to develop. Dev team continues to add improvements.
    • Operating requires just one full-time employee plus infrastructure costs, mostly for public cloud hosting.

    Outcomes at Allianz

    From insurer to platform provider

    Deliver your own SaaS: Allianz Technology built its blockchain-based claims settlement platform and its subsidiaries consume it as software as a service. The platform runs on a distributed architecture across Europe, with each node running the same version of the software. Operating entities can also integrate their own systems to the platform via APIs and further automate business processes such as billing.

    Ready to scale: After processing one million transactions, the international claims settlement platform is proven and ready to add more participants. Crozier sees auto repair shops and auto manufacturers as the next logical users.

    Stock photo of Blockchain.
    Allianz is a shareholder of the Blockchain Insurance Industry Initiative (B3i). It is providing a platform used by a group of insurance companies in the commercial and reinsurance space.

    When should we use blockchain? THREE key criteria:

    • Redundant processes
      Different entities follow the same process to achieve the desired outcome.
    • Audit trail
      Accountability in the decision making must be documented.
    • Reconciliation
      Parties need to be able to resolve disputes by tracing back to the truth.

    From Priorities to Action

    It’s a build vs. buy question for platforms

    Allianz was able to build a platform for its group of European subsidiaries because of its established digital factory and commitment to innovation. Allianz Technology is at the “innovate” level of IT maturity, allowing it to create a platform that subsidiaries can integrate with via APIs. For firms that are lower on the IT maturity scale, buying a platform solution is the better path to automation. These firms will be concerned with integrating their legacy systems to platforms that can reduce the friction of their operating environments and introduce modern new capabilities.

    From Info-Tech’s Build a Winning Business Process Automation Playbook

    An infographic comparing pros and cons of Build versus Buy. On the 'Build: High Delivery Capacity & Capability' side is 'Custom Development', 'Data Integration', 'AI/ML', 'Configuration', 'Native Workflow', and 'Low & No Code'. On the 'Buy: Low Delivery Capacity & Capability' side is 'Outsource Development', 'iPaaS', 'Chatbots', 'iBPMS & Rules Engines', 'RPA', and 'Point Solutions'.

    Take the next step

    Accelerate Your Automation Processes
    Integrate automation solutions and take the first steps to building an automation suite.

    Build Effective Enterprise Integration on the Back of Business Process
    From the backend to the frontlines – let enterprise integration help your business processes fly.

    Evolve Your Business Through Innovation
    Innovation teams are tasked with the responsibility of ensuring that their organizations are in the best position to succeed while the world is in a period of turmoil, chaos, and uncertainty.

    “Innovation” gap between importance and effectiveness Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'Innovation' gap between importance and effectiveness. The difference is marked as Delta 2.1.

    Prepare to report on new environmental, social, and governance (ESG) metrics

    Priority 05 | ITRG06 Business Intelligence and Reporting

    Be ready to either lead or support initiatives to meet the criteria of new ESG reporting mandates and work toward disclosure reporting solutions.

    Time to get serious about ESG

    What does CSR or ESG mean to a CIO?

    Humans are putting increasing pressure on the planet’s natural environment and creating catastrophic risks as a result. Efforts to mitigate these risks have been underway for the past 30 years, but in the decade ahead regulators are likely to impose more strict requirements that will be linked to the financial value of an organization. Various voluntary frameworks exist for reporting on environmental, social, and governance (ESG) or corporate social responsibility (CSR) metrics. But now there are efforts underway to unify and clarify those standards.

    The most advanced effort toward a global set of standards is in the environmental area. At the United Nations’ COP26 summit in Scotland last November, the International Sustainability Standards Board (ISSB) announced its headquarters (Frankfurt) and three other international office locations (Montreal, San Francisco, and London) and its roadmap for public consultations. It is working with an array of voluntary standards groups toward a consensus.

    In Info-Tech’s 2022 Tech Trends survey, two-thirds of CIOs say their organization is committed to reducing greenhouse gas emissions, yet only 40% say their organizational leadership is very concerned with reducing those emissions. CIOs will need to consider how to align organizational concern with internal commitments and new regulatory pressures. They may investigate new real-time reporting solutions that could serve as a competitive differentiator on ESG.

    Standards informing the ISSB’s global set of climate standards

    A row of logos of organizations that inform ISSB's global set of climate standards.

    67% of CIOs say their organization is committed to reducing greenhouse gases, with one-third saying that commitment is public. (Info-Tech Tech Trends 2022 Survey)

    40% of CIOs say their organizational leadership is very concerned with reducing greenhouse gas emissions.

    David W. Dorman

    Chairman of the board, CVS Health

    “ESG is a question of what you do in the microcosm of your company to make sure there is a clear, level playing field – that there is a color-blind, gender-blind meritocracy available – that you are aware that not in every case can you achieve that without really focusing on it. It’s not going to happen on its own. That’s why our commitments have real dollars behind them and real focus behind them because we want to be the very best at doing them.”

    Photo of David W. Dorman, Chairman of the Board, CVS Health.

    Listen to the Tech Insights podcast:
    CVS Health chairman David Dorman on healthcare's hybrid future

    Internal interpretation: CVS Health

    CVS Health established a new steering committee of senior leaders in 2020 to oversee ESG commitments. It designs its corporate social responsibility strategy, Transform Health 2030, by aligning company activities in four key areas: healthy people, healthy business, healthy planet, and healthy community. The strategy aligns with the United Nations’ Sustainable Development Goals. In alignment with these goals, CVS identifies material topics where the company has the most ability to make an impact. In 2020, its top three topics were:

    1. Access to quality health care
    2. Patient and customer safety
    3. Data protection and privacy
    Material Topic
    Access to quality health care
    Material Topic
    Patient and customer safety
    Material Topic
    Data protection and privacy
    Technology Initiative
    MinuteClinic’s Virtual Collaboration for Nurses

    CVS provided Apple iPads compliant with the Health Insurance Portability and Accountability Act (HIPAA) to clinics in a phased approach, providing training to more than 700 providers in 26 states by February 2021. Nurses could use the iPads to attend virtual morning huddles and access clinical education. Nurses could connect virtually with other healthcare experts to collaborate on delivering patient care in real-time. The project was able to scale across the country through a $50,000 American Nurses Credentialing Center Pathway Award. (Wolters Kluwer Health, Inc.)

    Technology Initiative
    MinuteClinic’s E-Clinic

    MinuteClinics launched this telehealth solution in response to the pandemic, rolling it out in three weeks. The solution complemented video visits delivered in partnership with the Teladoc platform. Visits cost $59 and are covered by Aetna insurance plans, a subsidiary of CVS Health. It hosted more than 20,000 E-Clinic visits through the end of 2020. CVS connected its HealthHUBs to the solution to increase capacity in place of walk-in appointments and managed patients via phone for medication adherence and care plans. CVS also helped behavioral health providers transition patients to virtual visits. (CVS Health)

    Technology Initiative
    Next Generation Authentication Platform

    CVS patented this solution to authenticate customers accessing digital channels. It makes use of the available biometrics data and contextual information to validate identity without the need for a password. CVS planned to extend the platform to voice channels as well, using voiceprint technology. The solution prevents unauthorized access to sensitive health data while providing seamless access for customers. (LinkedIn)

    Implications: Organization, Process, Technology

    External

    • Organization – Since the mid-2010s, younger investors have demonstrated reliance on ESG data when making investment decisions, resulting in the creation of voluntary standards that offered varied approaches. Organizations in ESG exchange-traded funds are outperforming the overall S&P 500 (S&P Global Market Intelligence).
    • Process – Organizations are issuing ESG reports today despite the absence of clear rules to follow for reporting results. With regulators expected to step in to establish more rigid guidelines, many organizations will need to revisit their approach to ESG reports.
    • Technology – Real-time reporting of ESG metrics will become a competitive advantage before 2030. Engineering a solution that can alert organizations to poor performance on ESG measures and allow them to respond could avert losing market value.

    Internal

    • Organization – CVS Health established an ESG Steering Committee in 2020 composed of senior leaders including its chief governance officers, chief sustainability officer, chief risk officer, and controller and SVP of investor relations. It is supported by the ESG Operating Committee.
    • Process – CVS conducts a materiality assessment in accordance with Global Reporting Initiative standards to determine the most significant ESG impacts it can make and what topics most influence the decisions of stakeholders. It engages with various stakeholder groups on CSR topics.
    • Technology – CVS technology initiatives during the pandemic focused on supporting patients and employees in collaborating on health care delivery using virtual solutions, providing rich digital experiences that are easily accessible while upholding high security and privacy standards.

    Resources Applied

    Lack of commitment

    While 83% of businesses state support for the Sustainable Development Goals outlined by the Global Reporting Initiative (GRI), only 40% make measurable commitments to their goals.

    Show your work

    The GRI recommends organizations not only align their activities with sustainable development goals but also demonstrate contributions to specific targets in reporting on the positive actions they carry out. (GRI, “State of Progress: Business Contributions to the SDGS.”)

    “We end up with a longstanding commitment to diversity because that’s what our customer base looks like.” (David Dorman, CVS Health)

    CVS Health

    • The MinuteClinic Virtual Collaboration solution was piloted in Houston, demonstrated success, and won additional $50,000 funding from the Pathway to Excellence Award to scale the program across the country (Wolters Kluwer Health, Inc.).
    • The Next-Gen Authentication solution is provided by the vendor HYPR. It is deployed to ten million users and looking to scale to 30 million more. Pricing for enterprises is quoted at $1 per user, but volume pricing would apply to CVS (HYPR).

    Outcomes at CVS Health

    Delivering on hybrid healthcare solutions

    iPads for collaboration: Healthcare practitioners in the MinuteClinic Virtual Collaboration initiative agreed that it improved the use of interprofessional teams, working well virtually with others, and improved access to professional resources (Wolters Kluwer Health, Inc.)

    Remote healthcare: Saw a 400% increase in MinuteClinic virtual visits in 2020 (CVS Health).

    Verified ID: The Next Generation Authentication platform allowed customers to register for a COVID-19 vaccination appointment. CVS has delivered more than 50 million vaccines (LinkedIn).

    Stock photo of a doctor with an iPad.
    CVS Health is making use of digital channels to connect its customers and health practitioners to a services platform that can supplement visits to a retail or clinic location to receive diagnostics and first-hand care.

    From Priorities to Action

    Become your organization’s ESG Expert

    The risks posed to organizations and wider society are becoming more severe, driving a transition from voluntary frameworks for ESG goals to a mandatory one that’s enforced by investors and governments. Organizations will be expected to tie their core activities to a defined set of ESG goals and maintain a balance sheet of their positive and negative impacts. CIOs should become experts in ESG disclosure requirements and recommend the steps needed to meet or exceed competitors’ efforts. If a leadership vacuum for ESG accountability exists, CIOs can either seek to support their peers that are likely to become accountable or take a leadership role in overseeing the area. CIOs should start working toward solutions that deliver real-time reporting on ESG goals to make reporting frictionless.

    “If you don’t have ESG oversight at the highest levels of the company, it won’t wind up getting the focus. That’s why we review it at the Board multiple times per year. We have an annual report, we compare how we did, what we intended to do, where did we fall short, where did we exceed, and where we can run for daylight to do more.” (David Dorman, CVS Health)

    Take the next step

    ESG Disclosures: How Will We Record Status Updates on the World We Are Creating?
    Prepare for the era of mandated environmental, social, and governance disclosures.

    Private Equity and Venture Capital Growing Impact of ESG Report
    Learn about how the growing impact of ESG affects both your organization and IT specifically, including challenges and opportunities, with expert assistance.

    “Business Intelligence and Reporting” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'BI and Reporting' gap between importance and effectiveness. The difference is marked as Delta 2.4.

    The Five Priorities

    Priorities to compete in the digital economy

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Contributing Experts

    Elizabeth Clark

    CIO, Harvard Business School
    Photo of Elizabeth Clark, CIO, Harvard Business School.

    Jeff Previte

    Executive Vice-President of IT, CrossCountry Mortgage
    Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

    Bob Crozier

    Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE
    Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

    David W. Dorman

    Chairman of the Board, CVS Health
    Photo of David W. Dorman, Chairman of the Board, CVS Health.

    Info-Tech’s internal CIO panel contributors

    • Bryan Tutor
    • John Kemp
    • Mike Schembri
    • Janice Clatterbuck
    • Sandy Silk
    • Sallie Wright
    • David Wallace
    • Ken McGee
    • Mike Tweedie
    • Cole Cioran
    • Kevin Tucker
    • Angelina Atkins
    • Yakov Kofner
    Photo of an internal CIO panel contributor. Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
    Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
    Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.

    Thank you for your support

    Logo for the Blockchain Research Institute.
    Blockchain Research Institute

    Bibliography – CIO Priorities 2022

    “2020 Corporate Social Responsibility Report.” CVS Health, 2020, p. 127. Web.

    “Adversary: Doppel Spider - Threat Actor.” Crowdstrike Adversary Universe, 2021. Accessed 29 Dec. 2021.

    “Aetna CVS Health Success Story.” HYPR, n.d. Accessed 6 Feb. 2022.

    Baig, Aamer. “The CIO agenda for the next 12 months: Six make-or-break priorities.” McKinsey Digital, 1 Nov. 2021. Web.

    Ball, Sarah, Kristene Diggins, Nairobi Martindale, Angela Patterson, Anne M. Pohnert, Jacinta Thomas, Tammy Todd, and Melissa Bates. “2020 ANCC Pathway Award® winner.” Wolters Kluwer Health, Inc., 2021. Accessed 6 Feb. 2022.

    “Canadian Universities Propose Designs for a Central Bank Digital Currency.” Bank of Canada, 11 Feb. 2021. Accessed 14 Dec. 2021.

    “Carbon Sequestration in Wetlands.” MN Board of Water and Soil Resources, n.d. Accessed 15 Nov. 2021.

    “CCM Honored as a NorthCoast 99 Award Winner.” CrossCountry Mortgage, 1 Dec. 2021. Web.

    Cheek, Catherine. “Four Things We Learned About the Resignation Wave–and What to Do Next.” Visier Inc. (blog), 5 Oct. 2021. Web.

    “Companies Using Hyperledger Fabric, Market Share, Customers and Competitors.” HG Insights, 2022. Accessed 25 Jan. 2022.

    “IFRS Foundation Announces International Sustainability Standards Board, Consolidation with CDSB and VRF, and Publication of Prototype Disclosure Requirements.” IFRS, 3 Nov. 2021. Web.

    “IT Priorities for 2022: A CIO Report.” Mindsight, 28 Oct. 2021. Web.

    “Job Openings and Labor Turnover Survey.” Databases, Tables & Calculators by Subject, U.S. Bureau of Labor Statistics, 2022. Accessed 9 Feb. 2022.

    Kumar, Rashmi, and Michael Krigsman. “CIO Planning and Investment Strategy 2022.” CXOTalk, 13 Sept. 2021. Web.

    Leonhardt, Megan. “The Great Resignation Is Hitting These Industries Hardest.” Fortune, 16 Nov. 2021. Accessed 7 Jan. 2022.

    “Most companies align with SDGs – but more to do on assessing progress.” Global Reporting Initiative (GRI), 17 Jan. 2022. Web.

    Navagamuwa, Roshan. “Beyond Passwords: Enhancing Data Protection and Consumer Experience.” LinkedIn, 15 Dec. 2020.

    Ojo, Oluwaseyi. “Achieving Digital Business Transformation Using COBIT 2019.” ISACA, 19 Aug. 2019. Web.

    “Priority.” Lexico.com, Oxford University Press, 2021. Web.

    Riebold, Jan, and Yannick Bartens. “Reinventing the Digital IT Operating Model for the ‘New Normal.’” Capgemini Worldwide, 3 Nov. 2020. Web.

    Samuels, Mark. “The CIO’s next priority: Using the tech budget for growth.” ZDNet, 1 Sept. 2021. Accessed 1 Nov. 2021.

    Sayer, Peter. “Exclusive Survey: CIOs Outline Tech Priorities for 2021-22.” CIO, 5 Oct. 2021. Web.

    Shacklett, Mary E. “Where IT Leaders Are Likely to Spend Budget in 2022.” InformationWeek, 10 Aug. 2021. Web.

    “Table 4. Quits Levels and Rates by Industry and Region, Seasonally Adjusted - 2021 M11 Results.” U.S. Bureau of Labor Statistics, Economic News Release, 1 Jan. 2022. Accessed 7 Jan. 2022.

    “Technology Priorities CIOs Must Address in 2022.” Gartner, 19 Oct. 2021. Accessed 1 Nov. 2021.

    Thomson, Joel. Technology, Talent, and the Future Workplace: Canadian CIO Outlook 2021. The Conference Board of Canada, 7 Dec. 2021. Web.

    “Trend.” Lexico.com, Oxford University Press, 2021. Web.

    Vellante, Dave. “CIOs signal hybrid work will power tech spending through 2022.” SiliconANGLE, 25 Sept. 2021. Web.

    Whieldon, Esther, and Robert Clark. “ESG funds beat out S&P 500 in 1st year of COVID-19; how 1 fund shot to the top.” S&P Global Market Intelligence, April 2021. Accessed Dec. 2021.

    Adopt Design Thinking in Your Organization

    • Buy Link or Shortcode: {j2store}327|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $23,245 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • End users often have a disjointed experience while interacting with your organization in using its products and services.
    • You have been asked by your senior leadership to start a new or revive an existing design or innovation function within your organization. However, your organization has dismissed design thinking as the latest “management fad” and does not buy into the depth and rigor that design thinking brings.
    • The design or innovation function lives on the fringes of your organization due to its apathy towards design thinking or tumultuous internal politics.
    • You, as a CIO, want to improve the user satisfaction with the IT services your team provides to both internal and external users.

    Our Advice

    Critical Insight

    • A user’s perspective while interacting with the products and services is very different from the organization’s internal perspective while implementing and provisioning those. A design-based organization balances the two perspectives to drive user-satisfaction over end-to-end journeys.
    • Top management must have a design thinker – the guardian angel of the balance between exploration (i.e. discovering new business models) and exploitation (i.e. leveraging existing business models).
    • Your approach to adopt design thinking must consider your organization’s specific goals and culture. There’s no one-size-fits-all approach.

    Impact and Result

    • User satisfaction, with the end-to-end journeys orchestrated by your organization, will significantly increase.
    • Design-centric organizations enjoy disproportionate financial rewards.

    Adopt Design Thinking in Your Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt design thinking in your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. What is design thinking?

    The focus of this phase is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will formally examine the many definitions of design thinking from experts in this field. At the core of this phase are several case studies that illuminate the various aspects of design thinking.

    • Adopt Design Thinking in Your Organization – Phase 1: What Is Design Thinking?
    • Victor Scheinman's Experiment for Design

    2. How does an organization benefit from design thinking?

    This phase will illustrate the relevance of design in strategy formulation and in service-design. At the core of this phase are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization and establish a baseline of user-experience with the journeys orchestrated by your organization.

    • Adopt Design Thinking in Your Organization – Phase 2: How Does an Organization Benefit From Design Thinking?
    • Trends Matrix (Sample)

    3. How do you build a design organization?

    The focus of this phase is to:

  • Measure the design-centricity of your organization and subsequently, identify the areas for improvement.
  • Define an approach for a design program that suites your organization’s specific goals and culture.
    • Adopt Design Thinking in Your Organization – Phase 3: How Do You Build a Design Organization?
    • Report on How Design-Centric Is Your Organization (Sample)
    • Approach for the Design Program (Sample)
    • Interview With David Dunne on Design Thinking
    • Interview With David Dunne on Design Thinking (mp3)
    [infographic]

    Workshop: Adopt Design Thinking in Your Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 What Is Design Thinking?

    The Purpose

    The focus of this module is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will also review the report on the design-centricity of your organization and subsequently, earmark the areas for improvement.

    Key Benefits Achieved

    An intimate understanding of the design thinking

    An assessment of design-centricity of your organization and identification of areas for improvement

    Activities

    1.1 Discuss case studies on how designers think and work

    1.2 Define design thinking

    1.3 Review report from Info-Tech’s diagnostic: How design-centric is your organization?

    1.4 Earmark areas for improvement to raise the design-centricity of your organization

    Outputs

    Report from Info-Tech’s diagnostic: ‘How design-centric is your organization?’ with identified areas for improvement.

    2 How Does an Organization Benefit From Design Thinking?

    The Purpose

    In this module, we will discuss the relevance of design in strategy formulation and service design. At the core of this module are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization. We will establish a baseline of user experience with the journeys orchestrated by your organization.

    Key Benefits Achieved

    An in-depth understanding of the relevance of design in strategy formulation and service design

    An understanding of the trends that impact your organization

    A taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those

    Activities

    2.1 Discuss relevance of design in strategy through case studies

    2.2 Articulate trends that impact your organization

    2.3 Discuss service design through case studies

    2.4 Identify critical customer journeys and baseline customers’ satisfaction with those

    2.5 Run a simulation of design in practice

    Outputs

    Trends that impact your organization.

    Taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those.

    3 How to Build a Design Organization

    The Purpose

    The focus of this module is to define an approach for a design program that suits your organization’s specific goals and culture.

    Key Benefits Achieved

    An approach for the design program in your organization. This includes aspects of the design program such as its objectives and measures, its model (one of the five archetypes or a hybrid one), and its governance.

    Activities

    3.1 Identify objectives and key measures for your design thinking program

    3.2 Structure your program after reviewing five main archetypes of a design program

    3.3 Balance between incremental and disruptive innovation

    3.4 Review best practices of a design organization

    Outputs

    An approach for your design thinking program: objectives and key measures; structure of the program, etc.

    Implement Risk-Based Vulnerability Management

    • Buy Link or Shortcode: {j2store}296|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $122,947 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.
    • Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option itself.

    Our Advice

    Critical Insight

    • Patches are often considered the only answer to vulnerabilities, but these are not always the most suitable solution.
    • Vulnerability management does not equal patch management. It includes identifying and assessing the risk of the vulnerability, and then selecting a remediation option which goes beyond just patching alone.
    • There is more than one way to tackle the problem. Leverage your existing security controls to protect the organization.

    Impact and Result

    • After this blueprint, you will have created a full vulnerability management program that allows you to take a risk-based approach to vulnerability remediation.
    • Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.
    • The risk-based approach allows you to prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities, while allowing your standard remediation cycle to address the medium to low vulnerabilities.
    • With your program defined and developed, you now need to configure your vulnerability scanning tool, or acquire one if you don’t already have a tool in place.
    • Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    Implement Risk-Based Vulnerability Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should design and implement a vulnerability management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Implement Risk-Based Vulnerability Management – Phases 1-4

    1. Identify vulnerability sources

    Begin the project by creating a vulnerability management team and determine how vulnerabilities will be identified through scanners, penetration tests, third-party sources, and incidents.

    • Vulnerability Management SOP Template

    2. Triage vulnerabilities and assign priorities

    Determine how vulnerabilities will be triaged and evaluated based on intrinsic qualities and how they may compromise business functions and data sensitivity.

    • Vulnerability Tracking Tool
    • Vulnerability Management Risk Assessment Tool
    • Vulnerability Management Workflow (Visio)
    • Vulnerability Management Workflow (PDF)

    3. Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available. Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

     

    4. Measure and formalize

    Evolve the program continually by developing metrics and formalizing a policy.

    • Vulnerability Management Policy Template
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template

    Infographic

    Workshop: Implement Risk-Based Vulnerability Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Vulnerability Sources

    The Purpose

    Establish a common understanding of vulnerability management, and define the roles, scope, and information sources of vulnerability detection.

    Key Benefits Achieved

    Attain visibility on all of the vulnerability information sources, and a common understanding of vulnerability management and its scope.

    Activities

    1.1 Define the scope & boundary of your organization’s security program.

    1.2 Assign responsibility for vulnerability identification and remediation.

    1.3 Develop a monitoring and review process of third-party vulnerability sources.

    1.4 Review incident management and vulnerability management

    Outputs

    Defined scope and boundaries of the IT security program

    Roles and responsibilities defined for member groups

    Process for review of third-party vulnerability sources

    Alignment of vulnerability management program with existing incident management processes

    2 Triage and Prioritize

    The Purpose

    We will examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach and prepare for remediation options.

    Key Benefits Achieved

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Activities

    2.1 Evaluate your identified vulnerabilities.

    2.2 Determine high-level business criticality.

    2.3 Determine your high-level data classifications.

    2.4 Document your defense-in-depth controls.

    2.5 Build a classification scheme to consistently assess impact.

    2.6 Build a classification scheme to consistently assess likelihood.

    Outputs

    Adjusted workflow to reflect your current processes

    List of business operations and their criticality and impact to the business

    Adjusted workflow to reflect your current processes

    List of defense-in-depth controls

    Vulnerability Management Risk Assessment tool formatted to your organization

    Vulnerability Management Risk Assessment tool formatted to your organization

    3 Remediate Vulnerabilities

    The Purpose

    Identifying potential remediation options.

    Developing criteria for each option in regard to when to use and when to avoid.

    Establishing exception procedure for testing and remediation.

    Documenting the implementation of remediation and verification.

    Key Benefits Achieved

    Identifying and selecting the remediation option to be used

    Determining what to do when a patch or update is not available

    Scheduling and executing the remediation activity

    Planning continuous improvement

    Activities

    3.1 Develop risk and remediation action.

    Outputs

    List of remediation options sorted into “when to use” and “when to avoid” lists

    4 Measure and Formalize

    The Purpose

    You will determine what ought to be measured to track the success of your vulnerability management program.

    If you lack a scanning tool this phase will help you determine tool selection.

    Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    Key Benefits Achieved

    Outline of metrics that you can then configure your vulnerability scanning tool to report on.

    Development of an inaugural policy covering vulnerability management.

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Activities

    4.1 Measure your program with metrics, KPIs, and CSFs.

    4.2 Update the vulnerability management policy.

    4.3 Create an RFP for vulnerability scanning tools.

    4.4 Create an RFP for penetration tests.

    Outputs

    List of relevant metrics to track, and the KPIs, CSFs, and business goals for.

    Completed Vulnerability Management Policy

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Further reading

    Implement Risk-Based Vulnerability Management

    Get off the patching merry-go-round and start mitigating risk!

    Table of Contents

    4 Analyst Perspective

    5 Executive Summary

    6 Common Obstacles

    8 Risk-based approach to vulnerability management

    16 Step 1.1: Vulnerability management defined

    24 Step 1.2: Defining scope and roles

    34 Step 1.3: Cloud considerations for vulnerability management

    33 Step 1.4: Vulnerability detection

    46 Step 2.1: Triage vulnerabilities

    51 Step 2.2: Determine high-level business criticality

    56 Step 2.3: Consider current security posture

    61 Step 2.4: Risk assessment of vulnerabilities

    71 Step 3.1: Assessing remediation options

    Table of Contents

    80 Step 3.2: Scheduling and executing remediation

    85 Step 3.3: Continuous improvement

    89 Step 4.1: Metrics, KPIs, and CSFs

    94 Step 4.2: Vulnerability management policy

    97 Step 4.3: Select & implement a scanning tool

    107 Step 4.4: Penetration testing

    118 Summary of accomplishment

    119 Additional Support

    120 Bibliography

    Analyst Perspective

    Vulnerabilities will always be present. Know the unknowns!

    In this age of discovery, technology changes at such a rapid pace. New things are discovered, both in new technology and in old. The pace of change can often be very confusing as to where to start and what to do.

    The ever-changing nature of technology means that vulnerabilities will always be present. Taking measures to address these completely will consume all your department’s time and resources. That, and your efforts will quickly become stale as new vulnerabilities are uncovered. Besides, what about the systems that simply can’t be patched? The key is to understand the vulnerabilities and the levels of risk they pose to your organization, to prioritize effectively and to look beyond patching.

    A risk-based approach to vulnerability management will ensure you are prioritizing appropriately and protecting the business. Reduce the risk surface!

    Vulnerability management is more than just systems and application patching. It is a full process that includes patching, compensating controls, segmentation, segregation, and heightened diligence in security monitoring.

    Jimmy Tom, Research Advisor – Security, Privacy, Risk, and Compliance, Info-Tech Research Group. Jimmy Tom
    Research Advisor – Security, Privacy, Risk, and Compliance
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.

    Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option.

    Common Obstacles

    Patches are often seen as the answer to vulnerabilities, but these are not always the most suitable solution.

    Some systems deemed vulnerable simply cannot be patched or easily replaced.

    Companies are unaware of the risk implications that come from leaving the vulnerability open and from the remediation option itself.

    Info-Tech’s Approach

    Design and implement a vulnerability management program that identifies, prioritizes, and remediates vulnerabilities.

    Understand what needs to be considered when implementing remediation options, including patches, configuration changes, and defense-in-depth controls.

    Build a process that is easy to understand and allows vulnerabilities to be remediated proactively, instead of in an ad hoc fashion.

    Info-Tech Insight

    Vulnerability management does not always equal patch management. There is more than one way to tackle the problem, particularly if a system cannot be easily patched or replaced. If a vulnerability cannot be completely remediated, steps to reduce the risk to a tolerable level must be taken.

    Common obstacles

    These barriers make vulnerability management difficult to address for many organizations:
    • The value of vulnerability management is not well articulated in many organizations. As a result, investment in vulnerability scanning technology is often insufficient.
    • Many organizations feel that a “patch everything” approach is the most effective path.
    • Vulnerability management is commonly misunderstood as being a process that only supports patch management.
    • There is often misalignment between SecOps and ITOps in remediation action and priority, affecting the timeliness of remediation.
    CVSS Score Distribution From the National Vulnerability Database: Pie Charts presenting the CVSS Core Distribution for the National Vulnerability Database. The left circle represents 'V3' and the right 'V2', where V3 has an extra option for 'Critical', above 'High', 'Medium', and 'Low', and V2 does not.
    (Source: NIST National Vulnerability Database Dashboard)

    Leverage risk to sort, triage, and prioritize vulnerabilities

    Reduce your risk surface to avoid cost to your business; everything else is table stakes.

    Reduce the critical and high vulnerabilities below the risk threshold and operationalize the remediation of medium/low vulnerabilities by following your effective vulnerability management program cycles.

    Identify vulnerability sources

    An inventory of your scanning tool and vulnerability threat intelligence data sources will help you determine a viable strategy for addressing vulnerabilities. Defining roles and responsibilities ahead of time will ensure you are not left scrambling when dealing with vulnerabilities.

    Triage and prioritize

    Bring the vulnerabilities into context by assessing vulnerabilities based on your security posture and mechanisms and not just what your data sources report. This will allow you to gauge the true urgency of the vulnerabilities based on risk and determine an effective mitigation plan.

    Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available.

    Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

    Measure and formalize

    Upon implementation of the program, measure with metrics to ensure that the program is successful. Improve the program with each iteration of vulnerability mitigation to ensure continuous improvement.

    Tactical Insight 1

    All actions to address vulnerabilities should be based on risk and the organization’s established risk tolerance.

    Tactical Insight 2

    Reduce the risk surface down below the risk threshold.

    The industry has shifted to a risk-based approach

    Traditional vulnerability management is no longer viable.

    “For those of us in the vulnerability management space, ensuring that money, resources, and time are strategically spent is both imperative and difficult. Resources are dwindling fast, but the vulnerability problem sure isn’t.” (Kenna Security)

    “Using vulnerability scanners to identify unpatched software is no longer enough. Keeping devices, networks, and digital assets safe takes a much broader, risk-based vulnerability management strategy – one that includes vulnerability assessment and mitigation actions that touch the entire ecosystem.” (Balbix)

    “Unlike legacy vulnerability management, risk-based vulnerability management goes beyond just discovering vulnerabilities. It helps you understand vulnerability risks with threat context and insight into potential business impact.” (Tenable)

    “A common mistake when prioritizing patching is equating a vulnerability’s Common Vulnerability Scoring System (CVSS) score with risk. Although CVSS scores can provide useful insight into the anatomy of a vulnerability and how it might behave if weaponized, they are standardized and thus don’t reflect either of the highly situational variables — namely, weaponization likelihood and potential impact — that factor into the risk the vulnerability poses to an organization.” (SecurityWeek)

    Why a take risk-based approach?

    Vulnerabilities, by the numbers

    60% — In 2019, 60% of breaches were due to unpatched vulnerabilities.

    74% — In the same survey, 74% of survey responses said they cannot take down critical applications and systems to patch them quickly. (Source: SecurityBoulevard, 2019)

    Info-Tech Insight

    Taking a risk-based approach will allow you to focus on mitigating risk, rather than “just patching” your environment.

    The average cost of a breach in 2020 is $3.86 million, and “…the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.” (Dark Reading)

    Vulnerability Management

    A risk-based approach

    Reduce the risk surface to avoid cost to your business, everything else is table stakes

    Logo for Info-Tech.
    Logo for #iTRG.

    1

    Identify

    4

    Address

      Mitigate the risk surface by reducing the time across the phases › Mitigate the risk by implementing:
    • patch systems & apps
    • compensating controls
    • systems and apps hardening
    • systems segregation
    Chart presenting an example of 'Risk Surface' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. The area between the line and your organization's risk tolerance is labelled 'Risk Surface'.

    Objective: reduce risk surface by reducing time to address

    Your organization's risk tolerance threshold

      Identify vulnerability management scanning tools & external threat intel sources (Mitre CVE, US-CERT, vendor alerts, etc.) Vulnerability information feeds:
    • scanning tool
    • external threat intel
    • internal threat intel

    2

    Analyze

      Assign actual risk (impact x urgency) to the organization based on current security posture

    Triage based on risk ›

    Your organization's risk tolerance threshold

    Risk tolerance threshold map with axes 'Impact' and 'Likelihood'. High levels of one and low levels of the other, or medium levels of both, is 'Medium', High level of one and Medium levels of the other is 'High', and High levels of both is 'Critical'.

    3

    Assess

      Plan risk mitigation strategy › Consider:
    • risk tolerance
    • compensating controls
    • business impact

    Info-Tech’s vulnerability management methodology

    Focus on developing the most efficient processes.

    Vulnerability management isn’t “old school.”

    The vulnerability management market is relatively mature; however, vulnerability management remains a very relevant and challenging topic.

    Security practitioners are inundated with the advice they need to prioritize their vulnerabilities. Every vulnerability scanning vendor will proclaim their ability to prioritize the identified vulnerabilities.

    Third-party prioritization methodology can’t be effectively applied across all organizations. Each organization is too unique with different constraints. No tool or service can account for these variables.

    Equation to find 'Vulnerability Priority'.

    When patching is not possible, other options exist: configuration changes (hardening), defense-in-depth, compensating controls, and even elevated security monitoring are possible options.

    Info-Tech Insight

    Vulnerability management is not only patch management. Patching is only one aspect.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Vulnerability Management SOP

    The Standard operating procedure (SOP) will comprise the end-to-end description of the program: roles & responsibilities, data flow, and expected outcomes of the program.

    Sample of the key deliverable, Vulnerability Management SOP.
    Vulnerability Management Policy

    Template for your vulnerability management policy.

    Sample of the Vulnerability Management Policy blueprint. Vulnerability Tracking Tool

    This tool offers a template to track vulnerabilities and how they are remedied.

    Sample of the Vulnerability Tracking Tool blueprint.
    Vulnerability Scanning RFP Template

    Request for proposal template for the selection of a vulnerability scanning tool.

    Sample of the Vulnerability Scanning RFP Template blueprint. Vulnerability Risk Assessment Tool

    Methodology to assess vulnerability risk by determining impact and likelihood.

    Sample of the Vulnerability Risk Assessment Tool blueprint.

    Blueprint benefits

    IT Benefits

    • A standardized, consistent methodology to assess, prioritize, and remediate vulnerabilities.
    • A risk-based approach that aligns with what’s important to the business.
    • A way of dealing with the high volumes of vulnerabilities that your scanning tool is reporting.
    • Identification of “where to start” in terms of vulnerability management.
    • Ability to not lose yourself in the patch madness but rather take a sound approach to scheduling and prioritizing patches and updates.
    • Knowledge of what to do when patching is simply not possible or feasible.

    Business Benefits

    • Alignment with IT in ensuring that business processes are only interrupted when absolutely necessary while maintaining a regular cadence of vulnerability remediation.
    • A consistent program that the business can plan around and predict when interruptions will occur.
    • IT’s new approach being integrated with existing IT operations processes, offering the most efficient yet expedient method of dealing with vulnerabilities.

    Info-Tech’s process can save significant financial resources

    Phase Measured Value
    Phase 1: Identify vulnerability sources
      Define the process, scope, roles, vulnerability sources, and current state
      • Consultant at $100 an hour for 16 hours = $1,600
    Phase 2: Triage vulnerabilities and assign urgencies
      Establish triaging and vulnerability evaluation process
      • Consultant at $100 an hour for 16 hours = $1,600
      Determine high-level business criticality and data classifications
      • Consultant at $100 an hour for 40 hours = $4,000
      Assign urgencies to vulnerabilities
      • Consultant at $100 an hour for 8 hours = $800
    Phase 3: Remediate vulnerabilities
      Prepare documentation for the vulnerability process
      • Consultant at $100 an hour for 8 hours = $800
      Establish defense-in-depth modelling
      • Consultant at $100 an hour for 24 hours = $2,400
      Identify remediation options and establish criteria for use
      • Consultant at $100 an hour for 40 hours = $4,000
      Formalize backup and testing procedures, including exceptions
      • Consultant at $100 an hour for 8 hours = $800
      Remediate vulnerabilities and verify
      • Consultant at $100 an hour for 24 hours = $2,400
    Phase 4: Continually improve the vulnerability management process
      Establish a metrics program for vulnerability management
      • Consultant at $100 an hour for 16 hours = $1,600
      Update vulnerability management policy
      • Consultant at $100 an hour for 8 hours = $800
      Develop a vulnerability scanning tool RFP
      • Consultant at $100 an hour for 40 hours = $4,000
      Develop a penetration test RFP
      • Consultant at $100 an hour for 40 hours = $4,000
    Potential financial savings from using Info-Tech resources Phase 1 ($1,600) + Phase 2 ($6,400) + Phase 3 ($10,400) + Phase 4 ($10,400) = $28,800

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Discuss current state and vulnerability sources.

    Call #3: Identify triage methods and business criticality.

    Call #4:Review current defense-in-depth and discuss risk assessment.

    Call #5: Discuss remediation options and scheduling.

    Call #6: Review release and change management and continuous improvement.

    Call #7: Identify metrics, KPIs, and CSFs.

    Call #8: Review vulnerability management policy.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

      Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Identify vulnerability sources

    1.1 What is vulnerability management?

    1.2 Define scope and roles

    1.3 Cloud considerations for vulnerability management

    1.4 Vulnerability detection

    Triage and prioritize

    2.1 Triage vulnerabilities

    2.2 Determine high-level business criticality

    2.3 Consider current security posture

    2.4 Risk assessment of vulnerabilities

    Remediate vulnerabilities

    3.1 Assess remediation options

    3.2 Schedule and execute remediation

    3.3 Drive continuous improvement

    Measure and formalize

    4.1 Metrics, KPIs & CSFs

    4.2 Vulnerability Management Policy

    4.3 Select & implement a scanning tool

    4.4 Penetration testing

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. Scope and boundary definition of vulnerability management program
    2. Responsibility assignment for vulnerability identification and remediation
    3. Monitoring and review process of third-party vulnerability sources
    4. Incident management and vulnerability convergence
    1. Methodology for evaluating identified vulnerabilities
    2. Identification of high-level business criticality
    3. Defined high-level data classifications
    4. Documented defense-in-depth controls
    5. Risk assessment criteria for impact and likelihood
    1. Documented risk assessment methodology and remediation options
    1. Defined metrics, key performance indicators (KPIs), and critical success factors (CSFs)
    2. Initial draft of vulnerability management policy
    3. Scanning tool selection criteria
    4. Introduction to penetration testing
    1. Completed vulnerability management standard operating procedure
    2. Defined vulnerability management risk assessment criteria
    3. Vulnerability management policy draft

    Implement Risk-Based Vulnerability Management

    Phase 1

    Identify Vulnerability Sources

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Establish a common understanding of vulnerability management, define the roles, scope, and information sources of vulnerability detection.

    This phase involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Step 1.1

    Vulnerability Management Defined

    Activities

    None for this section

    This step will walk you through the following activities:

    Establish a common understanding of vulnerability management and its place in the IT organization.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Foundational knowledge of vulnerability management in your organization.

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    What is vulnerability management?

    It’s more than just patching.

    • Vulnerability management is the regular and ongoing practice of scanning an operating environment to uncover vulnerabilities. These vulnerabilities can be outdated applications, unpatched operating systems and software, open ports, obsolete hardware, or any combination of these.
    • The scanning and detection of vulnerabilities is the first step. Planning and executing of remediation is next, along with the approach, prioritized sequence of events, and timing.
    • A vendor-supplied software patch or firmware update is often the easy answer, however, this is not always a viable solution. What if you can’t patch in a timely fashion? What if patching is not possible as it will break the application and bring down operations? What if no patch exists due to the age of the application or operating platform?

    “Most organizations do not have a formal process for vulnerability management.” (Morey Haber, VP of Technology, BeyondTrust, 2016)

    Effective vulnerability management

    It’s not easy, but it’s much harder without a process in place.
    • Effective vulnerability management requires a formal process for organizations to follow; without one, vulnerabilities are dealt with in an ad hoc fashion.
    • Patching isn’t the only solution, but it’s the one that often draws focus.
    • Responsibilities for the different aspects of vulnerability management are often unclear, such as for testing, remediation, and implementation.
    • Identifying new threats without proper vulnerability scanning tools can be a near-impossible task.
    • Determining which vulnerabilities are most urgent can be an inconsistent process, increasing the organizational risk.
    • Measuring the effectiveness of your vulnerability remediation activities can help you better manage resources in SecOps and ITOps. Your staff will be spending the appropriate effort on vulnerabilities that warrant that level of attention.

    You’re not just doing this for yourself. It’s also for your auditors.

    Many compliance and regulatory obligations require organizations to have thorough documentation of their vulnerability management practices.

    Vulnerability management revolves around your asset security services

    Diagram with 'Asset Security Services' at the center. On either side are 'Network Security Services' and 'Identity Security Services', all three of which flow up into 'Security Analytics | Security Incident Response', and all four share a symbiotic flow with 'Management' below and contribute to 'Mega Trend Mapping' above. Management is supported by 'Governance'. Vulnerabilities can be found primarily within your assets but also connect to your information risk management. These must be effectively managed as part of a holistic security program.

    Without management, vulnerabilities left unattended can be easy for attackers to exploit. It becomes difficult to identify the correct remediation option to mitigate against the vulnerabilities.

    Vulnerability management works in tandem with SecOps and ITOps

    Vulnerability Management Process Inputs/Outputs:
    'Vulnerability Management (Process and Tool)' outputs are 'Incident Management', 'Release Management', 'Change Management', 'IT Asset Management', 'Application Security Testing', 'Threat Intelligence', and 'Security Risk Management'; inputs are 'Vulnerability Disclosure', 'Threat Intelligence', and 'Security Risk Management'.

    Arrows denote direction of information feed

    Vulnerability management serves as the input into a number of processes for remediation, including:
    • Incident management, to deal with issues
    • Release management, for patch management
    • Change management, for change control
    • IT asset management, to track version information, e.g. for patching
    • Application security testing, for the verification of vulnerabilities

    A two-way data flow exists between vulnerability management and:

    • Security risk management, for the overall risk posture of the organization
    • Threat intelligence, as vulnerability management reveals only one of several threat vectors

    For additional information please refer to Info-Tech’s research for each area:

    • Vulnerability management can leverage your existing processes to gain an operational element for the program.
    • As you strive to mature each of the processes on their own, vulnerability management will benefit accordingly.
    • Review our research for each of these areas and speak to one of our analysts if you wish to improve any of the listed processes.

    Info-Tech’s Information Security Program Framework

    Vulnerability management is a component of the Infrastructure Security section of Security Management

    Information Security Framework with Level 1 and Level 2 capabilities in two main sections, 'Management' and 'Governance'. Level 2 capabilities are grouped within Level 1 capabilities. For more information, review our Build an Information Security Strategy blueprint, or speak to one of our analysts.

    Info-Tech Insight

    Vulnerability management is but one piece of the information security puzzle. Ensure that you have all the pieces!

    Case Study

    Logo for Cimpress.
    INDUSTRY: Manufacturing
    SOURCE: Cimpress, 2016

    One organization is seeing immediate benefits by formalizing its vulnerability management program.

    Challenge

    Cimpress was dealing with many challenges in regards to vulnerability management. Vulnerability scanning tools were used, but the reports that were generated often gave multiple vulnerabilities that were seen as critical or high and required many resources to help address them. Scanning was done primarily in an attempt to adhere to PCI compliance rather than to effectively enable security. After re-running some scans, Cimpress saw that some vulnerabilities had existed for an extended time period but were deemed acceptable.

    Solution

    The Director of Information Security realized that there was a need to greatly improve this current process. Guidelines and policies were formalized that communicated when scans should occur and what the expectations for remediations should be. Cimpress also built a tiered approach to prioritize vulnerabilities for remediation that is specific to Cimpress instead of relying on scanning tool reports.

    Results

    Cimpress found better management of the vulnerabilities within its system. There was no pushback to the adoption of the policies, and across the worldwide offices, business units have been proactively trying to understand if there are vulnerabilities. Vulnerability management has been expanded to vendors and is taken into consideration when doing any mergers and acquisitions. Cimpress continues to expand its program for vulnerability management to include application development and vulnerabilities within any existing legacy systems.

    Step 1.2

    Defining the scope and roles

    Activities
    • 1.2.1 Define the scope and boundary of your organization’s security program
    • 1.2.2 Assign responsibility for vulnerability identification and remediation

    This step will walk you through the following activities:

    Define and understand the scope and boundary of the security program. For example, does it include OT? Define roles and responsibilities for vulnerability identification and remediation

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand how far vulnerability management extends and what role each person in IT plays in the remediation of vulnerabilities

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Determine the scope of your security program

    This will help you adjust the depth and breadth of your vulnerability management program.
    • Determining the scope will help you decide how much organizational risk the vulnerability management program will oversee.
    • Scope can be defined along four aspects:
      • Data Scope – What data elements in your organization does your security program cover? How is data classified?
      • Physical Scope – What physical scope, such as geographies, does the security program cover?
      • Organizational Scope – How are business units engaged with security initiatives? Does the scope cover all subsidiary organizations?
      • IT Scope – What parts of the organization does IT cover? Does their coverage include operational technology (OT) and industrial control systems (ICS)?
    Stock image of figures standing in connected circles.

    1.2.1 Define the scope and boundary of your organization’s security program

    60 minutes

    Input: List of Data Scope, Physical Scope, Organization Scope, and IT Scope

    Output: Defined scope and boundaries of the IT security program

    Materials: Whiteboard/Flip Charts, Sticky Notes, Markers, Vulnerability Management SOP Template

    Participants: Business stakeholders, IT leaders, Security team members

    1. On a whiteboard, write the headers: Data Scope, Physical Scope, Organizational Scope, and IT Scope.
    2. Give each group member a handful of sticky notes. Ask them to write down as many items as possible for the organization that could fall under one of the four scope buckets.
    3. In a group, discuss the sticky notes and the rationale for including them. Discuss your security-related locations, data, people, and technologies, and define their scope and boundaries.

    The goal is to identify what your vulnerability management program is responsible for and document it.

    Consider the following:

    How is data being categorized and classified? How are business units engaged with security initiatives? How are IT systems connected to each other? How are physical locations functioning in terms of information security management?

    Download the Vulnerability Management SOP Template

    Assets are part of the scope definition

    An inventory of IT assets is necessary if there is to be effective vulnerability management.

    • Organizations need an up-to-date and comprehensive asset inventory for vulnerability management. This is due to multiple reasons:
      • When vulnerabilities are announced, they will need to be compared to an inventory to determine if the organization has any relevant systems or versions.
      • It indicates where all IT assets can be found both physically and logically.
      • Asset inventories typically have owners assigned to the assets and systems whose responsibility it is to carry out remediations for vulnerabilities.
    • Furthermore, asset inventories can provide insight into where data can be found within the organization. This is extremely useful within a formal data classification program, which plays a large factor in vulnerability management.
    If you need assistance building your asset inventory, review Info-Tech’s Implement Hardware Asset Management and Implement Software Asset Management blueprints.

    Info-Tech Insight

    Create a formal IT asset inventory before continuing with the rest of this project. Otherwise, you risk being at the mercy of a weak vulnerability management program.

    Assign responsibility for vulnerability identification and remediation

    Determine who is critical to effectively detecting and managing vulnerabilities.
    • Some of the remediation steps will involve members of IT management to identify the true organizational risk of a vulnerability.
    • Vulnerability remediation comes in different shapes and sizes. In addition to patching, this can include implementing compensating controls, server and application hardening, or the segregating of vulnerable systems.
      • Who carries out each of these activities? Who coordinates the activities and tracks them to ensure completion?
    • The people involved may be members outside of the security team, such as members from IT operations, infrastructure, and applications. The specific roles that each of these groups play should be clearly identified.
    Stock image of many connected profile photos in a cloud network.

    1.2.2 Assign responsibility for vulnerability identification and remediation

    60 minutes

    Input: Sample list of vulnerabilities and requisite actions from each group, High-level organizational chart with area functions

    Output: Defined set of roles and responsibilities for member groups

    Materials: Vulnerability Management SOP Template

    Participants: CIO, CISO, IT Management representatives for each area of IT

    1. Display the table of responsibilities that need to be assigned.
    2. List all the positions within the IT security team.
    3. Map these to the positions that require IT security team members.
    4. List all positions that are part of the IT team.
    5. Map these to the positions that require IT team members.

    If your organization does not have a dedicated IT security team, you can perform this exercise by mapping the relevant IT staff to the different positions shown on the right.

    Download the Vulnerability Management SOP Template Sample of the Roles and Responsibilities table from the Vulnerability Management SOP Template.

    Step 1.3

    Cloud considerations for vulnerability management

    Activities

    None for this section.

    This step will walk you through the following activities:

    Review cloud considerations for vulnerability management

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand the various types of cloud offerings and the implications (and limitations) of vulnerability management in a cloud environment.

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Cloud considerations

    Cloud will change your approach to vulnerability management.
    • There will be a heavy dependence on the cloud service provider to ensure that vulnerabilities in their foundational technologies have been addressed.
    • Depending on the level of “as-a-Service,” customers will have varying degrees of control and visibility into the underlying operations.
    • With vendor acquiescence, you can set your tool to scan a given cloud environment, depending on how much visibility you have into their environment based on the service you have purchased.
    • Due to compliance obligations of their customers, there is a growing trend among cloud providers to allow more scanning of cloud environments.
    • In the absence of customer scanning capability, vendors may offer attestation of vulnerability management and remediation.
    Table outlining who has control, between the 'Organization' and the 'Vendor', of different cloud capabilities in different cloud strategies.

    For more information, see Info-Tech Research Group’s Document Your Cloud Strategy blueprint.

    Cloud environment scanning

    Cloud scanning is becoming a more common necessity but still requires special consideration.

    An organization’s cloud environment is just an extension of its own environment. As such, cloud environments need to be scanned for vulnerabilities.

    Private Cloud
    If your organization owns a private cloud, these environments can be tested normally.
    Public Cloud
    Performing vulnerability testing against public, third-party cloud environments is an area experiencing rapid growth and general acceptance, although customer visibility will still be limited.

    In many cases, a customer must rely on the vendor’s assurance that vulnerabilities are being addressed in a sufficient manner.

    Security standards’ compliance requirements are driving the need for cloud suppliers to validate and assure that they are appropriately scanning for and remediating vulnerabilities.

    Infrastructure- or Platform-as-a-Service (IaaS or PaaS) Environments
    • There is a general trend for PaaS and IaaS vendors to allow testing if given due notice.
    • Your contract with the cloud vendor or the vendor’s terms and conditions will outline the permissibility of customer vulnerability scanning. In some cases, a cloud vendor will deny the ability to do vulnerability scanning if they already provide a solution as part of their service.
    • Always ensure that the vendor is aware of your vulnerability scanning activity so that false positives aren’t triggering their security measures as possible denial-of-service (DoS) attacks.
    Software-as-a-Service (SaaS) Environments
    • SaaS offers very limited visibility to the services behind the software that the customer sees. You therefore cannot test for patch levels or vulnerabilities.
    • SaaS customers must rely exclusively on the provider for the regular scanning and remediation of vulnerabilities in the back-end technologies supporting the SaaS application.
    • You can only test the connection points to SaaS environments. This involves trying to figure out what you can see, e.g. looking for encrypted traffic.

    Certain testing (e.g. DoS or load testing) will be very limited by your cloud vendor. Cloud vendors won’t open themselves to testing that would possibly impact their operations.

    Step 1.4

    Vulnerability detection

    Activities
    • 1.4.1 Develop a monitoring and review process of third-party vulnerability sources
    • 1.4.2 Incident management and vulnerability management

    This step will walk you through the following activities:

    Create an inventory of your vulnerability monitoring capability and third-party vulnerability information sources.

    Determine how incident management and vulnerability management interoperate.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Catalog of vulnerability information data sources. Understanding of the intersection of incident management and vulnerability management.

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Vulnerability detection

    Vulnerabilities can be identified through numerous mediums.

    Info-Tech has determined the following to be the four most common ways to identify vulnerabilities.

    Vulnerability Assessment and Scanning Tools
    • Computer programs that function to identify and assess security vulnerabilities and weaknesses within computers, computer systems, applications, or networks.
    • Using a known vulnerability database, the tool scans targeted hosts or systems to identify flaws and generate reports and recommendations based on the results.
    • There are four main types of tools under this category: network and operating system vulnerability scanners, application scanning and testing tools, web application scanners, and exploitation tools.
    Penetration Tests
    • The act of identifying vulnerabilities on computers, computer systems, applications, or networks followed by testing of the vulnerability to validate the findings.
    • Penetration tests are considered a service that is offered by third-parties in which a variety of products, tools, and methods are used to exploit systems and gain access to data.
    Open Source Monitoring
    • New vulnerabilities are detected daily with each vulnerability’s information being uploaded to an information-sharing platform to enable other organizations to be able to identify the same vulnerability on their systems.
    • Open source platforms are used to alert and distribute information on newly discovered vulnerabilities to security professionals.
    Security Incidents
    • Any time an incident response plan is called into action to mitigate an incident, there should be formal communication with the vulnerability management team.
    • Any IT incident an organization experiences should provide a feed for analysis into your vulnerability management program.

    Automate with a vulnerability scanning tool

    Vulnerabilities are too numerous for manual scanning and detection.
    • Vulnerability management is not only the awareness of the existence of vulnerabilities but that they are actively present in your environment.
    • A vulnerability scanner will usually report dozens, if not hundreds, of vulnerabilities on a regular and recurring basis. Typical IT environments have several dozen, if not hundreds, of servers. We haven’t even considered the amount of network equipment or the hundreds of user workstations in an environment.
    • This tool will give you information of the presence of a vulnerability in your environment and the host on which the vulnerability exists. This includes information on the version of software that contains a vulnerability and whether you are running that version. The tool will also report on the criticality of the vulnerability based on industry criticality ratings.
    • The tools are continually updated by the vendor with the latest definition updates for the latest vulnerabilities out there. This ensures you are always scanning for the greatest number of potential vulnerabilities.
    Automation requires oversight.
    1. Vulnerability scanners bring great automation to the task of scanning and detecting vulnerabilities in high numbers.
    2. Vulnerability scanners, however, do not have your level of intelligence. Any compensating controls, network segregation, or other risk mitigation features that you have in place will not be known by the tool.
    3. Determining the risk and urgency of a vulnerability within the context of your specific environment will still require internal review by you or your SecOps team.

    For guidance on tool selection

    Refer to section 4.3 Selecting and Implement a Scanning Tool in this blueprint.

    Vulnerability scanning tool considerations

    Select a vulnerability scanning tool with the features you need to be effective.
    • Vulnerability scanning tool selection can be an exciting and confusing process. You will need to consider what features you desire in a tool and whether you want the tool to go beyond just scanning and reporting.
    • In addition to vulnerability scanning, some tools will integrate with your IT service management (service desk ticketing system) tool and asset, configuration, and change management modules. This can facilitate the necessary workflow that the remediation process follows once a vulnerability is discovered.
    • A number of vulnerability scanning tool vendors have started offering remediation as part of their software features. This includes the automation and orchestration functionality and configuration and asset management to track its remediation activities.
    • A side benefit of the asset discovery feature in vulnerability scanning tools is that it can help enhance an organization’s asset inventory and license compliance, particularly in cases where end users are able to install software on their workstations.
    Stock photo of a smartphone scanning a barcode.

    For guidance on tool vendors

    Visit SoftwareReviews for information on vulnerability management tools and vendors.

    Vulnerability scanning tool best practices

    How often should scans be performed?

    One-off scans provide snapshots in time. Repeated scans over time provide tracking for how systems are changing and how well patches are being applied and software is being updated.

    The results of a scan (asset inventory, configuration data, and vulnerability data) are basic information needed to understand your security posture. This data needs to be as up to date as possible.

    ANALYST PERSPECTIVE: Organizations should look for continuous scanning

    Continuous scanning is the concept of providing continual scanning of your systems so any asset, configuration, or vulnerability information is up to date. Most vendors will advertise continuous scanning but you need to be skeptical of how this feature is met.

    Continuous Scanning Methods

    Continuous agent scanning

    Real-time scanning that is completed through agent-based scanning. Provides real-time understanding of system changes.

    On-demand scanning

    Cyclical scanning is the method where once you’re done scanning an area, you start it again. This is usually done because doing some scans on some areas of your network take time. How long the scan takes depends on the scan itself. How often you perform a scan depends on how long a scan takes. For example, if a scan takes a day, you perform a daily scan.

    Cloud-based scanning

    Cloud-scanning-as-a-Service can provide hands-free continuous monitoring of your systems. This is usually priced as a subscription model.

    Vulnerability scanning tool best practices

    Where to perform a scan.

    What should be scanned How to point a scanner
    The general idea is that you want to scan pretty much everything. Here are considerations for three environments:
    Mobile Devices

    You need to scan mobile devices for vulnerabilities, but the problem is these can be hard to scan and often come and go on your network. There are always going to be some devices that aren’t on the network when scanning occurs.

    Several ways to scan mobile devices:

    • Intercept the device when it remotes into your network using a VPN. You catch the device with a remote scan. This can only be done if a VPN is required.
    • An agent-based approach can be used for mobile devices. Locally installed software gives the information needed to evaluate the security posture of a device. Discernibly, concerns around device processing, memory, and network bandwidth come into play. Ease of installation becomes key for agents.
    Virtualization
    • In a virtual environment, you will have servers being dynamically spun up. Ensure your tool is able to scan these new servers automatically.
    • Often, vulnerability scanning tool providers will restrict scanning to preapproved scanners. Look for tools that are preapproved by the VM vendors.
    Cloud Environments
    • You can set your tool to scan a given cloud environment. The main concern here is who owns the cloud. If it is a private cloud, there is little concern.
    • If it is a third-party cloud (AWS, Azure, etc.) you need to confirm with the cloud service provider that scanning of your cloud environment can occur.
    • There is a trend to allow more scanning of cloud environments.
    • You need to tell the scanner an IP address, a group of IP addresses, an asset group, or a combination of those.
    • You can categorize by functional classifications – internet-facing servers, workstations, network devices, etc., or by organizational structure – Finance, HR, Legal, etc.
    • If you have a strong change management system, you can better hone when and where to perform a scan based on actual changes.
    • You can set the number of concurrent outbound TCP connections that are being made. For example, set the tool so it sends out to 10 ports at a time, rather than pinging at 64k ports on a machine, which would flood the NIC.
    • Side Note: Flooding a host with pings from a scanning tool can be done to find out DoS thresholds on a machine. There are no bandwidth concerns for a network DoS, however, because the packets are so small.

    Vulnerability scanning tool best practices

    Communication and measurement

    Pre-Scan Communication With Users

    • It is always important to inform owners and users of systems that a scan will be happening.
    • Although it is unlikely any performance issues will arise, it is important to notify end users of potential impact.
    • Local admins or system owners may have controls in place that stop vulnerability scans and you need to inform the owners so that they can safelist the scanner you will be using.
    Vulnerability Scanning Tool Tracking Metrics
    • Vulnerability score by operating system, application, or organization division.
      • This provides a look at the widely accepted severity of the vulnerability as it relates across the organization’s systems.
    • Most vulnerable applications and application version.
      • This provides insight into how outdated applications are creating risk exposure for an organization.
      • This will also provide metrics on the effectiveness of your patching program.
    • Number of assets scanned within the last number of days.
      • This provides visibility into how often your assets are being scanned and thus protected.
    • Number of unowned devices or unapproved applications.
      • This metric will track how many unowned devices or unapproved applications may be on your network. Unowned devices may be rogue devices or just consultant/contractor devices.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Proactively identify new vulnerabilities as they are announced.

    By monitoring for vulnerabilities as they are announced through industry alerts and open-source mechanisms, it is possible to identify vulnerabilities beyond your scanning tool’s penetration tests.

    Common sources:
    • Vendor websites and mailing lists
      • Vendors are the trusted sources for vulnerability and patch information on their products, particularly with new industry vulnerability disclosure requirements. Vendors are the most familiar with their products, downloads are most likely malware free, and additional information is often included.
      • There are some issues: vendors won’t announce a vulnerability until a patch is created, which creates a potential unknown risk exposure; numerous vendor sites will have to be monitored continually.
    • Third-party websites
      • A non-vendor site providing information on vulnerabilities. They often will cover a specific technology or an industry section, becoming a potential “one-stop shop” for some. They will often provide vulnerability information that is augmented with different remediation recommendations faster than vendors.
      • However, it’s more likely that malicious code could be downloaded and it will often not be comprehensive information on patching.
    • Third-party mailing lists, newsgroups, live paid subscriptions, and live open-source feeds
      • These are alerting and notification services for the detection and dissemination of vulnerability information. They provide information on the latest and most critical vulnerabilities, e.g. US-CERT Cybersecurity Alerts.
    • Vulnerability databases
      • These usually consist of dedicated databases on vulnerabilities. They perform the hard work of identifying and aggregating vulnerability and patch information into a central repository for end-user consumption. The commentary features on these databases provide excellent insight for practitioners, e.g. National Vulnerability Database (NVD).
    Stock photo of a student checking a bulletin board.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Third-party sources for vulnerabilities

    • Open Source Vulnerability Database (OSVDB)
      • An open-source database that is run independently of any vendors.
    • Common Vulnerabilities and Exposures (CVE)
      • Free, international dictionary of publicly known information security vulnerabilities and exposures.
    • National Vulnerability Database (NVD)
      • Through NIST, the NVD is the US government’s repository of vulnerabilities and includes product names, flaws, and any impact metrics.
      • The National Checklist Repository Program (NCRP), also provided by NIST, provides security checklists for configurations of operating systems and applications.
      • The Center for Internet Security, a separate entity unrelated to NIST, provides configuration benchmarks that are often referenced by the NCRP.
    • Open Web Application Security Project (OWASP)
      • OWASP is another free project helping to expose vulnerabilities within software.
    • US-CERT National Cyber Alert System (US-CERT Alerts)
      • Cybersecurity Alerts – Provide timely information about current security issues, vulnerabilities, and exploits.
      • Cybersecurity Tips – Provide advice about common security issues for the general public.
      • Cybersecurity Bulletins – Provide weekly summaries of new vulnerabilities. Patch information is provided when available.
    • US-CERT Vulnerability Notes Database (US-CERT Vulnerability Notes)
      • Database of searchable security vulnerabilities that were deemed not critical enough to be covered under US-CERT Alerts. Note that the NVD covers both US-CERT Alerts and US-CERT Notes.
    • Open Vulnerability Assessment Language (OVAL)
      • Coding language for security professionals to discuss vulnerability checking and configuration issues. Vulnerabilities are identified using tests that are disseminated in OVAL definitions (XML executables that can be used by end users).

    1.4.1 Develop a monitoring and review process for third-party vulnerability sources

    60 minutes

    Input: Third-party resources list

    Output: Process for review of third-party vulnerability sources

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, CISO

    1. Identify what third-party resources are useful and relevant.
    2. Shortlist your third-party sources.
    3. Identify what is the best way to receive information from a third party.
    4. Document the method to receive or check information from the third-party source.
    5. Identify who is responsible for maintaining third-party vulnerability information sources
    6. Capture this information in the Vulnerability Management SOP Template.
    Download the Vulnerability Management SOP Template Sample of the Third Party Vulnerability Monitoring tables from the Vulnerability Management SOP Template.

    Incidents and vulnerability management

    Incidents can also be a sources of vulnerabilities.

    When any incident occurs, for example:

    • A security incident, such as malware detected on a machine
    • An IT incident, such as an application becomes unresponsive
    • A crisis occurs, like a worker accident

    There can be underlying vulnerabilities that need to be processed.

    Three Types of IT Incidents exist:
    1. Information Security Incident
    2. IT Incident and/or Problem
    3. Crisis

    Note: You need to have developed your various incident response plans to develop information feeds to the vulnerability mitigation process.
    If you are missing an incident response plan, take a look at Info-Tech’s Related Resources.

    Info-Tech Related Resources:
    If you do not have a formalized information security incident management program, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have a formalized problem management process, take a look at Info-Tech’s blueprint Incident and Problem Management.

    If you do not have a formalized IT incident management process, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have formalized crisis management, take a look at Info-Tech’s blueprint Implement Crisis Management Best Practices.

    1.4.2 Incident management and vulnerability management

    60 minutes

    Input: Existing incident response processes, Existing crisis communications plans

    Output: Alignment of vulnerability management program with existing incident management processes

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    1. Inventory what incident response plans the organization has. These include:
      1. Information Security Incident Response Plan
      2. IT Incident Plan
      3. Problem Management Plan
      4. Crisis Management Plan
    2. Identify what part of those plans contains the post-response recap or final analysis.
    3. Formalize a communication process between the incident response plan and the vulnerability mitigation process.

    Note: Most incident processes will cover some sort of root cause analysis and investigation of the incident. If a vulnerability of any kind is detected within this analysis it needs to be reported on and treated as a detected vulnerability, thus warranting the full vulnerability mitigation process.

    Download the Vulnerability Management SOP Template

    Implement Risk-Based Vulnerability Management

    Phase 2

    Triage & prioritize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach, and prepare for remediation options.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Step 2.1

    Triage vulnerabilities

    Activities
    • 2.1.1 Evaluate your identified vulnerabilities

    This step will walk you through the following activities:

    Review your vulnerability information sources and determine a methodology that will be used to consistently evaluate vulnerabilities as your scanning tool alerts you to them.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Triaging vulnerabilities

    Use Info-Tech’s methodology to allocate urgencies to your vulnerabilities to assign the appropriate resources to each one.

    When evaluating numerous vulnerabilities, use the following three factors to help determine the urgency of vulnerabilities:

    • The intrinsic qualities of the vulnerability
    • The business criticality of the affected asset
    • The sensitivity of the data stored on the affected asset

    Intrinsic qualities of the vulnerability — Vulnerabilities need to be examined for the inherent risk they pose specifically to the organization, which includes if an exploit has been identified or if the industry views this as a serious and likely threat.

    Business criticality of the affected asset — Assets with vulnerabilities need to be assessed for their criticality to the business. Vulnerabilities on systems that are critical to business operations or customer interactions are usually top of mind.

    Sensitivity of the data of the affected asset — Beyond just the criticality of the business, there must be consideration of the sensitivity of the data that may be compromised or modified as a result of any vulnerabilities.

    Info-Tech Insight

    This methodology allows you to determine urgency of vulnerabilities, but your remediation approach needs to be risk-based, within the context of your organization.

    Triage your vulnerabilities, filter out the noise

    Triaging enables your vulnerability management program to focus on what it should focus on.

    Use the Info-Tech Vulnerability Mitigation Process Template to define how to triage vulnerabilities as they first appear.

    Triaging is an important step in vulnerability management, whether you are facing ten to tens of thousands of vulnerability notifications.
    Many scanning tools already provide the capability to compare known vulnerabilities against existing assets through integration with the asset inventory.

    There are two major use cases for this process:
    1. For organizations that have identified vulnerabilities but do not know their own systems well enough. This can be due to a lack of a formal asset inventory.
    2. For proactive organizations that are regularly staying up to date with industry announcements regarding vulnerabilities. Once an alert has been made publicly, this process can assist in confirming if the vulnerability is relevant to the organization.
    The Info-Tech methodology for initial triaging of vulnerabilities:
    Flowchart of the Info-Tech methodology for initial triaging of vulnerabilities, beginning with 'Vulnerability has been identified' and ending with either 'Vulnerability has been triaged' or 'No action needed'.

    Even if neither of these use cases apply to your organization, triaging still addresses the issues of false positives. Triaging provides a quick way to determine if vulnerabilities are relevant.

    After eliminating the noise, evaluate your vulnerabilities to determine urgency

    Consider the intrinsic risk to the organization.

    Is there an associated, verified exploit?
    • For a vulnerability to become a true threat to the organization, it must be exploited to cause damage. In today’s threat landscape, exploit kits are sold online that allow individuals with low technical knowledge to exploit a vulnerability.
    • Not all vulnerabilities have an associated exploit, but this does not mean that these vulnerabilities can be left alone. In many cases, it is just a matter of time before an exploit is created.
    • Another point to consider is that while exploits can exist theoretically, they may not be verified. Vulnerabilities always pose some level of risk, but if there are no known verified exploits, there is less risk attached.
    Is there a CVSS base score of 7.0 or higher?
    • Common Vulnerability Scoring System (CVSS) is an open-source industry scoring method to assess the potential severity of vulnerabilities.
    • CVSS takes into account: attack vector, complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact.
    • Vulnerabilities that have a score of 4.0 or lower are classified as low vulnerabilities, while scores between 4.0 and 6.9 are put in the medium category. Scores of 7 or higher are in the high and critical categories. As we will review in the Risk Assessment section, you will want to immediately deal with high and critical vulnerabilities.
    Is there potential for significant lateral movement?
    • Even though a vulnerability may appear to be part of an inconsequential asset, it is important to consider whether it can be leveraged to gain access to other areas of the network or system by an attacker.
    • Another consideration should be whether the vulnerability can be exploited by remote or local access. Remote exploits pose a greater risk as this can mean that attackers can perform an exploit from any location. Local exploits carry less risk, although the risk of insider threats should be considered here as well.

    2.1.1 Evaluate your identified vulnerabilities

    60 minutes

    Input: Visio workflow of Info-Tech’s vulnerability management process

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    Using the criteria from the previous slide, Info-Tech has created a methodology to evaluate your vulnerabilities by examining their intrinsic qualities.

    The methodology categorizes the vulnerabilities into high, medium, and low risk importance categorizations, before assigning final urgency scores in the later steps.

    1. Review the evaluation process in the Vulnerability Management Workflow library.
    2. Determine if this process makes sense for the organization; otherwise, change the flow to include any other considerations of process flows.
    3. As this process is used to evaluate vulnerabilities, document vulnerabilities to an importance category. This can be done in the Vulnerability Tracking Tool or using a similar internal vulnerability tracking document, if one exists.

    Download the Vulnerability Management SOP Template

    Step 2.2

    Determine high-level business criticality

    Activities
    • 2.2.1 Determine high-level business criticality
    • 2.2.2 Determine your high-level data classifications

    This step will walk you through the following activities:

    Determining high-level business criticality and data classifications will help ensure that IT security is aligned with what is critical to the business. This will be very important when decisions are made around vulnerability risk and the urgency of remediation action.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    Understanding and consistency in how business criticality and business data is assessed by IT in the vulnerability management process.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Understanding business criticality is key to determining vulnerability urgency

    Prioritize operations that are truly critical to the operation of the business, and understand how they would be impacted by an exploited vulnerability.

    Use the questions below to help assess which operations are critical for the business to continue functioning.

    For example, email is often thought of as a business-critical operation when this is not always the case. It is important to the business, but as regular operations can continue for some time without it, it would not be considered extremely business critical.

    Questions to ask Description
    Is there a hard-dollar impact from downtime? This refers to when revenue or profits are directly impacted by a business disruption. For example, when an online ordering system is compromised and shut down, it impacts sales, and therefore, revenue.
    Is there an impact on goodwill/ customer trust? If downtime means delays in service delivery or otherwise impacts goodwill, there is an intangible impact on revenue that may make the associated systems mission critical.
    Is regulatory compliance a factor? Depending on the circumstances of the vulnerabilities, it can be a violation of regulatory compliance and would cause significant fines.
    Is there a health or safety risk? Some operations are critical to health and safety. For example, medical organizations have operations that are necessary to ensure that individuals’ health and safety are maintained. An exploited vulnerability that prevents these operations can directly impact the lives of these individuals.
    Don’t start from scratch – your disaster recovery plan (DRP) may have a business impact analysis (BIA) that can provide insight into which applications and operations are considered business critical.

    Analyst Perspective

    When assessing the criticality of business operations, most core business applications may be deemed business critical over the long term.

    Consider instead what the impact is over the first 24 or 48 hours of downtime.

    2.2.1 Determine high-level business criticality

    120 minutes; less time if a Disaster recovery plan business impact analysis exists

    Input: List of business operations, Insight into business operations impacts to the business

    Output: List of business operations and their criticality and impact to the business

    Materials: Vulnerability Management SOP Template

    Participants: Participants from the business, IT Security Manager, CISO, CIO

    1. List your core business operations at a high level.
    2. Use a High, Medium, or Low ranking to prioritize the business operations based on mission-critical criteria and the impact of the vulnerability.
    3. When using the process flow, consider if the vulnerability directly affects any of these business operations and move through the process flow based on the corresponding High, Medium, or Low ranking.
    Example prioritization of business operations for a manufacturing company: Questions to ask:
    1. Is there a hard-dollar impact from downtime?
    2. Is there impact on goodwill or customer trust?
    3. Is regulatory compliance a factor?
    4. Is there a health or safety risk?

    Download the Vulnerability Management SOP Template

    Determine vulnerability urgency by its data classification

    Consider how to classify your data based on if the Confidentiality, Integrity, or Availability (CIA) is compromised.

    To properly classify your data, consider how the confidentiality, integrity, and availability of that data would be affected if it were to be exploited by a vulnerability. Review the table below for an explanation for each objective.
    Confidentiality

    Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

    Integrity

    Guarding against improper information modification or destruction, and ensuring information non-repudiation and authenticity.

    Availability

    Ensuring timely and reliable access to and use of information.

    Each piece of data should be ranked as High, medium, or low across confidentiality, integrity, and availability based on adverse effect. Arrow pointing right. Low — Limited adverse effect

    Moderate — Serious adverse effect

    High — Severe or catastrophic adverse effect

    If you wish to build a whole data classification methodology, refer to our Discover and Classify Your Data blueprint.

    How to determine data classification when CIA differs:

    The overall ranking of the data will be impacted by the highest objective’s ranking.

    For example, if confidentiality and availability are low, but integrity is high, the overall impact is high.

    This process was developed in part by Federal Information Processing Standards Publication 199.

    2.2.2 Determine your high-level data classifications

    120 minutes, less time if data classification already exists

    Input: Knowledge of data use and sensitivity

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, CISO, CIO

    If your organization has formal data classification in place, it should be leveraged to determine the high, medium, and low rankings necessary for the process flows. However, if there is no formal data classification in place, the process below can be followed:

    1. List common assets or applications that are prone to vulnerabilities.
    2. Consider the data that is on these devices and provide a high (severe or catastrophic adverse effect), medium (serious adverse effect), or low (limited adverse effect) ranking based on confidentiality, availability, and integrity.
      1. Use the table on the previous slide to assist in providing the ranking.
      2. Remember that it is the highest ranking that dictates the overall ranking of the data.
    3. Document which data belongs in each of the categories to provide contextual evidence.

    Download the Vulnerability Management SOP Template

    This process should be part of your larger data classification program. If you need assistance in building this out, review the Info-Tech research, Discover and Classify Your Data.

    Step 2.3

    Consider current security posture

    Activities
    • 2.3.1 Document your defense-in-depth controls

    This step will walk you through the following activities:

    Your defense-in-depth controls are the existing layers of security technology that protects your environment. These are relevant when considering the urgency and risk of vulnerabilities in your environment, as they will mitigate some of the risk.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Understanding and documentation of your current defense-in-depth controls.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Review your current security posture

    What you have today matters.
    • In most cases, your vulnerability scanning tool alone will not have the context of your security posture in the results of its scans. This can skew the true urgency of detected vulnerabilities in your environment.
    • What you have in place today is what comprises your organization’s overall security posture. This bears high relevance to the determination of the risk that a vulnerability poses to your environment.
    • Elements such as enterprise architecture and defense in depth mechanisms should be factored into determining the risk of a vulnerability and what kind of immediacy is warranted to address it.
    • Details of your current security posture will also contribute to the assessment and selection of remediation options.
    Stock image of toy soldiers split into two colours, facing eachother down.

    Enterprise architecture considerations

    What does your network look like?
    • Most organizations have a network topology that has been put in place with operational needs in mind. These includes specific vLANs or subnets, broadcast domains, or other methods of traffic segregation.
    • The firewall and network ACLs (access control lists) will manage traffic and the routes that data packets follow to traverse a network.
    • Organizations may physically separate data network types, for example, a network for IT services and one for operational technology (OT)(OT is often known as ICS (industrial control systems) or SCADA (supervisory control and data acquisition)) or other types of production technology.
    • The deployment of distribution and access switches across an enterprise can also be a factor, where a flatter network will have fewer network devices within the topology.
    • In a directory services environment such as Windows Active Directory, servers and applications can be segregated by domains and trust relationships, organizational units, and security groups.
    What’s the relevance to vulnerability management?

    For a vulnerability to be exploited, a malicious actor must find a way to access the vulnerable system to make use of the vulnerability in question.

    Any enterprise architecture characteristics that you have in place may lessen the probability of a successful vulnerability exploit.

    This may potentially “buy time” for SecOps to address and remediate the vulnerability.

    Defense-in-depth

    Defense-in-depth provides extra layers of protection to the organization.

    • Defense-in-depth refers to the coordination of security controls to add layers of security to the organization.
      • This means that even if attackers are able to get past one control or layer, they are hindered by additional security.
    • Defense-in-depth is distinct from the previous section on enterprise architecture as these are security controls put in place with the purpose of being lines of defense within your security posture.
    • This can be extremely useful in managing vulnerabilities; thus, it is important to establish the existing defense-in-depth controls. By establishing the base model for your defense-in-depth, it will allow you to leverage these controls to manage vulnerabilities.
    • Controls are typically distributed across endpoints, network infrastructure, servers, and physical security.

    Note: Defense-in-depth controls do not entirely mitigate vulnerability risk. They provide a way in which the vulnerability cannot be exploited, but it continues to exist on the application. This must be kept in mind as the controls or applications themselves change, as it can re-open the vulnerability and cause potential problems.

    Examples of defense-in-depth controls can consist of any of the following:
    • Antivirus software
    • Authentication security
    • Multi-factor authentication
    • Firewalls
    • Demilitarized zones (DMZ)
    • Sandboxing
    • Network zoning
    • Application whitelisting
    • Access control lists
    • Intrusion detection & prevention systems
    • Airgapping
    • User security awareness training

    2.3.1 Document your defense-in-depth controls

    2 hours, less time if a security services catalog exists

    Input: List of technologies within your environment, List of IT security controls that are in place

    Output: List of defense-in-depth controls

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, Infrastructure Manager, IT Director, CISO

    1. Document the existing defense-in-depth controls within your system.
    2. Review the initial list that has been provided and see if these are controls that currently exist.
    3. Indicate any other controls that are being used by the organization. This may already exist if you have a security services catalog.
    4. Indicate who the owners of the different controls are.
    5. Track the information in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Sample table of security controls within a Defense-in-depth model with column headers 'Defense-in-depth control', 'Description', 'Workflow', and 'Control Owner'.

    Step 2.4

    Risk assessment of vulnerabilities

    Activities
    • 2.4.1 Build a classification scheme to consistently assess impact
    • 2.4.2 Build a classification scheme to consistently assess likelihood

    This step will walk you through the following activities:

    Assessing risk will be the cornerstone of how you evaluate vulnerabilities and what priority you place on remediation. This is actual risk to the organization and not simply what the tool reports without the context of your defense-in-depth controls.

    This step involves the following participants:

    • IT Security Manager
    • IT Operations Management
    • CISO
    • CIO

    Outcomes of this step

    A risk matrix tailored to your organization, based on impact and likelihood. This will provide a consistent, unambiguous way to assess risk across the vulnerability types that is reported by your scanning tool.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Vulnerabilities and risk

    Vulnerabilities must be addressed to mitigate risk to the business.
    • Vulnerabilities are a concern because they are potential threats to the business. Vulnerabilities that are not addressed can turn from potential threats into actual threats; it is only a matter of time and opportunity.
    • Your organization will already be familiar with risk management, as every decision carries a business risk component. There may even be a senior manager assigned as corporate risk officer to manage organizational risk.
    • The organization likely has a risk tolerance level that defines the organization’s risk appetite. This may be measured in dollars, non-productivity time, or other units of inefficiency.
    • The risk of a vulnerability can be calculated using impact and likelihood. Impact is the effect that the vulnerability will have if it is exploited by a malicious actor. Likelihood is the degree to which a vulnerability exploit can possibly occur.
    Stock image of a cartoon character in a tie hanging on the needle of a 'RISK' meter as it sits at 'LOW'.

    Info-Tech Insight

    Risk to the organization is business language that everyone can understand. This is particularly true when the risk is to productivity or to the company’s bottom line.

    A risk-based approach to vulnerability management

    CVSS scores are just the starting point!

    Vulnerabilities are constant.
    • There will always be vulnerabilities in the environment, many of which won’t be reported as they are currently unknown.
    • Don’t focus on trying to resolve all vulnerabilities in your environment. You are neither resourced for it nor can the business tolerate the downtime needed to remediate every single vulnerability.
      • The constant follow of new vulnerabilities will quickly render your efforts useless and it will become a game of “whack-a-mole.”
    • Being able to prioritize which vulnerabilities require appropriate levels of response is crucial to ensuring that an organization stays ahead of the continual flow.
    • Your vulnerability scanning tool will report the severity of a vulnerability, often using an industry Common Vulnerability Scoring System (CVSS) system ranging from 0 to 10. It will then scan your environment for the presence of the vulnerability and report accordingly.
      • Your vulnerability scanning tool will not be aware of any mitigation components in your environment, such as compensating controls, network segregation, server/application hardening, or any other measures that can reduce the risk. That is why determining actual risk is a crucial step.

    Stock image of a whack-a-mole game.

    Info-Tech Insight

    Vulnerability scanning is a valuable function, but it does not tell the full picture. You must determine how urgent a vulnerability truly is, based on your specific environment.

    Prioritize remediation by levels of risk

    Address critical and high risk with high immediacy.

    • Addressing the critical and high-risk vulnerabilities with urgency will ensure that you are addressing a more manageable number of vulnerabilities.
    • An optimized vulnerability management process will address the medium and low risk vulnerabilities within the regular cycle.
    • This may be very similar to what you do today in an ad hoc fashion:
      • Zero-day vulnerabilities tend to warrant a stop in operations and are dealt with immediately (or as soon as a vendor has a fix).
      • The standard remediation process (patching/updating, change of configuration, etc.) happens within a regular controlled time cycle.
    • Formalizing this process will ensure that appropriate attention is given to vulnerabilities that warrant it and that the remaining vulnerabilities are dealt with as a regular, recurring activity.

    Mitigate the risk surface by reducing the time across the phases

    Chart titled 'Mitigate the risk surface by reducing the time across the phases' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. A note on the line reads 'Objective: Reduce risk surface by reducing time to address'. The area between the line and your organization's risk tolerance is labelled 'Risk Surface, to be addressed with high priority'. A bracket around Risk levels 'High' and 'Critical' reads 'Priority focus zone (risk surface)'. Risk lines within levels 'Low' and 'Medium' read 'Follow standard vulnerability management cycles'.

    Risk matrix

    Risk = Impact x Likelihood
    • Info-Tech’s Vulnerability Management Risk Assessment Tool provides a method of calculating the risk of a vulnerability. The risk rating is assigned using the impact of the risk and the likelihood or probability that the event may occur.
    • The tool puts the vulnerability into your organization’s context: How many people will be affected? What service types are vulnerable and how does that impact the business? Is there an anticipated update from the vendor of the system being affected?
    • Urgency of remediation should be based on the business consequences if the vulnerability were to be exploited, relative to the business’ risk tolerance.

    Info-Tech Insight

    Risk determination should be done within the context of your current environment and not simply based on what your vulnerability tool is reporting.

    A risk matrix is useful in calculating a risk rating for vulnerabilities. Risk matrix with axes 'Impact' and 'Time' and individual vulnerabilities mapped onto it via their risk rating. The example 'Organizational Risk Tolerance Threshold' line runs diagonally through the 'Medium' squares.

    2.4.1 Build a classification scheme to consistently assess impact

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Impact. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', 'Network vulnerability', and 'Vendor patch release'.

    2.4.2 Build a classification scheme to consistently assess likelihood

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability that your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Likelihood. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', and 'Network vulnerability'.

    Prioritize based on risk

    Select the best remediation option to minimize risk.

    Through the combination of the identified risk and remediation steps in this phase, the prioritization for vulnerabilities will become clear. Vulnerabilities will be assigned a priority once their intrinsic qualities and threat potential to business function and data have been identified.

    • Remediation options will be identified for the higher urgency vulnerabilities.
    • Options will be assessed for whether they are appropriate.
    • They will be further tested to determine if they can be used adequately prior to full implementation.
    • Based on the assessments, the remediation will be implemented or another option will be considered.
    Prioritization
    1. Assignment of risk
    2. Identification of remediation options
    3. Assessment of options
    4. Implementation

    Remediation plays an incredibly important role in the entire program. It plays a large part in wider risk management when you must consider the risk of the vulnerability, the risk of the remediation option, and the risk associated with the overall process.

    Implement Risk-Based Vulnerability Management

    Phase 3

    Remediate vulnerabilities

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • Identifying potential remediation options.
    • Developing criteria for each option with regards to when to use and when to avoid.
    • Establishing exception procedure for testing and remediation.
    • Documenting the implementation of remediations and verification.

    This phase involves the following participants:

    • CISO, or equivalent
    • Security Manager/Analyst
    • Network, Administrator, System, Database Manager
    • Other members of the vulnerability management team
    • Risk managers for the risk-related steps

    Determining how to remediate

    Patching is only one option.

    This phase will allow organizations to build out the specific processes for remediating vulnerabilities. The overall process will be the same but what will be critical is the identification of the correct material. This includes building the processes around:
    • Identifying and selecting the remediation option to be used.
    • Determining what to do when a patch or update is not available.
    • Scheduling and executing the remediation activity.
    • Continuous improvement.

    Each remediation option carries a different level of risk that the organization needs to consider and accept by building out this program.

    It is necessary to be prepared to do this in real time. Careful documentation is needed when dealing with vulnerabilities. Use the Vulnerability Tracking Tool to assist with documentation in real time. This is separate from using the process template but can assist in the documentation of vulnerabilities.

    Step 3.1

    Assessing remediation options

    Activities
    • 3.1.1 Develop risk and remediation action

    This step will walk you through the following activities:

    With the risk assessment from the previous activity, we can now examine remediation options and make a decision. This activity will guide us through that.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    List of remediation options and criteria on when to consider each.

    Remediate vulnerabilities
    Step 3.1 Step 3.2 Step 3.3

    Identify remediation options

    There are four options when it comes to vulnerability remediation.

    Patches and Updates

    Patches are software or pieces of code that are meant to close vulnerabilities or provide fixes to any bugs within existing software. These are typically provided by the vendor to ensure that any deployed software is properly protected after vulnerabilities have been detected.

    Configuration Changes

    Configuration changes involve administrators making significant changes to the system or network to remediate against the vulnerability. This can include disabling the vulnerable application or specific element and can even extend to removing the application altogether.

    Remediation

    Compensating Controls

    By leveraging security controls, such as your IDS/IPS, firewalls, or access control, organizations can have an added layer of protection against vulnerabilities beyond the typical patches and configuration changes. This can be used as a measure while waiting to implement another option (if one exists) to reduce the risk of the vulnerability in the short or long term.

    Risk Acceptance

    Whenever a vulnerability is not remediated, either indefinitely or for a short period of time, the organization is accepting the associated risk. Segregation of the vulnerable system can occur in this instance. This can occur in cases where a system or application cannot be updated without detrimental effect to the business.

    Patches and updates

    Patches are often the easiest and most common method of remediation.

    Patches are usually the most desirable remediation solution when it comes to vulnerability management. They are typically provided by the vendor of the vulnerable application or system and are meant to eliminate the existing vulnerability.

    When to use

    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching for the affected systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.

    When to avoid

    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches, which is often the case for critical systems.
    When to consider other remediation options
    • For critical systems, it can be difficult to implement a patch as they often require the system to be rebooted or go through some downtime. There must be consideration towards whether there is a change window approaching if a patch is to be implemented on a business-critical system.
      • If there is no opportunity to implement the patch, or no approaching change window, it is wise to leverage another remediation option.
    • When patches are not currently available from the vendor or they are in production, other remediation options are needed.
    • Other remediation options can be used in tandem with the patch. For example, if a patch is being deferred until the change window, it would be wise to use alternate remediation options to close the vulnerability.

    Compensating controls

    Compensating controls can decrease the risk of vulnerabilities that cannot be (immediately) remediated.

    • Compensating controls are measures put in place when direct remediation measures are impractical or non-existent.
    • Similar to the payment card industry’s PCI DSS 1.0 provision of compensating controls, these are meant to meet the intent or rigor of the original requirement; unlike PCI DSS, these measures are to mitigate risk rather than meet compliance.
    • The compensating control should be viewed as only a temporary measure for dealing with a vulnerability, although circumstances may dictate a degree of permanence in the application of the compensating control.
    • Examples where compensating controls may be needed are:
      • The software vendor is developing an update or patch to address a vulnerability.
      • Through your testing process, a patch will adversely affect the performance or operation of the target system and be detrimental to the business.
      • A critical application will only run on a legacy operating system, the latter of which is no longer supported by the vendor.
      • A legacy application is no longer being supported but is critical to your operations. A replacement, if one exists, will take time to implement.
    Examples of compensating controls
    • Segregating a vulnerable server or application on the network, physically or logically.
    • Hardening the operating system or application.
    • Restricting user logins to the system or application.
    • Implementing access controls on the network route to the system.
    • Instituting application whitelisting.

    Configuration changes

    Configuration changes involve making changes directly to the application or system in which there is a vulnerability. This can vary from disabling or removing the vulnerable element or, in the case of applications built in-house, changing the coding of the application itself. These are commonly used in network vulnerabilities such as open ports.

    When to use

    • A patch is not available.
    • The vulnerable element can be significantly changed, or even disabled, without significantly disrupting the business.
    • The application is built in-house, as the vulnerability must be closed internally.
    • There is adequate testing to ensure that the configuration change does not affect the business.
    • A configuration change in your network or system can affect numerous endpoints or systems, reducing endpoint patching or use of defense-in-depth controls.

    When to avoid

    • When a suitable patch is available.
    • When the vulnerability is on a business-critical element with no nearby change window or it cannot be disabled.
    • When there is no opportunity in which to perform testing to ensure that there are no unintended consequences.
    When to consider other remediation options
    • Configuration changes require careful documentation as changes are occurring to the system and applications. If there is a need to perform a back-out process and return to the original configuration, this can be extremely difficult without clear documentation of what occurred.
    • If business systems are too critical or important to the regular business function to perform any changes, it is necessary to consider other options.

    Info-Tech Insight

    Remember your existing processes: configuration changes may need to be approved and orchestrated through your organization’s configuration and change management processes.

    Case Study

    Remediation options do not have to be used separately. Use the Shellshock 2014 case as an example.

     
    INDUSTRY: All
    SOURCE: Public Domain
    Challenge

    Bashdoor, more commonly known as Shellshock, was announced on September 24, 2014.

    This bug involved the Bash shell, which normally executes user commands, but this vulnerability meant that malicious attackers could exploit it.

    This was rated a 10/10 by CVSS – the highest possible score.

    Within hours of the announcement, hackers began to exploit this vulnerability across many organizations.

    Solution

    Organizations had to react quickly and multiple remediation options were identified:

    • Configuration changes – Companies were recommended to use other shells instead of the Bash shell.
    • Defense-in-depth controls – Using HTTP server logs, it could be possible to identify if the vulnerability had been exploited.
    • Patches – Many vendors released patches to close this vulnerability including Debian, Ubuntu, and Red Hat.
    Results

    Companies began to protect themselves against these vulnerabilities.

    While many organizations installed patches as quickly as possible, some also wished to test the patch and leveraged defense-in-depth controls in the interim.

    However, even today, many still have the Shellshock vulnerability and exploits continue to occur.

    Accept the risk and do nothing

    By choosing not to remediate vulnerabilities, you must accept the associated risk. This should be your very last option.

    Every time that a vulnerability is not remediated, it continues to pose a risk to the organization. While it may seem that every vulnerability needs to be remediated, this is simply not possible due to limited resources. Further, it can take away resources from other security initiatives as opposed to low-priority vulnerabilities that are extremely unlikely to be exploited.

    Common criteria for vulnerabilities that are not remediated:
    • Affected systems are of extremely low criticality.
    • Affected systems are deemed too critical to take offline to perform adequate remediation.
    • Low urgency is assigned to those vulnerabilities.
    • Cost and time required for the remediation are too high.
    • No adequate solutions exist – the vendor has not released a patch, there are weak defense-in-depth controls, and it is not possible to perform a configuration change.

    Risk acceptance is not uncommon…

    • With an ever-increasing number of vulnerabilities, organizations are struggling to keep up and often, intentionally or unintentionally, accept the risk associated.
    • In the end, non-remediation means full acceptance of the risk and any consequences.

    Enterprise risk management
    Arrow pointing up.
    Risk acceptance of vulnerabilities

    While these are common criteria, they must be aligned to the enterprise risk management framework and approved by management.

    Don’t forget the variables that were assessed in Phase 2. This includes the risk from potential lateral movement or if there is an existing exploit.

    Risk considerations

    When determining if risk acceptance is appropriate, consider the cost of not mitigating vulnerabilities.

    Don’t accept the risk because it seems easy. Consider the financial impact of leaving vulnerabilities open.

    With risk acceptance, it is important to review the financial impact of a security incident resulting from that vulnerability. There is always the possibility of exploitation for vulnerabilities. A simple metric taken from NIST SP800-40 to use for this is:

    Cost not to mitigate = W * T * R

    Where (W) is the number of work stations, (T) is the time spent fixing systems or lost in productivity, and (R) is the hourly rate of the time spent.

    As an example provided by NIST SP800-40 Version 2.0, Creating a Patch and Vulnerability Management Program:

    “For an organization where there are 1,000 computers to be fixed, each taking an average of 8 hours of down time (4 hours for one worker to rebuild a system, plus 4 hours the computer owner is without a computer to do work) at a rate of $70/hour for wages and benefits:

    1,000 computers * 8 hours * $70/hour = $560,000”

    Info-Tech Insight

    Always consider the financial impact that can occur from an exploited vulnerability that was not remediated.

    3.1.1 Develop risk and remediation action

    90 minutes

    Input: List of remediation options

    Output: List of remediation options sorted into “when to use” and “when to avoid” lists

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT Infrastructure Manager, IT Operations Manager, Corporate Risk Officer, CISO

    It is important to define and document your organization-specific criteria for when a remediation option is appropriate and inappropriate.

    1. List each remediation option on a flip chart and create two headings: “When to use” and “When to avoid.”
    2. Each person will list “when to use” criteria on a green sticky note and “when to avoid” criteria on a red one for each option; these will be placed on the appropriate flip chart.
    3. Discuss as a group which criteria are appropriate and which should be removed.
    4. Move on to the next remediation option when completed.
      • Ensure to include when there are remediation options that will be connected. For example, the risk may be accepted until the next available change window, or a defense-in-depth control is used before a patch can be fully installed.
    5. Once the criteria has been established, document this in the Vulnerability Management SOP Template.
    When to use:
    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching, especially for critical systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.
    When to avoid:
    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it has caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches.
    (Example from the Vulnerability Management SOP Template for Patches.)

    Download the Vulnerability Management SOP Template

    Step 3.2

    Scheduling and executing remediation

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although there are no specific activities for this section, it will walk you through your existing processes configuration and change management to ensure that you are leveraging those activities in your vulnerability remediation actions.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Gained understanding of how IT operations processes configuration and change management can be leveraged for the vulnerability remediation process. Don’t reinvent the wheel!

    Remediate vulnerabilities
    Step 3.1 Step 3.2 Step 3.3

    Implementing the remediation

    Vulnerability management converges with your IT operations functions.
    • Once a remediation strategy has been formulated, you can leverage your release and change management processes to orchestrate the testing, version tracking, scheduling, approval, and implementation activities.
    • Each of these processes should exist in your environment in some form. Leveraging these will engage the IT operations team to carry out their tasks in the remediation process.
    • There can be a partial or full handoff to these processes, however, the owner of the vulnerability management program is responsible for verifying the application of the remediation measure and that the overall risk has been reduced.
    • Although full blueprints exist that cover each of these processes in great detail, the following slides provide an overview of each of these IT operations processes and how they intersect with vulnerability management.
    Stock image of a person on a laptop overlaid by an icon with gears indicating settings.

    Release Management

    Control the quality of deployments and releases of software updates.

    • The release management process exists to ensure that new software releases (such as patches and updates) are properly tested and documented with version control prior to their implementation into the production environment.
    • The process should map out the logistics of the deployment process to ensure that it is consistent and controlled.
    • Testing is an important part of release management and the urgency of a vulnerability remediation operation can expedite this process to ensure minimal delays. Once testing has been completed successfully, the update is then “promoted” to production-ready status and submitted into the change management process.
    • Often a separate release team may not exist, however, release management still occurs.

    For guidance on implementing or improving your release management process, refer to Info-Tech’s Stabilize Release and Deployment Management blueprint or speak to one of our experts.

    Info-Tech Insight

    Many organizations don’t have a separate release team. Rather, whomever is doing the deployment will submit a change request and the testing details are vetted through the organization’s change management process.

    For guidance on the change management process review our Optimize Change Management blueprint.

    Change Management

    Leverage change control, interruption management, approval, and scheduling.
    • Change management likely exists in some shape or form in your organization. There is usually someone or a committee, such as a change advisory board (CAB), that gives approval for a change.
    • Leveraging the change management process will ensure that your vulnerability remediation has undergone the proper review and approval before implementation. There will usually be business sign-off as part of a change management approval process.
    • Communication will also be integrated in the change management process, so the change manager will ensure that appropriate, timely communications are sent to the proper key stakeholders.
    • The change management process will link to release management and configuration management processes if they exist.

    For further guidance on implementing or improving your change management process, refer to Info-Tech’s Optimize Change Management blueprint or speak to one of our experts.

    “With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” (VP IT, Federal Credit Union)

    Post-implementation activities

    Vulnerability remediation isn’t a “set it and forget it” activity.
    • Once vulnerability remediation has occurred, it is imperative that the results are reported back to the vulnerability management program manager. This ensures that the loop is closed and the tracking of the remediation activity is done properly.
      • Organizations that are subject to audit by external entities will understand the importance of such documentation.
    • The results of post-implementation review from the change management process will be of great interest, particularly if there was any deviation from the planned activities.
    • Although change execution will usually undergo some form of testing during the maintenance window, there is always the possibility that something has broken as a result of the software update. Be quick to respond to these types of incidents!
      • One example of an issue that is near impossible to test during a maintenance window is one that manifests only when the system or software comes under load. This is what makes for busy Monday mornings after a weekend change window.
    A scan with your vulnerability management software after remediation can be a way to verify that the overall risk has been reduced, if remediation was done by way of patching/updates.

    Info-Tech Insight

    After every change completion, whether due to vulnerability remediation or not, it is a good idea to ensure that your infrastructure team increases its monitoring diligence and that your service desk is ready for any sudden influx of end-user calls.

    Step 3.3

    Continuous improvement

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although this section has no activities, it will review the process by which you may continually improve vulnerability management.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    An understanding of the importance of ongoing improvements to the vulnerability management program.

    Remediate vulnerabilities
    Step 3.1 Step 3.2 Step 3.3

    Drive continuous improvement

    • Also known as “Continual Improvement” within the ITIL best practice framework.
    • Your vulnerability management program will not be perfect on first launch. In fact, due to the ever-changing nature of vulnerabilities and the technology designed to detect and combat vulnerabilities, the processes within your vulnerability management program will need to be tweaked from time to time.
    • Continuous improvement is a sustained, proactive approach to process improvement. The practice allows for all process participants to observe and suggest incremental improvements that can help improve the overall process.
    • In many cases, continuous improvement can be triggered by changes in the environment. This makes perfect sense for vulnerability management process improvement as a change in the environment will require vulnerability scanning to ensure that such changes have not introduced new vulnerabilities into the environment, increasing your risk surface.
    • One key method to tracking continuous improvement is through the effective use of metrics, covered in Section 4.1 of this blueprint.
    “The success rate for continual improvement efforts is less than 60 percent. A major – if not the biggest – factor affecting the deployment of long-term continual improvement initiatives today is the fundamental change taking place in the way companies manage and execute work.” (Industry analyst at a consulting firm, 2014)

    Continuous Improvement

    Continuously re-evaluate the vulnerability management process.

    As your systems and assets change, your vulnerability management program may need updates in two ways.

    When new assets and systems are introduced:

    • When new systems and assets are introduced, it is important for organizations to recognize how these can affect vulnerability management.
    • It will be necessary to identify the business criticality of the new assets and systems and the sensitivity of the data that can be found on them.
    • Without doing so, these will be considered rogue systems or assets – there is no clear process for assigning urgencies.
    • This will only cause problems as actions may be taken that are not aligned with the organization’s risk management framework.

    Effective systems and asset management are needed to track this. Review Info-Tech’s Implement Systems Management to Improve Availability and Visibility blueprint for more help.

    Document any changes to the vulnerability management program in the Vulnerability Management SOP Template.

    When defense-in-depth capabilities are modified:

    • As you build an effective security program, more controls will be added that can be used to protect the organization.
    • These should be documented and evaluated based on ability to mitigate against vulnerabilities.
    • The defense-in-depth model that was previously established should be updated to include the new capabilities that can be used.
    • Defense-in-depth models are continually evolving as the security landscape evolves, and organizations must be ready for this.

    To assist in building a defense-in-depth model, review Build an Information Security Strategy.

    Implement Risk-Based Vulnerability Management

    Phase 4

    Measure and formalize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • You will determine what ought to be measured to track the success of your vulnerability management program.
    • If you lack a scanning tool this phase will help you determine tool selection.
    • Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • Procurement representatives
    • CISO
    • CIO

    Step 4.1

    Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

    Activities
    • 4.1.1 Measure your program with metrics, KPIs, and CSFs

    This step will walk you through the following activities:

    After a review of the differences between raw metrics, key performance indicators (KPI), and critical success factors (CSF), compile a list of what metrics you will be tracking, why, and the business goals for each.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    Outline of metrics you can configure your vulnerability scanning tool to report on.

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    You can’t manage what you can’t measure

    Metrics provides visibility.

    • Management consultant Peter Drucker introduced the concept of metrics tied to key performance indicators (KPIs), and the concept holds true: without metrics, you lack the visibility to manage or improve a process.
    • Metrics aren’t just a collection of statistics, they have to be meaningful, they have to tell the story, and most importantly, they have to answer the “so what?” question. What is the significance of a metric – do they illustrate a trend or an anomaly? What actions should be carried out when a metric hits a certain threshold?
    • It would be prudent to track several metrics that can be combined to tell the full story. For example, tracking the number of critical vulnerabilities alone does not give a sense of the overall risk to the organization, nor does it offer any information on how quickly they have been remediated or what amount of effort was invested.
    Stock image of measuring tape.

    Metrics, KPIs, and CSFs

    Tracking the right information and making the information relevant.
    • There is often confusion between raw metrics, key performance indicators, and critical success factors.
    • Raw metrics are what is trackable from your systems and processes as a set of measurements without any context. Raw metrics in themselves are useful in telling the story of “what are we doing?”
    • KPIs are the specific metric or combination of metrics that help you track or gauge performance. KPIs tell the story of “how are we doing?” or “how well are we doing?”
    • CSFs are the specific KPIs that track the activities that are absolutely critical to accomplish for the business or business unit to be successful.
    The activity tracker on your wrist is a wealth of metrics, KPIs, and CSFs.

    If you wear an activity tracker, you are likely already familiar with the differences between metrics, key performance indicators, and critical success factors:

    • The raw metrics are your heart rate, step count, hours of sleep, caloric intake, etc.
    • KPIs are the individual goals that you have set: maintain a heart rate within the appropriate range for your age/activity level, achieve a step count goal per day, get x hours of sleep per night, consume a calorie range of y per day, etc.
    • CSFs are your overall goal: increase your cardiovascular capacity, lose weight, feel more energetic, etc.

    Your security systems can be similarly measured and tracked – transfer this skill!

    Tracking relevant information

    Tell the story in the numbers.

    Below are a number of suggested metrics to track, and why.

    Business Goal

    Critical Success Factor

    Key Performance Indicator

    Metric to track

    Minimize overall risk exposure Reduction of overall risk due to vulnerabilities Decrease in vulnerabilities Track the number of vulnerabilities year after year.
    Appropriate allocation of time and resources Proper prioritization of vulnerability mitigation activities Decrease of critical and high vulnerabilities Track the number of high-urgency vulnerabilities.
    Consistent timely remediation of threats to the business Minimize risk when vulnerabilities are detected Remediate vulnerabilities more quickly Mean time to detect: track the average time between the identification to remediation.
    Track effectiveness of scanning tool Minimize the ratio, indicating that the tool sees everything Ratio between known assets and what the scanner tracks Scanner coverage compared to known assets in the organization.
    Having effective tools to track and address Accuracy of the scanning tool Difference or ratio between reported vulnerabilities and verified ones Number of critical or high vulnerabilities verified, between the scanning tool’s criticality rating and actual criticality.
    Reduction of exceptions to ensure minimal exposure Visibility into persistent vulnerabilities and risk mitigation measures Number of exceptions granted Number of vulnerabilities in which little or no remediation action was taken.

    4.1.1 Measure your program with metrics, KPIs, and CSFs

    60 minutes

    Input: List of metrics current being measured by the vulnerability management tool

    Output: List of relevant metrics to track, and the KPIs, CSFs, and business goals related to the metric

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT operations management, CISO

    Metrics can offer a way to view how the organization is dealing with vulnerabilities and if there is improvement.

    1. Determine the high-level vulnerability management goals for the organization.
    2. Even with a formal process in place, the organization should be considering ways it can improve.
    3. Determine metrics that can help quantify those goals and how they can be measured.
    4. Metrics should always be easy to measure. If it’s a complex process to find the information required, it means that it is not a metric that should be used.
    5. Document your list of metrics in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Step 4.2

    Vulnerability Management Policy

    Activities
    • 4.2.1 Update the vulnerability management program policy

    This step will walk you through the following activities:

    If you have a vulnerability management policy, this activity may help augment it. Otherwise, if you don’t have one, this would be a great starting point.

    This step involves the following participants:

    • IT Security Manager
    • CISO
    • CIO
    • Human resources representative

    Outcomes of this step

    An inaugural policy covering vulnerability management

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    Vulnerability Management Program Policy

    Policies provide governance and enforcement of processes.
    • Policies offer formal guidance on the “rules” of a program, describing its purpose, scope, detailed program description, and consequences of non-compliance. Often they will have a employee sign-off acknowledging understanding.
    • In many organizations, policies are endorsed by senior executives, which gives the policy its “teeth” across the company. The human resources department will always have input due to the implications of the non-compliance aspect.
    • Policies are written to ensure an outcome of consistent expected behavior and are often written to protect the company from liability.
    • Policies should be easy to understand and unambiguous, reflect the current state, and be enforceable. Enforceability can come in the form of audit, technology, or any other means of determining compliance and enforcing behavior.
    Stock image of a judge's gavel.

    4.2.1 Update the vulnerability management policy

    60 minutes

    Input: Vulnerability Management SOP, HR guidance on policy creation and approval

    Output: Completed Vulnerability Management Policy

    Materials: Vulnerability Management SOP, Vulnerability Management Policy Template

    Participants: IT Security Manager, IT operations management, CISO, Human resources representative

    After having built your entire process in this project, formalize it into a vulnerability management policy. This will set the standards and expectations for vulnerability management in the organization, while the process will be around the specific actions that need to be taken around vulnerability management.

    This is separate and distinct from the Vulnerability Management SOP Template, which is a process and procedure document.
    1. Review Info-Tech’s Vulnerability Management Policy and customize it to your organization’s specifications.
    2. Use your Vulnerability Management SOP as a resource when specifying some of the details within the policy.
    Sample of Info-Tech's Vulnerability Management Policy Template

    Download the Vulnerability Management Policy Template

    Step 4.3

    Select and implement a scanning tool

    Activities
    • 4.3.1 Create an RFP for vulnerability scanning tools

    This step will walk you through the following activities:

    If you need to select a new vulnerability scanning tool, or replace your existing one, this activity will help set up a request for proposal (RFP).

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    Vulnerability management and penetration testing

    Similar in nature, yet provide different security functions.

    Vulnerability Scanning Tools

    Scanning tools focus on the network and operating systems. These tools look for items such as missing patches or open ports. They won’t detect specific application vulnerabilities.

    Exploitation Tools

    These tools will look to exploit a detected vulnerability to validate it.

    Penetration Tests

    A penetration test simulates the actions of an external or internal cyber attacker that aims to breach the information security of the organization. (Formal definition of penetration test)

    ‹————— What’s the difference again? —————›
    Vulnerability scanning tools are just one type of tool. When you add an exploitation tool to the mix, you move down the spectrum. Penetration tests will use scanning tools, exploitation tools, and people.

    What is the value of each?

    • For vulnerability scans, the person performing the scan provides the value – value comes from the organization itself.
    • For exploitation tools on their own, the value comes from the tool itself being used in a safe environment.
    • For penetration tests, the tester is providing the value. They are the value add.

    What’s the implication for me?

    Info-Tech Recommends:
    • A combination of vulnerability scanning and penetration testing. This will improve your security posture through systematic risk reduction and improve your security program through the testing of prevention, detection, and response capabilities with unique recommendations being generated.
    • Start with as much vulnerability scanning as possible to identify gaps to fix and then move onto a penetration test to do a more robust and validated assessment.
    • For penetration tests, start with a transparent box test first, then move to an opaque box. Ideally, this is done with different third parties.

    Vulnerability scanning software

    All organizations can benefit from having one.

    Scanning tools will benefit areas beyond just vulnerability management

    • Network security: It improves the accuracy and granularity of your network security technologies such as WAFs, NGFWs, IDPS, and SIEM.
    • Asset management: Vulnerability scanning can identify new or unknown assets and provide current status information on assets.
    • System management: Information from a vulnerability scan supports baselining activities and determination of high-value and high-risk assets.

    Vulnerability Detection Use Case

    Most organizations use scanners to identify and assess system vulnerabilities and prioritize efforts.

    Compliance Use Case

    Others will use scanners just for compliance, auditing, or larger GRC reasons.

    Asset Discovery Use Case

    Many organizations will use scanners to perform active host and application identification.

    Scanning Tool Market Trends

    Vulnerability scanning tools have expanded value from conventional checking for vulnerabilities to supporting configuration checking, asset discovery, inventory management, patch management, SSL certificate validation, and malware detection.

    Expect to see network and system vulnerability scanners develop larger vulnerability management functions and develop exploitation tool functionality. This will become a table stakes option enabling organizations to provide higher levels of validation of detected vulnerabilities. Some tools already possess these capabilities:

    • Core Impact is an exploitation tool with vulnerability scanning aspects.
    • Metasploit is an exploitation tool with some new vulnerability scanning aspects.
    • Nessus is mainly a vulnerability scanning tool but has some exploitation aspects.

    Device proliferation (BYOD, IoT, etc.) is increasing the need for stronger vulnerability management and scanners. This is driving the need for numerous device types and platform support and the development of baseline and configuration norms to support system management.

    Increased regulatory or compliance controls are also stipulating the need for vulnerability scanning, especially by a trusted third party.

    Organizations are outsourcing security functions or moving to cloud-based deployment options for any security technology they can. Expect to see massive growth of vulnerability scanning as a service.

    Vulnerability scanning market

    There are several technology types or functional differentiators that divide the market up.

    Vulnerability Exploitation Tools

    • These will actually test defences and better emulate real life than just scanning. These tools include packet manipulation tools (such as hping) and password cracking tools (such as John the Ripper or Cain and Abel).
    • These tools will provide much more granular information on your network, operations systems, and applications.
    • The main limitation of these tools is how to use them. If you do not have development or test environments that mimic your real production environments to run the exploit tools, these tools may not be appropriate. It may work if you can find some downtime on production systems, but only in very specific and careful instances.
    • Lower maturity security programs usually just do network and application vulnerability scanning. Higher maturity programs will also use penetration testing, application testing, and vulnerability exploitation tools.
    • Network vulnerability scanning tools should always be used. Once you identify any servers or ports running web applications, then you run a web application vulnerability scanner.
    • Exploitation tools and application testing tools are used in more specific use cases that are often related to more-demanding security programs.

    Scanning Tool Market Trends

    • These are considered baseline tools and are near commoditization.
    • Vulnerability scanning tools are not granular enough to detect application-level vulnerabilities (thus the need for application scanners and testing tools) and they don’t validate the exploitability of the vulnerability (thus the need for exploit tools).

    Web Application Scanning Tools

    These tools perform dynamic application security testing (DAST) and static application security testing (SAST).

    Application Scanning and Testing Tools

    • These perform a detailed scan against an application to detect any problematic or malicious code and try to break the application using known vulnerabilities.
    • These tools will identify if something is vulnerable to an exploit but won’t actually run the exploit.
    • These tools are evaluated based on their ability to detect application-specific issues and validate them.

    Vulnerability scanning tool features

    Evaluate vulnerability scanning tools on specific features or functions that are the best differentiators.

    Differentiator

    Description

    Deployment Options Do you want a traditional on-premises, cloud-based, or managed service?
    Vulnerability Database Coverage Scanners use a library of known vulnerabilities to test for. Evaluate based on the amount of exploits/vulnerabilities the tool can scan for.
    Scanning Method Evaluate if you want agent-based, authenticated active, unauthenticated active, passive, or some combination of those scanning methods.
    Integration What is the breadth of other security and non-security technologies the tool can integrate with?
    Remediation How detailed are the recommended remediation actions? The more granular, the better.
     

    Differentiator

    Description

    Prioritization Does the tool evaluate vulnerabilities based on commonly accepted methods or through a custom-designed prioritization methodology?
    Platform Support What is the breadth of environment, application, and device support in the tool? Consider your need for virtual support, cloud support, device support, and application-specific support. Also consider how often new scanning modules are supported (e.g. how quickly Windows 10 was supported).
    Pricing As with many security controls that have been around for a long time and are commonly used, pricing becomes a main consideration, especially when there are so many open-source options available.

    Common areas people mistake as tool differentiators:

    • Accuracy – Scanning tools are evaluated more on efficiency than effectiveness. Evaluate on the ability to detect, remediate, and manage vulnerabilities rather than real vulnerability detection and the number of false positives. To reduce false positives, you need to use exploitation tools.
    • Performance – Scanning tools have such a small footprint in an environment and the actual scanning itself is such a small impact that evaluation on performance doesn’t matter.

    For more information on vulnerability scanning tools and how they rate, review the Vulnerability Management category on SoftwareReviews.

    Vulnerability scanning deployment options

    Understand the different deployment options to identify which is best for your security program.

    Option

    Description

    Pros

    Cons

    Use Cases

    On-Premises Either an on-premises appliance or an on-premises virtualized machine that performs external and internal scanning.
    • Small resource need, so limited network impact.
    • Strong internal scanning.
    • Easier integration with other technologies.
    • Network footprint and resource usage.
    • Maintenance and support costs.
    • Most common deployment option.
    • Appropriate if you have cloud concerns or strong internal network scanning, or if you require strong integration with other systems.
    Cloud Either hosted on a public cloud infrastructure or hosted by a third party and offered “as a service.”
    • Small network footprint.
    • On-demand scanning as needed.
    • Optimal external scanning capabilities.
    • Can only do edge-related scanning unless authenticated or agent based.
    • No internal network scanning with passive or unauthenticated active scanning methods.
    • Very limited network resources.
    • Compliance obligations that dictate external vulnerability scanning.
    Managed A third party is contracted to manage and maintain your vulnerability scanner so you can dedicate resources elsewhere.
    • Expert management of environment scanning, optimizing tool usage.
    • Most scanning work time is report customization and tuning and remediation efforts; thus, managed doesn’t provide sizable resource alleviation.
    • Third party has and owns the vulnerability information.
    • Limited staff resources or expertise to maintain and manage scanner.

    Vulnerability scanning methods

    Understand the different scanning methods to identify which tool best supports your needs.

    Method

    Description

    Pros

    Cons

    Use Cases

    Agent-Based Scanning Locally installed software gives the information needed to evaluate the security posture of a device.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Device processing, memory, and network bandwidth impact.
    • Asset without an agent is not scanned.
    • Need for continuous scanning.
    • Organization has strong asset management
    Authenticated Active Scanning Tool uses authenticated credentials to log in to a device or application to perform scanning.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Best accuracy for vulnerability detection across a network.
    • Aggregation and centralization of authenticated credentials creates a major risk.
    • All use cases.
    Unauthenticated Active Scanning Scanning of devices without any authentication.
    • Emulates realistic scan by an attacker.
    • Provides limited scope of scanning.
    • Some compliance use cases.
    • Perform after either agent or authenticated scanning.
    Passive Scanning Scanning of network traffic.
    • Lowest resource impact.
    • Not enough information can be provided for true prioritization and remediation.
    • Augmenting scanning technique to agent or authenticated scanning.

    IP Management and IPv6

    IP management and the ability to manage IPv6 is a new area for scanning tool evaluation.

    Scanning on IPv4

    Scanning tools create databases of systems and devices with IP addresses.
    Info-Tech Recommends:

    • It is easier to do discovery by directing the scanner at a set IP address or range of IP addresses; thus, it’s useful to organize your database by IPs.
    • Do discovery by phases: Start with internet-facing systems. Your perimeter usually is well-defined by IP addresses and system owners and is most open to attack.
    • Stipulate a list of your known IP addresses through the DHCP registration and perform a scan on that.
    • Depending on your IP address space, another option is to scan your entire IP address space.

    Current Problem With IP Addresses

    IP addresses are becoming no longer manageable or even owned by organizations. They are often provided by ISPs or other third parties.

    Even if it is your range, chances are you don't do static IP ranges today.

    Info-Tech Recommends:

    • Agent-based scanning or MAC address-based scanning
    • Use your DHCP for scanning

    Scanning on IPv6

    First, you need to know if your organization is moving to IPv6. IPv6 is not strategically routed yet for most organizations.

    If you are moving to IPv6, Info-Tech recommends the following:

    • Because you cannot point a scanner at an IPv6 IP range, any scanning tool needs to have a strategy around how to handle IPv6 and properly scan based on IP ranges.
    • You need to know IPv4 to IPv6 translations.
    • Evaluate vulnerability scanning tools on whether any IPv6 features are on par with IPv4 features.

    If you are already on IPv6, Info-Tech recommends the following:

    • If you are on an IPv6 native network, it is nearly impossible to scan the network. You have to always scan your known addresses from your DHCP.

    4.3.1 Create an RFP for vulnerability scanning tools

    2 hours

    Input: List of key feature requirements for the new tool, List of intersect points with current software, Network topology and layout of servers and applications

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Vulnerability Scanning Tool RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use a request for proposal (RFP) template to convey your desired scanning tool requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your scanning tool RFP, based on people, process, and technology requirements.
    2. Consider items such as the desired capabilities and the scope of the scanning.
    3. Conduct interviews with relevant stakeholders to determine the exact requirements needed.
    4. Use Info-Tech’s Vulnerability Scanning Tool RFP Template. It lists many requirements but can be customized to your organization’s specific needs.

    Download the Vulnerability Scanning Tool RFP Template

    4.3.1 Create an RFP for vulnerability scanning tools (continued)

    Things to Consider:
    • Ensure there is adequate resource dedication to support and maintenance for vulnerability scanning.
    • Consider if you will benefit from an RFP. If there is a more appropriate option for your need and your organization, consider that instead.
    • If you don’t know the product you want, then perform an RFI.
    • In the RFP, you need to express your driving needs for the tool so the vendor can best understand your use case.
    • Identify who should participate in the RFP creation and evaluation. Make sure they have time available and it does not conflict with other items.
    • Determine if you want to send it to a select few or if you want to send it to a lot of vendors.
    • Determine a response date so you can know who is soliciting your business.
    • You need to have a process to handle questions from vendors.
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Vulnerability Scanning Tool RFP Template

    Step 4.4

    Penetration testing

    Activities
    • 4.1.1 Create an RFP for penetration tests

    This step will walk you through the following activities:

    We will review penetration testing, its distinction from vulnerability management, and why you may want to engage a penetration testing service.

    We provide a request for proposal (RFP) template that we can review if this is an area of interest.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    Penetration testing

    Penetration tests are critical parts of any strong security program.

    Penetration testing will emulate the methods an attacker would use in the real world to circumvent your security controls and gain access to systems and data.

    Penetration testing is much more than just running a scanner or other automated tools and then generating a report. Penetration testing performs critical exploit validation to create certainty around your vulnerability.

    The primary objective of a penetration test is to identify and validate security weaknesses in an organization’s security systems.

    Reasons to Test:

    • Assess current security control effectiveness
    • Develop an action plan of items
    • Build a business case for a better security program
    • Increased security budget through vulnerability validation
    • Third-party, unbiased validation
    • Adhere to compliance or regulatory requirements
    • Raise security awareness
    • Demonstrate how an attacker can escalate privileges
    • Effective way to test incident response

    Regulatory Considerations:

    • There is a lot of regulatory wording saying that organizations can’t get a system that is managed, integrated, and supported by one vendor and then have it tested by the same vendor.
    • There is the need for separate third-party testing.
    • Penetration testing is required for PCI, cloud providers, and federal entities.

    How and where is the value being generated?

    Penetration testing is a service provided by trained and tested professionals with years of experience. The person behind the test is the most important part of the test. The person is able to emulate a real-life attacker better than any computer. It is just a vulnerability scan if you use tools or executables alone.

    “A penetration test is an audit with validation.” (Joel Shapiro, Vice President Sales, Digital Boundary Group)

    Start by considering the spectrum of penetration tests

    Network Penetration Tests

    Conventional testing of network defences.

    Testing vectors include:

    • Perimeter infrastructure
    • Wireless, WEP/WPA cracking
    • Cloud penetration testing
    • Telephony systems or VoIP
    Types of tests:
    • Denial-of-service testing
    • Out-of-band attacks
    • War dialing
    • Wireless network testing/war driving
    • Spoofing
    • Trojan attacks
    • Brute force attacks
    • Watering hole attacks
    • Honeypots
    • Cloud-penetration testing
    Application Penetration Tests

    Core business functions are now being provided through web applications, either to external customers or to internal end users.

    Types: Web apps, non-web apps, mobile apps

    Application penetration and security testing encompasses:

    • Code review – analyzing the application code for sensitive information of vulnerabilities in the code.
    • Authorization testing – testing systems responsible for user session management to see if unauthorized access can be permitted.
    • Authentication process for user testing.
    • Functionality testing – test the application functionality itself.
    • Website pen testing – active analysis of weaknesses or vulnerabilities.
    • Encryption testing – testing things like randomness or key strength.
    • User-session integrity testing.
    Human-Centric Testing
    • Penetration testing is developing a people aspect as opposed to just being technology focused.
    • End users and their susceptibility to social engineering attacks (spear phishing, phone calls, physical site testing, etc.) is now a common area to test.
    • Social engineering penetration testing is not only about identifying your human vulnerabilities, but also about proactively training your end users. As well as discovering and fixing potential vulnerabilities, social engineering penetration testing will help to raise security awareness within an organization.

    Info-Tech Insight

    Your pen test should use multiple methods. Demonstrating weakness in one area is good but easy to identify. When you blend techniques, you get better success at breaching and it becomes more life-like. Think about prevention, detection, and response testing to provide full insight into your security defenses.

    Penetration testing types

    Evaluate four variables to determine which type of penetration test is most appropriate for your organization.

    Evaluate these dimensions to determine relevant penetration testing.

    Network, Application, or Human

    Evaluate your need to perform different types of penetration testing.

    Some level of network and application testing is most likely appropriate.

    The more common decision point is to consider to what degree your organization requires human-centric penetration testing.

    External or Internal

    External: Attacking an organization’s perimeter and internet-facing systems. For these, you generally provide some level of information to the tester. The test will begin with publicly available information gathering followed by some kind of network scanning or probing against externally visible servers or devices (DNS server, email server, web server, firewall, etc.)

    Internal: Carried out within the organization’s network. This emulates an attack originating from an internal point (disgruntled employee, authorized user, etc.). The idea is to see what could happen if the perimeter is breached.

    Transparent, Semi-Transparent, or Opaque Box

    Opaque Box: The penetration tester is not provided any information. This emulates a real-life attack. Test team uses publicly available information (corporate website, DNS, USENET, etc.) to start the test. These tests are more time consuming and expensive. They often result in exploitation of the easiest vulnerability.
    Use cases: emulating a real-life attack; testing detection and response capabilities; limited network segmentation.

    Transparent Box: Tester is provided full disclosure of information. The tester will have access to everything they need: building floor plans, data flow designs, network topology, etc. This represents what a credentialed and knowledgeable insider would do.
    Use cases: full assessment of security controls; testing of attacker traversal capabilities.

    Aggressiveness of the Test

    Not Aggressive: Very slow and careful penetration testing. Usually spread out in terms of packets being sent and number of calls to individuals. It attempts to not set off any alarm bells.

    Aggressive: A full DoS attack or something similar. These would be DoS attacks that take down systems or full SQL injection attacks all at once versus small injections over time. Testing options cover anything including physical tests, network tests, social engineering, and data extraction and exfiltration. This is more costly and time consuming.

    Assessing Aggressiveness: How aggressive the test should be is based on the threats you are concerned with. Assess who you are concerned with: random individuals on the internet, state-sponsored attacks, criminals, hacktivists, etc. Who you are concerned with will determine the appropriate aggressiveness of the test.

    Penetration testing scope

    Establish the scope of your penetration test before engaging vendors.

    Determining the scope of what is being tested is the most important part of a penetration test. Organizations need to be as specific as possible so the vendor can actually respond or ask questions.

    Organizations need to define boundaries, objectives, and key success factors.

    For scope:
    • If you go too narrow, the realism of the test suffers.
    • If you go too broad, it is more costly and there’s a possible increase in false positives.
    • Balance scope vs. budget.
    Boundaries to scope before a test:
    • IP addresses
    • URLs
    • Applications
    • Who is in scope for social engineering
    • Physical access from roof to dumpsters defined
    • Scope prioritized for high-value assets
    Objectives and key success factors to scope:
    • When is the test complete? Is it at the point of validated exploitation?
    • Are you looking for as many holes as possible, or are you looking for how many ways each hole can be exploited?

    What would be out of scope?

    • Are there systems, IP addresses, or other things you want out of scope? These are things you don’t explicitly want any penetration tester to touch.
    • Are there third-party connections to your environment that you don’t want to be tested? These are instances such as cloud providers, supply chain connections, and various services.
    • Are there things that would be awkward to test? For example, determine if you include high-level people in a social engineering test. Do you conduct social engineering for the CEO? If you get their credentials, it could be an awkward moment.

    Ways to break up a penetration test:

    • Location – This is the most common way to break up a penetration test.
    • Division – Self-contained business units are often done as separate tests so you can see how each unit does.
    • IT systems – For example, you put certain security controls in a firewall and want to test its effectiveness.
    • Applications – For example, you are launching a new website or a new portal and you want to test it.

    Penetration testing appropriateness

    Determine your penetration testing appropriateness.

    Usual instances to conduct a penetration test:
    • Setting up a new physical office. Penetration testing will not only test security capabilities but also resource availability and map out network flows.
    • New infrastructure hardware implemented. All new infrastructure needs to be tested.
    • Changes or upgrades to existing infrastructure. Need for testing varies depending on the size of the change.
    • New application deployment. Need to test before being pushed to production environments.
    • Changes or upgrades to existing applications. When fundamental functional changes occur, perform testing:
      • Before upgrades or patching
      • After upgrades or patching
    • Periodic testing. It is a best practice to periodically test your security control effectiveness. Consider at least an annual test.

    Specific timing considerations: Testing should be completed during non-production times of day. Testing should be completed after a backup has been performed.

    Assess your threats to determine your appropriate test type:

    Penetration testing is about what threats you are concerned about. Understand your risk profile, risk tolerance level, and specific threats to see how relevant penetration tests are.

    • Are external attackers concerning to you? Are you distressed about how an attacker can use brute force to enter your network? If so, focus on ingress points, such as FWs, routers, and DMZ.
    • Is social engineering a concern for you (i.e. phone-based or email-based)? Then you are concerned about a credentialed hacker.
    • Is it an insider threat, a disgruntled employee, etc.? This also includes an internal system that is under command and control (C&C).

    ANALYST PERSPECTIVE: Do a test only after you take a first pass.
    If you have not done some level of vulnerability assessment on your own (performing a scan, checking third-party sources, etc.) don’t waste your money on a penetration test. Only perform a penetration test after you have done a first pass and identified and remediated all the low-hanging fruit.

    4.4.1 Create an RFP for penetration tests

    2 hours

    Input: List of criteria and scope for the penetration test, Systems and application information if white box

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Penetration Test RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use an RFP template to convey your desired penetration test requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your penetration test RFP based on people, process, and technology requirements.
      • Consider items such as your technology environment and the scope of the penetration tests.
    2. Conduct an interview with relevant stakeholders to determine the exact requirements needed.
    3. Use Info-Tech’s Penetration Test RFP Template, which lists many requirements but can be customized to your organization’s specific needs.

    Download the Penetration Test RFP Template

    4.4.1 Create an RFP for penetration tests (continued)

    Steps of a penetration test:
    1. Determine scope
    2. Gather targeted intelligence
    3. Review exploit attempts, such as access and escalation
    4. Test the collection of sensitive data
    5. Run reporting
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Penetration Test RFP Template

    Penetration testing considerations – service providers

    Consider what type of penetration testing service provider is best for your organization

    Professional Service Providers

    Professional Services Firms. These firms will often provide a myriad of professional services across auditing, financial, and consulting services. If they offer security-related consulting services, they will most likely offer some level of penetration testing.

    Security Service Firms. These are dedicated security consulting or advisory firms that will offer a wide spectrum of security-related services. Penetration testing may be one aspect of larger security assessments and strategy development services.

    Dedicated Penetration Testing Firms. These are service providers that will often offer the full gamut of penetration testing services.

    Integrators

    Managed Security Service Providers. These providers will offer penetration testing. For example, Dell SecureWorks offers numerous services including penetration testing. For organizations like this, you need to be skeptical of ulterior motives. For example, expect recommendations around outsourcing from Dell SecureWorks.

    Regional or Small Integrators. These are service providers that provide security services of some kind. For example, they would help in the implementation of a firewall and offer penetration testing services as well.

    Info-Tech Recommends:

    • Always be conscientious of who is conducting the testing and what else they offer. Even if you get another party to test rather than your technology provider, they will try to obtain you as a client. Remember that for larger technology vendors, security testing is a small revenue stream for them and it’s a way to find technology clients. They may offer penetration testing for free to obtain other business.
    • Most of the penetration testers were systems administrators (for network testing) or application developers (for application testing) at some point before becoming penetration testers. Remember this when evaluating providers and evaluating remediation recommendations.
    • Evaluate what kind of open-source tools, commercial tools, and proprietary tools are being used. In general, you don’t want to rely on an open-source scanner. For open source, they will have more outdated vulnerability databases, system identification can also be limited compared to commercial, and reporting is often lacking.
    • Above all else, ensure your testers are legally capable, experienced, and abide by non-disclosure agreements.

    Penetration testing best practices – communications

    Communication With Service Provider

    • During testing there should be designated points of contact between the service provider and the client.
    • There needs to be secure channels for communication of information between the tester and the client both during the test and for any results.
    • Results should always be explained to the client by the tester, regardless of the content or audience.
    • There should be a formal debrief with the results report.
    Immediate reporting of issues
    • Before any testing commences, immediate reporting conditions need to be defined. These are instances when you would want immediate notification of something occurring.
    • Stipulate certain systems or data types that if broken into or compromised, you would want to be notified right away.
    • Example:
      • If you are conducting social engineering, require notification for all account credentials that are compromised. Once credentials are compromised, it destroys all accountability for those credentials and the actions associated with those credentials by any user.
      • Require immediate reporting of specific high-critical systems that are compromised or if access is even found.
      • Require immediate reporting when regulated data is discovered or compromised in any way.

    Communication With Internal Staff

    Do you tell your internal staff that this is happening?

    This is sometimes called a “double blind test” when you don’t let your IT team know of the test occurring.

    Pros to notifying:
    • This tests the organization’s security monitoring, incident detection, and response capabilities.
    • Letting the team know they are going to see some activity will make sure they don’t get too worried about it.
    • There may be systems you can’t jeopardize but still need to test so notification beforehand is essential (e.g. you wouldn’t allow ERP testing with notification).
    Cons:
    • It does not give you a real-life example of how you respond if something happens.
    • Potential element of disrespect to IT people.

    Penetration testing best practices – results and remediation

    What to expect from penetration test results report:

    A final results report will state all findings including what was done by the testers, what vulnerabilities or exploitations were detected, how they were compromised, the related risk, and related remediation recommendations.

    Expect four major sections:
    • Introduction. An overview of the penetration test methodology including rating methodology of vulnerabilities.
    • Executive Summary. A management-level description of the test, often including a summary of any recommendations.
    • Technical Review. An overview of each item that was looked at and touched. This area breaks down what was done, how it was done, what was found, and any related remediation recommendations. Expect graphs and visuals in this section.
    • Detailed Findings. An in-depth breakdown of all testing methods used and results. Each vulnerability will be explained regarding how it was detected, what the risk is, and what the remediation recommendation is.
    Two areas that will vary by service provider:

    Prioritization

    • Most providers will boast their unique prioritization methodology.
    • A high, medium, and low rating scale based on some combination of variables (e.g. ease of exploitation, breadth of hole, information accessed resulting in further exploitation).
    • The prioritization won’t take into account asset value or criticality.
    • Keep in mind the penetration test is not an input into ultimate vulnerability prioritization, but it can help determine your urgency.

    Remediation

    • Remediation recommendations will vary across providers.
    • Generally, fairly generic recommendations are provided (e.g. remove your old telnet and input up-to-date SSH).
    • Most of the time, it is along the lines of “we found a hole; close the hole.”

    Summary of Accomplishment

    Problem Solved

    At the conclusion of this blueprint, you will have created a full vulnerability management program that will allow you to take a risk-based approach to vulnerability remediation.

    Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.

    The risk-based approach will allow you to prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities while allowing your standard remediation cycle to address the medium to low vulnerabilities.

    With your program defined and developed, you now need to configure your vulnerability scanning tool or acquire one if you don’t already have a tool in place.

    Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Photo of Jimmy Tom.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of the Implement Vulnerability Management storyboard.
    Review of the Implement Vulnerability Management storyboard
    Sample of the Vulnerability Mitigation SOP template.
    Build your vulnerability management SOP

    Contributors

    Contributors from 2016 version of this project:

    • Morey Haber, Vice President of Technology, BeyondTrust
    • Richard Barretto, Manager, Information Privacy and Security, Cimpress
    • Joel Shapiro, Vice President Sales, Digital Boundary Group

    Contributors from current version of this project:

    • 2 anonymous contributors from the manufacturing sector
    • 1 anonymous contributor from a US government agency
    • 2 anonymous contributors from the financial sector
    • 1 anonymous contributor from the medical technology industry
    • 2 anonymous contributors from higher education
    • 1 anonymous contributor from a Canadian government agency
    • 7 anonymous others; information gathered from advisory calls

    Bibliography

    Arya. “COVID-19 Impact: Vulnerability Management Solution Market | Strategic Industry Evolutionary Analysis Focus on Leading Key Players and Revenue Growth Analysis by Forecast To 2028 – FireMon, Digital Shadows, AlienVault.” Bulletin Line, 6 Aug. 2020. Accessed 6 Aug. 2020.

    Campagna, Rich. “The Lean, Mean Vulnerability Management Machine.” Security Boulevard, 31 Mar. 2020. Accessed 15 Aug. 2020.

    Constantin, Lucian. “What are vulnerability scanners and how do they work?” CSO Online, 10 Apr. 2020. Accessed 1 Sept. 2020.

    “CVE security vulnerabilities published in 2019.” CVE Details. Accessed 22 Sept. 2020.

    Garden, Paul, et al. “2019 Year End Report – Vulnerability QuickView.” Risk Based Security, 2020. Accessed 22 Sept. 2020.

    Keary, Eoin. “2019 Vulnerability Statistics Report.” Edgescan, Feb. 2019. Accessed 22 Sept. 2020.

    Lefkowitz, Josh. ““Risk-Based Vulnerability Management is a Must for Security & Compliance.” SecurityWeek, 1 July 2019. Accessed 1 Nov. 2020.

    Mell, Peter, Tiffany Bergeron, and David Henning. “Creating a Patch and Vulnerability Management Program.” Creating a Patch and Vulnerability Management Program. NIST, Nov. 2005. Web.

    “National Vulnerability Database.” NIST. Accessed 18 Oct. 2020.

    “OpenVAS – Open Vulnerability Assessment Scanner.” OpenVAS. Accessed 14 Sept. 2020.

    “OVAL.” OVAL. Accessed 21 Oct. 2020.

    Paganini, Pierluigi. “Exploiting and Verifying Shellshock: CVE-2014-6271.” INFOSEC, 27 Sept. 2014. Web.

    Pritha. “Top 10 Metrics for your Vulnerability Management Program.” CISO Platform, 28 Nov. 2019. Accessed 25 Oct. 2020.

    “Risk-Based Vulnerability Management: Understanding Vulnerability Risk With Threat Context And Business Impact.” Tenable. Accessed 21 Oct. 2020.

    Stone, Mark. “Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away.” SecurityIntelligence, 6 Aug. 2020. Web.

    “The Role of Threat Intelligence in Vulnerability Management.” NOPSEC, 18 Sept. 2014. Accessed 18 Aug. 2020.

    “Top 15 Paid and Free Vulnerability Scanner Tools in 2020.” DNSstuff, 6 Jan. 2020. Accessed 15 Sept. 2020.

    Truta, Filip. “60% of Breaches in 2019 Involved Unpatched Vulnerabilities.” Security Boulevard, 31 Oct. 2019. Accessed 2 Nov. 2020.

    “Vulnerability Management Program.” Core Security. Accessed 15 Sept. 2020.

    “What is Risk-Based Vulnerability Management?” Balbix. Accessed 15 Sept. 2020.

    White, Monica. “The Cost Savings of Effective Vulnerability Management (Part 1).” Kenna Security, 23 April 2020. Accessed 20 Sept. 2020.

    Wilczek, Marc. “Average Cost of a Data Breach in 2020: $3.86M.” Dark Reading, 24 Aug. 2020. Accessed 5 Nov 2020.

    Ransomware Cyber Attack. The real Disaster Recovery Scenario

    Cyber-ransomware criminals need to make sure that you cannot simply recover your encrypted data via your backups. They must make it look like paying is your only option. And if you do not have a strategy that takes this into account, unfortunately, you may be up the creek without a paddle. because how do they make their case? Bylooking for ways to infect your backups, way before you find out you have been compromised. 

    That means your standard disaster recovery scenarios provide insufficient protection against this type of event. You need to think beyond DRP and give consideration to what John Beattie and Michael Shandrowski call "Cyber Incident Recovery Risk management" (CIR-RM).  

    incident, incident management, cybersecurity, cyber, disaster recovery, drp, business continuity, bcm, recovery

    Register to read more …

    Refine Your Estimation Practices With Top-Down Allocations

    • Buy Link or Shortcode: {j2store}434|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • As a portfolio manager, you’re expected to size projects for approval and intake before they have sufficient definition.
    • The consequences of initial sizing are felt throughout the project lifecycle.

    Our Advice

    Critical Insight

    • Your organization lacks strong organizational memory upon which assumptions and estimates can be made.
    • Definition is at a minimum not validated, untested, and is likely incomplete. It has the potential to be dangerously misleading.

    Impact and Result

    • Build project history and make more educated estimates – Projects usually start with a “ROM” or t-shirt size estimate, but if your estimates are consistently off, then it’s time to shift the scale.
    • Plan ahead – Projects face risks; similar projects face similar risks. Provide sponsors with estimates that account for as many risks as possible, so that if something goes wrong you have a plan to make it right.
    • Store and strengthen organizational memory – Each project is rich with lessons that can inform your next project to make it more effective and efficient, and ultimately help to avoid committing the same failures over and over again. Develop a process to catalogue project history and all of the failures and successes associated with those projects.

    Refine Your Estimation Practices With Top-Down Allocations Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should improve your estimation practices, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build organizational memory to inform early estimates

    Analyze your project history to identify and fill gaps in your estimation practices.

    • Refine Your Estimation Practices With Top-Down Allocations – Phase 1: Build Organizational Memory to Inform Early Estimations
    • PMO Organizational Memory Tool
    • T-Shirt Sizing Health Check Lite
    • Project Estimation Playbook

    2. Develop and refine a reliable estimate with top-down allocations

    Allocate time across project phases to validate and refine estimates and estimate assumptions.

    • Refine Your Estimation Practices With Top-Down Allocations – Phase 2: Develop and Refine a Reliable Estimate With Top-Down Allocations
    • Planning-Level Estimate Calculator

    3. Implement a new estimation process

    Implement a lessons learned process to provide transparency to your sponsors and confidence to your teams.

    • Refine Your Estimation Practices With Top-Down Allocations – Phase 3: Implement a New Estimation Process
    • Project Lessons Learned Template
    [infographic]

    Workshop: Refine Your Estimation Practices With Top-Down Allocations

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Develop the Foundations of Organizational Memory

    The Purpose

    Track key performance indicators on past projects to inform goals for future projects.

    Key Benefits Achieved

    Developed Project History List.

    Refined starting estimates that can be adjusted accurately from project to project.

    Activities

    1.1 Build project history.

    1.2 Analyze estimation capabilities.

    1.3 Identify estimation goals.

    Outputs

    Project History List

    T-Shirt Sizing Health Check

    Estimate Tracking Plan

    2 Define a Requirements Gathering Process

    The Purpose

    Outline the common attributes required to complete projects.

    Identify the commonly forgotten attributes to ensure comprehensive scoping early on.

    Key Benefits Achieved

    Refined initial estimate based on high-level insights into work required and resources available.

    Activities

    2.1 Develop a list of in-scope project attributes.

    2.2 Identify leadership priorities for deliverables and attributes.

    2.3 Track team and skill responsibilities for attributes.

    Outputs

    Identified list or store of past project attributes and costs

    Attribute List and Estimated Cost

    Required Skills List

    3 Build an Estimation Process

    The Purpose

    Set clear processes for tracking the health of your estimate to ensure it is always as accurate as possible.

    Define check-in points to evaluate risks and challenges to the project and identify trigger conditions.

    Key Benefits Achieved

    An estimation process rooted in organizational memory and lessons learned.

    Project estimates that are consistently reevaluated to predict and correct challenges before they can drastically affect your projects.

    Activities

    3.1 Determine Milestone Check-In Points.

    3.2 Develop Lessons Learned Meeting Agendas.

    3.3 Identify common risks and past lessons learned.

    3.4 Develop contingency tracking capabilities.

    Outputs

    Project Lessons Learned Template

    Historic Risks and Lessons Learned Master Template

    Contingency Reserve and Risk Registers

    4 Improve Business Alignment With Your Estimation Plan

    The Purpose

    Bridge the gap between death march projects and bloated and uncertain estimates by communicating expectations and assumptions clearly to your sponsors.

    Key Benefits Achieved

    Clear estimation criteria and assumptions aligned with business priorities.

    Post-mortem discussion items crucial to improving project history knowledge for next time.

    Activities

    4.1 Identify leadership risk priorities.

    4.2 Develop IT business alignment.

    4.3 Develop hand-off procedures and milestone approval methods.

    4.4 Create a list of post-mortem priorities.

    Outputs

    Estimation Quotation

    Risk Priority Rankings

    Hand-Off Procedures

    Post-mortem agenda planning

    Incident Management for Small Enterprise

    • Buy Link or Shortcode: {j2store}482|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $6,531 Average $ Saved
    • member rating average days saved: 3 Average Days Saved
    • Parent Category Name: Incident & Problem Management
    • Parent Category Link: /incident-and-problem-management
    • Technical debt and disparate systems are big constraints for most small enterprise (SE) organizations. What may have worked years ago is no longer fit for purpose or the business is growing faster than the current tools in place can handle.
    • Super specialization of knowledge is also a common factor in smaller teams caused by complex architectures. While helpful, if that knowledge isn’t documented it can walk out the door with the resource and the rest of the team is left scrambling.
    • Lessons learned may be gathered for critical incidents but often are not propagated, which impacts the ability to solve recurring incidents.
    • Over time, repeated incidents can have a negative impact on the customer’s perception that the service desk is a credible and essential service to the business.

    Our Advice

    Critical Insight

    • Go beyond the blind adoption of best-practice frameworks. No simple formula exists for improving incident management maturity. Identify the challenges in your incident lifecycle and draw on best-practice frameworks pragmatically to build a structured response to those challenges.
    • Track, analyze, and review results of incident response regularly. Without a comprehensive understanding of incident trends and patterns you can be susceptible to recurring incidents that increase in damage over time. Make the case for problem management, and successfully reduce the volume of unplanned work by scheduling it into regular IT activity.
    • Recurring incidents will happen; use runbooks for a consistent response each time. Save your organization response time and confusion by developing your own specific incident use cases. Incident response should follow a standard process, but each incident will have its own escalation process or call tree that identifies key participants.

    Impact and Result

    • Effective and efficient management of incidents involves a formal process of identifying, classifying, categorizing, responding, resolving, and closing of each incident. The key for smaller organizations, where technology or resources is a constraint, is to make the best practices usable for your unique environment.
    • Develop a plan that aligns with your organizational needs, and adapt best practices into light, sustainable processes, with the goal to improve time to resolve, cost to serve, and ultimately, end-user satisfaction.
    • Successful implementation of incident management will elevate the maturity of the service desk to a controlled state, preparing you for becoming proactive with problem management.

    Incident Management for Small Enterprise Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement incident management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and log incidents

    This phase will provide an overview of the incident lifecycle and an activity on how to classify the various types of incidents in your environment.

    • Service Desk Standard Operating Procedure
    • Incident Management Workflow Library (Visio)
    • Incident Management Workflow Library (PDF)

    2. Prioritize and define SLAs

    This phase will help you develop a categorization scheme for incident handling that ensures success and keeps it simple. It will also help you identify the most important runbooks necessary to create first.

    • Service Desk Ticket Categorization Schemes
    • IT Incident Runbook Prioritization Tool
    • IT Incident Management Runbook Blank Template

    3. Respond, recover, and close incidents

    This phase will help you identify how to use a knowledgebase to resolve incidents quicker. Identify what needs to be answered during a post-incident review and identify the criteria needed to invoke problem management.

    • Knowledgebase Article Template
    • Root-Cause Analysis Template
    • Post-Incident Review Questions Tracking Tool
    [infographic]

    Workshop: Incident Management for Small Enterprise

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Current State

    The Purpose

    Assess the current state of the incident management lifecycle within the organization.

    Key Benefits Achieved

    Understand the incident lifecycle and how to classify them in your environment.

    Identify the roles and responsibilities of the incident response team.

    Document the incident workflows to identify areas of opportunities.

    Activities

    1.1 Outline your incident lifecycle challenges.

    1.2 Identify and classify incidents.

    1.3 Identify roles and responsibilities for incident handling.

    1.4 Design normal and critical incident workflows for target state.

    Outputs

    List of incident challenges for each phase of the incident lifecycle

    Incident classification scheme mapped to resolution team

    RACI chart

    Incident Workflow Library

    2 Define the Target State

    The Purpose

    Design or improve upon current incident and ticket categorization schemes, priority, and impact.

    Key Benefits Achieved

    List of the most important runbooks necessary to create first and a usable template to go forward with

    Activities

    2.1 Improve incident categorization scheme.

    2.2 Prioritize and define SLAs.

    2.3 Understand the purpose of runbooks and prioritize development.

    2.4 Develop a runbook template.

    Outputs

    Revised ticket categorization scheme

    Prioritization matrix based on impact and urgency

    IT Incident Runbook Prioritization Tool

    Top priority incident runbook

    3 Bridge the Gap

    The Purpose

    Respond, recover, and close incidents with root-cause analysis, knowledgebase, and incident runbooks.

    Key Benefits Achieved

    This module will help you to identify how to use a knowledgebase to resolve quicker.

    Identify what needs to be answered during a post-incident review.

    Identify criteria to invoke problem management.

    Activities

    3.1 Build a targeted knowledgebase.

    3.2 Build a post-incident review process.

    3.3 Identify metrics to track success.

    3.4 Build an incident matching process.

    Outputs

    Working knowledgebase template

    Root-cause analysis template and post-incident review checklist

    List of metrics

    Develop criteria for problem management

    Establish a Communication and Collaboration System Strategy

    • Buy Link or Shortcode: {j2store}293|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $6,459 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications
    • Communication and collaboration portfolios are overburdened with redundant and overlapping services. Between Office 365, Slack, Jabber, and WebEx, IT is supporting a collection of redundant apps. This redundancy takes a toll on IT, and on the user.
    • Shadow IT is easier than ever, and cheap sharing tools are viral. Users are literally carrying around computers in their pockets (in the form of smartphones). IT often has no visibility into how these devices – and the applications on them – are used for work.

    Our Advice

    Critical Insight

    • You don’t know what you don’t know. Unstructured conversations with users will uncover insights.
    • Security is meaningless without usability. If security controls make a tool unusable, then users will rush to adopt something that’s free and easy.
    • Training users on a new tool once isn’t effective. Engage with users throughout the collaboration tool’s lifecycle.

    Impact and Result

    • Few supported apps and fewer unsupported apps. This will occur by ensuring that your collaboration tools will be useful to and used by users. Give users a say through surveys, focus groups, and job shadowing.
    • Lower total cost of ownership and greater productivity. Having fewer apps in the workplace, and better utilizing the functionality of those apps, will mean that IT can be much more efficient at managing your ECS.
    • Higher end-user satisfaction. Tools will be better suited to users’ needs, and users will feel heard by IT.

    Establish a Communication and Collaboration System Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a new approach to communication and collaboration apps, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a shared vision on the future of communication and collaboration

    Identify and validate goals and collaboration tools that are used by your users, and the collaboration capabilities that must be supported by your desired ECS.

    • Establish a Communication and Collaboration System Strategy – Phase 1: Create a Shared Vision on the Future of Communication and Collaboration
    • Enterprise Collaboration Strategy Template
    • Building Company Communication and Collaboration Technology Improvement Plan Executive Presentation
    • Communications Infrastructure Stakeholder Focus Group Guide
    • Enterprise Communication and Collaboration System Business Requirements Document

    2. Map a path forward

    Map a path forward by creating a collaboration capability map and documenting your ECS requirements.

    • Establish a Communication and Collaboration System Strategy – Phase 2: Map a Path Forward
    • Collaboration Capability Map

    3. Build an IT and end-user engagement plan

    Effectively engage everyone to ensure the adoption of your new ECS. Engagement is crucial to the overall success of your project.

    • Establish a Communication and Collaboration System Strategy – Phase 3: Proselytize the Change
    • Collaboration Business Analyst
    • Building Company Exemplar Collaboration Marketing One-Pager Materials
    • Communication and Collaboration Strategy Communication Plan
    [infographic]

    Workshop: Establish a Communication and Collaboration System Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify What Needs to Change

    The Purpose

    Create a vision for the future of your ECS.

    Key Benefits Achieved

    Validate and bolster your strategy by involving your end users.

    Activities

    1.1 Prioritize Components of Your ECS Strategy to Improve

    1.2 Create a Plan to Gather Requirements From End Users

    1.3 Brainstorm the Collaboration Services That Are Used by Your Users

    1.4 Focus Group

    Outputs

    Defined vision and mission statements

    Principles for your ECS

    ECS goals

    End-user engagement plan

    Focus group results

    ECS executive presentation

    ECS strategy

    2 Map Out the Change

    The Purpose

    Streamline your collaboration service portfolio.

    Key Benefits Achieved

    Documented the business requirements for your collaboration services.

    Reduced the number of supported tools.

    Increased the effectiveness of training and enhancements.

    Activities

    2.1 Create a Current-State Collaboration Capability Map

    2.2 Build a Roadmap for Desired Changes

    2.3 Create a Future-State Capability Map

    2.4 Identify Business Requirements

    2.5 Identify Use Requirements and User Processes

    2.6 Document Non-Functional Requirements

    2.7 Document Functional Requirements

    2.8 Build a Risk Register

    Outputs

    Current-state collaboration capability map

    ECS roadmap

    Future-state collaboration capability map

    ECS business requirements document

    3 Proselytize the Change

    The Purpose

    Ensure the system is supported effectively by IT and adopted widely by end users.

    Key Benefits Achieved

    Unlock the potential of your ECS.

    Stay on top of security and industry good practices.

    Greater end-user awareness and adoption.

    Activities

    3.1 Develop an IT Training Plan

    3.2 Develop a Communications Plan

    3.3 Create Initial Marketing Material

    Outputs

    IT training plan

    Communications plan

    App marketing one-pagers

    Create a Service Management Roadmap

    • Buy Link or Shortcode: {j2store}394|cart{/j2store}
    • member rating overall impact: 8.9/10 Overall Impact
    • member rating average dollars saved: $71,003 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • Inconsistent adoption of holistic practices has led to a chaotic service delivery model that results in poor customer satisfaction.
    • There is little structure, formalization, or standardization in the way IT services are designed and managed, leading to diminishing service quality and low business satisfaction.

    Our Advice

    Critical Insight

    • Having effective service management practices in place will allow you to pursue activities, such as innovation, and drive the business forward.
    • Addressing foundational elements like business alignment and management practices will enable you to build effective core practices that deliver business value.
    • Providing consistent leadership support and engagement is essential to allow practitioners to focus on delivering expected outcomes.

    Impact and Result

    • Understand the foundational and core elements that allow you to build a successful service management practice focused on outcomes.
    • Use Info-Tech’s advice and tools to perform an assessment of your organization’s current state, identify the gaps, and create a roadmap for success.
    • Increase business and customer satisfaction by delivering services focused on creating business value.

    Create a Service Management Roadmap Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why many service management maturity projects fail to address foundational and core elements, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the project

    Kick-off the project and complete the project charter.

    • Create a Service Management Roadmap – Phase 1: Launch Project
    • Service Management Roadmap Project Charter

    2. Assess the current state

    Determine the current state for service management practices.

    • Create a Service Management Roadmap – Phase 2: Assess the Current State
    • Service Management Maturity Assessment Tool
    • Organizational Change Management Capability Assessment Tool
    • Service Management Roadmap Presentation Template

    3. Build the roadmap

    Build your roadmap with identified initiatives.

    • Create a Service Management Roadmap – Phase 3: Identify the Target State

    4. Build the communication slide

    Create the communication slide that demonstrates how things will change, both short and long term.

    • Create a Service Management Roadmap – Phase 4: Build the Roadmap
    [infographic]

    Workshop: Create a Service Management Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Service Management

    The Purpose

    Understand service management.

    Key Benefits Achieved

    Gain a common understanding of service management, the forces that impact your roadmap, and the Info-Tech Service Management Maturity Model.

    Activities

    1.1 Understand service management.

    1.2 Build a compelling vision and mission.

    Outputs

    Constraints and enablers chart

    Service management vision, mission, and values

    2 Assess the Current State of Service Management

    The Purpose

    Assess the organization’s current service management capabilities.

    Key Benefits Achieved

    Understand attitudes, behaviors, and culture.

    Understand governance and process ownership needs.

    Understand strengths, weaknesses, opportunities, and threats.

    Defined desired state.

    Activities

    2.1 Assess cultural ABCs.

    2.2 Assess governance needs.

    2.3 Perform SWOT analysis.

    2.4 Define desired state.

    Outputs

    Cultural improvements action items

    Governance action items

    SWOT analysis action items

    Defined desired state

    3 Continue Current-State Assessment

    The Purpose

    Assess the organization’s current service management capabilities.

    Key Benefits Achieved

    Understand the current maturity of service management processes.

    Understand organizational change management capabilities.

    Activities

    3.1 Perform service management process maturity assessment.

    3.2 Complete OCM capability assessment.

    3.3 Identify roadmap themes.

    Outputs

    Service management process maturity activities

    OCM action items

    Roadmap themes

    4 Build Roadmap and Communication Tool

    The Purpose

    Use outputs from previous steps to build your roadmap and communication one-pagers.

    Key Benefits Achieved

    Easy-to-understand roadmap one-pager

    Communication one-pager

    Activities

    4.1 Build roadmap one-pager.

    4.2 Build communication one-pager.

    Outputs

    Service management roadmap

    Service management roadmap – Brought to Life communication slide

    Further reading

    Create a Service Management Roadmap

    Implement service management in an order that makes sense.

    ANALYST PERSPECTIVE

    "More than 80% of the larger enterprises we’ve worked with start out wanting to develop advanced service management practices without having the cultural and organizational basics or foundational practices fully in place. Although you wouldn’t think this would be the case in large enterprises, again and again IT leaders are underestimating the importance of cultural and foundational aspects such as governance, management practices, and understanding business value. You must have these fundamentals right before moving on."

    Tony Denford,

    Research Director – CIO

    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • CIO
    • Senior IT Management

    This Research Will Help You:

    • Create or maintain service management (SM) practices to ensure user-facing services are delivered seamlessly to business users with minimum interruption.
    • Increase the level of reliability and availability of the services provided to the business and improve the relationship and communication between IT and the business.

    This Research Will Also Assist

    • Service Management Process Owners

    This Research Will Help Them:

    • Formalize, standardize, and improve the maturity of service management practices.
    • Identify new service management initiatives to move IT to the next level of service management maturity.

    Executive summary

    Situation

    • Inconsistent adoption of holistic practices has led to a chaotic service delivery model that results in poor customer satisfaction.
    • There is little structure, formalization, or standardization in the way IT services are designed and managed, leading to diminishing service quality and low business satisfaction.

    Complication

    • IT organizations want to be seen as strategic partners, but they fail to address the cultural and organizational constraints.
    • Without alignment with the business goals, services often fail to provide the expected value.
    • Traditional service management approaches are not adaptable for new ways of working.

    Resolution

    • Follow Info-Tech’s methodology to create a service management roadmap that will help guide the optimization of your IT services and improve IT’s value to the business.
    • The blueprint will help you right-size your roadmap to best suit your specific needs and goals and will provide structure, ownership, and direction for service management.
    • This blueprint allows you to accurately identify the current state of service management at your organization. Customize the roadmap and create a plan to achieve your target service management state.

    Info-Tech Insight

    Having effective service management practices in place will allow you to pursue activities such as innovation and drive the business forward. Addressing foundational elements like business alignment and management practices will enable you to build effective core practices that deliver business value. Consistent leadership support and engagement is essential to allow practitioners to focus on delivering expected outcomes.

    Poor service management manifests in many different pains across the organization

    Immaturity in service management will not result in one pain – rather, it will create a chaotic environment for the entire organization, crippling IT’s ability to deliver and perform.

    Low Service Management Maturity

    These are some of the pains that can be attributed to poor service management practices.

    • Frequent service-impacting incidents
    • Low satisfaction with the service desk
    • High % of failed deployments
    • Frequent change-related incidents
    • Frequent recurring incidents
    • Inability to find root cause
    • No communication with the business
    • Frequent capacity-related incidents

    And there are many more…

    Mature service management practices are a necessity, not a nice-to-have

    Immature service management practices are one of the biggest hurdles preventing IT from reaching its true potential.

    In 2004, PwC published a report titled “IT Moves from Cost Center to Business Contributor.” However, the 2014-2015 CSC Global CIO Survey showed that a high percentage of IT is still considered a cost center.

    And low maturity of service management practices is inhibiting activities such as agility, DevOps, digitalization, and innovation.

    A pie chart is shown that is titled: Where does IT sit? The chart has 3 sections. One section represents IT and the business have a collaborative partnership 28%. The next section represents at 33% where IT has a formal client/service provider relationship with the business. The last section has 39% where IT is considered as a cost center.
    Source: CSC Global CIO Survey: 2014-2015 “CIOs Emerge as Disruptive Innovators”

    39%: Resources are primarily focused on managing existing IT workloads and keeping the lights on.

    31%: Too much time and too many resources are used to handle urgent incidents and problems.

    There are many misconceptions about what service management is

    Misconception #1: “Service management is a process”

    Effective service management is a journey that encompasses a series of initiatives that improves the value of services delivered.

    Misconception #2: “Service Management = Service Desk”

    Service desk is the foundation, since it is the main end-user touch point, but service management is a set of people and processes required to deliver business-facing services.

    Misconception #3: “Service management is about the ITSM tool”

    The tool is part of the overall service management program, but the people and processes must be in place before implementing.

    Misconception #4: “Service management development is one big initiative”

    Service management development is a series of initiatives that takes into account an organization’s current state, maturity, capacities, and objectives.

    Misconception #5: “Service management processes can be deployed in any order, assuming good planning and design”

    A successful service management program takes into account the dependencies of processes.

    Misconception #6: “Service management is resolving incidents and deploying changes”

    Service management is about delivering high-value and high-quality services.

    Misconception #7: “Service management is not the key determinant of success”

    As an organization progresses on the service management journey, its ability to deliver high-value and high-quality services increases.

    Misconception #8: “Resolving Incidents = Success”

    Preventing incidents is the name of the game.

    Misconception #9: “Service Management = Good Firefighter”

    Service management is about understanding what’s going on with user-facing services and proactively improving service quality.

    Misconception #10: “Service management is about IT and technical services (e.g. servers, network, database)”

    Service management is about business/user-facing services and the value the services provide to the business.

    Service management projects often don’t succeed because they are focused on process rather than outcomes

    Service management projects tend to focus on implementing process without ensuring foundational elements of culture and management practices are strong enough to support the change.

    1. Aligning your service management goals with your organizational objectives leads to better understanding of the expected outcomes.
    2. Understand your customers and what they value, and design your practices to deliver this value.

    3. IT does not know what order is best when implementing new practices or process improvements.
    4. Don't run before you can walk. Fundamental practices must reach the maturity threshold before developing advanced practices. Implement continuous improvement on your existing processes so they continue to support new practices.

    5. IT does not follow best practices when implementing a practice.
    6. Our best-practice research is based on extensive experience working with clients through advisory calls and workshops.

    Info-Tech can help you create a customized, low-effort, and high-value service management roadmap that will shore up any gaps, prove IT’s value, and achieve business satisfaction.

    Info-Tech’s methodology will help you customize your roadmap so the journey is right for you

    With Info-Tech, you will find out where you are, where you want to go, and how you will get there.

    With our methodology, you can expect the following:

    • Eliminate or reduce rework due to poor execution.
    • Identify dependencies/prerequisites and ensure practices are deployed in the correct order, at the correct time, and by the right people.
    • Engage all necessary resources to design and implement required processes.
    • Assess current maturity and capabilities and design the roadmap with these factors in mind.

    Doing it right the first time around

    You will see these benefits at the end

      ✓ Increase the quality of services IT provides to the business.

      ✓ Increase business satisfaction through higher alignment of IT services.

      ✓ Lower cost to design, implement, and manage services.

      ✓ Better resource utilization, including staff, tools, and budget.

    Focus on a strong foundation to build higher value service management practices

    Info-Tech Insight

    Focus on behaviors and expected outcomes before processes.

    Foundational elements

    • Operating model facilitates service management goals
    • Culture of service delivery
    • Governance discipline to evaluate, direct, and monitor
    • Management discipline to deliver

    Stabilize

    • Deliver stable, reliable IT services to the business
    • Respond to user requests quickly and efficiently
    • Resolve user issues in a timely manner
    • Deploy changes smoothly and successfully

    Proactive

    • Avoid/prevent service disruptions
    • Improve quality of service (performance, availability, reliability)

    Service Provider

    • Understand business needs
    • Ensure services are available
    • Measure service performance, based on business-oriented metrics

    Strategic Partner

    • Fully aligned with business
    • Drive innovation
    • Drive measurable value

    Info-Tech Insight

    Continued leadership support of the foundational elements will allow delivery teams to provide value to the business. Set the expectation of the desired maturity level and allow teams to innovate.

    Follow our model and get to your target state

    A model is depicted that shows the various target states. There are 6 levels showing in the example, and the example is made to look like a tree with a character watering it. In the roots, the level is labelled foundational. The trunk is labelled the core. The lowest hanging branches of the tree is the stabilize section. Above it is the proactive section. Nearing the top of the tree is the service provider. The canopy of the tree are labelled strategic partner.

    Before moving to advanced service management practices, you must ensure that the foundational and core elements are robust enough to support them. Leadership must nurture these practices to ensure they are sustainable and can support higher value, more mature practices.

    Each step along the way, Info-Tech has the tools to help you

    Phase 1: Launch the Project

    Assemble a team with the right talent and vision to increase the chances of project success.

    Phase 2: Assess Current State

    Understand where you are currently on the service management journey using the maturity assessment tool.

    Phase 3: Build Roadmap

    Based on the assessments, build a roadmap to address areas for improvement.

    Phase 4: Build Communication slide

    Based on the roadmap, define the current state, short- and long-term visions for each major improvement area.

    Info-Tech Deliverables:

    • Project Charter
    • Assessment Tools
    • Roadmap Template
    • Communication Template

    CIO call to action

    Improving the maturity of the organization’s service management practice is a big commitment, and the project can only succeed with active support from senior leadership.

    Ideally, the CIO should be the project sponsor, even the project leader. At a minimum, the CIO needs to perform the following activities:

    1. Walk the talk – demonstrate personal commitment to the project and communicate the benefits of the service management journey to IT and the steering committee.
    2. Improving or adopting any new practice is difficult, especially for a project of this size. Thus, the CIO needs to show visible support for this project through internal communication and dedicated resources to help complete this project.

    3. Select a senior, capable, and results-driven project leader.
    4. Most likely, the implementation of this project will be lengthy and technical in some nature. Therefore, the project leader must have a good understanding of the current IT structure, senior standing within the organization, and the relationship and power in place to propel people into action.

    5. Help to define the target future state of IT’s service management.
    6. Determine a realistic target state for the organization based on current capability and resource/budget restraints.

    7. Conduct periodic follow-up meetings to keep track of progress.
    8. Reinforce or re-emphasize the importance of this project to the organization through various communication channels if needed.

    Stabilizing your environment is a must before establishing any more-mature processes

    CASE STUDY

    Industry: Manufacturing

    Source: Engagement

    Challenge

    • The business landscape was rapidly changing for this manufacturer and they wanted to leverage potential cost savings from cloud-first initiatives and consolidate multiple, self-run service delivery teams that were geographically dispersed.

    Solution

    Original Plan

    • Consolidate multiple service delivery teams worldwide and implement service portfolio management.

    Revised Plan with Service Management Roadmap:

    • Markets around the world had very different needs and there was little understanding of what customers value.
    • There was also no understanding of what services were currently being offered within each geography.

    Results

    • Plan was adjusted to understand customer value and services offered.
    • Services were then stabilized and standardized before consolidation.
    • Team also focused on problem maturity and drove a continuous improvement culture and increasing transparency.

    MORAL OF THE STORY:

    Understanding the value of each service allowed the organization to focus effort on high-return activities rather than continuous fire fighting.

    Understand the processes involved in the proactive phase

    CASE STUDY

    Industry: Manufacturing

    Source: Engagement

    Challenge

    • Services were fairly stable, but there were significant recurring issues for certain services.
    • The business was not satisfied with the service quality for certain services, due to periodic availability and reliability issues.
    • Customer feedback for the service desk was generally good.

    Solution

    Original Plan

    • Review all service desk and incident management processes to ensure that service issues were handled in an effective manner.

    Revised Plan with Service Management Roadmap:

    • Design and deploy a rigorous problem management process to determine the root cause of recurring issues.
    • Monitor key services for events that may lead to a service outage.

    Results

    • Root cause of recurring issues was determined and fixes were deployed to resolve the underlying cause of the issues.
    • Service quality improved dramatically, resulting in high customer satisfaction.

    MORAL OF THE STORY:

    Make sure that you understand which processes need to be reviewed in order to determine the cause for service instability. Focusing on the proactive processes was the right answer for this company.

    Have the right culture and structure in place before you become a service provider

    CASE STUDY

    Industry: Healthcare

    Source:Journal of American Medical Informatics Association

    Challenge

    • The IT organization wanted to build a service catalog to demonstrate the value of IT to the business.
    • IT was organized in technology silos and focused on applications, not business services.
    • IT services were not aligned with business activities.
    • Relationships with the business were not well established.

    Solution

    Original Plan

    • Create and publish a service catalog.

    Revised Plan: with Service Management Roadmap:

    • Establish relationships with key stakeholders in the business units.
    • Understand how business activities interface with IT services.
    • Lay the groundwork for the service catalog by defining services from the business perspective.

    Results

    • Strong relationships with the business units.
    • Deep understanding of how business activities map to IT services.
    • Service definitions that reflect how the business uses IT services.

    MORAL OF THE STORY:

    Before you build and publish a service catalog, make sure that you understand how the business is using the IT services that you provide.

    Calculate the benefits of using Info-Tech’s methodology

    To measure the value of developing your roadmap using the Info-Tech tools and methodology, you must calculate the effort saved by not having to develop the methods.

    A. How much time will it take to develop an industry-best roadmap using Info-Tech methodology and tools?

    Using Info-Tech’s tools and methodology you can accurately estimate the effort to develop a roadmap using industry-leading research into best practice.

    B. What would be the effort to develop the insight, assess your team, and develop the roadmap?

    This metric represents the time your team would take to be able to effectively assess themselves and develop a roadmap that will lead to service management excellence.

    C. Cost & time saving through Info-Tech’s methodology

    Measured Value

    Step 1: Assess current state

    Cost to assess current state:

    • 5 Directors + 10 Managers x 10 hours at $X an hour = $A

    Step 2: Build the roadmap

    Cost to create service management roadmap:

    • 5 Directors + 10 Managers x 8 hours at $X an hour = $B

    Step 3: Develop the communication slide

    Cost to create roadmaps for phases:

    • 5 Directors + 10 Managers x 6 hours at $X an hour = $C

    Potential financial savings from using Info-Tech resources:

    Estimated cost to do “B” – (Step 1 ($A) + Step 2 ($B) + Step 3 ($C)) = $Total Saving

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keeps us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Create a Service Management Roadmap – project overview


    Launch the project

    Assess the current state

    Build the roadmap

    Build communication slide

    Best-Practice Toolkit

    1.1 Create a powerful, succinct mission statement

    1.2 Assemble a project team with representatives from all major IT teams

    1.3 Determine project stakeholders and create a communication plan

    1.4 Establish metrics to track the success of the project

    2.1 Assess impacting forces

    2.2 Build service management vision, mission, and values

    2.3 Assess attitudes, behaviors, and culture

    2.4 Assess governance

    2.5 Perform SWOT analysis

    2.6 Identify desired state

    2.7 Assess SM maturity

    2.8 Assess OCM capabilities

    3.1 Document overall themes

    3.2 List individual initiatives

    4.1 Document current state

    4.2 List future vision

    Guided Implementations

    • Kick-off the project
    • Build the project team
    • Complete the charter
    • Understand current state
    • Determine target state
    • Build the roadmap based on current and target state
    • Build short- and long-term visions and initiative list

    Onsite Workshop

    Module 1: Launch the project

    Module 2: Assess current service management maturity

    Module 3: Complete the roadmap

    Module 4: Complete the communication slide

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

    Activities

    Understand Service Management

    1.1 Understand the concepts and benefits of service management.

    1.2 Understand the changing impacting forces that affect your ability to deliver services.

    1.3 Build a compelling vision and mission for your service management program.

    Assess the Current State of Your Service Management Practice

    2.1 Understand attitudes, behaviors, and culture.

    2.2 Assess governance and process ownership needs.

    2.3 Perform SWOT analysis.

    2.4 Define the desired state.

    Complete Current-State Assessment

    3.1 Conduct service management process maturity assessment.

    3.2 Identify organizational change management capabilities.

    3.3 Identify themes for roadmap.

    Build Roadmap and Communication Tool

    4.1 Build roadmap one-pager.

    4.2 Build roadmap communication one-pager.

    Deliverables

    1. Constraints and enablers chart
    2. Service management vision, mission, and values
    1. Action items for cultural improvements
    2. Action items for governance
    3. Identified improvements from SWOT
    4. Defined desired state
    1. Service Management Process Maturity Assessment
    2. Organizational Change Management Assessment
    1. Service management roadmap
    2. Roadmap Communication Tool in the Service Management Roadmap Presentation Template

    PHASE 1

    Launch the Project

    Launch the project

    This step will walk you through the following activities:

    • Create a powerful, succinct mission statement based on your organization’s goals and objectives.
    • Assemble a project team with representatives from all major IT teams.
    • Determine project stakeholders and create a plan to convey the benefits of this project.
    • Establish metrics to track the success of the project.

    Step Insights

    • The project leader should have a strong relationship with IT and business leaders to maximize the benefit of each initiative in the service management journey.
    • The service management roadmap initiative will touch almost every part of the organization; therefore, it is important to have representation from all impacted stakeholders.
    • The communication slide needs to include the organizational change impact of the roadmap initiatives.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Launch the Project

    Step 1.1 – Kick-off the Project

    Start with an analyst kick-off call:

    • Identify current organization pain points relating to poor service management practices
    • Determine high-level objectives
    • Create a mission statement

    Then complete these activities…

    • Identify potential team members who could actively contribute to the project
    • Identify stakeholders who have a vested interest in the completion of this project

    With these tools & templates:

    • Service Management Roadmap Project Charter

    Step 1.2 – Complete the Charter

    Review findings with analyst:

    • Create the project team; ensure all major IT teams are represented
    • Review stakeholder list and identify communication messages

    Then complete these activities…

    • Establish metrics to complete project planning
    • Complete the project charter

    With these tools & templates:

    • Service Management Roadmap Project Charter

    Use Info-Tech’s project charter to begin your initiative

    1.1 Service Management Roadmap Project Charter

    The Service Management Roadmap Project Charter is used to govern the initiative throughout the project. It provides the foundation for project communication and monitoring.

    The template has been pre-populated with sample information appropriate for this project. Please review this sample text and change, add, or delete information as required.

    The charter includes the following sections:

    • Mission Statement
    • Goals & Objectives
    • Project Team
    • Project Stakeholders
    • Current State (from phases 2 & 3)
    • Target State (from phases 2 & 3)
    • Target State
    • Metrics
    • Sponsorship Signature
    A screenshot of Info-Tech's Service Management Roadmap Project Charter is shown.

    Use Info-Tech’s ready-to-use deliverable to customize your mission statement

    Adapt and personalize Info-Tech’s Service Management Roadmap Mission Statement and Goals & Objectives below to suit your organization’s needs.

    Goals & Objectives

    • Create a plan for implementing service management initiatives that align with the overall goals/objectives for service management.
    • Identify service management initiatives that must be implemented/improved in the short term before deploying more advanced initiatives.
    • Determine the target state for each initiative based on current maturity and level of investment available.
    • Identify service management initiatives and understand dependencies, prerequisites, and level of effort required to implement.
    • Determine the sequence in which initiatives should be deployed.
    • Create a detailed rollout plan that specifies initiatives, time frames, and owners.
    • Engage the right teams and obtain their commitment throughout both the planning and assessment of roadmap initiatives.
    • both the planning and assessment of roadmap initiatives. Obtain support for the completed roadmap from executive stakeholders.

    Example Mission Statement

    To help [Organization Name] develop a set of service management practices that will better address the overarching goals of the IT department.

    To create a roadmap that sequences initiatives in a way that incorporates best practices and takes into consideration dependencies and prerequisites between service management practices.

    To garner support from the right people and obtain executive buy-in for the roadmap.

    Create a well-balanced project team

    The project leader should be a member of your IT department’s senior executive team with goals and objectives that will be impacted by service management implementation. The project leader should possess the following characteristics:

    Leader

    • Influence and impact
    • Comprehensive knowledge of IT and the organization
    • Relationship with senior IT management
    • Ability to get things done

    Team Members

    Identify

    The project team members are the IT managers and directors whose day-to-day lives will be impacted by the service management roadmap and its implementation. The service management initiative will touch almost every IT staff member in the organization; therefore, it is important to have representatives from every single group, including those that are not mentioned. Some examples of individuals you should consider for your team:

    • Service Delivery Managers
    • Director/Manager of Applications
    • Director/Manager of Infrastructure
    • Director/Manager of Service Desk
    • Business Relationship Managers
    • Project Management Office

    Engage & Communicate

    You want to engage your project participants in the planning process as much as possible. They should be involved in the current-state assessment, the establishment of goals and objectives, and the development of your target state.

    To sell this project, identify and articulate how this project and/or process will improve the quality of their job. For example, a formal incident management process will benefit people working at the service desk or on the applications or infrastructure teams. Helping them understand the gains will help to secure their support throughout the long implementation process by giving them a sense of ownership.

    The project stakeholders should also be project team members

    When managing stakeholders, it is important to help them understand their stake in the project as well as their own personal gain that will come out of this project.

    For many of the stakeholders, they also play a critical role in the development of this project.

    Role & Benefits

    • CIO
    • The CIO should be actively involved in the planning stage to help determine current and target stage.

      The CIO also needs to promote and sell the project to the IT team so they can understand that higher maturity of service management practices will allow IT to be seen as a partner to the business, giving IT a seat at the table during decision making.

    • Service Delivery Managers/Process Owners
    • Service Delivery Managers are directly responsible for the quality and value of services provided to the business owners. Thus, the Service Delivery Managers have a very high stake in the project and should be considered for the role of project leader.

      Service Delivery Managers need to work closely with the process owners of each service management process to ensure clear objectives are established and there is a common understanding of what needs to be achieved.

    • IT Steering Committee
    • The Committee should be informed and periodically updated about the progress of the project.

    • Manager/Director – Service Desk
    • The Manager of the Service Desk should participate closely in the development of fundamental service management processes, such as service desk, incident management, and problem management.

      Having a more established process in place will create structure, governance, and reduce service desk staff headaches so they can handle requests or incidents more efficiently.

    • Manager/Director –Applications & Infrastructure
    • The Manager of Applications and Infrastructure should be heavily relied on for their knowledge of how technology ties into the organization. They should be consulted regularly for each of the processes.

      This project will also benefit them directly, such as improving the process to deploy a fix into the environment or manage the capacity of the infrastructure.

    • Business Relationship Manager
    • As the IT organization moves up the maturity ladder, the Business Relationship Manager will play a fundamental role in the more advanced processes, such as business relationship management, demand management, and portfolio management.

      This project will be an great opportunity for the Business Relationship Manager to demonstrate their value and their knowledge of how to align IT objectives with business vision.

    Ensure you get the entire IT organization on board for the project with a well-practiced change message

    Getting the IT team on board will greatly maximize the project’s chance of success.

    One of the top challenges for organizations embarking on a service management journey is to manage the magnitude of the project. To ensure the message is not lost, communicate this roadmap in two steps.

    1. Communicate the roadmap initiative

    The most important message to send to the IT organization is that this project will benefit them directly. Articulate the pains that IT is currently experiencing and explain that through more mature service management, these pains can be greatly reduced and IT can start to earn a place at the table with the business.

    2. Communicate the implementation of each process separately

    The communication of process implementation should be done separately and at the beginning of each implementation. This is to ensure that IT staff do not feel overwhelmed or overloaded. It also helps to keep the project more manageable for the project team.

    Continuously monitor feedback and address concerns throughout the entire process

    • Host lunch and learns to provide updates on the service management initiative to the entire IT team.
    • Understand if there are any major roadblocks and facilitate discussions on how to overcome them.

    Articulate the service management initiative to the IT organization

    Spread the word and bring attention to your change message through effective mediums and organizational changes.

    Key aspects of a communication plan

    The methods of communication (e.g. newsletters, email broadcast, news of the day, automated messages) notify users of implementation.

    In addition, it is important to know who will deliver the message (delivery strategy). You need IT executives to deliver the message – work hard on obtaining their support as they are the ones communicating to their staff and should be your project champions.

    Anticipate organizational changes

    The implementation of the service management roadmap will most likely lead to organizational changes in terms of structure, roles, and responsibilities. Therefore, the team should be prepared to communicate the value that these changes will bring.

    Communicating Change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • What are we trying to achieve?
    • How often will we be updated?

    The Qualities of Leadership: Leading Change

    Create a project communication plan for your stakeholders

    This project cannot be successfully completed without the support of senior IT management.

    1. After the CIO has introduced this project through management meetings or informal conversation, find out how each IT leader feels about this project. You need to make sure the directors and managers of each IT team, especially the directors of application and infrastructure, are on board.
    2. After the meeting, the project leader should seek out the major stakeholders (particularly the heads of applications and infrastructure) and validate their level of support through formal or informal meetings. Create a list documenting the major stakeholders, their level of support, and how the project team will work to gain their approval.
    3. For each identified stakeholder, create a custom communication plan based on their role. For example, if the director of infrastructure is not a supporter, demonstrate how this project will enable them to better understand how to improve service quality. Provide periodic reporting or meetings to update the director on project progress.

    INPUT

    • A collaborative discussion between team members

    OUTPUT

    • Thorough briefing for project launch
    • A committed team

    Materials

    • Communication message and plan
    • Metric tracking

    Participants

    • Project leader
    • Core project team

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    A screenshot of activity 1.1 is shown.

    Create a powerful, succinct mission statement

    Using Info-Tech’s sample mission statement as a guide, build your mission statement based on the objectives of this project and the benefits that this project will achieve. Keep the mission statement short and clear.

    1.2

    A screenshot of activity 1.2 is shown.

    Assemble the project team

    Create a project team with representatives from all major IT teams. Engage and communicate to the project team early and proactively.

    1.3

    A screenshot of activity 1.3 is shown.

    Identify project stakeholders and create a communication plan

    Info-Tech will help you identify key stakeholders who have a vested interest in the success of the project. Determine the communication message that will best gain their support.

    1.4

    A screenshot of activity 1.4 is shown.

    Use metrics to track the success of the project

    The onsite analyst will help the project team determine the appropriate metrics to measure the success of this project.

    PHASE 2

    Assess Your Current Service Management State

    Assess your current state

    This step will walk you through the following activities:

    • Use Info-Tech’s Service Management Maturity Assessment Tool to determine your overall practice maturity level.
    • Understand your level of completeness for each individual practice.
    • Understand the three major phases involved in the service management journey; know the symptoms of each phase and how they affect your target state selection.

    Step Insights

    • To determine the real maturity of your service management practices, you should focus on the results and output of the practice, rather than the activities performed for each process.
    • Focus on phase-level maturity as opposed to the level of completeness for each individual process.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Determine Your Service Management Current State

    Step 2.1 – Assess Impacting Forces

    Start with an analyst kick-off call:

    • Discuss the impacting forces that can affect the success of your service management program
    • Identify internal and external constraints and enablers
    • Review and interpret how to leverage or mitigate these elements

    Then complete these activities…

    • Present the findings of the organizational context
    • Facilitate a discussion and create consensus amongst the project team members on where the organization should start

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.2 – Build Vision, Mission, and Values

    Review findings with analyst:

    • Review your service management vision and mission statement and discuss the values

    Then complete these activities…

    • Socialize the vision, mission, and values to ensure they are aligned with overall organizational vision. Then, set the expectations for behavior aligned with the vision, mission, and values

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.3 – Assess Attitudes, Behaviors, and Culture

    Review findings with analyst:

    • Discuss tactics for addressing negative attitudes, behaviors, or culture identified

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.4 – Assess Governance Needs

    Review findings with analyst:

    • Understand the typical types of governance structure and the differences between management and governance
    • Choose the management structure required for your organization

    Then complete these activities…

    • Determine actions required to establish an effective governance structure and add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.5 – Perform SWOT Analysis

    Review findings with analyst:

    • Discuss SWOT analysis results and tactics for addressing within the roadmap

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.6 – Identify Desired State

    Review findings with analyst:

    • Discuss desired state and commitment needed to achieve aspects of the desired state

    Then complete these activities…

    • Use the desired state to critically assess the current state of your service management practices and whether they are achieving the desired outcomes
    • Prep for the SM maturity assessment

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 2.7 – Perform SM Maturity Assessment

    Review findings with analyst:

    • Review and interpret the output from your service management maturity assessment

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Service Management Maturity Assessment

    Step 2.8 – Review OCM Capabilities

    Review findings with analyst:

    • Review and interpret the output from your organizational change management maturity assessment

    Then complete these activities…

    • Add items to be addressed to roadmap

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Organizational Change Management Assessment

    Understand and assess impacting forces – constraints and enablers

    Constraints and enablers are organizational and behavioral triggers that directly impact your ability and approach to establishing Service Management practices.

    A model is shown to demonstrate the possibe constraints and enablers on your service management program. It incorporates available resources, the environment, management practices, and available technologies.

    Effective service management requires a mix of different approaches and practices that best fit your organization. There’s not a one-size-fits-all solution. Consider the resources, environment, emerging technologies, and management practices facing your organization. What items can you leverage or use to mitigate to move your service management program forward?

    Use Info-Tech’s “Organizational Context” template to list the constraints and enablers affecting your service management

    The Service Management Roadmap Presentation Template will help you understand the business environment you need to consider as you build out your roadmap.

    Discuss and document constraints and enablers related to the business environment, available resources, management practices, and emerging technologies. Any constraints will need to be addressed within your roadmap and enablers should be leveraged to maximize your results.


    Screenshot of Info-Tech's Service Management Roadmap Presentation Template is shown.

    Document constraints and enablers

    1. Discuss and document the constrains and enablers for each aspect of the management mesh: environment, resources, management practices, or technology.
    2. Use this as a thought provoker in later exercises.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Organizational context constraints and enablers

    Materials

    • Whiteboards or flip charts

    Participants

    • All stakeholders

    Build compelling vision and mission statements to set the direction of your service management program

    While you are articulating the vision and mission, think about the values you want the team to display. Being explicit can be a powerful tool to create alignment.

    A vision statement describes the intended state of your service management organization, expressed in the present tense.

    A mission statement describes why your service management organization exists.

    Your organizational values state how you will deliver services.

    Use Info-Tech’s “Vision, Mission, and Values” template to set the aspiration & purpose of your service management practice

    The Service Management Roadmap Presentation Template will help you document your vision for service management, the purpose of the program, and the values you want to see demonstrated.

    If the team cannot gain agreement on their reason for being, it will be difficult to make traction on the roadmap items. A concise and compelling statement can set the direction for desired behavior and help team members align with the vision when trying to make ground-level decisions. It can also be used to hold each other accountable when undesirable behavior emerges. It should be revised from time to time, when the environment changes, but a well-written statement should stand the test of time.

    A screenshot of the Service Management Roadmap Presentation Temaplate is shown. Specifically it is showing the section on the vision, mission, and values results.

    Document your organization’s vision, mission , and values

    1. Vision: Identify your desired target state, consider the details of that target state, and create a vision statement.
    2. Mission: Consider the fundamental purpose of your SM program and craft a statement of purpose.
    3. Values: As you work through the vision and mission, identify values that your organization prides itself in or has the aspiration for.
    4. Discuss common themes and then develop a concise vision statement and mission statement that incorporates the group’s ideas.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Vision statement
    • Mission statement
    • Organizational values

    Materials

    • Whiteboards or flip charts
    • Sample vision and mission statements

    Participants

    • All stakeholders
    • Senior leadership

    Understanding attitude, behavior, and culture

    Attitude

    • What people think and feel. It can be seen in their demeanor and how they react to change initiatives, colleagues, and users.

    Any form of organizational change involves adjusting people’s attitudes, creating buy-in and commitment. You need to identify and address attitudes that can lead to negative behaviors and actions or that are counter-productive. It must be made visible and related to your desired behavior.

    Behaviour

    • What people do. This is influenced by attitude and the culture of the organization.

    To implement change within IT, especially at a tactical level, both IT and organizational behavior needs to change. This is relevant because people don’t like to change and will resist in an active or passive way unless you can sell the need, value, and benefit of changing their behavior.

    Culture

    • The accepted and understood ways of working in an organization. The values and standards that people find normal and what would be tacitly identified to new resources.

    The organizational or corporate “attitude,” the impact on employee behavior and attitude is often not fully understood. Culture is an invisible element, which makes it difficult to identify, but it has a strong impact and must be addressed to successfully embed any organizational change or strategy.

    Culture is a critical and under-addressed success factor

    43% of CIOs cited resistance to change as the top impediment to a successful digital strategy.

    CIO.com

    75% of organizations cannot identify or articulate their culture or its impact.

    Info-Tech

    “Shortcomings in organizational culture are one of the main barriers to company success in the digital age.”

    McKinsey – “Culture for a digital age”

    Examples of how they apply

    Attitude

    • “I’ll believe that when I see it”
    • Positive outlook on new ideas and changes

    Behaviour

    • Saying you’ll follow a new process but not doing so
    • Choosing not to document a resolution approach or updating a knowledge article, despite being asked

    Culture

    • Hero culture (knowledge is power)
    • Blame culture (finger pointing)
    • Collaborative culture (people rally and work together)

    Why have we failed to address attitude, behavior, and culture?

      ✓ While there is attention and better understanding of these areas, very little effort is made to actually solve these challenges.

      ✓ The impact is not well understood.

      ✓ The lack of tangible and visible factors makes it difficult to identify.

      ✓ There is a lack of proper guidance, leadership skills, and governance to address these in the right places.

      ✓ Addressing these issues has to be done proactively, with intent, rigor, and discipline, in order to be successful.

      ✓ We ignore it (head in the sand and hoping it will fix itself).

    Avoidance has been a common strategy for addressing behavior and culture in organizations.

    Use Info-Tech’s “Culture and Environment” template to identify cultural constraints that should be addressed in roadmap

    The Service Management Roadmap Presentation Template will help you document attitude, behavior, and culture constraints.

    Discuss as a team attitudes, behaviors, and cultural aspects that can either hinder or be leveraged to support your vision for the service management program. Capture all items that need to be addressed in the roadmap.

    A screenshot of the Service Management Roadmap Presentation Template is shown. Specifically showing the culture and environment slide.

    Document your organization’s attitudes, behaviors, and culture

    1. Discuss and document positive and negative aspects of attitude, behavior, or culture within your organization.
    2. Identify the items that need to be addressed as part of your roadmap.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Culture and environment worksheet

    Materials

    • Whiteboards or flip charts

    Participants

    • All stakeholders

    The relationship to governance

    Attitude, behavior, and culture are still underestimated as core success factors in governance and management.

    Behavior is a key enabler of good governance. Leading by example and modeling behavior has a cascading impact on shifting culture, reinforcing the importance of change through adherence.

    Executive leadership and governing bodies must lead and support cultural change.

    Key Points

    • Less than 25% of organizations have formal IT governance in place (ITSM Tools).
    • Governance tends to focus on risk and compliance (controls), but forgets the impact of value and performance.

    Lack of oversight often limits the value of service management implementations

    Organizations often fail to move beyond risk mitigation, losing focus of the goals of their service management practices and the capabilities required to produce value.

    Risk Mitigation

    • Stabilize IT
    • Service Desk
    • Incident Management
    • Change Management

    Gap

    • Organizational alignment through governance
    • Disciplined focus on goals of SM

    Value Production

    • Value that meets business and consumer needs

    This creates a situation where service management activities and roadmaps focus on adjusting and tweaking process areas that no longer support how the organization needs to work.

    How does establishing governance for service management provide value?

    Governance of service management is a gap in most organizations, which leads to much of the failure and lack of value from service management processes and activities.

    Once in place, effective governance enables success for organizations by:

    1. Ensuring service management processes improve business value
    2. Measuring and confirming the value of the service management investment
    3. Driving a focus on outcome and impact instead of simply process adherence
    4. Looking at the integrated impact of service management in order to ensure focused prioritization of work
    5. Driving customer-experience focus within organizations
    6. Ensuring quality is achieved and addressing quality impacts and dependencies between processes

    Four common service management process ownership models

    Your ownership structure largely defines how processes will need to be implemented, maintained, and improved. It has a strong impact on their ability to integrate and how other teams perceive their involvement.

    An organizational structure is shown. In the image is an arrow, with the tip facing in the right direction. The left side of the arrow is labelled: Traditional, and the right side is labelled: Complex. The four models are noted along the arrow. Starting on the left side and going to the right are: Distributed Process Ownership, Centralized Process Ownership, Federated Process Ownership, and Service Management Office.

    Most organizations are somewhere within this spectrum of four core ownership models, usually having some combination of shared traits between the two models that are closest to them on the scale.

    Info-Tech Insight

    The organizational structure that is best for you depends on your needs, and one is not necessarily better than another. The next four slides describe when each ownership level is most appropriate.

    Distributed process ownership

    Distributed process ownership is usually evident when organizations initially establish their service management practices. The processes are assigned to a specific group, who assumes some level of ownership over its execution.

    The distributed process ownership model is shown. CIO is listed at the top with four branches leading out from below it. The four branches are labelled: Service Desk, Operations, Applications, and Security.

    Info-Tech Insight

    This model is often a suitable approach for initial implementations or where it may be difficult to move out of siloes within the organization’s structure or culture.

    Centralized process ownership

    Centralized process ownership usually becomes necessary for organizations as they move into a more functional structure. It starts to drive management of processes horizontally across the organization while still retaining functional management control.

    A centralized process ownership model is shown. The CIO is at the top and the following are branches below it: Service Manager, Support, Middleware, Development, and Infrastructure.

    Info-Tech Insight

    This model is often suitable for maturing organizations that are starting to look at process integration and shared service outcomes and accountability.

    Federated process ownership

    Federated process ownership allows for global control and regional variation, and it supports product orientation and Agile/DevOps principles

    A federated process ownership model is shown. The Sponsor/CIO is at the top, with the ITSM Executive below it. Below that level is the: Process Owner, Process Manager, and Process Manager.

    Info-Tech Insight

    Federated process ownership is usually evident in organizations that have an international or multi-regional presence.

    Service management office (SMO)

    SMO structures tend to occur in highly mature organizations, where service management responsibility is seen as an enterprise accountability.

    A service management office model is shown. The CIO is at the top with the following branches below it: SMO, End-User Services, Infra., Apps., and Architecture.

    Info-Tech Insight

    SMOs are suitable for organizations with a defined IT and organizational strategy. A SMO supports integration with other enterprise practices like enterprise architecture and the PMO.

    Determine which process ownership and governance model works best for your organization

    The Service Management Roadmap Presentation Template will help you document process ownership and governance model

    Example:

    Key Goals:

      ☐ Own accountability for changes to core processes

      ☐ Understand systemic nature and dependencies related to processes and services

      ☐ Approve and prioritize improvement and CSI initiatives related to processes and services

      ☐ Evaluate success of initiative outcomes based on defined benefits and expectations

      ☐ Own Service Management and Governance processes and policies

      ☐ Report into ITSM executive or equivalent body

    Membership:

      ☐ Process Owners, SM Owner, Tool Owner/Liaison, Audit

    Discuss as a team which process ownership model works for your organization. Determine who will govern the service management practice. Determine items that should be identified in your roadmap to address governance and process ownership gaps.

    Use Info-Tech’s “SWOT” template to identify strengths, weaknesses, opportunities & threats that should be addressed

    The Service Management Roadmap Presentation Template will help you document items from your SWOT analysis.

    A screenshot of the Service Management Roadmap Presentation Template is shown. Specifically the SWOT section is shown.

    Brainstorm the strengths, weaknesses, opportunities, and threats related to resources, environment, technology, and management practices. Add items that need to be addressed to your roadmap.

    Perform a SWOT analysis

    1. Brainstorm each aspect of the SWOT with an emphasis on:
    • Resources
    • Environment
    • Technologies
    • Management Practices
  • Record your ideas on a flip chart or whiteboard.
  • Add items to be addressed to the roadmap.
  • INPUT

    • A collaborative discussion

    OUTPUT

    • SWOT analysis
    • Priority items identified

    Materials

    • Whiteboards or flip charts

    Participants

    • All stakeholders

    Indicate desired maturity level for your service management program to be successful

    Discuss the various maturity levels and choose a desired level that would meet business needs.

    The desired maturity model is depicted.

    INPUT

    • A collaborative discussion

    OUTPUT

    • Desired state of service management maturity

    Materials

    • None

    Participants

    • All stakeholders

    Use Info-Tech’s Service Management Process Maturity Assessment Tool to understand your current state

    The Service Management Process Maturity Assessment Tool will help you understand the true state of your service management.

    A screenshot of Info-Tech's Service Management Process Assessment Tool is shown.

    Part 1, Part 2, and Part 3 tabs

    These three worksheets contain questions that will determine the overall maturity of your service management processes. There are multiple sections of questions focused on different processes. It is very important that you start from Part 1 and continue the questions sequentially.

    Results tab

    The Results tab will display the current state of your service management processes as well as the percentage of completion for each individual process.

    Complete the service management process maturity assessment

    The current-state assessment will be the foundation of building your roadmap, so pay close attention to the questions and answer them truthfully.

    1. Start with tab 1 in the Service Management Process Maturity Assessment Tool. Remember to read the questions carefully and always use the feedback obtained through the end-user survey to help you determine the answer.
    2. In the “Degree of Process Completeness” column, use the drop-down menu to input the results solicited from the goals and objectives meeting you held with your project participants.
    3. A screenshot of Info-Tech's Service Management Process Assessment Tool is shown. Tab 1 is shown.
    4. Host a meeting with all participants following completion of the survey and have them bring their results. Discuss in a round-table setting, keeping a master sheet of agreed upon results.

    INPUT

    • Service Management Process Maturity Assessment Tool questions

    OUTPUT

    • Determination of current state

    Materials

    • Service Management Process Maturity Assessment Tool

    Participants

    • Project team members

    Review the results of your current-state assessment

    At the end of the assessment, the Results tab will have action items you could perform to close the gaps identified by the process assessment tool.

    A screenshot of Info-Tech's Service Management Process Maturity Assessment Results is shown.

    INPUT

    • Maturity assessment results

    OUTPUT

    • Determination of overall and individual practice maturity

    Materials

    • Service Management Maturity Assessment Tool

    Participants

    • Project team members

    Use Info-Tech’s OCM Capability Assessment tool to understand your current state

    The Organizational Change Management Capabilities Assessment tool will help you understand the true state of your organizational change management capabilities.

    A screenshot of Info-Tech's Organizational Change Management Capabilities Assessment

    Complete the Capabilities tab to capture the current state for organizational change management. Review the Results tab for interpretation of the capabilities. Review the Recommendations tab for actions to address low areas of maturity.

    Complete the OCM capability assessment

    1. Open Organizational Change Management Capabilities Assessment tool.
    2. Come to consensus on the most appropriate answer for each question. Use the 80/20 rule.
    3. Review result charts and discuss findings.
    4. Identify roadmap items based on maturity assessment.

    INPUT

    • A collaborative discussion

    OUTPUT

    • OCM Assessment tool
    • OCM assessment results

    Materials

    • OCM Capabilities Assessment tool

    Participants

    • All stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    A screenshot of activity 2.1 is shown.

    Create a powerful, succinct mission statement

    Using Info-Tech’s sample mission statement as a guide, build your mission statement based on the objectives of this project and the benefits that this project will achieve. Keep the mission statement short and clear.

    2.2

    A screenshot of activity 2.2 is shown.

    Complete the assessment

    With the project team in the room, go through all three parts of the assessment with consideration of the feedback received from the business.

    2.3

    A screenshot of activity 2.3 is shown.

    Interpret the results of the assessment

    The Info-Tech onsite analyst will facilitate a discussion on the overall maturity of your service management practices and individual process maturity. Are there any surprises? Are the results reflective of current service delivery maturity?

    PHASE 3

    Build Your Service Management Roadmap

    Build Roadmap

    This step will walk you through the following activities:

    • Document your vision and mission on the roadmap one-pager.
    • Using the inputs from the current-state assessments, identify the key themes required by your organization.
    • Identify individual initiatives needed to address key themes.

    Step Insights

    • Using the Info-Tech thought model, address foundational gaps early in your roadmap and establish the management methods to continuously make them more robust.
    • If any of the core practices are not meeting the vision for your service management program, be sure to address these items before moving on to more advanced service management practices or processes.
    • Make sure the story you are telling with your roadmap is aligned to the overall organizational goals.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Determine Your Service Management Target State

    Step 3.1 – Document the Overall Themes

    Start with an analyst kick-off call:

    • Review the outputs from your current-state assessments to identify themes for areas that need to be included in your roadmap

    Then complete these activities…

    • Ensure foundational elements are solid by adding any gaps to the roadmap
    • Identify any changes needed to management practices to ensure continuous improvement

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 3.2 – Determine Individual Initiatives

    Review findings with analyst:

    • Determine the individual initiatives needed to close the gaps between the current state and the vision

    Then complete these activities…

    • Finalize and document roadmap for executive socialization

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Focus on a strong foundation to build higher value service management practices

    Info-Tech Insight

    Focus on behaviors and expected outcomes before processes.

    Foundational elements

    • Operating model facilitates service management goals
    • Culture of service delivery
    • Governance discipline to evaluate, direct, and monitor
    • Management discipline to deliver

    Stabilize

    • Deliver stable, reliable IT services to the business
    • Respond to user requests quickly and efficiently
    • Resolve user issues in a timely manner
    • Deploy changes smoothly and successfully

    Proactive

    • Avoid/prevent service disruptions
    • Improve quality of service (performance, availability, reliability)

    Service Provider

    • Understand business needs
    • Ensure services are available
    • Measure service performance, based on business-oriented metrics

    Strategic Partner

    • Fully aligned with business
    • Drive innovation
    • Drive measurable value

    Info-Tech Insight

    Continued leadership support of the foundational elements will allow delivery teams to provide value to the business. Set the expectation of the desired maturity level and allow teams to innovate.

    Identify themes that can help you build a strong foundation before moving to higher level practices

    A model is depicted that shows the various target states. There are 6 levels showing in the example, and the example is made to look like a tree with a character watering it. In the roots, the level is labelled foundational. The trunk is labelled the core. The lowest hanging branches of the tree is the stabilize section. Above it is the proactive section. Nearing the top of the tree is the service provider. The top most branches of the tree is labelled strategic partner.

    Before moving to advanced service management practices, you must ensure that the foundational and core elements are robust enough to support them. Leadership must nurture these practices to ensure they are sustainable and can support higher value, more mature practices.

    Use Info-Tech’s “Service Management Roadmap” template to document your vision, themes and initiatives

    The Service Management Roadmap Presentation Template contains a roadmap template to help communicate your vision, themes to be addressed, and initiatives

    A screenshot of Info-Tech's Service Management Roadmap template is shown.

    Working from the lower maturity items to the higher value practices, identify logical groupings of initiatives into themes. This will aid in communicating the reasons for the needed changes. List the individual initiatives below the themes. Adding the service management vision and mission statements can help readers understand the roadmap.

    Document your service management roadmap

    1. Document the service management vision and mission on the roadmap template.
    2. Identify, from the assessments, areas that need to be improved or implemented.
    3. Group the individual initiatives into logical themes that can ease communication of what needs to happen.
    4. Document the individual initiatives.
    5. Document in terms that business partners and executive sponsors can understand.

    INPUT

    • Current-state assessment outputs
    • Maturity model

    OUTPUT

    • Service management roadmap

    Materials

    • Whiteboard
    • Roadmap template

    Participants

    • All stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    A screenshot of activity 3.1 is shown.

    Identify themes to address items from the foundational level up to higher value service management practices

    Identify easily understood themes that will help others understand the expected outcomes within your organization.

    A screenshot of activity 3.2 is shown.

    Document individual initiatives that contribute to the themes

    Identify specific activities that will close gaps identified in the assessments.

    PHASE 2

    Build Communication Slide

    Complete your service management roadmap

    This step will walk you through the following activities:

    • Use the current-state assessment exercises to document the state of your service management practices. Document examples of the behaviors that are currently seen.
    • Document the expected short-term gains. Describe how you want the behaviors to change.
    • Document the long-term vision for each item and describe the benefits you expect to see from addressing each theme.

    Step Insights

    • Use the communication template to acknowledge the areas that need to be improved and paint the short- and long-term vision for the improvements to be made through executing the roadmap.
    • Write it in business terms so that it can be used widely to gain acceptance of the upcoming changes that need to occur.
    • Include specific areas that need to be fixed to make it more tangible.
    • Adding the values from the vision, mission, and values exercise can also help you set expectations about how the team will behave as they move towards the longer-term vision.

    Phase 4 Outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Build the Service Management Roadmap

    Step 4.1: Document the Current State

    Start with an analyst kick-off call:

    • Review the pain points identified from the current state analysis
    • Discuss tactics to address specific pain points

    Then complete these activities…

    • Socialize the pain points within the service delivery teams to ensure nothing is being misrepresented
    • Gather ideas for the future state

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Step 4.2: List the Future Vision

    Review findings with analyst:

    • Review short- and long-term vision for improvements for the pain points identified in the current state analysis

    Then complete these activities…

    • Prepare to socialize the roadmap
    • Ensure long-term vision is aligned with organizational objectives

    With these tools & templates:

    Service Management Roadmap Presentation Template

    Use Info-Tech’s “Service Management Roadmap – Brought to Life” template to paint a picture of the future state

    The Service Management Roadmap Presentation Template contains a communication template to help communicate your vision of the future state

    A screenshot of Info-Tech's Service Management Roadmap - Brought to Life template

    Use this template to demonstrate how existing pain points to delivering services will improve over time by painting a near- and long-term picture of how things will change. Also list specific initiatives that will be launched to affect the changes. Listing the values identified in the vision, mission, and values exercise will also demonstrate the team’s commitment to changing behavior to create better outcomes.

    Document your current state and list initiatives to address them

    1. Use the previous assessments and feedback from business or customers to identify current behaviors that need addressing.
    2. Focus on high-impact items for this document, not an extensive list.
    3. An example of step 1 and 2 are shown.
    4. List the initiatives or actions that will be used to address the specific pain points.

    An example of areas for improvement.

    INPUT

    • Current-state assessment outputs
    • Feedback from business

    OUTPUT

    • Service Management Roadmap Communication Tool, in the Service Management Roadmap Presentation

    Materials

    • Whiteboard
    • Roadmap template

    Participants

    • All stakeholders

    Document your future state

    An example of document your furture state is shown.

    1. For each pain point document the expected behaviors, both short term and longer term.
    2. Write in terms that allow readers to understand what to expect from your service management practice.

    INPUT

    • Current-state assessment outputs
    • Feedback from business

    OUTPUT

    • Service Management Roadmap Communication Tool, in the Service Management Roadmap Presentation Template

    Materials

    • Whiteboard
    • Roadmap template

    Participants

    • All stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst is shown.

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    A screenshot of activity 4.1 is shown.

    Identify the pain points and initiatives to address them

    Identify items that the business can relate to and initiatives or actions to address them.

    4.2

    A screenshot of activity 4.2 is shown.

    Identify short- and long-term expectations for service management

    Communicate the benefits of executing the roadmap both short- and long-term gains.

    Research contributors and experts

    Photo of Valence Howden

    Valence Howden, Principal Research Director, CIO Practice

    Info-Tech Research Group

    Valence helps organizations be successful through optimizing how they govern, design, and execute strategies, and how they drive service excellence in all work. With 30 years of IT experience in the public and private sectors, he has developed experience in many information management and technology domains, with focus in service management, enterprise and IT governance, development and execution of strategy, risk management, metrics design and process design, and implementation and improvement.

    Photo of Graham Price

    Graham Price, Research Director, CIO Practice

    Info-Tech Research Group

    Graham has an extensive background in IT service management across various industries with over 25 years of experience. He was a principal consultant for 17 years, partnering with Fortune 500 clients throughout North America, leveraging and integrating industry best practices in IT service management, service catalog, business relationship management, IT strategy, governance, and Lean IT and Agile.

    Photo of Sharon Foltz

    Sharon Foltz, Senior Workshop Director

    Info-Tech Research Group

    Sharon is a Senior Workshop Director at Info-Tech Research Group. She focuses on bringing high value to members via leveraging Info-Tech’s blueprints and other resources enhanced with her breadth and depth of skills and expertise. Sharon has spent over 15 years in various IT roles in leading companies within the United States. She has strong experience in organizational change management, program and project management, service management, product management, team leadership, strategic planning, and CRM across various global organizations.

    Related Info-Tech Research

    Build a Roadmap for Service Management Agility

    Extend the Service Desk to the Enterprise

    Bibliography

    • “CIOs Emerge as Disruptive Innovators.” CSC Global CIO Survey: 2014-2015. Web.
    • “Digital Transformation: How Is Your Organization Adapting?” CIO.com, 2018. Web.
    • Goran, Julie, Laura LaBerge, and Ramesh Srinivasan. “Culture for a digital age.” McKinsey, July 2017. Web.
    • The Qualities of Leadership: Leading Change. Cornelius & Associates, 14 April 2012.
    • Wilkinson, Paul. “Culture, Ethics, and Behavior – Why Are We Still Struggling?” ITSM Tools, 5 July 2018. Web.

    Build an Extensible Data Warehouse Foundation

    • Buy Link or Shortcode: {j2store}342|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Data warehouse implementation is a costly and complex undertaking, and can end up not serving the business' needs appropriately.
    • Too heavy a focus on technology creates a data warehouse that isn’t sustainable and ends up with poor adoption.
    • Emerging data sources and technologies add complexity to how the appropriate data is made available to business users.

    Our Advice

    Critical Insight

    • A data warehouse is a project; but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Governance, not technology needs to be the core support system for enabling a data warehouse program.
    • Understand business processes at the operational, tactical, and ad hoc levels to ensure a fit-for-purpose DW is built.

    Impact and Result

    • Leverage an approach that focuses on constructing a data warehouse foundation that is able to address a combination of operational, tactical, and ad hoc business needs.
    • Invest time and effort to put together pre-project governance to inform and provide guidance to your data warehouse implementation.
    • Develop “Rosetta Stone” views of your data assets to facilitate data modeling.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Build an Extensible Data Warehouse Foundation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the data warehouse is becoming an important tool for driving business value, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for the data warehouse foundation project

    Begin the data warehouse foundation by defining the project and governance teams, as well as reviewing supporting data management practices.

    • Build an Extensible Data Warehouse Foundation – Phase 1: Prepare for the Data Warehouse Foundation Project
    • Data Warehouse Foundation Project Plan Template
    • Data Warehouse Work Breakdown Structure Template
    • Data (Warehouse) Architect
    • Data Integration Specialist
    • Business Intelligence Specialist
    • Director of Data Warehousing/Business Intelligence
    • Data Warehouse Program Charter Template
    • Data Warehouse Steering Committee Charter Template

    2. Establish the business drivers and data warehouse strategy

    Using the business activities as a guide, develop a data model, data architecture, and technology plan for a data warehouse foundation.

    • Build an Extensible Data Warehouse Foundation – Phase 2: Establish the Business Drivers and Data Warehouse Strategy
    • Business Data Catalog
    • Data Classification Inventory Tool
    • Data Warehouse Architecture Planning Tool
    • Master Data Mapping Tool

    3. Plan for data warehouse governance

    Start developing a data warehouse program by defining how users will interact with the new data warehouse environment.

    • Build an Extensible Data Warehouse Foundation – Phase 3: Plan for Data Warehouse Governance
    • Data Warehouse Standard Operating Procedures Template
    • Data Warehouse Service Level Agreement
    [infographic]

    Workshop: Build an Extensible Data Warehouse Foundation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare for the Data Warehouse Foundation Project

    The Purpose

    Identify the members of the foundation project team.

    Define overarching statements and define success factors/risks.

    Outline basic project governance.

    Key Benefits Achieved

    Defined membership, roles, and responsibilities involved in the foundation project.

    Establishment of a steering committee as a starting point for the data warehouse program.

    Activities

    1.1 Identify foundation project team and create a RACI chart.

    1.2 Understand what a data warehouse can and cannot enable.

    1.3 Define critical success factors, key performance metrics, and project risks.

    1.4 Develop rough timelines for foundation project completion.

    1.5 Define the current and future states for key data management practices.

    Outputs

    Job Descriptions and RACI

    Data Warehouse Steering Committee Charter

    Data Warehouse Foundation Project Plan

    Work Breakdown Structure

    2 Establish the Business Drivers and Data Warehouse Strategy

    The Purpose

    Define the information needs of the business and its key processes.

    Create the components that will inform an appropriate data model.

    Design a data warehouse architecture model.

    Key Benefits Achieved

    Clear definition of business needs that will directly inform the data and architecture models.

    Activities

    2.1 Understand the most fundamental needs of the business.

    2.2 Define the data warehouse vision, mission, purpose, and goals.

    2.3 Detail the most important operational, tactical, and ad hoc activities the data warehouse should support.

    2.4 Link the processes that will be central to the data warehouse foundation.

    2.5 Walk through the four-column model and business entity modeling as a starting point for data modeling.

    2.6 Create data models using the business data glossary and data classification.

    2.7 Identify master data elements to define dimensions.

    2.8 Design lookup tables based on reference data.

    2.9 Create a fit-for-purpose data warehousing model.

    Outputs

    Data Warehouse Program Charter

    Data Warehouse Vision and Mission

    Documentation of Business Processes

    Business Entity Map

    Business Data Glossary

    Data Classification Scheme

    Data Warehouse Architecture Model

    3 Plan for Data Warehouse Governance

    The Purpose

    Create a plan for governing your data warehouse efficiently and effectively.

    Key Benefits Achieved

    Documentation of current standard operating procedures.

    Identified members of a data warehouse center of excellence.

    Activities

    3.1 Develop a technology capability map to visualize your desired state.

    3.2 Establish a data warehouse center of excellence.

    3.3 Create a data warehouse foundation roadmap.

    3.4 Define data warehouse service level agreements.

    3.5 Create standard operating procedures.

    Outputs

    Technology Capability Map

    Project Roadmap

    Service Level Agreement

    Data Warehouse Standard Operating Procedure Workbook

    Why learn from Tymans Group?

    The TY classes contain in-depth learning material based on over 30 years of experience in IT Operations and Resilience.

    You receive the techniques, tips, tricks, and "professional secrets" you need to succeed in your resilience journey.

    Why would I share "secrets?"

    Because over time, you will find that "secrets" are just manifested experiences.

    What do I mean by that? Gordon Ramsay, who was born in 1966 like me, decided to focus on his culinary education at age 19. According to his Wikipedia page, that was a complete accident. (His Wikipedia page is a hoot to read, by the way.) And he has nothing to prove anymore. His experience in his field speaks for itself.

    I kept studying in my original direction for just one year longer, but by 21, I founded my first company in Belgium in 1987, in the publishing industry. This was extended by IT experiences in various sectors, like international publishing and hospitality, culminating in IT for high-velocity international financial markets and insurance.

    See, "secrets" are a great way to get you to sign up for some "guru" program that will "tell all!" Don't fall for it, especially if the person is too young to have significant experience.

    There are no "secrets." There is only experience and 'wisdom." And that last one only comes with age.

    If I were in my 20s, 30s, or 40s, there is no chance I would share my core experiences with anyone who could become my competitor. At that moment, I'm building my own credibility and my own career. I like helping people, but not to the extent that it will hurt my prospects. 

    And that is my second lesson: be always honest about your intentions. Yes, always. 

    At the current point in my career, "hurting my prospects" is less important. Yes, I still need to make a living, and in another post, I will explain more about that. Here, I feel it is important to share my knowledge and experience with the next people who will take my place in the day-to-day operations of medium and large corporations. And that is worth something. Hence, "sharing my secrets."

    Gert

    Why learn about resilience from us?

    This is a great opportunity to learn from my 30+ years of resilience experience. TY's Gert experienced 9/11 in New York, and he was part of the Lehman Disaster Recovery team that brought the company back within one (one!) week of the terrorist attack.

    He also went through the London Bombings of 2005 and the 2008 financial crisis, which required fast incident responses, the Covid 2020 issues, and all that entailed. Not to mention that Gert was part of the Tokyo office disaster response team as early as 1998, ensuring that Salomon was protected from earthquakes and floods in Japan.

    Gert was part of the solution (for his clients) to several further global events, like the admittedly technical log4J event in 2021, the 2024 Crowdstrike event, and many other local IT incidents, to ensure that clients could continue using the services they needed at that time.

    Beyond the large corporate world, we helped several small local businesses improve their IT resilience with better cloud storage and security solutions. 

    These solutions and ways of thinking work for any business, large or small.

    The TY team

    Explore our resilience solutions.

    Assess Infrastructure Readiness for Digital Transformation

    • Buy Link or Shortcode: {j2store}300|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    There are many challenges for I&O when it comes to digital transformation, including:

    • Legacy infrastructure technical debt
    • Skills and talent in the IT team
    • A culture that resists change
    • Fear of job loss

    These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation.

    Our Advice

    Critical Insight

    By using the framework of culture, competencies, collaboration and capabilities, organizations can create dimensions in their I&O structure in order to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence though the effective integration of people, process, and technology.

    Impact and Result

    By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.

    Assess Infrastructure Readiness for Digital Transformation Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Infrastructure Readiness for Digital Transformation – Unlock the full potential of your infrastructure with a digital transformation strategy and clear the barriers for success.

  • Be customer centric as opposed to being technology driven.
  • Understanding business needs and pain points is key to delivering solutions.
  • Approach infrastructure digital transformation in iterations and look at this as a journey.
    • Assess Infrastructure Readiness for Digital Transformation Storyboard
    • I&O Digital Transformation Maturity Assessment Tool

    Infographic

    Further reading

    Assess Infrastructure Readiness for Digital Transformation

    Unlock the full potential of your infrastructure with a digital transformation strategy and clear the barriers to success.

    Analyst Perspective

    It’s not just about the technology!

    Many businesses fail in their endeavors to complete a digital transformation, but the reasons are complex, and there are many ways to fail, whether it is people, process, or technology. In fact, according to many surveys, 70% of digital transformations fail, and it’s mainly down to strategy – or the lack thereof.

    A lot of organizations think of digital transformation as just an investment in technology, with no vision of what they are trying to achieve or transform. So, out of the gate, many organizations fail to undergo a meaningful transformation, change their business model, or bring about a culture of digital transformation needed to be seriously competitive in their given market.

    When it comes to I&O leaders who have been given a mandate to drive digital transformation projects, they still must align to the vision and mission of the organization; they must still train and hire staff that will be experts in their field; they must still drive process improvements and align the right technology to meet the needs of a digital transformation.

    John Donovan

    John Donovan

    Principal Research Director, I&O
    Info-Tech Research Group

    Insight summary

    Overarching insight

    Digital transformation requires I&O teams to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence through effective integration of people, process, and technology.

    Insight 1

    Collaboration is a key component of I&O – Promote strong collaboration between I&O and other business functions. When doing a digital transformation, it is clear that this is a cross-functional effort. Business leaders and IT teams need to align their objectives, prioritize initiatives, and ensure that you are seamlessly integrating technologies with the new business functions.

    Insight 2

    Embrace agility and adaptability as core principles – As the digital landscape continues to evolve, it is paramount that I&O leaders are agile and adaptable to changing business needs, adopting new technology and implementing new innovative solutions. The culture of continuous improvement and openness to experimentation and learning will assist the I&O leaders in their journey.

    Insight 3

    Future-proof your infrastructure and operations – By anticipating emerging technologies and trends, you can proactively plan and organize your team for future needs. By investing in scalable, flexible infrastructure such as cloud services, automation, AI technologies, and continuously upskilling the IT staff, you can stay relevant and forward-looking in the digital space.

    Tactical insight

    An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployment of services.

    Tactical insight

    Having a clear strategy, with leadership commitment along with hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.

    Executive Summary

    Your Challenge

    There are a lot of challenges for I&O when it comes to digital transformation, including:

    • Legacy infrastructure technical debt.
    • Skills and talent in the IT team.
    • A culture that resists change.
    • Fear of job loss.

    These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation.

    Common Obstacles

    Many obstacles to digital transformation begin with non-I&O activities, including:

    • Lack of a clear vision and strategy.
    • Siloed organizational structure.
    • Lack of governance and data management.
    • Limited budget and resources.

    By addressing these obstacles, I&O will have a better chance of a successful transformation and delivering the full potential of digital technologies.

    Info-Tech's Approach

    Building a culture of innovation by developing clear goals and creating a vision will be key.

    • Be customer centric as opposed to being technology driven.
    • Understand the business needs and pain points in order to effectively deliver solutions.
    • Approach infrastructure digital transformation in iterations and look at it as a journey.

    By completing the Info-Tech digital readiness questionnaire, you will see where you are in terms of maturity and areas you need to concentrate on.

    Info-Tech Insight

    By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.

    The cost of digital transformation

    The challenges that stand in the way of your success, and what is needed to reverse the risk

    What CIOs are saying about their challenges

    26% of those CIOs surveyed cite resistance to change, with entrenched viewpoints demonstrating a real need for a cultural shift to enhance the digital transformation journey.

    Source: Prophet, 2019.

    70% of digital transformation projects fall short of their objectives – even when their leadership is aligned, often with serious consequences.

    Source: BCG, 2020.

    Having a clear strategy and commitment from leadership, hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.

    Info-Tech Insight

    Cultural change, business alignment, skills training, and setting a clear strategy with KPIs to demonstrate success are all key to being successful in your digital journey.

    Small and medium-sized enterprises

    What business owners and CEOs are saying about their digital transformation

    57% of small business owners feel they must improve their IT infrastructure to optimize their operations.

    Source: SMB Story, 2023.

    64% of CEOs believe driving digital transformation at a rapid pace is critical to attracting and retaining talent and customers.

    Source: KPMG, 2022.

    Info-Tech Insight

    An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployments.

    Implement DevOps Practices That Work

    • Buy Link or Shortcode: {j2store}155|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $42,916 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • In today’s world, business agility is essential to stay competitive. Quick responses to business needs through efficient development and deployment practices are critical for business value delivery.
    • Organizations are looking to DevOps as an approach to rapidly deliver changes, but they often lack the foundations to use DevOps effectively.

    Our Advice

    Critical Insight

    Even in a highly tool-centric view, it is the appreciation of DevOps core principles that will determine your success in implementing its practices.

    Impact and Result

    • Understand the basics of DevOps-related improvements.
    • Assess the health and conduciveness of software delivery process through Info-Tech Research Group’s MATURE framework.

    Implement DevOps Practices That Work Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement DevOps, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Examine your current state

    Understand the current state of your software delivery process and categorize existing challenges in it.

    • DevOps Readiness Survey

    2. MATURE your delivery lifecycle

    Brainstorm solutions using Info-Tech Research Group’s MATURE framework.

    • DevOps Roadmap Template

    3. Choose the right metrics and tools for your needs

    Identify metrics that are insightful and valuable. Determine tools that can help with DevOps practices implementation.

    • DevOps Pipeline Maturity Assessment

    4. Select horizons for improvement

    Lay out a schedule for enhancements for your software process to make it ready for DevOps.

    [infographic]

    Workshop: Implement DevOps Practices That Work

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Examine Your Current State

    The Purpose

    Set the context for improvement.

    Key Benefits Achieved

    Provide a great foundation for an actionable vision and goals that people can align to.

    Activities

    1.1 Review the outcome of the DevOps Readiness Survey.

    1.2 Articulate the current-state delivery process.

    1.3 Categorize existing challenges using PEAS.

    Outputs

    Baseline assessment of the organization’s readiness for introducing DevOps principles in its delivery process

    A categorized list of challenges currently evident in the delivery process

    2 MATURE Your Delivery Lifecycle

    The Purpose

    Brainstorm solutions using the MATURE framework.

    Key Benefits Achieved

    Collaborative list of solutions to challenges that are restricting/may restrict adoption of DevOps in your organization.

    Activities

    2.1 Brainstorm solutions for identified challenges.

    2.2 Understand different DevOps topologies within the context of strong communication and collaboration.

    Outputs

    A list of solutions that will enhance the current delivery process into one which is influenced by DevOps principles

    (Optional) Identify a team topology that works for your organization.

    3 Choose the Right Metrics and Tools for Your Needs

    The Purpose

    Select metrics and tools for your DevOps-inspired delivery pipeline.

    Key Benefits Achieved

    Enable your team to select the right metrics and tool chain that support the implementation of DevOps practices.

    Activities

    3.1 Identify metrics that are sensible and provide meaningful insights into your organization’s DevOps transition.

    3.2 Determine the set of tools that satisfy enterprise standards and can be used to implement DevOps practices.

    3.3 (Optional) Assess DevOps pipeline maturity.

    Outputs

    A list of metrics that will assist in measuring the progress of your organization’s DevOps transition

    A list of tools that meet enterprise standards and enhance delivery processes

    4 Define Your Release, Communication, and Next Steps

    The Purpose

    Build a plan laying out the work needed to be done for implementing the necessary changes to your organization.

    Key Benefits Achieved

    Roadmap of steps to take in the coming future.

    Activities

    4.1 Create a roadmap for future-state delivery process.

    Outputs

    Roadmap for future-state delivery process

    Do you believe in absolute efficiency?

    Weekend read. Hence I post this a bit later on Friday.
    Lately, I've been fascinated by infinity. And in infinity, some weird algebra pops up. Yet that weirdness is very much akin to what our business stakeholders want, driven by what our clients demand, and hence our KPIs drive us. Do more with less. And that is what absolute efficiency means.

    Register to read more …

    Drive Innovation With an Exponential IT Mindset

    • Buy Link or Shortcode: {j2store}107|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    To drive a rapid shift towards the adoption of emerging technology, CIOs need:

    • Highly specialized knowledge of emerging technology and trends
    • The ability to engage the business in co-creating value via emerging technology
    • The skills to manage complex enterprise risk
    • Strong governance processes which support enterprise change management

    Our Advice

    Critical Insight

    IT must lead the innovation capabilities that will drive the adoption of emerging technology across the enterprise. In an exponential world, IT needs to adopt business value targets and become a value creator rather limit itself to IT service targets and remain a cost center in the organization.

    Impact and Result

    Assess your innovation capability in five key areas supporting Exponential IT:

    • Organizational Excellence
    • Insights & Intelligence
    • Agile Ideation
    • Team Capabilities
    • Innovation Operations

    Drive Innovation With an Exponential IT Mindset Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Drive Innovation With an Exponential IT Mindset – Learn about the new era of exponential innovation and the capabilities needed to succeed.

    This research walks you through how to assess your capabilities to lead enterprise innovation and drive Exponential IT.

    • Drive Innovation With an Exponential IT Mindset Storyboard

    2. Innovation Readiness Assessment – Assess your readiness to drive innovation and the adoption of emerging technology.

    This tool will facilitate your readiness assessment.

    • Innovation Readiness Assessment
    [infographic]

    Further reading

    Drive Innovation With an Exponential IT Mindset

    Are you ready to drive the adoption of autonomous business capabilities?

    A diagram that shows exponential IT

    Analyst Perspective

    IT must develop new capabilities to drive emerging tech adoption

    Traditionally, CIOs have struggled to gain the trust of the executive leadership team and be recognized as business leaders rather than just technical leaders. In fact, based on a 2023 study by Info-Tech Research Group, only 36% of CIOs report directly to the CEO with most of the remainder reporting through either the CFO or COO.

    Exponential IT requires that CIOs gain a seat at the table and build the capabilities necessary to not only lead the transformation of their business but also drive the innovation that will lead to enterprise adoption of emerging technologies. CIOs will be required to gain a detailed understanding of their business and in-depth knowledge of emerging technologies so that they can match business opportunities with technology capabilities, while managing risk and change.

    This research will help CIOs identify the capabilities they need to transform the business, and better understand where they must mature their capabilities to drive Exponential IT.

    Photo of Kim Osborne Rodriguez
    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    To drive a rapid shift toward adopting emerging technology, CIOs need:

    • Highly specialized knowledge of emerging technology and trends
    • The ability to engage the business in co-creating value via emerging technology
    • The skills to manage complex enterprise risk
    • Strong governance processes which support enterprise change management

    Common Obstacles

    Exponential IT is dramatically shifting how IT engages the business. Many CIOs are unprepared.

    • Innovation is increasingly important for competitive advantage and business growth, narrowing the gap between large and small players.
    • Over 80% of CXOs believe their CIOs are currently unable to drive change within the business.[1]
    • 40% of CXOs anticipate that IT must be able to transform the business to maintain relevance.[1]

    Info-Tech's Approach

    Is your IT team ready to drive the adoption of emerging technology? Assess your innovation capability in five key areas supporting Exponential IT:

    • Organizational Excellence
    • Insights & Intelligence
    • Agile Ideation
    • Team Capabilities
    • Innovation Operations

    [1] Info-Tech CXO-CIO diagnostic benchmark data, 2022, n=76

    Info-Tech Insight

    IT must lead the innovation capabilities that will drive the adoption of emerging technology across the enterprise. In an exponential world, IT needs to adopt business value targets and become a value creator rather than limit itself to IT service targets and remain a cost center in the organization.

    Drive innovation with an Exponential IT mindset

    Your ability to capture enterprise value from autonomization relies on your innovation capabilities and potential. Is your IT team ready to drive the adoption of AI-driven business processes? Assess your innovation readiness in five key areas supporting Exponential IT.

    A diagram that shows 5 key areas of exponential IT

    IT must rapidly mature

    If IT leaders cannot lead the transformation, then the business will move forward without them.

    Only 3% of CXOs report that their IT department can transform the business. Most IT organizations (81%) still struggle to adequately support the business.

    A diagram that shows IT maturity and exponential IT

    A diagram that shows IT capabilities Based on a Survey of CXOs (n=76)

    Common obstacles

    Leverage Exponential IT to drive value from the adoption of emerging tech

    The most common obstacles to innovation are cultural, including politics, lack of alignment on goals, misaligned culture, and an inability to act on indicators of change.[1]

    CIOs struggle to get a seat at the table and influence change. Info-Tech research shows that only 36% of CIOs report directly to the CEO, with over a third reporting to another C-suite leader such as a COO or CFO.[2]

    [1] Harvard Business Review, 2018
    [2] Info-Tech Research Group CIO Time Study, 2023

    Info-Tech Insight

    To drive change, CIOs need to gain the trust of their senior leadership team. Getting a seat at the table should be the first step for any CIO looking to transform their business.

    Many CIOs struggle to be seen as business leaders

    36%

    Only 36% of CIOs report directly to the CEO.

    Source: Info-Tech Research Group, 2023.

    48%

    48% of Boards report that they lack frequent or direct lines of communication with their CIOs.

    Source: CIO Dive, 2022

    Executive Brief: Case Study

    Logo of RBC Royal Bank

    • INDUSTRY: Financial Services
    • SOURCE: Borealis AI

    Borealis AI drives AI-powered transformation at Royal Bank of Canada

    Borealis AI is a research center backed by RBC Royal Bank, tasked with researching, designing, and building AI products and tools which transform the financial services industry. It gathers researchers with backgrounds in artificial intelligence (AI), computer vision, natural language processing (NLP), computer science, computational finance, mathematics, and machine learning (ML) to create solutions in areas including asynchronous temporal models, non-cooperative learning in competing markets, and causal machine learning from observational data.

    Results

    Borealis AI has created many innovative products for RBC, including:

    • NOMI Forecast: an award-winning personal financial management tool
    • Turing by Borealis AI: a text-to-SQL database interface using NLP
    • Aiden: an AI-powered electronic trading tool using reinforcement learning

    In 2023, Borealis AI won the Best Use of AI for Customer Experience award from The Digital Banker, for the NOMI Forecast app, which has been downloaded by nearly a million RBC clients since launching in 2021.


    "NOMI Forecast is a cutting-edge AI solution that uses deep learning to offer timely and accurate predictions of our clients' cashflow. Powered by our unique datasets, these AI models have been trained to deliver personalized experiences for RBC clients,"
    — Foteini Agrafioti, Chief Science Officer at RBC and Head of Borealis AI

    IT needs to connect emerging technology with business opportunities

    A diagram that shows exponential innovation, emerging technology, business opportunities.

    Emerging tech is driving business change

    A diagram that shows exponential innovation and its 5 elements.

    Innovation is critical for business success, but succeeding is more difficult than ever

    Emerging tech brings new challenges for organizations looking to create a competitive advantage. Access to sophisticated tools with minimal upfront costs have lowered the barriers to entry and democratized innovation, particularly among smaller players. The explosion of data processing & collaboration tools has allowed more focused and data-driven innovation efforts through analysis and insights, increasing the competitive advantage for those who get it right.

    This has led to an accelerated pace of change as autonomous business processes start driving their own market shifts. The rise of autonomous business processes creates exponential reward, but also exponential risk for early adopters.

    Innovation is increasingly critical for competitive growth

    IT innovation leadership explains 75% of the variation in satisfaction with IT (Source: Info-Tech Research Group survey, n=305) and is the fourth-highest priority for IT end users.

    A 7-year review by McKinsey (2020) showed that the most innovative companies[1] outperformed the market by upwards of 30%.

    A 25-year study by Business Development Canada & Statistics Canada showed that innovation was more important to business success than management, human resources, marketing, or finance.

    [1]Top innovators are defined as companies which were listed on Fast Company World's 50 Most Innovative Companies for 2+ years.

    Adapt your approach to innovation

    Both traditional and exponential (AI-driven) innovation is important for business success

    IT as a fast execution engine

    Ideal for developing new methods, products, or services which provide value to the organization

    Can be led by IT or the business, depending on the scope of innovation (IT generally leads IT/internal innovation while the business leads customer-focused innovation)

    Often follows the pace of the business

    IT is a fast executor on requests generated by the business

    Leverages Agile to develop new ideas and products, and uses DevOps to put into production


    Use Info-Tech's research to Build your Enterprise Innovation Program

    IT as an exponential innovation leader

    Ideal for driving the enterprise adoption of emerging tech and autonomous business capabilities

    Led by IT, which brings the understanding of emerging technology and can link opportunities to business problems

    Driven by a faster pace of change, which requires more frequent assessment of emerging technology

    IT is a fast executor on ideas and uses partnerships to drive execution

    Leverages Agile, machine learning operations (MLOps), DataOps and product design to test and implement ideas

    Use this research to successfully drive innovation with an Exponential IT mindset

    Measure the value of this blueprint

    Transformation efforts fail over 75% of the time[1] resulting in millions of dollars of lost revenue[2]

    Our research indicates that most organizations would take months to prepare this type of assessment without our resources. That's nearly 70 work hours spent researching and gathering data to support due diligence, for a total cost of thousands of dollars. Improve your success rate by understanding what's needed to successfully drive innovation.

    [1] Lombard, 2022
    [2] FutureCIO, 2022

    A photo of Establish a baseline

    A diagram that shows Estimated time commitment without Info-Tech's research (person-hours)

    Establish a baseline

    Gauge the effectiveness of this research by completing the following table before and after using this blueprint:

    A diagram that shows Establish a baseline

    How to use this research

    Five tips to get the most out of your readiness assessment

    1. Each category consists of five competencies, with a maximum of five points each. The maximum score on this assessment is 100 points.
    2. Effectiveness levels range from basic (Level 1) to advanced (Level 5). Level 1 is generally considered the baseline for most effectively operating organizations. If your organization is struggling with Level 1 competencies, focus on those before pursuing higher maturity areas.
    3. This assessment is qualitative. Complete the assessment to the best of your ability, based on the scoring rubric provided. If you fall between levels, use the lower one in your assessment.
    4. The scoring rubric may not perfectly fit the processes and practices within every organization. Consider the spirit of the description and score accordingly.
    5. Other industry- and region-specific competencies may be required to succeed at exponential innovation. The competencies in this assessment are a starting point, and internal validation and assessments should be conducted to uncover additional competencies and skills.

    Assess your innovation readiness:

    1. Organizational Excellence

    • Innovation mandate
    • Transformational leadership
    • Culture of innovation
    • Vision & strategy

    Organizational excellence sets the stage for innovation.

    "Innovation distinguishes between a leader and a follower." – Steve Jobs, Apple Founder

    Without strong leadership, innovation efforts are almost certain to fail. Innovation requires buy-in and support, a leader who walks the talk, culture which supports risk taking and allows failure, and a clear and compelling vision. Without these elements in place, transformation efforts are a fifteen times more likely to fail [1] – and waste time and money along the way.

    [1] Lombard, 2022.

    Focus on innovation to deliver business value

    Satisfaction drives IT value, and innovation leadership drives satisfaction with IT

    Strong leadership is critical to the success of innovation. A global survey of 600 business leaders pointed to leadership as the best predictor of innovation success[1] and showed a strong correlation between leadership ability and innovation capabilities.

    Innovation leadership starts with a mandate from the senior leadership team and requires a clearly articulated vision and strategy to deliver the intended benefits to the organization. A survey of 270 business leaders showed that over a third of them struggled with articulating the right strategy or vision, hindering their efforts to innovate.[2]

    45% of business leaders report that cultural issues stifle their innovation efforts, and 55% report unhealthy politics which cause infighting that negatively affects their organization.[2]

    [1] McKinsey, 2008
    [2] Harvard Business Review, 2018

    The importance of leadership

    75% of high IT satisfaction scores are associated with a strong ability to lead innovation.
    Source: Info-Tech Research Group survey, n=305

    Struggling to get a seat at the table?

    It can be challenging to drive innovation efforts without trust and buy-in from senior leadership. Start with small initiatives and build your reputation by consistently delivering on your commitments.

    Leadership starts with a mandate

    Build your innovation leadership with the following capabilities:

    Innovation mandate: There is strong support and trust from the senior leadership team, which gives IT leaders the opportunity to lead innovation despite any temporary failure. IT leaders are well-informed about and have input into business decisions.

    Transformational leadership: IT leaders are influential change agents, not only within their organization but across their industry or community. They inspire others and actively collaborate with external partners, driving change beyond their organization.

    Culture of innovation: Innovative cultures generally demonstrate ten behaviors that are most closely correlated with innovation success: growth mindset, learning-focused, psychological safety, curiosity, trust, willingness to fail, collaboration, diverse perspectives, autonomy, and appropriate risk-taking. These behaviors are embedded in the organization and strongly demonstrated in daily work.

    Vision & strategy: The innovation vision and strategy are continuously refined and adapted to changing market and emerging technology trends. Emerging technology innovation is second nature in the organization, and it becomes a leader in driving change across the industry.

    Additional resources for Organizational Excellence

    Photo of Build your Enterprise Innovation Program

    Build your Enterprise Innovation Program

    Define your innovation mandate
    Articulate your vision and guiding principles
    Build a culture of innovation

    Photo of Manage Your CXO Relations

    Manage Your CXO Relations

    Successfully manage CXO relationships to get a seat at the table and build your mandate to drive innovation

    Photo of CIO

    Become a Transformational CIO

    Build the capabilities to drive transformation as an IT leader in your organization

    Assess your innovation readiness:

    2. Insights & Intelligence

    • Business context
    • Strategic foresight
    • Emerging tech expertise
    • Strategic alignment

    The foundation of innovation is data.

    "Without data you're just another person with an opinion." – Edwards Deming, Statistician

    Having comprehensive and accurate data about the problems you hope to solve is critical to realizing the benefits of innovation. Build your understanding of the business and ability to predict how trends will impact your industry, then stay on top of emerging tech and align solutions with strategic business capabilities.

    Act on strategic indicators

    Build the ability to go from data to intelligence to insights

    Info-Tech data shows that businesses are 93% more likely to be satisfied with IT when their IT teams have a better understanding of the business. Teams need to understand who your organization serves, how it delivers value, and what its goals are.

    When seeking to capitalize on emerging technology opportunities, businesses face an execution challenge. 82% of business leaders report being able to identify leading indicators of change, but less than two thirds of them are confident in their ability to act on those indicators.[1]

    A report by Leadership IQ noted that only 29% of the 21,008 employees surveyed considered their leader's vision consistently well aligned with the organizational vision.[2] Strategic alignment is not just important from a results perspective. It impacts employee motivation: employees with strong leadership alignment are 24% more likely to give their best at work.[2]

    [1] Harvard Business Review, 2018
    [2] Leadership IQ, 2020

    Strategic Foresight Challenges

    82% of business leaders say they can correctly identify leading indicators of change…

    …however, only 58% feel confident in their abilities to act on these indicators.

    Source: Harvard Business Review, 2018

    You must understand the business

    Develop key insights and intelligence with the following capabilities:

    Business context: IT actively participates in the business as a value creator and innovator, proactively disrupting the business and driving the adoption of emerging tech that drives exponential value.

    Strategic foresight: IT not only embraces emerging technologies, but actively drives innovation and disruption through their adoption. IT is adept at using trends to drive exploration and can quickly execute on initiatives.

    Emerging tech expertise: There is an expert-level understanding of emerging technologies including their capabilities, limitations, risks, trends, and potential use cases. IT proactively drives the adoption of emerging technology.

    Strategic alignment: IT proactively uses the business strategy to drive adoption of emerging technology and identify new opportunities. Each initiative has clear metrics and targets which directly impact business targets.

    Additional resources for Intelligence & Insights

    Photo of Tech Trends 2023

    Tech Trends 2023

    Like a chess grandmaster, CIOs must play both sides of the board. Emerging technologies present opportunities to attack, but it's necessary to protect from a volatile board.

    Photo of innovation

    Establish a Foresight Capability

    To be recognized and validated as a forward-thinking CIO, you must establish a structured approach to innovation that considers external trends alongside internal processes.

    Photo of Build a Business-Aligned IT Strategy

    Build a Business-Aligned IT Strategy

    Elicit the business context and identify strategic initiatives that are most important to the organization while building a plan to execute on it.

    Assess your innovation readiness:

    3. Agile Ideation

    • Data-driven decision making
    • Ability to identify opportunities
    • Business engagement
    • Risk management

    IT must use data to drive the ideation process, engaging the business to identify opportunities – all while managing risk.

    "Innovation is key. Only those who have the agility to change with the market and innovate quickly will survive."- Robert Kiyosaki, Entrepreneur & Author

    Many Agile concepts are used in the process of innovation, regardless of whether the formal Agile methodology is used. Fast iterations ("fail fast"), lessons learned, and risk management are equally important for ideation as they are for execution. This category evaluates IT's ability to drive the ideation process at the enterprise level.

    Use data to drive agility

    Effectively using data has a threefold impact in the quality of decisions

    A diagram that shows data-driven journey

    Agility is critical for innovation, particularly when adopting emerging technology. AI and other emerging technologies are accelerating the pace of change and driving a necessary increase in how quickly organizations must adapt.

    Data is also critical when building a case for change. A survey of over 1,000 senior business leaders showed that organizations that effectively use data to drive decision making are three times more likely to report significant improvements in the quality of their decisions.[1]

    [1] Harvard Business School Online, 2019

    Start with the business

    The business must be involved in ideation. Develop the skills needed to engage the business and identify challenges and opportunities.

    Engage the business to deliver value

    Build your proficiency in the following ideation capabilities:

    Data-driven decision making: Data is proactively collected from multiple internal and external sources to inform innovation strategies. Continuous monitoring of innovation provides a strong rationale for outcomes and benefits. Data governance, quality, and privacy measures are in place to ensure data quality.

    Ability to identify opportunities: IT actively shapes the future of the organization and the industry by proactively identifying business opportunities for emerging technology and leading the way in their adoption. Experiments and pilots are often industry firsts.

    Business engagement: IT enables the business by engaging at all levels to identify and refine emerging technology opportunities. They effectively communicate benefits and risks in business terms, while understanding business needs and challenges. IT collaborates with the business to establish innovation centers or communities of practice.

    Risk management: There is a proactive and holistic approach to risk management, considering both opportunities and threats associated with emerging technology adoption. IT and the business continually anticipate and monitor emerging risks, evaluate the effectiveness of risk management practices, and adapt them to evolving technology landscapes.

    Additional resources for Agile Ideation

    Photo of Develop Your Agile Approach for a Successful Transformation

    Develop Your Agile Approach for a Successful Transformation

    Understand Agile fundamentals, principles, and practices so you can apply them effectively in your organization.

    Photo of Build an IT Risk Management Program

    Build an IT Risk Management Program

    Risk is inevitable. Without a formal management program, you may be unaware of your greatest IT risks.

    Reacting to risks after they occur can be costly and devastating, yet this is one of the most common tactics used by IT departments.

    Photo of business innovation

    Kick-Start IT-Led Business Innovation

    Business demand for new technology is intensifying pressure to innovate and executive stakeholders expect more from IT. If IT is not considered a source of innovation, its perceived value decreases, and the threat of shadow IT grows. Don't wait to start finding and capitalizing on opportunities for IT-led innovation.

    Assess your innovation readiness:

    4. Team Capabilities

    • Resourcing & investment
    • Talent & skills
    • Change management
    • Partnerships & ecosystem

    Ensure you have the right resources and skills needed to drive innovation.

    "The best way to predict the future is to invent it." – Alan Kay, Computer Scientist

    Resourcing and skills are critical building blocks for driving innovation, and without a strong understanding of emerging technology and the processes needed to adopt it, organizations will falter at driving change.

    Develop the right resourcing, skills, change management, and partnerships to drive Exponential IT.

    Develop key skills

    Scaled Agile (SAFe): Scaled Agile is a framework for implementing Agile and lean methodologies at the enterprise level or outside of a single team.

    Development operations (DevOps): A methodology for software development which includes practices and tools that support the development lifecycle.

    Data operations (DataOps): A set of tools and processes that support data management within an organization. Typically used when training AI on a specialized data set.

    Analytics: The systematic analysis of information used to discover, interpret, and communicate insights gleaned from patterns in data. Analytics typically generate insights that support data-driven decision making.

    Machine learning operations (MLOps): Tools and processes that support the development of machine learning (ML) models, including AI and large language models (LLM). Can include expertise in computer science, natural language processing (NLP), computer vision, computational algorithms, mathematics, and ML expertise.

    Artificial intelligence operations (AIOps): Leveraging AI to develop autonomous business processes at the enterprise level.

    Mature your emerging technology capabilities

    Agile: Build the methodologies to drive execution
    DevOps: Drive the software development lifecycle
    DataOps: Effectively manage data
    Analytics: Develop insights from data
    MLOps: Develop machine learning tools
    AIOps: Build autonomous business processes

    Manage the building blocks of innovation

    Resourcing & investment: IT manages a well-defined and substantial budget dedicated to innovation, which is integrated into the overall strategic planning and decision-making processes. Investments are made in a holistic and forward-looking manner, considering the long-term implications and potential disruption caused by emerging technologies.

    Talent & skills: Teams exhibit thought leadership and innovate within emerging technologies, including advanced machine learning engineering, MLOps, DataOps, and analytics. Employees actively contribute to the advancement of these technologies, engage in research and development, and explore new applications and use cases.

    Change management: This is a core competency led by change champions and change management professionals. There is a strategic approach to driving and sustaining change, focusing on long-term adoption and continuous improvement. Change management is embedded in the organizational culture, and there is a proactive effort to foster change agility and build change capability at all levels.

    Partnerships & ecosystems: IT builds an orchestrated innovation ecosystem for the adoption of emerging technology. They take a proactive role in orchestrating collaboration among ecosystem partners. The organization acts as a catalyst for innovation, bringing together diverse partners to address complex challenges and drive transformative solutions.

    Additional resources for Team Capabilities

    Photo of Drive Technology Adoption

    Drive Technology Adoption

    The project isn't over if the new product or system isn't being used. How do you ensure that what you've put in place will not be ignored or only partially adopted? People are more complicated than any new system and managing them through change requires careful planning.

    Photo of team discussion

    Extend Agile Practices Beyond IT

    Further the benefits of Agile by extending a scaled Agile framework to the business.

    Not all lessons from scaling Agile to IT are transferable. IT Agile scaling processes are tailored to IT's scope, team, and tools, which may not account for diverse attributes within your organization.

    Photo of Managing Exponential Value Relationships

    Managing Exponential Value Relationships

    Successfully managing outcome-based relationships requires a higher degree of trust than traditional vendor relationships. Building trust comes from sharing risks and rewards between organizations and vendors.

    Assess your innovation readiness:

    5. Innovation Execution

    • Governance
    • Embedded security
    • Infrastructure
    • Ability to execute

    Can you deliver results? Develop the capability to execute on innovative ideas.

    "What good is an idea if it remains an idea? Try. Experiment. Fail. Try again. Change the world." – Simon Sinek, Author, Motivational Speaker

    The foundational elements of innovation significantly overlap with the activities you must do to excel at core IT operations. Build your ability to execute quickly on innovative ideas and build the trust of the enterprise.

    Rapidly execute on innovative ideas

    IT must be able to successfully manage the foundational capabilities of innovation

    The foundational capabilities of innovation are central to many core IT processes: governance, security, supporting infrastructure, and the ability to execute on ideas are all critical to running an effective IT shop.

    IT governance is a critical and embedded practice ensuring information and technology investments, risks, and resources are aligned in the organization's best interests while producing business value. Effective governance ensures that the right technology investments are made at the right time to support and enable your organization's mission, vision, and goals.

    A diagram that shows Info-Tech's IT Governance Framework and Security Framework

    Build foundational capabilities

    The ability to rapidly execute on ideas is fundamental not only to innovation but also running an effective IT organization.

    Develop foundational IT capabilities

    The ability to execute is based on key foundational capabilities, including:

    Governance: Adaptable and automated governance guides effective innovation and supports the adoption of emerging technology. Decision making is flexible and can move quickly to enable the implementation of new technologies. Responsibility and authority are aligned across all levels of the organization.

    Embedded security: Security and privacy controls are embedded in the applications and technologies deployed across the enterprise. Security is built into the organizational culture, with a strong focus on promoting security awareness and fostering a security-first mindset.

    Infrastructure: IT infrastructure is modern, adaptive, and future-proof. Infrastructure should support a range of emerging technology applications, including the flexibility to adapt to future use cases. There is a focus on agility, scalability, flexibility, and interoperability.

    Ability to execute: The IT team drives rapid innovation across the organization and can reliably execute and collaborate with internal and external partners. They are pivotal in driving innovation initiatives that align with the organization's strategic objectives. Agile methodologies and practices are embedded in the culture of the team.

    Additional resources for Innovation Execution

    Photo of Make Your IT Governance Adaptable

    Make Your IT Governance Adaptable

    Produce more value from IT by developing a governance framework optimized for your current needs and context, with the ability to adapt as your needs shift.

    Create the foundation and ability to delegate and empower governance to enable agile delivery.

    Photo of Build an Information Security Strategy

    Build an Information Security Strategy

    Many security leaders struggle to decide how best to prioritize their scarce information security resources.

    The need to move from a reactive security approach toward a strategic planning approach is clear. The path to getting there is less so.

    Photo of Exploit Disruptive Infrastructure Technology

    Exploit Disruptive Infrastructure Technology

    Accurate predicting isn't easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, it's difficult to predict which specific technologies will become disruptive.

    Activity 1: Assess your readiness for exponential innovation

    Input: Core competencies; Knowledge of internal processes and capabilities
    Output: Readiness assessment
    Materials: Exponential Innovation Assessment Tool; Whiteboard/Flip charts
    Participants: Executive leadership team, including CIO; Other internal stakeholders of vendor partnerships

    1-3 hours

    1. Gather key stakeholders from across your organization to participate in the readiness assessment exercise.
    2. As a group, review the core competencies from the following five sections and determine where your organization's effectiveness lies for each competency. Record your responses in the Exponential Innovation Assessment Tool.

    Download the Exponential Innovation Assessment Tool

    Interpret your results

    Understand your readiness and determine the next steps to operationalize exponential innovation.

    Once you have completed the readiness assessment, use Info-Tech's maturity ladder to identify next steps and recommendations.

    It is usually very challenging to lead innovation with a total score less than 50. Lower maturity organizations should focus on maturing the foundational aspects of innovation, such as those in the Innovation Execution and Team Capabilities categories, and core IT processes.

    For higher maturity organizations (those with total scores 50 or higher), first focus on getting all capabilities to a minimum of Level 3, then work on progressing maturity starting with foundational categories and working upwards:

    A diagram that shows innovation readiness

    Determine your readiness

    A diagram that shows Innovation Maturity ladder

    Activity 2: Create an action plan

    Input: Readiness assessment
    Output: Action plan to improve maturity of capabilities
    Materials: Exponential Innovation Assessment Tool; Whiteboard/Flip charts
    Participants: Executive leadership team, including CIO; Other internal stakeholders of vendor partnerships

    1 hour

    1. Gather the stakeholders who participated in the readiness assessment exercise.
    2. As a group, review the results of the readiness assessment. Were there any surprises? Do the results reflect your understanding of the organization's maturity?
    3. Determine which areas are likely to limit the organization's innovation capability, based on lowest scoring areas and relative importance to the organization.
    4. Break out into groups and have each group identify three actions the organization could take to mature the lowest scoring areas.
    5. Bring the group back together and prioritize the actions. Note who will be accountable for each next step.
    6. Identify additional Info-Tech research that can assist with improving your maturity (see additional resources in this blueprint).

    Author

    Photo of Kim Osborne Rodriguez
    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Kim is a professional engineer and Registered Communications Distribution Designer (RCDD) with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach, with a track record of supporting successful projects.

    Kim holds a Bachelor's degree in Honours Mechatronics Engineering and an option in Management Sciences from University of Waterloo.

    Research Contributors and Experts

    Photo of Jack Hakimian
    Jack Hakimian
    Senior Vice President
    Info-Tech Research Group

    Jack has more than 25 years of Technology and Management Consulting experience. He has served multi-billion-dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served many large public sector institutions.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master's degree in Computer Engineering and an MBA from the ESCP-EAP European School of Management.


    Photo of Mark Tauschek
    Mark Tauschek
    Vice President, Infrastructure & Operations Research
    Info-Tech Research Group

    Mark has hands-on network design and deployment experience across verticals including healthcare, education, manufacturing, retail, and entertainment. He has extensive knowledge in the areas of technology research, process development, vendor selection, and project management. He holds specific expertise in wireless networking and mobile technologies.

    Mark holds an MBA from the Richard Ivey School of Business at the University of Western Ontario and many professional wireless technology certifications.


    Photo of Michael Tweedie
    Michael Tweedie
    Practice Lead, CIO Strategy
    Info-Tech Research Group

    Mike Tweedie brings over 25 years as a technology executive. He's led several large transformation projects across core infrastructure, application and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.

    Mike holds a Bachelor's degree in Architecture from Ryerson University.


    Photo of Donna Bales
    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Donna Bales is a Principal Research Director in the CIO Practice at Info-Tech Research Group specializing in research and advisory services in IT risk, governance, and compliance. She brings over 25 years of experience in strategic consulting and product development and has a history of success in leading complex, multi-stakeholder industry initiatives.

    Donna has a Bachelor's degree in Economics from the University of Western Ontario.


    Photo of Isabelle Hertanto
    Isabelle Hertanto
    Principal Research Director, Security & Privacy
    Info-Tech Research Group

    Isabelle Hertanto has over 15 years of experience delivering specialized IT services to the security and intelligence community. As a former federal officer for Public Safety Canada, Isabelle trained and led teams on data exploitation and digital surveillance operations in support of Canadian national security investigations. Since transitioning into the private sector, Isabelle has held senior management and consulting roles across a variety of industry sectors, including retail, construction, energy, healthcare, and the broader Canadian public sector.


    Photo of Aaron Shum
    Aaron Shum
    Vice President, Security, Privacy, Risk & Compliance
    Info-Tech Research Group

    Aaron Shum is a Vice President in the Security & Privacy Research and Advisory Practice at Info-Tech Research Group. With 25+ years of experience across IT, InfoSec, and Data Privacy, he currently specializes in helping organizations implement comprehensive information security and cybersecurity programs and comply with data privacy regulations such as the European Union's General Data Protection Regulation and the California Privacy Rights Act.


    Photo of Reiaz Somji
    Reiaz Somji
    Managing Director, Consulting
    Info-Tech Research Group

    As a client-focused strategist with strong organizational acumen, Reiaz leverages his 20+ years of management consulting experience to help C-suite executives and managers navigate the integration of changing technology with business goals. He is currently a managing director in Info-Tech's consulting division and leads its Infrastructure practice.


    Photo of Hans Eckman
    Hans Eckman
    Principal Research Director, Applications
    Info-Tech Research Group

    Hans Eckman is a business transformation leader helping organizations connect business strategy and innovation to operational excellence. He supports Info-Tech members in SDLC optimization, Agile and DevOps implementation, CoE/CoP creation, innovation program development, application delivery, and leadership development. Hans is based out of Atlanta, Georgia.


    Photo of Irina Sedenko
    Irina Sedenko
    Research Director, Data & Analytics
    Info-Tech Research Group

    Irina brings more than 20 years of information management experience and demonstrated expertise in big data, advanced analytics, machine learning, and AI. Her experience includes designing and implementing enterprise content management systems, defining data and analytics strategy to support business goals and objectives, creating data governance to enable data initiatives, and providing guidance to the client teams. She led teams through data lake implementation to enable advanced analytics capabilities and has hands-on data science and machine learning experience.

    Research Contributors

    Photo of Bill Macgowan
    Bill Macgowan
    Director, Smart Building Digitization
    Cisco


    Photo of Barry Wiech
    Barry Wiech
    Chief Digital and Information Officer
    Sime Darby Industrial


    Photo of Tim Dunn
    Tim Dunn
    Chief Information Officer
    Department of Energy & Public Works (Queensland)


    Photo of Sudip Ghosh
    Sudip Ghosh
    Group Manager, Office of the CIO
    Star Entertainment Group



    Samantha Rose
    Contract Manager
    Department of Energy & Public Works (Queensland)

    Bibliography

    Altringer, Beth. "A New Model for Innovation in Big Companies." Harvard Business Review. 19 Nov. 2013. Accessed 15 June 2023. https://hbr.org/2013/11/a-new-model-for-innovation-in-big-companies

    Bar Am, Jordan et al. "Innovation in a Crisis: Why it is More Critical Than Ever." McKinsey & Company, 17 June 2020. Accessed 15 June 2023. https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/innovation-in-a-crisis-why-it-is-more-critical-than-ever

    Barsh, Joanna et al. "Leadership and Innovation." McKinsey Quarterly, 1 Jan 2008. Accessed 7 July 2023. https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/leadership-and-innovation

    Borealis AI. "RBC Wins Best Use of AI for Customer Experience for NOMI Forecast." Borealis AI Blog, 28 Apr 2023. Accessed 13 June 2023. https://www.borealisai.com/news/rbc-wins-best-use-of-ai-for-customer-experience-for-nomi-forecast/

    Boston Consulting Group, "Most Innovative Companies 2022." BGC, 15 Sept. 2022. Accessed 15 June 2023. https://www.bcg.com/en-ca/publications/2022/innovation-in-climate-and-sustainability-will-lead-to-green-growth

    BrainyQuote. "Innovation Quotes." Accessed 19 June 2023. https://www.brainyquote.com/topics/innovation-quotes

    Christensen, Clayton M. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business Review Press, 2016.

    Cleroux, Pierre. The "I" Word. BDC. Accessed 1 Aug 2023. https://www.bdc.ca/en/articles-tools/blog/innovation-no-1-factor-business-success

    FutureCIO Editors. "Failed transformation can result in US$6 million in lost revenue." FutureCIO, 29 Apr 2022. Accessed 10 Jul 2023. https://futurecio.tech/failed-transformation-can-result-in-us6-million-in-lost-revenue/

    Goodreads. "W. Edwards Deming Quotes." Accessed 19 June 2023. https://www.goodreads.com/quotes/7327935-without-data-you-re-just-another-person-with-an-opinion

    Haefner, Naomi et al. "Artificial intelligence and innovation management: A review, framework, and research agenda." Technological Forecasting and Social Change, Volume 162, 2021. Accessed 15 June 2023. https://www.sciencedirect.com/science/article/pii/S004016252031218X

    IBM. "The new AI innovation equation." IBM Website. 13 Oct 2016. Accessed 15 June 2023. https://www.ibm.com/watson/advantage-reports/future-of-artificial-intelligence/ai-innovation-equation.html

    Isomaki, Atte. "60+ Innovation Quotes and What They Can Teach You." Viima, 19 Mar 2019. Accessed 6 July 2023. https://www.viima.com/blog/innovation-quotes

    Kay, Alan. "The best way to predict the future is to invent it." Quote Park, 3 June 2021. Accessed 15 June 2023. https://quotepark.com/quotes/1893243-alan-kay-the-best-way-to-predict-the-future-is-to-invent-it/

    Kirsner, Scott. "The Biggest Obstacles to Innovation in Large Companies." Harvard Business Review, 30 July 2018. Accessed 15 June 2023. https://hbr.org/2018/07/the-biggest-obstacles-to-innovation-in-large-companies

    Kiyosaki, Robert. "Innovation is key. Only those who have the agility to change with the market and innovate quickly will survive." AZ Quotes, 11 Dec. 2013. Accessed 15 June 2023.

    Leadership IQ. "The State Of Leadership Development." Leadership IQ, 2020. Accessed 6 July 2023. https://www.leadershipiq.com/blogs/leadershipiq/leadership-development-state

    Lombard, Charl. "Defining Digital: A New Approach to Digital Transformation." Info-Tech LIVE Conference, 2022. https://tymansgrpup.com/videos/defining-digital-a-new-approach-to-digital-transformation

    Murphy, Mark. "A Shocking Number Of Leaders Are Not Aligned With Their Companies' Visions." Forbes, 28 Aug 2020. Accessed 6 Jul 2023. https://www.forbes.com/sites/markmurphy/2020/08/28/a-shocking-number-of-leaders-are-not-aligned-with-their-companies-visions

    Seymour, Harriet et al. "How to unlock a scientific approach to change management with powerful data insights." IBM, 11 Jan 2023. Accessed 6 July 2023. https://www.ibm.com/blog/how-to-unlock-a-scientific-approach-to-change-management-with-powerful-data-insights/

    Sinek, Simon. "What good is an idea if it remains an idea? Try. Experiment. Fail. Try again. Change the world." Praxie, n.d. https://praxie.com/top-innovation-quotes/

    Stobierski, Tim. "The Advantages of Data-Driven Decision-Making." Harvard Business School Online, 26 Aug 2019. Accessed 6 July 2023. https://online.hbs.edu/blog/post/data-driven-decision-making

    Torres, Roberto. "How tech leaders can earn C-suite trust." CIO Dive, 1 Jul 2022. Accessed 7 Jul 2023. https://www.ciodive.com/news/C-suite-trust-CIO-executives/626476/

    Tushman, Michael et al. "Change Management Is Becoming Increasingly Data-Driven. Companies Aren't Ready." Harvard Business Review, 23 Oct 2017. Accessed 6 Jul 2023. https://hbr.org/2017/10/change-management-is-becoming-increasingly-data-driven-companies-arent-ready

    Weick, Karl and Kathleen Sutcliffe. Managing the Unexpected: Sustained Performance in a Complex World, Third Edition. John Wiley & Sons, 2015.

    Agile Enterprise Architecture Operating Model

    • Buy Link or Shortcode: {j2store}581|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $31,106 Average $ Saved
    • member rating average days saved: 33 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model

    Establish an enterprise architecture practice that:

    • Leverages an operating model that promotes/supports agility within the organization.
    • Embraces business, data, application, and technology architectures in an optimal mix.
    • Is Agile in itself and will be sustainable and reactive to business needs, staying relevant and “profitable” – continuously delivering business value.

    Our Advice

    Critical Insight

    • Use your business and EA strategy and design principles to right-size standardized operating models to fit your EA organization’s needs.
    • You need to define a sound set of design principles before commencing with the design of your EA organization.
    • The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provides services to.
    • A phased approach and a good communication strategy is key to the success of the new EA organization.
    • Start with one group and work out the hurdles before rolling it out organization-wide.
    • Make sure that you communicate regularly on wins but also on hurdles and how to overcome them.

    Impact and Result

    • The organization design approach proposed will aim to provide twofold agility: the ability to stretch and shrink depending on business requirements and the promotion of agility in architecture delivery.
    • By recognizing that agility comes in different flavors, organizations using more traditional design patterns will also benefit from the approach advocated by this blueprint.

    Agile Enterprise Architecture Operating Model Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out create an Agile EA operating model to execute the EA function, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design your EA operating model

    You need to define a sound set of design principles before commencing with the design of your EA organization.

    • Agile EA Operating Model Communication Deck
    • Agile EA Operating Model Workbook
    • Business Architect
    • Application Architect
    • Data Architect
    • Enterprise Architect

    2. Define your EA organizational structure

    The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provide services to.

    • EA Views Taxonomy
    • EA Operating Model Template
    • Architecture Board Charter Template
    • EA Policy Template
    • EA Compliance Waiver Form Template

    3. Implement the EA operating model

    A phased approach and a good communications strategy are key to the success of the new EA organization.

    • EA Roadmap
    • EA Communication Plan Template
    [infographic]

    Workshop: Agile Enterprise Architecture Operating Model

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 EA Function Design

    The Purpose

    Identify how EA looks within the organization and ensure all the necessary skills are accounted for within the function.

    Key Benefits Achieved

    EA is designed to be the most appropriately placed and structured for the organization.

    Activities

    1.1 Place the EA department.

    1.2 Define roles for each team member.

    1.3 Find internal and external talent.

    1.4 Create job descriptions with required proficiencies.

    Outputs

    EA organization design

    Role-based skills and competencies

    Talent acquisition strategy

    Job descriptions

    2 EA Engagement Model

    The Purpose

    Create a thorough engagement model to interact with stakeholders.

    Key Benefits Achieved

    An understanding of each process within the engagement model.

    Create stakeholder interaction cards to plan your conversations.

    Activities

    2.1 Define each engagement process for your organization.

    2.2 Document stakeholder interactions.

    Outputs

    EA Operating Model Template

    EA Stakeholder Engagement Model Template

    3 EA Governance

    The Purpose

    Develop EA boards, alongside a charter and policies to effectively govern the function.

    Key Benefits Achieved

    Governance that aids the EA function instead of being a bureaucratic obstacle.

    Adherence to governace.

    Activities

    3.1 Outline the architecture review process.

    3.2 Position the architecture review board.

    3.3 Create a committee charter.

    3.4 Make effective governance policy.

    Outputs

    Architecture Board Charter Template

    EA Policy Template

    4 Architecture Development Framework

    The Purpose

    Create an operating model that is influenced by universal standards including TOGAF, Zachmans, and DoDAF.

    Key Benefits Achieved

    A thoroughly articulated development framework.

    Understanding of the views that influence each domain.

    Activities

    4.1 Tailor an architecture development framework to your organizational context.

    Outputs

    EA Operating Model Template

    Enterprise Architecture Views Taxonomy

    5 Operational Plan

    The Purpose

    Create a change management and communication plan or roadmap to execute the operating model.

    Key Benefits Achieved

    Build a plan that takes change management and communication into consideration to achieve the wanted benefits of an EA program.

    Effectively execute the roadmap.

    Activities

    5.1 Create a sponsorship action plan.

    5.2 Outline a communication plan.

    5.3 Execute a communication roadmap.

    Outputs

    Sponsorship Action Plan

    EA Communication Plan Template

    EA Roadmap

    The MVP Major Incident Manager

    The time has come to hire a new major incident manager. How do you go about that? How do you choose the right candidate? Major incident managers must have several typically conflicting traits, so how do you pick the right person? Let's dive into that.

    Register to read more …

    Asset Management

    • Buy Link or Shortcode: {j2store}1|cart{/j2store}
    • Related Products: {j2store}1|crosssells{/j2store}
    • Up-Sell: {j2store}1|upsells{/j2store}
    • Download01-Title: Asset Management Executive Brief
    • Download-01: Visit Link
    • member rating overall impact: 9.1/10
    • member rating average dollars saved: $16,518
    • member rating average days saved: 19
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    Asset management has a clear impact on the financials of your company. Clear insights are essential to keep your spending at the right level.

    Asset Management

    Master Your Security Incident Response Communications Program

    • Buy Link or Shortcode: {j2store}321|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $2,339 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • When a significant security incident is discovered, usually very few details are known for certain. Nevertheless, the organization will need to say something to affected stakeholders.
    • Security incidents tend to be ongoing situations that last considerably longer than other types of crises, making communications a process rather than a one-time event.
    • Effective incident response communications require collaboration from: IT, Legal, PR, and HR – groups that often speak “different languages.”

    Our Advice

    Critical Insight

    • There’s no such thing as successful incident response communications; strive instead for effective communications. There will always be some fallout after a security incident, but it can be effectively mitigated through honesty, transparency, and accountability.
    • Effective external communications begin with effective internal communications. Security Incident Response Team members come from departments that don’t usually work closely with each other. This means they often have different ways of thinking and speaking about issues. Be sure they are familiar with each other before a crisis occurs.
    • You won’t save face by withholding embarrassing details. Lying only makes a bad situation worse, but coming clean and acknowledging shortcomings (and how you’ve fixed them) can go a long way towards restoring stakeholders’ trust.

    Impact and Result

    • Effective and efficient management of security incidents involves a formal process of preparation, detection, analysis, containment, eradication, recovery, and post-incident activities: communications must be integrated into each of these phases.
    • Understand that prior planning helps to take the guesswork out of incident response communications. By preparing for several different types of security incidents, the communications team will get used to working with each other, as well as learning what strategies are and are not effective. Remember, the communications team contains diverse members from various departments, and each may have different ideas about what information is important to release.

    Master Your Security Incident Response Communications Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement a security incident response communications plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Dive into communications planning

    This phase addresses the benefits and challenges of incident response communications and offers advice on how to assemble a communications team and develop a threat escalation protocol.

    • Master Your Security Incident Response Communications Program – Phase 1: Dive Into Communications Planning
    • Security Incident Management Plan

    2. Develop your communications plan

    This phase focuses on creating an internal and external communications plan, managing incident fallout, and conducting a post-incident review.

    • Master Your Security Incident Response Communications Program – Phase 2: Develop Your Communications Plan
    • Security Incident Response Interdepartmental Communications Template
    • Security Incident Communications Policy Template
    • Security Incident Communications Guidelines and Templates
    • Security Incident Metrics Tool
    • Tabletop Exercises Package
    [infographic]

    Determine Your Zero Trust Readiness

    • Buy Link or Shortcode: {j2store}249|cart{/j2store}
    • member rating overall impact: 9.8/10 Overall Impact
    • member rating average dollars saved: $24,574 Average $ Saved
    • member rating average days saved: 12 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting

    CISOs pushing for zero trust as their security strategy face several challenges including:

    • Understanding and clarifying the benefits of zero trust for the organization.
    • The inability to verify all business operations are maintaining security best practices.
    • Convincing business units to add more security controls that go against the grain of reducing friction in workflows while still demonstrating these controls support the business.

    Our Advice

    Critical Insight

    • Zero trust must benefit the business and security. Because the road to zero trust is an iterative process, IT security will need to constantly determine how different areas of zero trust will affect core business processes.
    • Zero trust reduces reliance on perimeter security. Zero trust is a strategy that solves how to move beyond the reliance on perimeter security and move controls to where the user accesses resources.
    • Not everyone can achieve zero trust, but everyone can adopt it. Zero trust will be different for every organization and may not be applicable in every control area. This means that zero trust is not a one-size-fits-all approach to IT security. Zero trust is the goal, but some organizations can only get so close to the ideal.

    Impact and Result

    Zero trust is a journey that uses multiple capabilities and requires multiple parties to contribute to an organization’s security. Use Info-Tech’s approach to:

    • Understand zero trust as a strategic platform for building your security roadmap.
    • Assess your current state and determine the benefits of adopting zero trust to help plan your roadmap.
    • Separate vendors from the hype surrounding zero trust to adopt a vendor-agnostic approach to your zero trust planning.

    Determine Your Zero Trust Readiness Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should determine your zero trust readiness, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand zero trust

    Recognize the zero trust ideal and understand the different zero trust schools of thought.

    2. Assess your zero trust readiness

    Assess and determine the benefits of zero trust and identify and evaluate vendors in the zero trust market.

    • Zero Trust Security Benefit Assessment Tool
    [infographic]

    Make Prudent Decisions When Increasing Your Salesforce Footprint

    • Buy Link or Shortcode: {j2store}134|cart{/j2store}
    • member rating overall impact: 8.9/10 Overall Impact
    • member rating average dollars saved: $55,224 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Too often, organizations fail to achieve economy of scale. They neglect to negotiate price holds, do not negotiate deeper discounts as volume increases, or do not realize there are already existing contracts within the organization.
    • Understand what to negotiate. Organizations do not know what can and cannot be negotiated, which means value gets left on the table.
    • Integrations with other applications must be addressed from the outset. Many users buy the platform only to realize later on that the functionality they wanted does not exist and may be an extra expense with customization.

    Our Advice

    Critical Insight

    • Buying power dissipates when you sign the contract. Get the right product for the right number of users for the right term and get it right the first time.
    • Getting the best price does not assure a great total cost of ownership or ROI. There are many components as part of the purchasing process that if unaccounted for can lead to dramatic and unbudgeted spend.
    • Avoid buyer’s remorse through due diligence before signing the deal. If you need to customize the software or extend it with a third-party add-in, identify your costs and timelines upfront. Plan for successful adoption.

    Impact and Result

    • Centralize purchasing instead of enabling small deals to maximize discount levels by creating a process to derive a cost-effective methodology when subscribing to Sales Cloud, Service Cloud, and Force.com.
    • Educate your organization on Salesforce’s licensing methods and contract types, enabling informed purchasing decisions. Critical components of every agreement that need to be negotiated are a renewal escalation cap, term protection, and license metrics to document what comes with each. Re-bundling protection is also critical in case a product is no longer desired.
    • Proactively addressing integrations and business requirements will enable project success and enable the regular upgrades the come with a multi-tenant cloud services SaaS solution.

    Make Prudent Decisions When Increasing Your Salesforce Footprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your Salesforce licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish software requirements

    Begin your journey by understanding whether Salesforce is the right CRM. Also proactively approach Salesforce licensing by understanding which information to gather and assessing the current state and gaps.

    • Make Prudent Decisions When Increasing Your Salesforce Footprint – Phase 1: Establish Software Requirements
    • Salesforce Licensing Purchase Reference Guide
    • RASCI Chart

    2. Evaluate licensing options

    Review current products and licensing models to determine which licensing models will most appropriately fit the organization's environment.

    • Make Prudent Decisions When Increasing Your Salesforce Footprint – Phase 2: Evaluate Licensing Options
    • Salesforce TCO Calculator
    • Salesforce Discount Calculator

    3. Evaluate agreement options

    Review Salesforce’s contract types and assess which best fits the organization’s licensing needs.

    • Make Prudent Decisions When Increasing Your Salesforce Footprint – Phase 3: Evaluate Agreement Options
    • Salesforce Terms and Conditions Evaluation Tool

    4. Purchase and manage licenses

    Conduct negotiations, purchase licensing, finalize a licensing management strategy, and enhance your CRM with a Salesforce partner.

    • Make Prudent Decisions When Increasing Your Salesforce Footprint – Phase 4: Purchase and Manage Licenses
    • Controlled Vendor Communications Letter
    • Vendor Communication Management Plan
    [infographic]

    Workshop: Make Prudent Decisions When Increasing Your Salesforce Footprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Software Requirements

    The Purpose

    Assess current state and align goals; review business feedback.

    Interview key stakeholders to define business objectives and drivers.

    Key Benefits Achieved

    Have a baseline for whether Salesforce is the right solution.

    Understand Salesforce as a solution.

    Examine all CRM options.

    Activities

    1.1 Perform requirements gathering to review Salesforce as a potential solution.

    1.2 Gather your documentation before buying or renewing.

    1.3 Confirm or create your Salesforce licensing team.

    1.4 Meet with stakeholders to discuss the licensing options and budget allocation.

    Outputs

    Copy of your Salesforce Master Subscription Agreement

    RASCI Chart

    Salesforce Licensing Purchase Reference Guide

    2 Evaluate Licensing Options

    The Purpose

    Review product editions and licensing options.

    Review add-ons and licensing rules.

    Key Benefits Achieved

    Understand how licensing works.

    Discuss licensing rules and their application to your current environment.

    Determine the product and license mix that is best for your requirements.

    Activities

    2.1 Determine the editions, licenses, and add-ons for your Salesforce CRM solution.

    2.2 Calculate total cost of ownership.

    2.3 Use the Salesforce Discount Calculator to ensure you are getting the discount you deserve.

    2.4 Meet with stakeholders to discuss the licensing options and budget allocation.

    Outputs

    Salesforce CRM Solution

    Salesforce TCO Calculator

    Salesforce Discount Calculator

    Salesforce Licensing Purchase Reference Guide

    3 Evaluate Agreement Options

    The Purpose

    Review terms and conditions of Salesforce contracts.

    Review vendors.

    Key Benefits Achieved

    Determine if MSA or term agreement is best.

    Learn what specific terms to negotiate.

    Activities

    3.1 Perform a T&Cs review and identify key “deal breakers.”

    3.2 Decide on an agreement that nets the maximum benefit.

    Outputs

    Salesforce T&Cs Evaluation Tool

    Salesforce Licensing Purchase Reference Guide

    4 Purchase and Manage Licenses

    The Purpose

    Finalize the contract.

    Discuss negotiation points.

    Discuss license management and future roadmap.

    Discuss Salesforce partner and implementation strategy.

    Key Benefits Achieved

    Discuss negotiation strategies.

    Learn about licensing management best practices.

    Review Salesforce partner options.

    Create an implementation plan.

    Activities

    4.1 Know the what, when, and who to negotiate.

    4.2 Control the flow of communication.

    4.3 Assign the right people to manage the environment.

    4.4 Discuss Salesforce partner options.

    4.5 Discuss implementation strategy.

    4.6 Meet with stakeholders to discuss licensing options and budget allocation.

    Outputs

    Salesforce Negotiation Strategy

    Vendor Communication Management Plan

    RASCI Chart

    Info-Tech’s Core CRM Project Plan

    Salesforce Licensing Purchase Reference Guide

    Design Your Cloud Operations

    • Buy Link or Shortcode: {j2store}462|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: 20 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Traditional IT capabilities, activities, organizational structures, and culture need to adjust to leverage the value of cloud, optimize spend, and manage risk.
    • Different stakeholders across previously separate teams rely on one another more than ever, but rules of engagement do not yet exist.

    Our Advice

    Critical Insight

    Define your target cloud operations state first, then plan how to get there. If you begin by trying to reconstruct on-prem operations in the cloud, you will build an operations model that is the worst of both worlds.

    Impact and Result

    • Assess your key workflows’ maturity for life in the cloud and evaluate your readiness and need for new ways of working
    • Identify the work that must be done to deliver value in cloud services
    • Design your cloud operations framework and communicate it clearly and succinctly to secure buy-in

    Design Your Cloud Operations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design Your Cloud Operations Deck – A step-by-step storyboard to help guide you through the activities and tools in this project.

    This storyboard will help you assess your cloud maturity, understand relevant ways of working, and create a meaningful design of your cloud operations that helps align team members and stakeholders.

    • Design Your Cloud Operations – Storyboard
    • Cloud Operations Design Sketchbook
    • Roadmap Tool

    2. Planning and design tools.

    Use these templates and tools to assess your current state, design the cloud operations organizing framework, and create a roadmap.

    • Cloud Maturity Assessment

    3. Communication tools.

    Use these templates and tools to plan how you will communicate changes to key stakeholders and communicate the new cloud operations organizing framework in an executive presentation.

    • Cloud Operations Communication Plan
    • Cloud Operations Organizing Framework: Executive Brief

    Infographic

    Workshop: Design Your Cloud Operations

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Day 1

    The Purpose

    Establish Context

    Key Benefits Achieved

    Alignment on target state

    Activities

    1.1 Assess current cloud maturity and areas in need of improvement

    1.2 Identify the drivers for organizational redesign

    1.3 Review cloud objectives and obstacles

    1.4 Develop organization design principles

    Outputs

    Cloud maturity assessment

    Project drivers

    Cloud challenges and objectives

    Organization design principles

    2 Day 2

    The Purpose

    Establish Context

    Key Benefits Achieved

    Understanding of cloud workstreams

    Activities

    2.1 Evaluate new ways of working

    2.2 Develop a workstream target statement

    2.3 Identify cloud work

    Outputs

    Workstream target statement

    Cloud operations workflow diagrams

    3 Day 3

    The Purpose

    Design the Organization

    Key Benefits Achieved

    Visualization of the cloud operations future state

    Activities

    3.1 Design a future-state cloud operations diagram

    3.2 Create a current-state cloud operations diagram

    3.3 Define success indicators

    Outputs

    Future-state cloud operations diagram

    Current-state cloud operations diagram

    Success indicators

    4 Day 4

    The Purpose

    Communicate the Changes

    Key Benefits Achieved

    Alignment and buy-in from stakeholders

    Activities

    4.1 Create a roadmap

    4.2 Create a communication plan

    Outputs

    Roadmap

    Communication plan

    Further reading

    It’s “day two” in the cloud. Now what?

    EXECUTIVE BRIEF

    Analysts’ Perspective

    The image contains a picture of Andrew Sharp.

    Andrew Sharp

    Research Director

    Infrastructure & Operations Practice

    It’s “day two” in the cloud. Now what?

    Just because you’re in the cloud doesn’t mean everyone is on the same page about how cloud operations work – or should work.

    You have an opportunity to implement new ways of working. But if people can’t see the bigger picture – the organizing framework of your cloud operations – it will be harder to get buy-in to realize value from your cloud services.

    Use Info-Tech’s methodology to build out and visualize a cloud operations organizing framework that defines cloud work and aligns it to the right areas.

    The image contains a picture of Nabeel Sherif.

    Nabeel Sherif

    Principal Research Director

    Infrastructure & Operations Practice

    The image contains a picture of Emily Sugerman.

    Emily Sugerman

    Research Analyst

    Infrastructure & Operations Practice

    Scott Young

    Principal Research Director

    Infrastructure & Operations Practice

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Widespread cloud adoption has created new opportunities and challenges:

    • Traditional IT capabilities, activities, organizational structures, and culture need to adjust to leverage the value of cloud, optimize spend, and manage risk.
    • Different stakeholders across previously separate teams rely on one another more than ever, but rules of engagement do not yet exist, leading to a lack of direction, employee frustration, missed work, inefficiency, and unacceptable risk.
    • Many organizations have bought their way into a SaaS portfolio. Now, as key applications leave their network, I&O leaders still have accountability for these apps, but little visibility and control over them.
    • Few organizations are, or will ever be, cloud only. Your operations will be both on-prem and in-cloud for the foreseeable future and you must be able to accommodate both.
    • Traditional infrastructure siloes no longer work for cloud operations, but key stakeholders are wary of significant change.

    Clearly communicate the need for operations changes:

    • Identify current challenges with cloud operations. Assess your readiness and fit for new ways of working involved in cloud operations: DevOps, SRE, Platform Engineering, and more.
    • Use Info-Tech’s templates to design a cloud operations organizing framework. Define cloud work, and align work to the right work areas.
    • Communicate the design. Gain buy-in from your key stakeholders for the considerable organizational change management required to achieve durable change.

    Info-Tech Insight

    Define your target cloud operations state first, then plan how to get there. If you begin by trying to reconstruct on-prem operations in the cloud, you will build an operations model that is the worst of both worlds.

    Your Challenge

    Traditional IT capabilities, activities, organizational structures, and culture need to adjust to leverage the value of cloud, optimize spend, and manage risk.

    • As key applications leave for the cloud, I&O teams are still expected to manage access, spend, and security but may have little or no visibility or control over the applications themselves.
    • The automation and self-service capabilities of cloud aren’t delivering the speed the business expected because teams don’t work together effectively.
    • Business leaders purchase their own cloud solutions because, from their point of view, IT’s processes are cumbersome and ineffective.
    • Accounting practices and governance mechanisms haven’t adjusted to enable new development practices and technologies.
    • Security and cost management requirements may not be accounted for by teams acquiring or developing solutions.
    • All of this contributes to frustration, missed work, wasteful spending, and unacceptable risk.

    Obstacles, by the numbers:

    85% of respondents reported security in the cloud was a serious concern.

    73% reported balancing responsibilities between a central cloud team and business units was a top concern.

    The average organization spent 13% more than they’d budgeted on cloud – even when budgets were expected to increase by 29% in the next year.

    32% of all cloud spend was estimated to be wasted spend.

    56% of operations professionals said their primary focus is cloud services.

    81% of security professionals thought it was difficult to get developers to prioritize bug fixes.

    42% of security professionals felt bugs were being caught too late in the development process.

    1. Flexera 2022 State of the Cloud Report. 2. GitLab DevSecOps 2021 Survey

    Cloud operations are different, but IT departments struggle to change

    • There’s no sense of urgency in the organization that change is needed, particularly from teams that aren’t directly involved in operations. It can be challenging to make the case that change is needed.
    • Beware “analysis paralysis”! With so many options, philosophies, approaches, and methodologies, it’s easy to be overwhelmed by choice and fail to make needed changes.
    • The solution to the problem requires organizational changes beyond the operations team, but you don’t have the authority to make those changes directly. Operations can influence the solution, but they likely can’t direct it.
    • Behavior, culture, and organizations take time and work to change. Progress is usually evolutionary – but this can also mean it feels like it’s happening too slowly.
    • It’s not just cloud, and it probably never will be. You’ll need to account for operating both on-premises and cloud technologies for the foreseeable future.

    Follow Info-Tech’s Methodology

    1. Ensure alignment with the risks and drivers of the business and understand your organization’s strengths and gaps for a cloud operations world.

    2. Understand the balance of different types of deliveries you’re responsible for in the cloud.

    3. Reduce risk by reinforcing the key operational pillars of cloud operations to your workstreams.

    4. Identify “work areas,” decide which area is responsible for what tasks and how work areas should interact in order to best facilitate desired business outcomes.

    The image contains a screenshot of a diagram demonstrating Info-Tech's Methodology, as described in the text above.

    Info-Tech Insight

    Start by designing operations around the main workflow you have for cloud services; i.e. If you mostly build or host in cloud, build the diagram to maximize value for that workflow.

    Operating Framework Elements

    Proper design of roles and responsibilities for each cloud workflow category will help reduce risk by reinforcing the key operational pillars of cloud operations.

    We base this on a composite of the well-architected frameworks established by the top global cloud providers today.

    Workflow Categories

    • Build
    • Host
    • Consume

    Key Pillars

    • Performance
    • Reliability
    • Cost Effectiveness
    • Security
    • Operational Excellence

    Risks to Mitigate

    • Changes to Support Model
    • Changes to Security & Governance
    • Changes to Skills & Roles
    • Replicating Old Habits
    • Misaligned Stakeholders

    Cloud Operations Design

    Info-Tech’s Methodology

    Assess Maturity and Ways of Working

    Define Cloud Work

    Design Cloud Operations

    Communicate and Secure Buy-in

    Assess your key workflows’ maturity for “life in the cloud,” related to Key Operational Pillars. Evaluate your readiness and need for new ways of working.

    Identify the work that must be done to deliver value in cloud services.

    Define key cloud work areas, the work they do, and how they should share information and interact.

    Outline the change you recommend to a range of stakeholders. Gain buy-in for the plan.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Cloud Maturity Assessment

    Assess the intensity and cloud maturity of your IT operations for each of the key cloud workstreams: Consume, Host, and Build

    The image contains screenshots of the Cloud Maturity Assessment.

    Communication Plan

    Identify stakeholders, what’s in it for them, what the impact will be, and how you will communicate over the course of the change.

    The image contains a screenshot of the Communcation Plan.

    Cloud Operations Design Sketchbook

    Capture the diagram as you build it.

    The image contains a screenshot of the Cloud Operations Design Sketchbook.

    Roadmap Tool

    Build a roadmap to put the design into action.

    The image contains a screenshot of the Roadmap Tool.

    Key deliverable:

    Cloud Operations Organizing Framework

    The Cloud Operations Organizing Framework is a communication tool that introduces the cloud operations diagram and establishes its context and justification.

    The image contains a screenshot of the Cloud Operations Organizing Framework.

    Project Outline

    Phase 1: Establish Context

    1.1: Identify challenges, opportunities, and cloud maturity

    1.2: Evaluate new ways of working

    1.3: Define cloud work

    Phase 2: Design the organization and communicate changes

    2.1: Design a draft cloud operations diagram

    2.2: Communicate changes

    Outputs

    Cloud Services Objectives and Obstacles

    Cloud Operations Workflow Diagrams

    Cloud Maturity Assessment

    Draft Cloud Operations Diagram

    Communication Plan

    Roadmap Tool

    Cloud Operations Organizing Framework

    Project benefits

    Benefits for IT

    Benefits for the business

    • Define the work required to effectively deliver cloud services to deliver business value.
    • Define key roles for operating cloud services.
    • Outline an operations diagram that visually communicates what key work areas do and how they interact.
    • Communicate needed changes to key stakeholders.
    • Receive more value from cloud services when the organization is structured to deliver value including:
      • Avoiding cost overruns
      • Securing services
      • Providing faster, more effective delivery
      • Increasing predictability
      • Reducing error rates

    Calculate the value of Info-Tech’s Methodology

    The value of the project is the delivery of organizational change that improves the way you manage cloud services

    Example Goal

    How this blueprint can help

    How you might measure success/value

    Streamline Responsibilities

    The operations team is spending too much time fighting applications fires, which is distracting it from needed platform improvements.

    • Identify shared and separate responsibilities for development and platform operations teams.
    • Focus the operations team on securing and automating cloud platform(s).
    • Reduce time wasted on back and forth between development and operations teams (20 hrs. per employee per year x 50 staff = 1000 hrs.).
    • Deliver automation features that reduces development lead time by one hour per sprint (40 devs x 20 sprints per yr. x 1 hr. = 800 hrs.).

    Improve Cost Visibility

    The teams responsible for cost management today don’t have the authority, visibility, or time to effectively find wasted spend.

    The teams responsible for cost management today don’t have the authority, visibility, or time to effectively find wasted spend.

    • Ensure operations contributes to visibility and execution of cost governance.
    • $1,000,000 annual spend on cloud services.
    • Of this, assume 32% is wasted spend ($320k).1
    • New cost management function has a target to cut waste by half next year saving ~$160k.
    • Cost visibility and capture metrics (e.g. accurate tagging metrics, right-sizing execution).
    1. Average wasted cloud spend across all organizations, from the 2022 Flexera State of the Cloud Report

    Understand your cloud vision and strategy before you redesign operations

    Guide your operations redesign with an overarching cloud vision and strategy that aligns to and enables the business’s goals.

    Cloud Vision

    The image contains a screenshot of the Define Your Cloud Vision.

    Cloud Strategy

    It is difficult to get or maintain buy-in for changes to operations without everyone on the same page about the basic value proposition cloud offers your organization.

    Do the workload and risk analysis to create a defensible cloud vision statement that boils down into a single statement: “This is how we want to use the cloud.”

    Once you have your basic cloud vision, take the next step by documenting a cloud strategy.

    Establish your steering committee with stakeholders from IT, business, and leadership to work through the essential decisions around vision and alignment, people, governance, and technology.

    Your cloud operations design should align to a cloud strategy document that provides guidelines on establishing a cloud council, preparing staff for changing skills, mitigating risks through proper governance, and setting a direction for migration, provisioning, and monitoring decisions.

    Key Insights

    Focus on the future, not the present

    Define your target cloud operations state first, then plan how to get there. If you begin by trying to reconstruct on-prem operations in the cloud, you will build an operations model that is the worst of both worlds.

    Responsibilities change in the cloud

    Understand what you mean by cloud work

    Focus where it matters

    Cloud is a different way of consuming IT resources and applications and it requires a different operational approach than traditional IT.

    In most cases, cloud operations involves less direct execution and more service validation and monitoring

    Work that is invisible to the customer can still be essential to delivering customer value. A lot of operations work is invisible to your organization’s customers but is required to deliver stability, security, efficiency, and more.

    Cloud work is not just applications that have been approved by IT. Consider how unsanctioned software purchased by the business will be integrated and managed.

    Start by designing operations around the main workflow you have for cloud services. If you mostly build or host in the cloud, build the diagram to maximize value for that workflow.

    Design principles will often change over time as the organization’s strategy evolves.

    Identify skills requirements and gaps as early as possible to avoid skills gaps later. Whether you plan to acquire skills via training or cross-training, hiring, contracting, or outsourcing, effectively building skills takes time.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Call #1: Scope requirements, objectives, and your specific challenges

    Calls #2&3: Assess cloud maturity and drivers for org. redesign

    Call #4: Review cloud objectives and obstacles

    Call #5: Evaluate new ways of working and identify cloud work

    Calls #6&7: Create your Cloud Operations diagram

    Call #8: Create your communication plan and build roadmap

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish Context

    Design the Organization and Communicate Changes

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1 Assess current cloud maturity and areas in need of improvement

    1.2 Identify the drivers for organizational redesign

    1.3 Review cloud objectives and obstacles

    1.4 Develop organization design principles

    2.1 Evaluate new ways of working

    2.2 Develop a workstream target statement

    2.3 Identify cloud work

    3.1 Design a future-state cloud operations diagram

    3.2 Create a current state cloud operations diagram

    3.3 Define success indicators

    4.1 Create a roadmap

    4.2 Create a communication plan

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. Cloud Maturity Assessment
    2. Cloud Challenges and Objectives
    1. Workstream target statement
    2. Cloud Operations Workflow Diagrams
    1. Future and current state cloud operations diagrams
    1. Roadmap
    2. Communication Plan

    Cloud Operations Organizing Framework.

    Phase 1:

    Establish context

    Phase 1

    Phase 2

    1.1 Establish operating model design principals by identifying goals & challenges, workstreams, and cloud maturity

    1.2 Evaluate new ways of working

    1.3 Identify cloud work

    2.1 Draft an operating model

    2.2 Communicate proposed changes

    Phase Outcomes:

    Define current maturity and which workstreams are important to your organization.

    Understand new operating approaches and which apply to your workstream balance.

    Identify a new target state for IT operations.

    Before you get started

    Set yourself up for success with these three steps:

    • This methodology and the related slides are intended to be executed via intensive, collaborative working sessions using the rest of this slide deck.
    • Ensure the working sessions are successful by working through these steps before you start work on defining your cloud operations.

    1. Identify an operations design working group

    2. Review cloud vision and strategy

    3. Create a working folder

    This should be a group with insight into current cloud challenges, and with the authority to drive change. This group is the main audience for the activities in this blueprint.

    Review your established planning work and documentation.

    Create a repository to house your notes and any work in progress.

    Create a working folder

    15 minutes

    Create a central repository to support transparency and collaboration. It’s an obvious step, but one that’s often forgotten.

    1. Download all the documents associated with this blueprint to a shared repository accessible to all participants. Keep separate folders for templates and work-in-progress.
    2. Share the link to the repository with all attendees. Include links to the repository in any meeting invites you set up as working sessions for the project.
    3. Use the repository for all the work you do in the activities listed in this blueprint.

    Step 1.1: Identify goals and challenges, workstreams, and cloud maturity

    Participants

    • Operations Design Working Group, which may include:
      • Cloud owners
      • Platform/Applications Team leads
      • Infra & Ops managers

    Outcomes

    • Identify your current cloud maturity and areas in need of improvement.
    • Define the advantages you expect to realize from cloud services and any obstacles you have to overcome to meet those objectives.
    • Identify the reasons why redesigning cloud operations is necessary.
    • Develop organization design principles.

    “Start small: Begin with a couple services. Then, based on the feedback you receive from Operations and the business, modify your approach and keep increasing your footprint.” – Nenad Begovic

    Cloud changes operational activities, tactics, and goals

    As you adopt cloud services, the operations core mission remains . . .

    • IT operations are expected to deliver stable, efficient, and secure IT services.

    . . . but operational activities are evolving.

    • Core IT operational processes remain relevant, such as incident or capacity management, but opportunities to automate or outsource operations tasks will change how that work is done.
    • As you rely more on automation and outsourcing, the team may see less direct execution in its day-to-day work and more solution design and validation.
    • Outsourcing frees the team from operational toil but reduces the direct control over your end-to-end solution and increases your reliance on your vendor.
    • Pay-as-you-go pricing models present opportunities for streamlined delivery and cost rationalization but require you to rethink how you do cost and asset management.
    • It’s very easy for the business to buy a SaaS solution without consulting IT, which can lead to duplicated functionality, integration challenges, security threats, and more.

    Design a model for cloud operations that helps you achieve value from your cloud environment.

    “As operating models shift to the cloud, you still need the same people and processes. However, the shift is focused on a higher level of operations. If your people no longer focus on server uptime, then their success metrics will change. When security is no longer protected by the four walls of a datacenter, your threat profile changes.

    (Microsoft, “Understand Cloud Operating Models,” 2022)

    Operational responsibilities are shared with a range of stakeholders

    When using a vendor-operated public cloud, IT exists in a shared responsibility model with the cloud service provider, one that is further differentiated by the type of cloud service model in use: broadly, software-as a service (SaaS), platform-as-a-service (PaaS), or infrastructure-as-a-service (IaaS).

    Your IT operations organization may still reflect a structure where IT retains control over the entire infrastructure stack from facilities to application and defines their operational roles and processes accordingly.

    If the organization chooses a co-location facility, they outsource facility responsibility to a third-party provider, but much of the rest of the traditional IT operating model remains the same. The operations model that worked for an entirely premises-based environment is very different from one that is made up of, for instance, a portfolio of SaaS applications, where your control is limited to the top of the infrastructure stack at the application layer.

    Once an organization migrates workloads to the cloud, IT gives up an increasing amount of control to the vendor, and its traditional operational roles & responsibilities necessarily change.

    The image contains a screenshot that demonstrates what the cloud service models are.

    Align operations with customer value

    • Decisions about operational design should be made with customer value in mind. Remember that cloud adoption should be an enabler of adaptability in the face of changing business needs!
    • Think about how the operations team is indispensable to the value received by your customer. Think about the types of changes that can add to the value your customers receive.
    • A focus on value will help you establish and explain the rationale and urgency required to deliver on needed changes. If you can’t explain how the changes you propose will help deliver value, your proposal will come across as change for the sake of change.
    The image contains a screenshot of a diagram to demonstrate how operational design decisions need to be made with customer value in mind.

    Info-Tech Insight

    Work that is invisible to the customer can still be essential to delivering customer value. A lot of operations work is invisible to your organization’s customers but required to deliver stability, security, efficiency, and more.

    A new consumption model means a different mix of activities

    Evolving to cloud-optimal operations also means re-assessing and adapting your team’s approach to achieving cloud maturity, especially with respect to how automation and standardization can be leveraged to best achieve optimization in cloud.

    Traditional ITDesignExecuteValidateSupportMonitor
    CloudDesignExecuteValidateSupportMonitor

    Info-Tech Insight

    Cloud is a different way of consuming IT resources and applications and requires a different operational approach than traditional IT.

    In most cases, cloud operations involves less direct execution and more service validation and monitoring.

    The Service Models in cloud correspond to the way your organization delivers IT

    Service Model

    Example

    Function

    Software-as-a-Service (SaaS)

    Salesforce.com

    Office 365

    Workday

    Consume

    Platform-as-a-Service (PaaS)

    Azure Stack

    AWS SageMaker

    WordPress

    Build

    Infrastructure-as-a-Service (IaaS)

    Microsoft Azure

    Amazon EC2

    Google Cloud Platform

    Host

    Define how you plan to use cloud services

    Your cloud operations will include different tasks, teams, and workflows, depending on whether you consume cloud services, build them, or host on them.

    Function

    Business Need

    Service Model

    Example Tasks

    Consume

    “I need a commodity, off-the-shelf service that we can configure to our organization’s needs.

    Software-as-a-Service (SaaS)

    Onboard and add users to a new SaaS offering. Vendor management of SaaS providers. Configure/integrate the SaaS offering to meet business needs.

    Build

    “I need to create significantly customized or net-new products and services.”

    Platform-as-a-Service (PaaS) & Infrastructure as-a-Service (IaaS)

    Create custom applications. Build and maintain a container platform. Manage CI/CD pipelines and tools. Share infrastructure and applications patterns.

    Host

    “I need compute, storage, and networking components that reflect key cloud characteristics (on-demand self-service, metered usage, etc.).”

    Infrastructure-as-a-Service (IaaS)

    Stand up compute, networking, and storage resources to host a COTS application. Plan to increase storage capacity to support future demand.

    Align to the well-architected framework

    • Each cloud provider has defined a well-architected framework (WAF) that defines effective deployment and operations for their services.
    • WAFs embody a set of best practices and design principles to leverage the cloud in a more efficient, secure, and cost-effective manner.
    • While each vendor’s WAF has its own definitions and nuances, they collectively share a set of key principles, or “pillars,” that define the desired outcome of any cloud deployment.
    • These pillars address the key areas of risk when migrating to a public cloud platform.

    “In order to accelerate public cloud adoption, you need to focus on infrastructure-as-code and script everything you can. Unlike traditional operations, CloudOps focuses on creating scripts: a script for task A, a script for task B, etc.”

    – Nenad Begovic

    Pillars

    • Reliability
    • Security
    • Cost Optimization
    • Operational Excellence
    • Performance Efficiency

    General Best Practice Capability Areas

    • Host
    • Network
    • Data
    • Identity Management
    • Cost/Subscription Management

    Assess cloud maturity

    2 hours

    1. Download a copy of the Cloud Maturity Assessment Tool.
    2. As a group, work through:
      • The balance of your operations activities from a Host/Build/Consume perspective. What are you responsible for delivering now? How do you expect things will change in the future?
      • Which workstreams to focus on. Are there activity categories that are critical or non-critical or that don’t represent a significant portion of overall work? Conversely, are there workstreams that you feel are subject to particular risk when moving to cloud?
    3. Fill out the Maturity Quiz tab in the Cloud Maturity Assessment Tool for the workstreams you have chosen to focus on.
    InputOutput
    • Insight into and experience with your current cloud environment.
    • Maturity scoring for key workload streams as they align to the pillars of a general well-architected cloud framework
    MaterialsParticipants
    • Whiteboard/Flip chart
    • Operating model template
    • Cloud platform SMEs

    Download theCloud Maturity Assessment Tool

    Identify the drivers for organizational redesign

    Whiteboard Activity

    An absolute must-have in any successful redesign is a shared understanding and commitment to changing the status quo.

    Without a clear and urgent call to action, the design changes will be seen as change for the sake of change and therefore entirely safe to ignore.

    Take up the following questions as a group:

    1. What kind of organizational change is needed?
    2. Why do we think the need for this change is urgent?
    3. What do we think will happen if no change occurs? What’s the worst-case scenario?

    Record your answers so you can reference and use them in the communication materials you’ll create in Phase 2.

    InputOutput
    • Cloud maturity assessment
    • Objectives and obstacles
    • Insight into existing challenges stemming from organizational design challenges
    • A list of reasons that form a compelling argument for organizational change
    MaterialsParticipants
    • Whiteboard/Flip chart
    • Cloud Operations Design Working Group

    “We know, for example, that 70 percent of change programs fail to achieve their goals, largely due to employee resistance and lack of management support. We also know that when people are truly invested in change it is 30 percent more likely to stick.”

    – Ewenstein, Smith, Sologar

    McKinsey (2015)

    Consider the value of change from advantage and obstacle perspectives

    Consider what you intend to achieve and the obstacles to overcome to help identify the changes required to achieve your desired future state.

    Advantage Perspective

    Ideas for Change

    Obstacle Perspective

    What advantages do cloud services offer us as an organization?

    For example:

    • Enhance service features.
    • Enhance user experience.
    • Provide ubiquitous access.
    • Scalability to align with demand.
    • Automate or outsource routine tasks.

    What obstacles prevent us from realizing value in cloud services?

    For example:

    • Inadequate stability and reliability
    • Difficult to observe or monitor workloads
    • Challenges ensuring cloud security
    • Insufficient access to relevant skills

    Review risks and challenges

    Changes to Support Model

    • Have we identified who is on the cloud ops team?
    • Do we know where we are procuring skills (internal IT vs. third party) and for how long?
    • Do we know where we are in the migration process?

    Changes to security & governance

    • Have we identified how our attack surface changes in the cloud?
    • Do we have guardrails in place to govern self-provisioning users?
    • Are we managing cost overage risks?

    Replicating old habits

    • Have we made concrete plans to leverage cloud capabilities to standardize and automate outputs?
    • Are we simply reproducing existing systems in the cloud?

    Changes to Skills & Roles

    • Is our staff excited to learn new skills and technologies? Are our specialists prepared to acquire generalist skills to support cloud services?
    • Do we have training plans created and aligned to our technology roadmap?
    • Do we know what head count we need?

    Misaligned stakeholders

    • Have we identified our key stakeholders and teams? Have we considered what changes will impact them and how?
    • Are we meeting regularly and collaborating effectively with our peers, or are we siloed?

    Review cloud objectives and obstacles

    Whiteboard Activity

    1 hour

    1. With your working group, review why you’re using cloud in the first place. What advantages do you expect to realize by adopting cloud services? If we achieve what we’ve set out to do, what should that look and feel like to us, our organization, and our organization’s customers?
      • You should have identified cloud drivers and objectives in your cloud vision and strategy – leverage and validate what you already have!
    2. Next, identify obstacles that are preventing you from fully realizing the value of cloud services.
    3. Finally, brainstorm initial ideas for change. What could we start doing that could help us better use cloud in the future? Are there changes to how we need to organize ourselves to collaborate more effectively?
    InputOutput
    • Insight into and experience with your current cloud environment
    • Identified key business outcomes you expect to realize by adopting cloud services
    • Identified challenges and obstacles that are preventing you from realizing key outcomes
    MaterialsParticipants
    • Whiteboard/Flip chart
    • Cloud operations design working group.

    Commonly cited advantages and obstacles

    Cloud Advantages/Objectives

    • Deliver faster on commitments to the business by removing infrastructure provisioning as a bottleneck.
    • Simplify capacity management on flexible cloud-based infrastructure.
    • Reduce capital spending on IT infrastructure.
    • Create sandboxes/innovation practices to experiment with and develop new functionality on cloud platforms.
    • Easily enable ubiquitous access to key corporate services.
    • Minimize the expense and effort required to maintain a data center – power & cooling, cabling, or physical hardware.
    • Leverage existing automation tools from cloud vendors to speed up integration and deployment.
    • Direct costs for specific services can improve transparency and cost allocation, allowing IT to directly “show-back” or charge-back cloud costs to specific cost centers.

    Obstacles

    Need to speed up provisioning of PaaS/IaaS/data resources to development and project teams.

    No time to develop and improve platform services and standards due to other responsibilities.

    We constantly run up unexpected cloud costs.

    Not enough time for continuous learning and development.

    The business will buy SaaS apps and only let us know after they’ve been purchased, leading to overlapping functionality; gaps in compliance, security, or data protection requirements; integration challenges; cost inefficiencies; and more.

    Role descriptions haven’t kept up with tech changes.

    Obvious opportunities to rationalize costs aren’t surfaced (e.g. failing to make use of existing volume licensing agreements).

    Skills needed to properly operate cloud solutions aren’t identified until breakdowns happen.

    Establish organization design principles

    You’ve established a need for organizational change. What will that change look like?

    Design principles are concise, direct statements that describe how you will design your organization to achieve key objectives and address key challenges.

    This is a critically important step for several reasons:

    • A set of clear, concise statements that describe what the design should achieve provides parameters that will help you create and evaluate different design options.
    • A focused, facilitated discussion to create those statements will help uncover conflicting assumptions between key stakeholders.
    • A comprehensive description of the various ways the organization should change makes it easier to identify misaligned or incompatible objectives.
    • A description of what your organization should look like in the future will help you identify where changes will be required .

    Examples of design principles:

    1. We will create a path to review and publish effective application/platform patterns.
    2. A single governing body should have oversight into all cloud costs.
    3. Development must happen only on approved cloud platforms.
    4. Application teams must address operational issues that derive from the applications they’ve created.
    5. Security practices should be embedded into approved cloud platforms and be automatically applied wherever possible.
    6. Focus is on improving developer experience on cloud platforms.

    Info-Tech Insight

    Design principles will often change as the organization’s strategy evolves.

    Align design principles to your objectives

    Developing design principles starts with your key objectives. What do we absolutely have to get right to deliver value through cloud services?

    Once you have your direction set, work through the points in the star model to establish how you will meet your objectives and deliver value. Each point in the star is an important element in your design – taken together, it paints a holistic picture of your future-state organization.

    The changes you choose to implement that affect capabilities, structure, processes, rewards, and people should be self-reinforcing. Each point in the star is connected to, and should support, the other points.

    “There is no one-size-fits-all organization design that all companies – regardless of their particular strategy needs – should subscribe to.”

    – Jay Galbraith, “The Star Model”

    The image contains a screenshot of a modified versio of Jay Galbraith's Star Model of Organizational Design.

    Establish design principles

    Track your findings in the table on the next slide.

    1. Review the cloud objectives and challenges from the previous activity. As a group, decide from that list: what are the key objectives you are trying to achieve? What are the things you absolutely must get right to get value from cloud services?
    2. Work through the following questions as a group:
      • What capabilities or technologies do we need to adopt or leverage differently?
      • How must our structure change? How will power shift in the new structure?
      • Will our new structure require changes to processes or information sharing?
      • How must we change how we motivate or reward employees?
      • What new skills or knowledge is required? How will we acquire those skills or knowledge?
    InputOutput
    • Cloud objectives and challenges
    • Different viewpoints into how your organization must change to realize objectives and overcome challenges
    • Organizational design principles for cloud operations
    MaterialsParticipants
    • Whiteboard/Flip charts
    • Cloud operations design working group

    Design principles (example)

    What is our key objective?

    • Rapidly develop innovative cloud services aligned to business value.

    What capabilities or technologies do we need to adopt or leverage differently?

    • We will adopt more agile development techniques to make smaller changes, faster.
    • We will standardize and automate tasks that are routine and repeatable.

    How must our structure change? How will power shift in the new structure?

    • Embed development teams within business units to better align to business unit needs.
    • Create a focused cloud platform team to develop infrastructure services.

    Will our new structure require changes to processes or information sharing?

    • Development teams will take on responsibility for application support.
    • Platform teams will be deeply embedded with development teams on new projects to build new infrastructure functionality.

    How must we change how we motivate or reward employees?

    • We will highlight innovative work across the company.
    • We will encourage experimentation and risk-taking.

    What new skills or knowledge is required, and how will we acquire it?

    • We will focus on acquiring skills most closely aligned to our technology roadmap.
    • We will ensure budget is available for training employees who ask for it.
    • We will contract to find skills we cannot develop in-house and use engagements as an opportunity to learn internally.

    Step 1.2: Evaluate new ways of working

    Participants

    Cloud Operations Design Working Group

    Outcomes

    Shared understanding of the horizon of work possibilities:

    • Ways to work
    • Ways to govern and learn

    Consider the different approaches on the following slides, how they change operational work, and decide which approaches are the right fit for you.

    Evaluate new ways of working

    Cut through the hype

    • There are new approaches/ways of working that deal head on with the persistent breakdowns and headaches that come with operations management – work thrown over the wall from development, manual and repetitive work, siloed teams, and more.
    • Many of these approaches emphasize an operations-aware approach to solutions development and apply techniques traditionally associated with AppDev to Operations.
    • Cloud services present opportunities to outsource/automate away routine tasks.

    “DevOps is a set of practices, tools, and a cultural philosophy that automates and integrates the processes between software development and IT teams. It emphasizes team empowerment, cross-team communication and collaboration, and technology automation.”

    – Atlassian, “DevOps”

    “ITIL 4 brings ITIL up to date by…embracing new ways of working, such as Lean, Agile, and DevOps.”

    – ITIL Foundation: ITIL 4 Edition

    “Over time, left to their own devices, the SRE team should end up with very little operational load and almost entirely engage in development tasks, because the service basically runs and repairs itself.”

    – Ben Treynor Sloss, “Site Reliability Engineering”

    The more things change, the more they stay the same:

    • Core processes remain, but they may be done differently, and new technologies and services create new challenges.
    • Not all approaches are right for all organizations, and what’s right for you depends on how you use cloud services.
    • The best solution draws from these management ideas to build an approach to operations that is right for you.

    Leverage patterns to think about new ways of approaching operations work

    Patterns are strategies, approaches, and philosophies that can help you imagine new ways of working in your own organization.

    • The following slides provide an overview of organizing patterns that are applicable to cloud operations.
    • These are strategies that have been applied successfully elsewhere. Review what they can and cannot do and decide whether they are something you can use in your own organizational design.
    • Not every pattern will apply to every organization. For example, an organization which typically consumes SaaS applications will likely have very little need for SRE approaches and techniques.

    Ways to work

    • What work do we do? What skills do we need?
    • How do we create and support systems?

    Ways to govern and learn

    • How do we set and enforce rules?
    • How do we create and share knowledge?

    Explore Applicable Patterns

    Ways to work

    Ways to govern and learn

    1. DevOps

    2. Site Reliability Engineering

    3. Platform Engineering

    4. Cloud Centre of Excellence

    5. Cloud Community of Practice

    What is DevOps?

    “Look for obstacles constantly and treat them as opportunities to experiment and learn.” – Jez Humble, et al. Lean Enterprise: How High Performance Organizations Innovate at Scale

    What it is NOT

    What it IS

    Why Use It

    • Another word for automation or CI/CD tools.
    • A specific role.
    • A fix-all to address friction between existing siloed application and development teams.
    • An approach that will be successful without getting the basics right first.
    • The right fit for every IT organization or every team.

    An operational philosophy that seeks to:

    • Converge accountability for development and operations to align all teams to the goal of delivering customer value.
    • Improve the relationship between Development and Operations teams.
    • Increase the rate of deployment of valuable functionality into production.
    • “A cultural shift giving development teams more control over shipping code to production.” 1
    • You’re doing a lot of custom development.
    • There are opportunities for operations and development teams to work more closely.
    • You want to improve coding quality and throughput.
    • You want to shift the culture of the team to focus on customer value rather than exclusively uptime or new features.
    1 DevOps, SRE, and Platform Engineering

    What is Site Reliability Engineering (SRE)?

    “Hope is not a strategy” – Benjamin Treynor Sloss, Site Reliability Engineering: How Google Runs Production Systems

    What it is NOT

    What it IS

    Why Use It

    • Deeply focussed on a specific technical domain; SRE work “does not discriminate between infrastructure, software, networking, or platforms.” 2
    • A different name for a team of sysadmins.
    • A programming framework or a specific set of technologies.
    • A way to manage COTS software. SRE is less useful when you’re using applications out-of-the-box with minimal customization, integration, or development.
    • An application of skills and approaches from software engineering to improve system reliability.
    • A team responsible for “availability, latency, performance, efficiency, change management, monitoring, emergency response, and capacity planning.”3
    • A team responsible for building systems that become “a platform and workflow that encompasses monitoring, incident management, eliminating single points of failure, [and] failure mitigation.”1
    • You are building services and providing them at scale.
    • You want to improve reliability and reduce “the frequency and impact of failures that can impact the overall reliability of a cloud application.”1
    • You need to define related service metrics and SLOs.
    • To increase the use of automation in operations to avoid mistakes and minimize toil. 3
    1 SRE vs Platform Engineering
    2. Lakhani, Usman. “ISite Reliability Engineering: What Is It? Why Is It Important for Online Businesses?,” 2020.
    3. Sloss, “Introduction,” 2017

    What4 is Platform Engineering?

    “Platform engineers can act as a shield between developers and the infrastructure”

    – Carlos Schults, “What is Platform Engineering? The Concept Behind the Term”

    What it is NOT

    What it IS

    Why Use It

    • A team that manages every aspect of each application on a particular platform.
    • Focussed solely on platform reliability and availability.
    • A different name for a team of sysadmins.
    • Needed for all cloud service deployments. Platform engineers are most useful when you’re building extensively on a particular platform (e.g. AWS, Azure, or your internal cloud).
    • Platform engineers design, build, and manage the infrastructure that supports and hosts work done by developers.
    • The work done by platform engineering allows developers to avoid the repetitive work of setting everything up anew each time.
    • Requires engineers with a deep understanding of cloud services and other platform technologies (e.g. Kubernetes).
    • The big public cloud platforms are built for everyone. You need platform engineering when you need to extensively adapt or manage standard cloud services to support your own requirements.
    • Platform engineers are responsible for creating a secure, stable, maintainable environment that enables developers to do their work faster and without having to manage the underlying technology infrastructure.
    1 DevOps, SRE, and Platform Engineering

    What is a Cloud Center of Excellence?

    You need a strong core to grow a cloud culture.

    What it is NOT

    What it IS

    Why Use It

    • A project management office (PMO) for cloud services.
    • An easy, quick, or temporary fix to cloud governance problems. The CCoE requires champions who provide ongoing support to realize value over time.
    • An approach that’s only for enterprise-sized IT organizations.
    • A standing meeting – members of the CCoE may meet regularly to review progress on their mandate, but work and collaboration need to happen outside of meetings.
    • A cross-functional team responsible for oversight of all cloud initiatives, including architectural, technical, security, financial, contractual, and operational aspects of planned and deployed solutions.
    • The CCoE’s responsibilities typically include governance and continuous improvement; alignment between technical and accounting practices; documentation, training, best practices and standards development; and vendor management.
    • CCoE duties are often part of an existing role rather than a full-time responsibility.
    • You want to enable a core group of cloud experts to promote collaboration and accelerate adoption of cloud services, including members from infrastructure, applications, and security.
    • You need to manage cloud risks, set guidelines and policies, and govern costs across cloud environments.
    • There is an unmet need for training, knowledge sharing, and best practice development across the organization.

    What is a Cloud Community of Practice?

    “We have to stop optimizing for programmers and start optimizing for users”

    – Jeff Atwood

    What it is NOT

    What it IS

    Why Use It

    • A replacement for effective oversight and governance practices, though they may help users navigate and understand governance requirements.
    • A way to advertise cloud to potential new practitioners – engaged members of a CoP are typically already using a particular service.
    • Always exclusively composed of internal staff; in certain cases, a CoP could have external members as well.
    • A network of engaged users and experts who share knowledge and best practices for related technologies, crowdsource solutions to problems, and suggest improvements.
    • Often supported by communication and collaboration tools (e.g. chat channels, knowledge base, forums). May use a range of techniques (e.g. drop-ins, vendor-led training, lunch and learns).
    • Communities of practice may be deliberately created by the organization or develop organically.
    • Communities of practice are an effective way for practitioners to support one another and share ideas and solutions.
    • A CoP can help “shift left” work and help practitioners help themselves.
    • An engaged CoP can help IT to identify improvement opportunities and can also be a channel to communicate updates or changes to practitioners.

    Reinforce what we mean by patterns

    Patterns are . . .

    Ways of Working

    • Sets of habits, processes, and methodologies you want to adopt as part of your operational guidelines and commonly agreed upon definitions.

    Patterns are also . . .

    Ways to Govern and Learn

    • The formal and informal practices and groups that focus on enabling governance, risk management, and adoption.

    Review the implications of each pattern for organizational design

    Ways of Working

    DevOps

    Development teams take on operational work to support the services they create after they are launched to production.

    Some DevOps teams may be aligned around a particular function or product rather than a technology – there are individuals with skills on a number of technologies that are part of the same team.

    Site Reliability Engineering (SRE)

    In the beginning, you can start to adopt SRE practices within existing teams. As demand grows for SRE skills and services, you may decide to create focused SRE roles or teams.

    SRE teams may work across applications or be aligned to just infrastructure services or a particular application, or they may focus on tools that help developers manage reliability. SREs may also be embedded long-term with other teams or take on an internal consulting roles with multiple teams.1

    Platform Engineering

    Platform engineering will often, though not always, be the responsibility of a dedicated team. This team must work very closely with, and tuned into the needs of, its internal customers. There is a constant need to find ways to add value that aren’t already part and parcel of the platform – or its external roadmap.

    This team will take on responsibility for the platform, in terms of feature development, automation, availability and reliability, security, and more. They may also be internal consultants or advisors on the platform to developers.

    1. Gustavo Franco and Matt Brown, “How SRE teams are organized and how to get started.”

    Review the implications of each pattern for organizational design

    Ways to Govern and Learn

    Cloud Center of Excellence

    • A CCoE is a cross-functional group with technical experts from security, infrastructure, applications, and more.
    • There should, ideally, be someone focused on leading the CCoE full-time – often someone with an architecture background. Team members may work on the CCoE part-time alongside their main role, and dedicate more of their time to the CCoE as needed.
    • As the CCoE is a governance function, it will typically bridge and sit above teams working on cloud services, reporting to the CIO, CTO, or to an architecture function.

    Cloud Community of Practice

    • Participation in a community of practice is often above and beyond a core role – it’s a leadership activity taken on by technologically adept experts with a drive to help others.
    • Some organizations will create a role to foster community collaboration, run events, raise opportunities and issues identified by the community with product or technology teams, manage collaboration tools, and more.

    Evolve your organization to meet the needs of increased adoption

    Your operating model should evolve as you increase adoption of cloud services.

    Least Adoption Greatest Adoption

    Initial Adoption

    Early Centralization

    Scaling Up

    Full Steam Ahead

    • One or more small agile teams design, build, manage, and operate individual solutions on cloud resources. Solutions provide early value, and identify new opportunities using small, safe-to-fail experiments.
    • Governance is likely done locally to each team. Knowledge sharing, guidelines, and standards are likely informal.
    • Early experience with cloud services help the organization identify where to invest in cloud services to best meet business demands.
    • Accountability and governance over the platform are more clearly defined, possibly still separate from core IT governance processes. Best practices may be shared across teams through a Community of Practice.
    • Operations may be centralized, where valuable, to support monitoring and incident response.
    • Additional product/service-aligned development teams are created to keep up with demand.
    • There is a focused effort to consolidate best practices and platform knowledge, which can be supported through a culture of learning, effective automation, and appropriate tools.
    • The CCoE takes on additional roles in cloud governance, security, operations, and administration.
    • The organization has reached a relatively steady-state for cloud adoption. Innovation and new service development takes place on a stable platform.
    • A Cloud Center of Excellence is accountable for cloud governance across the organization.
    Adapted from Microsoft, “Get Started: Align your organization,” 2021

    Choose new ways of working that make sense for your team

    1 hour

    Consider if, and how, the approaches to management and governance you’ve just reviewed can offer value to your organization.

    1. List the organizing/managing ideas listed in the previous slides in the table below.
    2. Define why it’s for you. What benefits do you expect to realize? What challenges do you expect this will help you overcome? How does this align with your key benefits and drivers for moving to cloud?
    3. List risks or challenges to adoption. Why will it be hard to do? What could get in the way of adoption? Why might it not be a good fit?
    4. Identify next steps to adopt proposed practices.

    Why it’s for us (drivers)

    Risks or challenges to adoption

    Next steps to build/adopt it

    CCoE

    DevOps

    InputOutput
    • Related Info-Tech slides on new ways of working.
    • Opportunities and challenges in your own cloud deployment that may be addressed through new ways of working.
    • Identify new ways of working aligned to your goals.
    MaterialsParticipants
    • Whiteboard/Flip chart
    • Cloud Operations Design Working Group

    Step 1.3: Identify cloud work

    Participants

    • Operations Design Working Group

    Outcomes

    • Identify core work required to deliver value in key cloud workstreams.

    “At first, for many people, the cloud seems vast. But what you actually do is carve out space.”

    –DevOps Manager

    Identify work

    Before you can identify roles and responsibilities, you have to confirm what work you do as an organization and how that work enables you to meet your goals.

    • A comprehensive approach that connects the work you do to your organizational goals will help you identify work that’s falling through the cracks.
    • Identifying work is an opportunity to look at the tasks you regularly execute and ensure they actually drive value.
    • Working through the exercise as a group will help you develop a common language around the work you do.
    • To make the evident obvious: you can’t decide who should be responsible for something if you don’t know about it in the first place.

    Defining work can be a lot of … work! We recommend you start by identifying work for the workstream you do most – Build, Consume, or Host – to focus your efforts. You can repeat the exercise as needed.

    Map work in workstream diagrams

    The image contains a screenshot of the map work in workstream diagrams.

    The five Well-Architected Framework pillars. These are principles/directions/guideposts that should inform all cloud work.

    The work being done to achieve the workstream target. These are roughly aligned with the three streams on the right.

    Workstream Target: A concise statement of the value you aim to achieve through this workstream. All work should help deliver value (directly or indirectly).

    Define the scope of the exercise

    Whiteboard Activity

    20 minutes

    Over the next few exercises, you’ll do a deep dive into the work you do in one specific workstream. In this exercise, we’ll decide on a workstream to focus on first.

    1. Are you primarily building, hosting on, or consuming cloud services? Start with the workstream where you’re doing the most work.
    2. If this isn’t sufficient to narrow your focus, look at the workstream that is most closely tied to mission critical applications, or that is most in need of review in terms of what work is done and who does it.
    3. You can narrow the scope further if there’s a very specific sub-area that differs from the rest (e.g. managing your O365 environment vs. managing all SaaS applications).
    InputOutput
    • Insight into and experience with your current cloud environment.
    • Your completed cloud maturity assessment.
    • Identify one workstream where you’ll define work first.
    MaterialsParticipants
    • None
    • Cloud Operations Design Working Group

    Create a workstream target statement

    Whiteboard Activity

    30 minutes

    In this activity, come up with a short sentence to describe what all this work you do is building toward. The target statement helps align participants on why work is being done and helps focus the activity on work that is most important to achieving the target statement.

    Start with this common workstream target statement:

    “Deliver valuable, secure, available, reliable, and efficient cloud services.”

    Now, review and adjust the target statement by working through the questions below:

    1. Return to the earlier exercises in Phase 1.1 where you reviewed your key objectives for cloud services. Does the target statement align with what you’d identified previously?
    2. Who is the customer for the work you do? Would they see the target differently than you’ve described it?
    3. Can you be more specific? Are there value drivers that are more specific to your industry, organization, business functions, or products that are key to the value your customers receive from this workstream?
    InputOutput
    • Previous exercises.
    • Workstream target statement.
    MaterialsParticipants
    • Whiteboard/Flip chart
    • Cloud Operations Design Sketchbook
    • Cloud Operations Design Working Group

    Identify cloud work

    1-2 hours

    1. Use the workstream diagram template in the Cloud Operations Design Sketchbook, or draw the template out on a whiteboard and use sticky notes to identify work.
    2. Identify the workstream at the top of the slide. Update the template value statement on the right with the value statement you created in the previous exercise.
    3. Review one or more of the examples in the Cloud Operations Design Sketchbook to get a sense of the level of detail required for this exercise.

    Activity instructions continue on the next slide.

    Some notes to the facilitator:

    • Working directly from the Cloud Operations Design Sketchbook will save you time with transcription. Sharing the document with participants (e.g. via OneDrive) will allow you to collaborate and edit the document together in real-time.
    • Don’t worry about being too tidy for the moment, just get the information written down and you can clean up the diagram later.
    InputOutput
    • Previously identified design principles.
    • An understanding of the work done, and that needs to be done, in your cloud environment.
    • Identify the work that needs to be done to support your key cloud services workstream in the future.
    MaterialsParticipants
    • Cloud Operations Design Sketchbook
    • Whiteboard and sticky notes (optional)
    • Cloud Operations Design Working Group

    Identify cloud work (cont’d)

    4. Work together to identify work, documenting one work item per box. This should focus on future state, so record work whether it’s actually done today or not. Your space is limited on the sheet, so focus on work that is indispensable to delivering the value statement. Use the lists on the right as a reminder of key IT practice areas.

    5. As much as possible, align the work items to the appropriate row (Govern & Align, Design & Execute, or Validate, Support & Monitor). You can overlap boxes between rows if needed.

    Have you captured work related to:

    ITIL practices, such as:

    • Request management
    • Incident & problem management
    • Service catalog
    • Service level management
    • Configuration management

    Security-aligned practices, such as:

    • Identity & access management
    • Vulnerability management
    • Security incident management

    Financial practices, such as:

    • IT asset management
    • Cost management & budgeting
    • Vendor management
    • Portfolio management

    Data-aligned practices, such as:

    • Data integrations
    • Data governance

    Technology-specific tasks, such as:

    • Network, Server & Storage
    • Structured/unstructured DBs
    • Composite services
    • IDEs and compilers

    Other key practices:

    • Monitoring & observability
    • Continuous improvement
    • Testing & quality assurance
    • Training and knowledge management
    • Manage shadow IT

    Info-Tech Insight

    Cloud work is not just applications that have been approved by IT. Consider how unsanctioned software purchased by the business will be integrated and managed.

    Identify cloud work (cont’d)

    6. If you have decided to adopt any of the new ways of working outlined in Step 1.2 (e.g. DevOps, SRE, etc.) review the next slide for examples of the type of work that frequently needs to be done in each of those work models. Add any additional work items as needed.

    7. Consolidate boxes and clean up the diagram (e.g. remove duplicate work items, align boxes, clarify language).

    8. Do a final review. Is all the work in the diagram truly aligned with the value statement? Is the work identified aligned with the design principles from Step 1.1?

    If you used a whiteboard for this exercise, transcribe the output to a copy of the Cloud Operations Design Sketchbook, and repeat the exercise for other key workstreams. You will use this diagram in Phase 2.

    Examples of work

    Examples of work in the "Host" workstream:

    • Bulk patch servers
    • Add a server
    • Add capacity
    • Develop a new server template
    • Incident management

    Examples of work in the "Build" workstream:

    • Provision a production server
    • Provision a test environment
    • Test recovery procedures
    • Add capacity for a service
    • Publish a new pattern
    • Manage capacity/performance for a service
    • Identify wasted spend across services
    • Identify performance bottlenecks
    • Review and shut down idle/unneeded services

    Examples of work in the "Consume" workstream:

    • Conduct vendor risk assessments
    • Develop a standard evaluation matrix to compare solutions to existing or potential in-house offerings
    • Onboard a solution
    • Offboard a solution
    • Conduct a renewal
    • Review and negotiate a contract
    • Rationalize software titles

    Phase 2:

    Design the organization and communicate changes

    Phase 1

    Phase 2

    1.1 Establish operating model design principals by identifying goals & challenges, workstreams, and cloud maturity

    1.2 Evaluate new ways of working

    1.3 Identify cloud work

    2.1 Draft an operating model

    2.2 Communicate proposed changes

    Phase Outcomes:

    Draft your cloud operations diagram, identify key messages and impacts to communicate to your stakeholders, and build out the Cloud Operations Organizing Framework communication deck.

    Step 2.1: Identify groups and responsibilities

    Participants

    • Operations Design Working Group

    Outcomes

    • Cloud Operations Diagram
    • Success Indicators
    • Roadmap

    “No-one ever solved a problem by restructuring.”

    – Anonymous

    Visualize your cloud operations

    Create a visual to help you abstract, analyze, and clarify your vision for the future state of your organization in order to align and instruct stakeholders.

    Create a visual, high-level view of your organization to help you answer questions such as:

    • “What work do we do? What are the roles and responsibilities of different teams?”
    • “How do we interact between work areas?”
    • “How has our organization changed already, and what additional changes may be needed?”
    • “How do we make technology decisions?”
    • “How do we provide services?”
    • “How might this change be received by people on the ground?”
    The image contains a screenshot of the Cloud Operations Diagram Example.

    Decide whether to centralize or decentralize

    Specialization & Focus: A group or work unit developing a focused concentration of skills, expertise, and activities aligned with an area of focus (such as the ones at right).

    Decentralization: Operational teams that report to a decentralized IT or business function, either directly or via a “dotted line” relationship.

    Decentralization and Specialization can:

    • Duplicate work.
    • Localize decision-making authority, which can increase agility and responsiveness.
    • Transfer authority and accountability to local and typically smaller teams, clarifying responsibilities and encouraging staff to take ownership for service delivery.
    • Enable the team to focus on complex and rapidly changing technologies or processes.
    • Create islands of expertise, which can get in the way of collaboration, innovation, and decision making across groups and work units and make oversight difficult.
    • Complicate the transfer of resources and knowledge between groups.

    Examples: Areas of Focus

    Business unit

    • Manufacturing
    • R&D
    • Sales & Marketing

    Region

    • Americas
    • EMEA
    • APAC

    Service

    • ERP
    • Commercial website

    Technology

    • On-premises servers/storage
    • Network
    • Cloud services

    Operational process focus

    • Capacity management & planning
    • Incident management
    • Problem management

    “The concept of organization design is simple in theory but highly complex in practice. Like any strategic decision, it involves making multiple trade-offs before choosing what is best suited to a business context.”

    – Nitin Razdan & Arvind Pandit

    Identify key work areas

    Balance specialization with effective collaboration

    • Much is said about breaking down organizational silos. But at some level, silos are inevitable – any company with more than one employee will have to divide work up somehow.
    • Dividing up work is a delicate balancing act – ensuring individuals and groups are able to do work that is related, meaningful, and that allows autonomy while allowing for effective collaboration between groups that need to work together to achieve business goals.

    Why “work areas”?

    Why don’t we just use teams, groups, squads, or departments, or some other more common term for groups of people working together?

    • We are not yet at the point of deciding who in the organization should be aligned to which areas in the design.
    • Describing work areas as teams can shift the conversation to the organizational chart – to who does the work, rather than what needs to be done.

    That’s not the goal of this exercise. If the conversation gets stuck on what you do today, it can get in the way of thinking about what you need to do in the future.

    Create a future-state cloud operations diagram

    1-3 hours

    1. Review the example cloud operations diagram example in your copy of the Cloud Operations Design Sketchbook.
    2. Identify key work areas (e.g. applications, infrastructure, platform engineering, DevOps, security). Add the name of each work area in one of the larger boxes.
      • Go back to your design principles. Did you define any work areas in your design principles that should be represented here?
      • If you have several groups or teams with similar responsibilities, consider lumping them together in one box (e.g. applications teams, 3x DevOps teams).
    3. Copy the tasks from any workstream diagrams you’ve created to the same slide as the organization design diagram. Keep the workstream diagram intact, as you’ll want to be able to refer back to it later.

    Activity instructions continue on the next slide.

    InputOutput
    • Insight into and experience with your current cloud environment.
    • Cloud Operations Diagram
    MaterialsParticipants
    • Whiteboard/Flip charts
    • Cloud Operations
    • Cloud Operations Design Working Group

    Cloud operations diagram (cont’d)

    1-3 hours

    4. As a group, move the work boxes from the workstream diagram into the appropriate work area.

    • Don’t worry about being too tidy for the moment – clean up the diagram when the exercise is done.
    • Make adjustments to the wording of the work boxes if needed.

    5. Use the space between work areas to describe how work areas must interact to achieve organizational goals. For example:

    • What information should be shared between groups?
    • What information sharing channels may be used?
    • What processes will be handed-off between groups and how?
    • How often will teams interact?
    • Will interactions be formal or informal?

    Create a current-state operations diagram

    1 -2 hours

    This exercise can be done by one person, then reviewed with the working group at a later time.

    This current state diagram helps clarify the changes that may need to happen to get to your future state.

    1. Color code the work boxes for each work area. For example, if you have a “DevOps” work area, make all the work boxes assigned to “DevOps” the same color.
    2. On a separate slide, sketch your existing organization indicating your current teams.
    3. Copy the tasks from the future-state diagram to this current-state chart. Align the tasks to the appropriate groups.
    4. Review the chart with the working group. Discuss: are there teams that are doing work today that will also be done by different teams? Are there groups that may merge into one team? What types of changes may be required?
    InputOutput
    • Future-state cloud operations diagram
    • Current-state cloud operations diagram
    MaterialsParticipants
    • Cloud Operations Design Sketchbook
    • Projector/screen/virtual meeting
    • Project lead
    • Cloud Operations Design Working Group

    Check for biases to make better choices

    Use the strategies below to spot and address flaws in your team’s thinking about your future-state design.

    Biases

    What’s the risk?

    Mitigation strategies

    Is the team making mistakes due to self-interest, love of a single idea, or groupthink?

    Important information may be ignored or left unspoken.

    Rigorously check for the other biases, below. Tactfully seek dissenting opinions.

    Do recommendations use unreasonable analogies to other successes or failures?

    Opportunities or challenges in the current situation may not be sufficiently understood.

    Ask for other examples, and check whether the analogies are still valid.

    Is the team blinkered by the weight of past decisions?

    Doubling-down on bad decisions (sunk costs) or ignoring new opportunities.

    Ask yourself what you'd do if you were new to the position or organization.

    Does the data support the recommendations?

    Data used to make the case isn't a good fit for the challenge, is based on faulty assumptions, or is incomplete.

    If you had a year to make the decision, what data would you want? How much can you get?

    Are there realistic alternative recommendations?

    Alternatives don't exist or are "strawman" options.

    Ask for additional options.

    Is the recommendation too risk averse or cautious?

    Recommendations that may be too risky are ignored, leading to missed opportunities.

    Review options to accept, transfer, distribute, or mitigate the risk of the decision.

    Framework above adapted from Kahneman, Lovallo, and Sibony (2011)

    Be specific with metrics

    Thinking of ways you could measure success can help uncover what success actually means to you.

    Work collectively to generate success indicators for each key cloud initiative. Success indicators are metrics, with targets, aligned to goals, and if you are able to measure them accurately, they should help you report your progress toward your objectives.

    For example, if your driver is “faster access to resources” you might consider indicators like developer satisfaction, project completion time, average time to provision, etc.

    There are several reasons you may not publicize these metrics. They may be difficult to calculate or misconstrued as targets, warping behavior in unexpected ways. But managed properly, they have value in measuring operational success!

    Examples: Operations redesign project metrics

    Key stakeholder satisfaction scores

    IT staff engagement scores

    Support Delivery of New Functionality

    Double number of accepted releases per cycle

    80% of key cloud initiatives completed on time, on budget, and in scope

    Improve Operational Effectiveness

    <1% of servers have more than two major versions out of date

    No more than one capacity-related incident per Q

    Define success indicators

    Whiteboard Activity

    45 minutes

    1. On a whiteboard, draw a table with key objectives for the design across the top.
      • What cloud objectives should the redesign help you achieve? Refer back to the design principles from Phase 1.
      • Think about the redesign itself. How will you measure whether the project itself is proceeding according to plan? Consider metrics such as employee engagement scores and satisfaction scores from key stakeholders.
    2. Consider whether the metrics are feasible to track. Record your decisions in your copy of the Cloud Operations Organizing Framework deck.
    InputOutput
    • Key design goals
    • Success indicators for your design
    MaterialsParticipants
    • Whiteboard
    • Markers
    • Cloud Operations Design Working Group

    Populate a roadmap

    Tool Activity

    45 minutes

    1. In the Roadmap Tool, populate the data entry tab with the initiatives you will take to support changes toward the new cloud operations organizing framework.
    2. Input each of the tasks in the data entry tab and provide a description and rationale behind the task (as needed).
    3. Assign an effort, priority, and cost level to each task (high, medium, low).
    4. Assign an owner to each task – someone who can take points and shepherd the task to completion.
    5. Identify the timeline for each task based on the priority, effort, and cost (short, medium, and long term).
    6. Highlight risk for each task if it will be deferred.
    7. Track the progress of each task with the status column.
    InputOutput
    • Cloud Operations Organizing Framework
    • Roadmap/ implementation plan
    MaterialsParticipants
    • Roadmap Tool
    • Cloud Operations Design Working Group

    Download the Roadmap Tool

    Step 2.2: Communicate changes

    Participants

    • Operations Design Working Group

    Outcomes

    • Build a communication plan for key stakeholders
    • Complete the communication deck Cloud Operations Organizing Framework
    • Build a roadmap

    “Words, words, words.”

    – Shakespeare

    Communicate changes

    Which stakeholders will be affected by the changes?

    Decision makers: Who do you ultimately need to convince to proceed with any changes you’ve outlined?

    Peers: How will managers of other areas be affected by the changes you’re proposing? If you are you suggesting changes to the way that they, or their teams, do their work, you will have to present a compelling case that there’s value in it for them.

    Staff: Are you dictating changes or looking for feedback on the path forward?

    The image contains a screenshot of the Five Elements of Change that is displayed in a cycle. The five elements are: What is the change? Why are we doing it? How are we going to go about it? How long will it take us? What is the role of each team and individual.

    Source: The Qualities of Leadership: Leading Change

    Follow these guidelines for good communication

    Be relevant

    • Talk about what matters to each stakeholder group.
    • Talk about what matters to the initiative.
    • IT thinks in processes but stakeholders only care about results: talk in terms of results.
    • IT wants to be “understood” but this does not matter to stakeholders; think “what’s in it for them?”
    • Communicate truthfully; do not make false promises or hide bad news.
    • If you expect objections, create a plan to handle them.

    Be clear

    • Lead with the point you’re trying to make.
    • Don’t use jargon.
    • Avoid idiomatic language and clichés.
    • Have a third party review draft communications and ask them to tell you the key messages in their own words. If they’re missing the main points, there’s a good chance the draft isn’t clear.

    Be consistent

    • Ensure the core message is consistent regardless of audience, channel, or medium.
    • Changing the core message from one group to another can be interpreted as incompetence or an attempt at deception. This will damage your credibility and can lead to a loss of trust.

    Be concise

    • Get to the point.
    • Minimize word count wherever possible.

    “We tend to use a lot of jargon in our discussions, and that is a sure fire way to turn people away. We realized the message wasn’t getting out because the audience wasn’t speaking the same language. You have to take it down to the next level and help them understand where the needs are.”

    – Jeremy Clement, Director of Finance, College of Charleston

    Create a communication plan

    1 hour

    Fill out the table below.

    Stakeholder group: Identify key stakeholders who may be impacted by changes to the operations team. This might include IT leadership, management, and staff.

    Benefits: What’s in it for them?

    Impact: What are we asking in return?

    How: What mechanisms or channels will you use to communicate?

    When: When (and how often) will you get the message out?

    Benefits

    Impact

    How

    When

    IT Mgrs.

    • Improve agility, stability
    • Deliver faster against business goals
    • Respond to identified needs
    • Improve confidence in IT
    • Must support the process
    • Change and engagement issues during restructuring may affect staff engagement and productivity
    • Training budget required
    • Present at leadership meeting
    • Kick-off email
    • Sept. leadership meeting
    • Weekly touchpoints
    • Informally throughout project

    Ops Staff

    • Clearer direction and clear priorities (Operations mission statement and RACI)
    • Higher-value work – address problems, contribute to plans
    • New skills and training
    • More personal accountability
    • Push toward process consistency
    • Must make time and plan for training during work hours
    • Present at operations team’s offsite meeting
    • AMA channel on Slack
    • 1:1 meetings
    • Add RACI, org. sketch to shared folder
    • Operations offsite
    • Sept. all-hands meeting
    • Ongoing coaching and informal conversations
    InputOutput
    • Discussion
    • Communication Plan
    MaterialsParticipants
    • Whiteboard/Flip Chart
    • Cloud Operations Design Working Group

    Download the Communication Plan Template

    Support the transition with a plan to acquire skills

    Identify the preferred way to acquire needed skill sets: contracting, outsourcing, training, or hiring.

    • Some cloud projects will change the demand for some skills in the organization, and not all skills should be cultivated internally. Uncertainty about future skills and jobs will cause anxiety for your team and can lead to employee exit.
    • Use Info-Tech’s research to conduct a demand analysis to identify which new and critical skills should be acquired via training or hiring (rather than outsourcing or contracting).
    • Create a roadmap to clarify when training needs to be completed, a budget plan that accounts for training costs, and role descriptions that paint a picture of future work.
    • Within the confines of a collective agreement, managers may be required to retrain staff into new roles before those staff are required to do work in their new jobs. Failing to plan can be more consequential.
    • Remember that in cloud, a wealth of automation opportunities present a great option for offloading tasks as well!

    Info-Tech Insight

    Identify skills requirements and gaps as early as possible to avoid skills gaps later. Whether you plan to acquire skills via training or cross-training, hiring, contracting, or outsourcing, effectively building skills takes time. Use Info-Tech’s methodology to address skills gaps in a prioritized and rational way.

    Involve HR for implementation

    Your HR team should help you work through:

    • Which staff and managers will move to which roles, and any headcount changes.
    • Job descriptions, performance metrics, career paths, compensation, and succession planning.
    • Organizational change management and implementation plans.

    When do you need to involve HR?

    Role changes will result in job description changes.

    • New or changed job descriptions need to be evaluated for impact on pay, title, exempt status, career pathing, and more.
    • This is especially true in more traditional or unionized organizations that require specific and granular job descriptions of responsibilities.
    • Changed jobs will likely require union review and approval.

    You anticipate changes to the reporting structure.

    • Work with HR to develop a transition plan including communications, training to new managers, and support to new teams.

    You anticipate redundancies.

    • Your HR department can prepare you for difficult discussions, help you navigate labor laws, and support the offboarding process.

    You anticipate new positions.

    • Recruitment and hiring takes time. Give HR advance notice to support recruitment, hiring, and onboarding to ensure you hire the right people, with the right skills, at the right time.

    Training and development budget is required.

    • If training is a critical part of the onboarding process, don’t just assume funding is available. Work with HR to build your case.

    Related Info-Tech Research

    Define Your Cloud Vision

    Define your cloud vision before it defines you.

    Document Your Cloud Strategy

    Drive consensus by outlining how your organization will use the cloud.

    Map Technical Skills for a Changing Infrastructure & Operations Organization

    Be practical and proactive – identify needed technical skills for your future-state environment and the most efficient way to acquire them.

    Bibliography

    “2021 GitLab DevSecOps Survey.” Gitlab, 2021.
    “2022 State of the Cloud Report.” Flexera, 2022.
    “DevOps.” Atlassian, ND. Web. 21 July 2022.
    Atwood, Jeff. “The 2030 Self-Driving Car Bet.” Coding Horror, 4 Mar 2022. Web. 5 Aug 2022.
    Campbell, Andrew. “What is an operating model?” Operational Excellence Society, 12 May 2016. Web. 13 July 2022.
    “DevOps.” Atlassian, ND. Web. 21 July 2022.
    Ewenstein, Boris, Wesley Smith, Ashvin Sologar. “Changing change management” McKinsey, 1 July 2015. Web. 8 April 2022.
    Franco, Gustavo and Matt Brown. “How SRE teams are organized, and how to get started.” Google Cloud Blog, 26 June 2019. Web. July 13 2022.
    “Get started: Build a cloud operations team.” Microsoft, 10 May 2021.
    ITIL Foundation: ITIL 4 Edition. Axelos, 2019.
    Humble, Jez, Joanne Molesky, and Barry O’Reilly. Lean Enterprise: How High Performance Organizations Innovate at Scale. O’Reilly Media, 2015.
    Franco, Gustavo and Matt Brown. “How SRE teams are organized and how to get started.” 26 June 2019. Web. 21 July 2022.
    Galbraith, Jay. “The Star Model”. ND. Web. 21 July 2022.
    Kahnemanm Daniel, Dan Lovallo, and Olivier Sibony. “Before you make that big decision.” Harv Bus Rev. 2011 Jun; 89(6): 50-60, 137. PMID: 21714386.
    Kesler, Greg. “Star Model of Organizational Design.” YouTube, 1 Oct 2018. Web Video. 21 Jul 2022.
    Lakhani, Usman. “Site Reliability Engineering: What Is It? Why Is It Important for Online Businesses?” Info-Tech. Web. 25 May 2020.
    Mansour, Sherif. “Product Management: The role and best practices for beginners.” Atlassian Agile Coach, n.d.
    Murphy, Annie, Jamie Kirwin, Khalid Abdul Razak. “Operating Models: Delivering on strategy and optimizing processes.” EY, 2016.
    Shults, Carlos. “What is Platform Engineering? The Concept Behind the Term.” liatrio, 3 Aug 2021. Web. 5 Aug 2022.
    Sloss, Benjamin Treynor. Site Reliability Engineering Part I: Introduction. O’Reilly Media, 2017.
    “SRE vs. Platform Engineering.” Ambassador Labs, 8 Feb 2021.
    “The Qualities of Leadership: Leading Change.” Cornelius & Associates, n.d. Web.
    “Understand cloud operating models.” Microsoft, 02 Sept. 2022.
    Velichko, Ivan. “DevOps, SRE, and Platform Engineering.” 15 Mar 2022.

    Research Contributors and Experts

    Nenad Begovic

    Executive Director, Head of IT Operations

    MUFG Investor Services

    Desmond Durham

    Manager, ICT Planning & Infrastructure

    Trinidad & Tobago Unit Trust Corporation

    Virginia Roberts

    Director, Enterprise IT

    Denver Water

    Denis Sharp

    IT/LEAN Consultant

    Three anonymous contributors

    IT Talent Trends 2022

    • Buy Link or Shortcode: {j2store}541|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: People & Leadership
    • Parent Category Link: /people-and-leadership

    Business and IT leaders aiming to build and keep successful teams in 2022 must:

    • Optimize IT in the face of a competitive labor market.
    • Build or maintain a culture of diversity, equity, and inclusion.
    • Manage the monumental shift to the new normal of remote work.
    • Weather the Great Resignation and come out on top.
    • Correctly assess development areas for their teams.
    • Justify investing in IT talent.

    Our Advice

    Critical Insight

    • If 2021 was about beginning to act on employee needs, 2022 will be about strategically examining each trend to ensure that the organization's promises to take action are more than lip service.
    • Employees have always been able to see through disingenuous attempts to engage them, but in 2022 the stakes are higher due to increased talent mobility.

    Impact and Result

    This report includes:

    • A concise, executive-ready trend report.
    • Data and insights from IT organizations from around the world.
    • Steps to take for each of the trends depending on your current maturity level.
    • Examples and case studies.
    • Links to in-depth Info-Tech research and tools.

    IT Talent Trends 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. IT Talent Trends Report for 2022 – A report to help you incorporate new ways of working into your business to build and keep the best team.

    Discover Info-Tech’s 2022 talent trends for IT leaders, which will provide insight into taking a strategic approach to navigate the post-pandemic IT talent landscape.

    • IT Talent Trends Report for 2022

    Infographic

    Further reading

    IT Talent Trends 2022

    The last two years have been a great experiment … but it’s not over yet.

    Incorporate new ways of working into your business to build and keep the best team.

    Over the past two years, organizations have ventured into unprecedented ways of working and supporting their employees, as they tried to maintain productivity through the pandemic. This experiment has made lasting changes to both business models and employee expectations, and these effects will continue to be seen long after we return to a “new normal.”

    While the pandemic forced us to work differently for the past two years, looking forward, successful organizations will incorporate new ways of working into their business models – beyond simply having a remote work policy.

    How we work, source roles, and develop talent continue to evolve as we navigate a different world with employees being more vocal in their desires, and leaders continue to play a key role.

    The IT talent market will never be the same, and organizations must reevaluate their employee experience from the bottom up to successfully weather the shift to the new normal.

    IT Talent Trends 2022

    Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough.

    The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.

    Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.

    Remote Work Is Here – Can Your Culture Adapt?

    The Great Experiment is over. Are leaders equipped to capitalize on its promises?

    Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.

    The pandemic has clarified employees’ needs and amplified their voices

    If 2021 was about beginning to act on employee needs, 2022 will be about strategically examining each trend to ensure that the actions taken by the organization are more than lip service.

    Employees have always been able to see through disingenuous attempts to engage them, but in 2022 the stakes are higher due to increased talent mobility.

    Trends that were just starting to come into focus last year have established themselves as critical determinants of the employee experience in 2022.

    2021

    DEI: A Top Talent ObjectiveRemote Work Is Here to StayUncertainty Unlocks PerformanceA Shift in Skills PrioritiesA Greater Emphasis on Wellbeing
    Arrow pointing down.Joiner pointing down.Joiner pointing down.

    2022

    Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough.

    The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.

    Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.

    Remote Work Is Here – Can Your Culture Adapt?

    The Great Experiment is over. Are leaders equipped to capitalize on its promises?

    Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.

    What employees are looking for is changing

    Superficial elements of traditional office culture were stripped away by the quick shift to a remote environment, giving employees the opportunity to reevaluate what truly matters to them in a job.

    The biggest change from 2019 (pre-pandemic) to today is increases in the importance of culture, flexible/remote work, and work-life balance.

    Organizations that fail to keep up with this shift in priorities will see the greatest difficulty in hiring and retaining staff.

    As an employee, which of the following would be important to you when considering a potential employer?

    2019 2021
    Flexible Work Pie graph representing response percentages from employees regarding importance of these factors. Flexible Work: 2019, Very 46%, Somewhat 49%, Not at All 5%.
    n=275
    Arrow pointing right. Pie graph representing response percentages from employees regarding importance of these factors. Flexible Work: 2021, Very 76%, Somewhat 21%, Not at All 2%.
    n=206
    Work-Life Balance Pie graph representing response percentages from employees regarding importance of these factors. Work-Life Balance: 2019, Very 67%, Somewhat 30%, Not at All 3%.
    n=277
    Arrow pointing right. Pie graph representing response percentages from employees regarding importance of these factors. Work-Life Balance: 2021, Very 80%, Somewhat 18%, Not at All 1%.
    n=206
    Culture Pie graph representing response percentages from employees regarding importance of these factors. Culture: 2019, Very 68%, Somewhat 31%, Not at All 1%.
    n=277
    Arrow pointing right. Pie graph representing response percentages from employees regarding importance of these factors. Culture: 2021, Very 81%, Somewhat 19%, Not at All 0%.
    n=206
    Source: Info-Tech Talent Trends Survey data collected in 2019 and 2021 Purple Very Important
    Blue Somewhat Important
    Green Not at All Important

    IT’s top talent priorities in 2022

    IT’s top Talent priorities reflect a post-pandemic focus on optimizing talent to fulfill strategic objectives: Top challenges for IT departments, by average rank, with 1 being the top priority.

    Important

    In the 2022 IT Talent Trends Survey, IT departments’ top priorities continue to be learning and innovation in support of organizational objectives. —› Enabling leaning and development within IT
    —› Enabling departmental innovation
    5.01
    5.54
    With employees being clearer and more vocal about their needs than ever before, employee experience has risen to the forefront of IT’s concern as a key enabler of strategic objectives. —› Providing a great employee experience for IT 5.66
    Supporting departmental change 6.01
    With organizations finally on the way to financial stability post pandemic, recruiting is a major focus. —› Recruiting (e.g. quickly filling vacant roles in IT with quality external talent) 6.18
    However, IT’s key efforts are threatened by critical omissions: Fostering a positive employee relations climate in the department 6.32
    Despite a focus on learning and development, leadership skills are not yet a top focus. —› Developing the organization's IT leaders 6.33
    Rapidly moving internal IT employees to staff strategic priorities 6.96
    Facilitating data-driven people decisions within IT 7.12
    Controlling departmental labor costs and maximizing the value of the labor spend 7.13
    Despite the need to provide a great employee experience, the focus on diversity, equity, and inclusion is low. —› Fostering an environment of diversity, equity, and inclusion in the department 7.31
    Despite prioritizing recruiting, IT departments see candidate experience as a last priority, either not focusing on it or relegating it to HR. —› Providing a great candidate experience for IT candidates 8.43
    (n=227)

    IT Talent Trends 2022

    Look beneath the surface of the trends to navigate them successfully

    Above Ground
    Focusing on what you see 'Above the line" won't solve the problem.

    Talent isn't a checklist.

    Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn't enough.
    • The number of job openings increased to 11.4 million on the last business day of October, up from 10.6 million in September (US Bureau of Labor Statistics, Dec. 2021)

    The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.
    • In September, in the US, 4.4 million people left their jobs. That number dropped to 4.2 million in October. (US Labor Stats, Dec. 2021)
    • 30% of workers will likely switch jobs if they have to return to the office full time. (McKinsey, Dec. 2021)

    Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.
    • 95% of organizations are focusing on DEI. (2022 HR Trends Report)
    • 48% of IT departments have delivered training on DEI over the past year.

    Remote Work is Here. Can Your Culture Adapt?

    The Great Experiment is over. Are you equipped to capitalize on its promises?
    • 85% of organizations saw the same or higher productivity during the pandemic.
    • 91% of organizations are continuing remote work.

    Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.
    • 72% of IT departments report high effectiveness at managing remote staff.
    • Learning and development is IT's top priority.
    Cross-section of the Earth and various plants with their root systems, highlighting the world above ground and below.
    Beneath the Surface
    For each trend, a strategic approach to get "under the line" will help form your response.

    Talent needs a holistic approach, as under the line everything is connected. If you are experiencing challenges in one area, analyzing data (e.g. engagement, exit surveys, effectiveness of DEI program and leader training) can help drive overall experience.

    • 100% of job seekers cite culture as somewhat to very important.
    • Only 40% of employers advertise culture in job postings.
    • 70% of IT departments state voluntary turnover is less than 10%
    • Top reasons for resignation are salary, development, and opportunity for innovative work.
    • Resignation rates were higher in fields that had experienced extreme stress due to the pandemic (HBR, Dec. 2021)
    • Senior leadership is overestimating their own commitment to DEI.
    • Most IT departments are not driving their own DEI initiatives.
    • Without effectively measuring DEI practices, organizations will see 1.6x more turnover. (2022 HR Trends Report)
    • Senior leadership is not open to remote work in 23% of organizations.
    • Without leadership support, employees will not buy into remote work initiatives.
    • A remote work policy will not bring organizational benefits without employee buy-in.
    • 75% of senior managers believe remote team management is highly effective, but only 60% of frontline staff agree.
    • Training focuses on technical skills, to the exclusion of soft skills, including management and leadership.
    Solutions
    Recommendations depending on your department's maturity level.
    Attention is required for candidate experience underpinned by a realistic employee value proposition. Gather and review existing data (e.g. early retirements, demographics) to understand your turnover rate. Use employee engagement tools to gauge employee sentiment among impacted groups and build out an engagement strategy to meet those needs. Conduct a cultural assessment to reveal hidden biases that may stand in the way of remote work efficacy. Provide management training on performance management and development coaching.

    Logo for Info-Tech.Logo for ITRG.

    This report is based on organizations just like yours

    Survey timeline = October 2021
    Total respondents = 245 IT professionals

    Geospatial map of survey responses shaded in accordance with the percentages listed below.
    01 United States 45% 08 Middle East 2%
    02 Canada 23% 09 Other (Asia) 2%
    03 Africa 8% 10 Germany 1%
    04 Great Britain 6% 11 India 1%
    05 Latin America, South America or Caribbean 4% 12 Netherlands 1%
    06 Other (Europe) 4% 13 New Zealand 1%
    07 Australia 2% (N-245)

    A bar chart titled 'Please estimate your organization's revenue in US$ (Use operating budget if you are a public-sector organization)' measuring survey responses. '$0 - less than 1M, 7%', '$1M - less than 5M, 4%', '$5M - less than 10M, 4%', '$10M - less than 25M, 6%', '$25M - less than 50M, 5%', '$50M - less than 100M, 13%', '$100M - less than 500M, 24%', '$500M - less than 1B, 9%', '1B - less than 5B, 22%', '$5B+, 8%'. (n=191)

    This report is based on organizations just like yours

    Industry

    Bar chart measuring percentage of survey respondents by industry. The largest percentages are from 'Government', 'Manufacturing', 'Media, information, Telecom & Technology', and 'Financial Services (including banking & insurance)'.

    Info-Tech IT Maturity Model

    Stacked bar chart measuring percentage of survey respondents by IT maturity level. Innovator is 7.11%, Business Partner is 16.44%, Trusted Operator is 24.89%, Firefighter is 39.11%, and Unstable is 12.44%.
    (n=225)

    Innovator – Transforms the Business
    Reliable Technology Innovation

    Business Partner – Expands the Business
    Effective Execution Projects, Strategic Use of Analytics and Customer Technology

    Trusted Operator – Optimizes Business
    Effective Fulfillment of Work Orders, Functional Business Applications, and Reliable Data Quality

    Firefighter – Supports the Business
    Reliable Infrastructure and IT Service Desk

    Unstable – Struggles to Support
    Inability to Provide Reliable Business Services

    This report is based on people just like you

    Which of the following ethnicities (ethnicity refers to a group with a shared or common identity, culture, and/or language) do you identify with? Select all that apply. What gender do you identify most with?
    A pie chart measuring percentage of survey respondents by ethnicity. Answers are 'White (e.g. European, North America), 59%', 'Asian (e.g. Japan, India, Philippines, Uzbekistan), 12%', 'Black (e.g. Africa, Caribbean, North America), 12%', 'Latin/Hispanic (e.g. Cuba, Guatemala, Spain, Brazil), 7%', 'Middle Eastern (e.g. Lebanon, Libya, Iran), 4%', 'Indigenous (e.g. First Nations, Inuit, Metis, Maori), 3%', 'Indo-Caribbean (e.g. Trinidad & Tobago, Guyana, St. Vincent), 3%'.
    (N=245)
    A pie chart measuring percentage of survey respondents by gender. Answers are 'Male, 67%', 'Female, 24%', 'Prefer not to answer, 5%', 'No Specification, 4%', 'Intersex, 0%'.
    (n=228)

    This report is based on people just like you

    What is your sub-department of IT? Which title best describes your position?
    Bar chart measuring percentage of survey respondents by sub-department. The top three answers are 'Senior Leadership', 'Infrastructure and Operations', and 'Application Development'.
    (n=227)
    Bar chart measuring percentage of survey respondents by title. The top four answers are 'Director-level, 29%', 'Manager, 22%', 'C-Level Officer, 18%', and 'VP-level, 11%.'
    (N=245)

    IT Talent Trends 2022

    Each trend is introduced with key questions you can ask yourself to see how your department fares in that area.

    The report is based on statistics from a survey of 245 of your peers.

    It includes recommendations of next steps and a key metric to track your success.

    It lists Info-Tech resources that you, as a member, can leverage to begin your journey to improve talent management in your department.

    Strategic Recruiting Finds Good Talent

    Finding talent in a strained talent market requires a marketing approach. Posting a job description isn’t enough.

    The (Not So) Great Resignation

    IT is faring better than other functions; however, specific industries need to pay attention.

    Grow Your DEI Practices Into Meaningful Actions

    Good intentions are not enough.

    Remote Work Is Here – Can Your Culture Adapt?

    The Great Experiment is over. Are leaders equipped to capitalize on its promises?

    Management Skills Drive Success in a Remote World

    Despite the need for remote team management training, it is still not happening.

    The report is based on data gathered from Info-Tech Research Group’s 2022 IT Talent Trends Survey. The data was gathered in September and October of 2021.

    Strategic Recruiting Finds Good Talent

    Trend 1 | The Battle to Find and Keep Talent

    As the economy has stabilized, more jobs have become available, creating a job seeker’s market. This is a clear sign of confidence in the economy, however fragile, as new waves of the pandemic continue.

    Info-Tech Point of View

    Recruiting tactics are an outcome of a well-defined candidate experience and employee value proposition.

    Introduction

    Cross-section of a plant and its roots, above and below ground. During our interviews, members that focused on sharing their culture with a strong employee value proposition were more likely to be successful in hiring their first-choice candidates.
    Questions to ask yourself
    • Do you have a well-articulated employee value proposition?
    • Are you using your job postings to market your company culture?
    • Have you explored multiple channels for posting jobs to increase your talent pool of candidates?

    47% of respondents are hiring external talent to fill existing gaps, with 40% using external training programs to upgrade current employees. (Info-Tech IT Talent Trends 2022 Survey)

    In October, the available jobs (in the USA) unexpectedly rose to 11 million, higher than the 10.4 million experts predicted. (CNN Business, 2021)

    Where has all the talent gone?

    IT faces multiple challenges when recruiting for specialized talent

    Talent scarcity is focused in areas with specialized skill sets such as security and architecture that are dynamic and evolving faster than other skill sets.

    “It depends on what field you work in,” said ADP chief economist Nela Richardson. “There were labor shortages in those fields pre-pandemic and two years forward, there is even more demand for people with those skills” (CNBC, 19 Nov. 2021).

    37% of IT departments are outsourcing roles to fill internal skill shortages. (Info-Tech Talent Trends 2022 Survey)

    Roles Difficult to Fill

    Horizontal bar chart measuring percentage of survey responses about which roles are most difficult to fill. In order from most difficult to least they are 'Security (n=177)', 'Enterprise Architecture (n=172)', 'Senior Leadership (n=169)', 'Data & Business Intelligence (n=171)', 'Applications Development (n=177)', 'Infrastructure & Operations (n=181)', 'Business Relationship Management (n=149)', 'Project Management (n=175)', 'Vendor Management (n=133)', 'Service Desk (n=184)'.(Info-Tech Talent Trends 2022 Survey)

    Case Study: Using culture to drive your talent pool

    This case study is happening in real time. Please check back to learn more as Goddard continues to recruit for the position.

    Recruiting at NASA

    Goddard Space Center is the largest of NASA’s space centers with approximately 11,000 employees. It is currently recruiting for a senior technical role for commercial launches. The position requires consulting and working with external partners and vendors.

    NASA is a highly desirable employer due to its strong culture of inclusivity, belonging, teamwork, learning, and growth. Its culture is anchored by a compelling vision, “For the betterment of Humankind,” and amplified by a strong leadership team that actively lives their mission and vision daily.

    Firsthand lists NASA as #1 on the 50 most prestigious internships for 2022.

    Rural location and no flexible work options add to the complexity of recruiting

    The position is in a rural area of Eastern Shore Virginia with a population of approximately 60,000 people, which translates to a small pool of candidates. Any hire from outside the area will be expected to relocate as the senior technician must be onsite to support launches twice a month. Financial relocation support is not offered and the position is a two-year assignment with the option of extension that could eventually become permanent.

    Photo of Steve Thornton, Acting Division Chief, Solutions Division, Goddard Space Flight Center, NASA.

    “Looking for a Talent Unicorn; a qualified, experienced candidate with both leadership skills and deep technical expertise that can grow and learn with emerging technologies.”

    Steve Thornton
    Acting Division Chief, Solutions Division,
    Goddard Space Flight Center, NASA

    Case Study: Using culture to drive your talent pool

    A good brand overcomes challenges

    Culture takes the lead in NASA's job postings, which attract a high number of candidates. Postings begin with a link to a short video on working at NASA, its history, and how it lives its vision. The video highlights NASA's diversity of perspectives, career development, and learning opportunities.

    NASA's company brand and employer brand are tightly intertwined, providing a consistent view of the organization.

    The employer vision is presented in the best place to reach NASA's ideal candidate: usajobs.gov, the official website of the United States Government and the “go-to” for government job listings. NASA also extends its postings to other generic job sites as well as LinkedIn and professional associations.

    Photo of Robert Leahy, Chief Information Officer, Goddard Space Flight Center, NASA.

    Interview with Robert Leahy
    Chief Information Officer
    Goddard Space Flight Center, NASA

    “Making sure we have the tools and mechanisms are two hiring challenges we are going to face in the future as how we work evolves and our work environment changes. What will we need to consider with our job announcements and the criteria for selecting employees?”

    Liteshia Dennis,
    Office Chief, Headquarter IT Office, Goddard Space Flight Center, NASA

    The ability to attract and secure candidates requires a strategy

    Despite prioritizing recruiting, IT departments see candidate experience as THE last Priority, either not focusing on it or relegating it to HR

    Candidate experience is listed as one of the bottom IT challenges, but without a positive experience, securing the talent you want will be difficult.

    Candidate experience starts with articulating your unique culture, benefits, and opportunities for development and innovative work as well as outlining flexible working options within an employer brand. Defining an employee value proposition is key to marketing your roles to potential employees.

    81% of respondents' rate culture as very important when considering a potential employer. (Info-Tech IT Talent Trends 2022 Survey)

    Tactics Used in Job Postings to Position the Organization Favorably as a Potential Employer

    Horizontal bar chart measuring percentage of survey responses about tactics used in job postings. The top tactics are 'Culture, 40%', 'Benefits, 40%', 'Opportunity for Innovative Work, 30%', and 'Professional Development, 30%'.(Info-Tech IT Talent Trends 2022 Survey)

    Case Study: Increasing talent pool at Info-Tech Research Group

    Strong sales leads to growth in operation capacity

    Info-Tech Research Group is an IT research & advisory firm helping IT leaders make strategic, timely, and well-informed decisions. Our actionable tools and analyst guidance ensure IT organizations achieve measurable results.

    The business has grown rapidly over the last couple of years, creating a need to recruit additional talent who were highly skilled in technical applications and approaches.

    In response, approval was given to expand headcount within Research for fiscal year 2022 and to establish a plan for continual expansion as revenue continues to grow.

    Looking for deep technical expertise with a passion for helping our members

    Hiring for our research department requires talent who are typically subject matter experts within their own respective IT domains and interested in and capable of developing research and advising clients through calls and workshops.

    This combination of skills, experience, and interest can be challenging to find, especially in an IT labor market that is more competitive than ever.

    Photo of Tracy-Lynn Reid, Practice Lead.

    Interview with Practice Lead Tracy-Lynn Reid

    Focus on Candidate Experience increases successful hire rate

    The senior leadership team established a project to focus on recruiting for net-new and open roles. A dedicated resource was assigned and used guidance from our research to enhance our hiring process to reduce time to hire and expand our candidate pool. Senior leaders stayed actively involved to provide feedback.

    The hiring process was improved by including panel interviews with interview protocols and a rubric to evaluate all candidates equitably.

    The initial screening conversation now includes a discussion on benefits, including remote and flexible work offerings, learning and development budget, support for post-secondary education, and our Buy-a-Book program.

    As a result, about 70% of the approved net-new headcount was hired within 12 weeks, with recruitment ongoing.

    Craft a Customer-Driven Market Strategy With Unbiased Data

    • Buy Link or Shortcode: {j2store}611|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Market strategies are informed by gut feel and endless brainstorming instead of market data to take their product from concept to customer.
    • Hiring independent market research firms results in a lack of unbiased third-party data. Research firms tell vendors what they want to hear instead of offering an agnostic view of software trends.
    • Dissatisfied customers don’t tell you directly why they are leaving, so there is no feedback loop back into product improvements.
    • Often a market strategy is built after a product is developed to force the product’s fit in the market. The product marketing team has no say in the product vision or future improvements.

    Our Advice

    Critical Insight

    • Adopt the 5 P’s to building a winning market strategy: Proposition, Product, Pricing, Placement, and Promotion.
    • You can’t be everything to everyone. Testing your proposition in the market to see what sticks is a risky move. Promise future value using past successes by gaining a deeper understanding of which customers and submarkets truly align to your product.
    • Customers have learned to avoid shiny new objects but still expect rapid feature releases. Differentiating features require a closer look at the underpinning vendor capabilities. Having intentional feature releases requires a feedback loop into the product roadmap and increases influence by the product marketing team.
    • Price transparency and sensitivity should drive what you offer to customers. Negotiating solely on price is a race to the bottom.

    Impact and Result

    • Leverage this report to gain insights on the software selection process and what top vendors do best.
    • Gain a bird’s-eye view on customer purchasing behavior using over 40,000 data points on satisfaction and importance collected directly from the source.
    • Build a winning market strategy influenced by real customer data that drives vendor success.

    Craft a Customer-Driven Market Strategy With Unbiased Data Research & Tools

    Read the storyboard

    Read our storyboard to find out why you should leverage SoftwareReviews data to craft your market strategy, review Info-Tech’s methodology, and understand unbiased customer data on software purchasing triggers.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Craft a Customer-Driven Market Strategy With Unbiased Data Storyboard
    [infographic]

    Manage Your Technical Debt

    • Buy Link or Shortcode: {j2store}108|cart{/j2store}
    • member rating overall impact: 8.5/10 Overall Impact
    • member rating average dollars saved: $60,833 Average $ Saved
    • member rating average days saved: 24 Average Days Saved
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • All organizations, of all sizes, have some amount of technical debt, but very few systematically track, manage, and communicate it.
    • Deferred project work is pushed over to operations, sometimes with little visibility or hand-off, where it gets deprioritized and lost.
    • IT doesn’t have the resources or authority to make needed changes to address the impact of tech debt and can’t make the case for improvement without good data on the problem.
    • Efforts to track technical debt get stuck in the weeds, don’t connect technical issues to business impact, and run out of steam.

    Our Advice

    Critical Insight

    • Technical debt is a type of technical risk, which in turn is business risk. The business, not IT, must make the decision to accept or mitigate risk – but IT must help the business make an informed decision.
    • There are two ways to keep your technical debt at a manageable level – effectively, to mitigate risk: either stop introducing new debt or start paying back what you already have.

    Impact and Result

    • Define and identify your technical debt. Focus on tech debt you think you can actually fix.
    • Conduct a streamlined and targeted business impact analysis to prioritize tech debt based on its ongoing business impact.
    • Identify options to better manage technical debt and present your findings to business decision makers.

    Manage Your Technical Debt Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the business case to manage technical debt, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify your technical debt

    Define, identify, and organize your technical debt in preparation for the technical debt impact analysis.

    • Technical Debt Business Impact Analysis Tool

    2. Measure your technical debt

    Conduct a technical debt business impact analysis.

    • Roadmap Tool

    3. Manage your technical debt

    Identify options to resolve technical debt and summarize the challenge and potential solutions for business decision makers.

    • Technical Debt Executive Summary Presentation
    [infographic]

    Workshop: Manage Your Technical Debt

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define and Identify Technical Debt

    The Purpose

    Create a working definition of technical debt and identify the technical debt in your environment.

    Key Benefits Achieved

    List your technical debt.

    Activities

    1.1 Develop a working definition for technical debt.

    1.2 Discuss your organization’s technical debt risk.

    1.3 Identify 5-10 high-impact technical debts to structure the impact analysis.

    Outputs

    Goals, opportunities, and constraints related to tech debt management

    A list of technical debt

    2 Measure Technical Debt

    The Purpose

    Conduct a more-objective assessment of the business impact of technical debt.

    Key Benefits Achieved

    Identify the most-critical technical debt in your environment, in terms of business risk.

    Activities

    2.1 Review and modify business impact scoring scales.

    2.2 Identify reasonable scenarios to structure the impact analysis.

    2.3 Apply the scoring scale to identify the business impact of each technical debt.

    Outputs

    Business impact scoring scales

    Scenarios to support the impact analysis

    Technical debt impact analysis

    3 Build a Roadmap to Manage Technical Debt

    The Purpose

    Leverage the technical debt impact analysis to identify, compare, and quantify projects that fix technical debt and projects that prevent it.

    Key Benefits Achieved

    Create your plan to manage technical debt.

    Activities

    3.1 Brainstorm projects and action items to manage and pay back critical technical debt. Prioritize projects and action items to build a roadmap.

    3.2 Identify three possible courses of action to pay back each critical technical debt.

    3.3 Identify immediate next steps to manage remaining tech debt and limit the introduction of new tech debt.

    Outputs

    Technical debt management roadmap

    Technical debt executive summary

    Immediate next steps to manage technical debt

    Build Your Enterprise Innovation Program

    • Buy Link or Shortcode: {j2store}104|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $100,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • You don’t know where to start when it comes to building an innovation program for your organization.
    • You need to create a culture of innovation in your business, department, or team.
    • Past innovation efforts have been met with resistance and cynicism.
    • You don’t know what processes you need to support business-led innovation.

    Our Advice

    Critical Insight

    Innovation is about people, not ideas or processes. Innovation does not require a formal process, a dedicated innovation team, or a large budget; the most important success factor for innovation is culture. Companies that facilitate innovative behaviors like growth mindset, collaboration, and taking smart risks are most likely to see the benefits of innovation.

    Impact and Result

    • Outperform your peers by 30% by adopting an innovative approach to your business.
    • Move quickly to launch your innovation practice and beat the competition.
    • Develop the skills and capabilities you need to sustain innovation over the long term.

    Build Your Enterprise Innovation Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Enterprise Innovation Program Storyboard – A step-by-step process to create the innovation culture, processes, and tools you need for business-led innovation.

    This storyboard includes three phases and nine activities that will help you define your purpose, align your people, and build your practice.

    • Build Your Enterprise Innovation Program – Phases 1-3

    2. Innovation Program Template – An executive communication deck summarizing the outputs from this research.

    Use this template in conjunction with the activities in the main storyboard to create and communicate your innovation program. This template uses sample data from a fictional retailer, Acme Corp, to illustrate an ideal innovation program summary.

    • Innovation Program Template

    3. Job Description – Chief Innovation Officer

    This job description can be used to hire your Chief Innovation Officer. There are many other job descriptions available on the Info-Tech website and referenced within the storyboard.

    • Chief Innovation Officer

    4. Innovation Ideation Session Template – Use this template to facilitate innovation sessions with the business.

    Use this framework to facilitate an ideation session with members of the business. Instructions for how to customize the information and facilitate each section is included within the deck.

    • Innovation Ideation Session Template

    5. Initiative Prioritization Workbook – Use this spreadsheet template to easily and transparently prioritize initiatives for pilot.

    This spreadsheet provides an analytical and transparent method to prioritize initiatives based on weighted criteria relevant to your business.

    • Initiative Prioritization Workbook

    Infographic

    Workshop: Build Your Enterprise Innovation Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Ambitions

    The Purpose

    Define your innovation ambitions.

    Key Benefits Achieved

    Gain a better understanding of why you are innovating and what your organization will gain from an innovation program.

    Activities

    1.1 Understand your innovation mandate.

    1.2 Define your innovation ambitions.

    1.3 Determine value proposition & metrics.

    Outputs

    Complete the "Our purpose" section of the Innovation Program Template

    Complete "Vision and guiding principles" section

    Complete "Scope and value proposition" section

    Success metrics

    2 Align Your People

    The Purpose

    Build a culture, operating model, and team that support innovation.

    Key Benefits Achieved

    Develop a plan to address culture gaps and identify and implement your operating model.

    Activities

    2.1 Foster a culture of innovation.

    2.2 Define your operating model.

    Outputs

    Complete "Building an innovative culture" section

    Complete "Operating model" section

    3 Develop Your Capabilities

    The Purpose

    Create the capability to facilitate innovation.

    Key Benefits Achieved

    Create a resourcing plan and prioritization templates to make your innovation program successful.

    Activities

    3.1 Build core innovation capabilities.

    3.2 Develop prioritization criteria.

    Outputs

    Team structure and resourcing requirements

    Prioritization spreadsheet template

    4 Build Your Program

    The Purpose

    Finalize your program and complete the final deliverable.

    Key Benefits Achieved

    Walk away with a complete plan for your innovation program.

    Activities

    4.1 Define your methodology to pilot projects.

    4.2 Conduct a program retrospective.

    Outputs

    Complete "Operating model" section in the template

    Notable wins and goals

    Further reading

    Build Your Enterprise Innovation Program

    Transform your business by adopting the culture and practices that drive innovation.

    Analyst Perspective

    Innovation is not about ideas, it's about people.

    Many organizations stumble when implementing innovation programs. Innovation is challenging to get right, and even more challenging to sustain over the long term.

    One of the common stumbling blocks we see comes from organizations focusing more on the ideas and the process than on the culture and the people needed to make innovation a way of life. However, the most successful innovators are the ones which have adopted a culture of innovation and reinforce innovative behaviors across their organization. Organizational cultures which promote growth mindset, trust, collaboration, learning, and a willingness to fail are much more likely to produce successful innovators.

    This research is not just about culture, but culture is the starting point for innovation. My hope is that organizations will go beyond the processes and methodologies laid out here and use this research to dramatically improve their organization's performance.

    Kim Rodriguez

    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    As a leader in your organization, you need to:

    • Understand your organization's innovation goals.
    • Create an innovation program or structure.
    • Develop a culture of innovation across your team or organization.
    • Demonstrate an ability to innovate and grow the business.

    Common Obstacles

    In the past, you might have experienced one or more of the following:

    • Innovation initiatives lose momentum.
    • Cynicism and distrust hamper innovation.
    • Innovation efforts are unfocused or don't provide the anticipated value.
    • Bureaucracy has created a bottleneck that stifles innovation.

    Info-Tech's Approach

    This blueprint will help you:

    • Understand the different types of innovation.
    • Develop a clear vision, scope, and focus.
    • Create organizational culture and behaviors aligned with your innovation ambitions.
    • Adopt an operational model and methodologies best suited for your culture, goals, and budget.
    • Successfully run a pilot program.

    Info-Tech Insight

    There is no single right way to approach innovation. Begin with an understanding of your innovation ambitions, your existing culture, and the resources available to you, then adopt the innovation operating model that is best suited to your situation.

    Note: This research is written for the individual who is leading the development of the innovation. This role is referred to as the Chief Innovation Officer (CINO) throughout this research but could be the CIO, CTO, IT director, or another business leader.

    Why is innovation so challenging?

    Most organizations want to be innovative, but very few succeed.

    • Bureaucracy slows innovation: Innovation requires speed – it is important to fail fast and early so you can iterate to improve the final solution. Small, agile organizations like startups tend to be more risk tolerant and can move more quickly to iterate on new ideas compared to larger organizations.
    • Change is uncomfortable: Most people are profoundly uncomfortable with failure, risk, and unknowns – three critical components of innovation. Humans are wired to think efficiently rather than innovatively, which leads to confirmation bias and lack of ingenuity.
    • You will likely fail: Innovation initiatives rarely succeed on the first try – Harvard Business Review estimates between 70% and 90% of innovation efforts fail. Organizations which are more tolerant of failure tend to be significantly more innovative than those which are not (Review of Financial Studies, 2014).

    Based on a survey of global innovation trends and practices:

    75%

    Three-quarters of companies say innovation is a top-three priority.
    Source: BCG, 2021

    30%

    But only 30% of executives say their organizations are doing it well.
    Source: BCG, 2019

    The biggest obstacles to innovation are cultural

    The biggest obstacles to innovation in large companies

    Based on a survey of 270 business leaders.
    Source: Harvard Business Review, 2018

    A bar graph from the Harvard Business Review

    The most common challenges business leaders experience relate to people and culture. Success is based on people, not ideas.

    Politics, turf wars, and a lack of alignment: territorial departments, competition for resources, and unclear roles are holding back the innovation efforts of 55% of respondents.

    FIX IT
    Senior leadership needs to be clear on the innovation goals and how business units are expected to contribute to them.

    Cultural issues: many large companies have a culture that rewards operational excellence and disincentivizes risk. A history of failed innovation attempts may result in significant resistance to new change efforts.

    FIX IT
    Cultural change takes time. Ensure you are rewarding collaboration and risk-taking, and hire people with fresh new perspectives.

    Inability to act on signals crucial to the future of the business: only 18% of respondents indicated their organization was unaware of disruptions, but 42% said they struggled with acting on leading indicators of change.

    FIX IT
    Build the ability to quickly run pilots or partner with startups and incubators to test out new ideas without lengthy review and approval processes.
    Source: Harvard Business Review, 2018

    Build Your Enterprise Innovation Program

    Define your purpose, assess your culture, and build a practice that delivers true innovation.

    An image summarizing how to define your purpose, align your people, and Build your Practice.
    1 Source: Boston Consulting Group, 2021
    2 Source: Boston Consulting Group, 2019
    3 Source: Harvard Business Review, 2018

    Use this research to outperform your peers

    A seven-year review showed that the most innovative companies outperformed the market by upwards of 30%.

    A line graph showing the Normalized Market Capitalization for 2020.

    Innovators are defined as companies that were listed on Fast Company World's 50 Most Innovative Companies for 2+ years.

    Innovation is critical to business success.

    A 25-year study by Business Development Canada and Statistics Canada showed that innovation was more important to business success than management, human resources, marketing, or finance.

    Executive brief case study

    INDUSTRY: Healthcare
    SOURCE: Interview

    Culture is critical

    This Info-Tech member is a nonprofit, community-based mental health organization located in the US. It serves about 25,000 patients per year in community, school, and clinic settings.

    This organization takes its innovation culture very seriously and has developed methodologies to assess individual and team innovation readiness as well as innovation types, which it uses to determine everyone's role in the innovation process. These assessments look at knowledge of and trust in the organization, its innovation profile, and its openness to change. Innovation enthusiasts are involved early in the process when it's important to dream big, while more pragmatic perspectives are incorporated later to improve the final solution.

    Results

    The organization has developed many innovative approaches to delivering healthcare. Notably, they have reimagined patient scheduling and reduced wait times to the extent that some patients can be seen the same day. They are also working to improve access to mental health care despite a shortage of professionals.

    Developing an Innovative Culture

    • Innovation Readiness Assessment
    • Coaching Specific to Innovation Profile
    • Innovation Enthusiasts Involved Early
    • Innovation Pragmatists Involved Later
    • High Success Rate of Innovation

    Define innovation roles and responsibilities

    A table showing key innovation roles and responsibilities.

    Info-Tech's methodology for building your enterprise innovation program

    1. Define Your Purpose

    2. Align Your People

    3. Build Your Practice

    Phase Steps

    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    Phase Outcomes

    Understand where the mandate for innovation comes from, and what the drivers are for pursuing innovation. Define what innovation means to your organization, and set the vision, mission, and guiding principles. Articulate the value proposition and key metrics for measuring success.

    Understand what it takes to build an innovative culture, and what types of innovation structure are most suited to your innovation goals. Define an innovation methodology and build your core innovation capabilities and team.

    Gather ideas and understand how to assess and prioritize initiatives based on standardized metrics. Develop criteria for tracking and measuring the success of pilot projects and conduct a program retrospective.

    Innovation program taxonomy

    This research uses the following common terms:

    Innovation Operating Model
    The operating model describes how the innovation program delivers value to the organization, including how the program is structured, the steps from idea generation to enterprise launch, and the methodologies used.
    Examples: Innovation Hub, Grassroots Innovation.

    Innovation Methodology
    Methodologies describe the ways the operating model is carried out, and the approaches used in the innovation practice.
    Examples: Design Thinking, Weighted Criteria Scoring

    Chief Innovation Officer
    This research is written for the person or team leading the innovation program – this might be a CINO, CIO, or other leader in the organization.

    Innovation Team
    The innovation team may vary depending on the operating model, but generally consists of the individuals involved in facilitating innovation across the organization. This may be, but does not have to be, a dedicated innovation department.

    Innovation Program
    The program for generating ideas, running pilot projects, and building a business case to implement across the enterprise.

    Pilot Project
    A way of testing and validating a specific concept in the real world through a minimum viable product or small-scale implementation. The pilot projects are part of the overall pilot program.

    Insight summary

    Innovation is about people, not ideas or processes
    Innovation does not require a formal process, a dedicated innovation team, or a large budget; the most important success factor for innovation is culture. Companies that facilitate innovative behaviors like growth mindset, collaboration, and the ability to take smart risk are most likely to see the benefits of innovation.

    Very few are doing innovation well
    Only 30% of companies consider themselves innovative, and there's a good reason: innovation involves unknowns, risk, and failure – three situations that people and organizations typically do their best to avoid. Counter this by removing the barriers to innovation.

    Culture is the greatest barrier to innovation
    In a survey of 270 business leaders, the top three most common obstacles were politics, turf wars, and alignment; culture issues; and inability to act on signals crucial to the business (Harvard Business Review, 2018). If you don't have a supportive culture, your ability to innovate will be significantly reduced.

    Innovation is a means to an end
    It is not the end itself. Don't get caught up in innovation for the sake of innovation – make sure you are getting the benefits from your investments. Measurable success factors are critical for maintaining the long-term success of your innovation engine.

    Tackle wicked problems
    Innovative approaches are better at solving complex problems than traditional practices. Organizations that prioritize innovation during a crisis tend to outperform their peers by over 30% and improve their market position (McKinsey, 2020).

    Innovate or die
    Innovation is critical to business growth. A 25-year study showed that innovation was more important to business success than management, human resources, marketing, or finance (Statistics Canada, 2006).

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Sample Job Descriptions and Organization Charts

    Determine the skills, knowledge, and structure you need to make innovation happen.

    Sample Job Descriptions and Organization Charts

    Ideation Session Template

    Facilitate an ideation session with your staff to identify areas for innovation.

    Ideation Session Template

    Initiative Prioritization Workbook

    Evaluate ideas to identify those which are most likely to provide value.

    Prioritization Workbook

    Key deliverable:

    Enterprise Innovation Program Summary

    Communicate how you plan to innovate with a report summarizing the outputs from this research.

    Enterprise Innovation Program Summary

    Measure the value of this research

    US businesses spend over half a trillion dollars on innovation annually. What are they getting for it?

    • The top innovators(1) typically spend 5-15% of their budgets on innovation (including R&D).
    • This research helps organizations develop a successful innovation program, which delivers value to the organization in the form of new products, services, and methods.
    • Leverage this research to:
      • Get your innovation program off the ground quickly.
      • Increase internal knowledge and expertise.
      • Generate buy-in and excitement about innovation.
      • Develop the skills and capabilities you need to drive innovation over the long term.
      • Validate your innovation concept.
      • Streamline and integrate innovation across the organization.

    (1) based on BCG's 50 Most Innovative Companies 2022

    30%

    The most innovative companies outperform the market by 30%.
    Source: McKinsey & Company, 2020

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided implementation

    What does a typical guided implementation (GI) on this topic look like?

    Phase 0 Phase 1 Phase 2 Phase 3 Finish

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Understand your mandate.
    (Activity 1.1)

    Call #3: Innovation vision, guiding principles, value proposition, and scope.
    (Activities 1.2 and 1.3)

    Call #4: Foster a culture of innovation. (Activity 2.1)

    Call #5: Define your methodology. (Activity 2.2)

    Call #6: Build core innovation capabilities. (Activity 2.3)

    Call #7: Build your ideation and pilot programs. (Activities 3.1 and 3.2)

    Call #8: Identify success metrics and notable wins. (Activity 3.3)

    Call #9: Summarize results and plan next steps.

    A GI is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of three to six months.

    Workshop overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1 Session 2 Session 3 Session 4

    Wrap Up

    Activities

    Define Your Ambitions

    Align Your People

    Develop Your Capabilities

    Build Your Program

    Next Steps and
    Wrap Up (offsite)

    1. Understand your innovation mandate (complete activity prior to workshop)
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    1. Build core innovation capabilities
    2. Develop prioritization criteria
    1. Define your methodology to pilot projects
    2. Conduct a program retrospective
    1. Complete in-progress deliverables from previous four days
    2. Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Our purpose
    2. Message from the CEO
    3. Vision and guiding principles
    4. Scope and value proposition
    5. Success metrics
    1. Building an innovative culture
    2. Operating model
    1. Core capabilities and structure
    2. Idea evaluation prioritization criteria
    1. Program retrospective
    2. Notable wins
    3. Executive summary
    4. Next steps
    1. Completed enterprise innovation program
    2. An engaged and inspired team

    Phase 1: Define Your Purpose

    Develop a better understanding of the drivers for innovation and what success looks like.

    Purpose

    People

    Practice

    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    This phase will walk you through the following activities:

    • Understand your innovation mandate, including its drivers, scope, and focus.
    • Define what innovation means to your organization.
    • Develop an innovation vision and guiding principles.
    • Articulate the value proposition and proposed metrics for evaluating program success.

    This phase involves the following participants:

    • CINO
    • Business executives

    Case study

    INDUSTRY: Transportation
    SOURCE: Interview

    ArcBest
    ArcBest is a multibillion-dollar shipping and logistics company which leverages innovative technologies to provide reliable and integrated services to its customers.

    An Innovative Culture Starts at the Top
    ArcBest's innovative culture has buy-in and support from the highest level of the company. Michael Newcity, ArcBest's CEO, is dedicated to finding better ways of serving their customers and supports innovation across the company by dedicating funding and resources toward piloting and scaling new initiatives.
    Having a clear purpose and mandate for innovation at all levels of the organization has resulted in extensive grassroots innovation and the development of a formalized innovation program.

    Results
    ArcBest has a legacy of innovation, going back to its early days when it developed a business intelligence solution before anything else existed on the market. It continues to innovate today and is now partnering with start-ups to further expand its innovation capabilities.

    "We don't micromanage or process-manage incremental innovation. We hire really smart people who are inspired to create new things and we let them run – let them create – and we celebrate it.
    Our dedication to innovation comes from the top – I am both the President and the Chief Innovation Officer, and innovation is one of my top priorities."

    Michael Newcity

    Michael Newcity
    President and Chief Innovation Officer ArcBest

    1.1 Understand your innovation mandate

    Before you can act, you need to understand the following:

    • Where is the drive for innovation coming from?
      The source of your mandate dictates the scope of your innovation practice – in general, innovating outside the scope of your mandate (i.e. trying to innovate on products when you don't have buy-in from the product team) will not be successful.
    • What is meant by "innovation"?
      There are many different definitions for innovation. Before pursuing innovation at your organization, you need to understand how it is defined. Use the definition in this section as a starting point, and craft your own definition of innovation.
    • What kind of innovation are you targeting?
      Innovation can be internal or external, emergent or deliberate, and incremental or radically transformative. Understanding what kind of innovation you want is the starting point for your innovation practice.

    The source of your mandate dictates the scope of your influence

    You can only influence what you can control.

    Unless your mandate comes from the CEO or Board of Directors, driving enterprise-wide innovation is very difficult. If you do not have buy-in from senior business leaders, use lighthouse projects and a smaller innovation practice to prove the value of innovation before taking on enterprise innovation.

    In order to execute on a mandate to build innovation, you don't just need buy-in. You need support in the form of resources and funding, as well as strong leadership who can influence culture and the authority to change policies and practices that inhibit innovation.

    For more resources on building relationships in your organization, refer to Info-Tech's Become a Transformational CIO blueprint.

    What is "innovation"?

    Innovation is often easier to recognize than define.

    Align on a useful definition of innovation for your organization before you embark on a journey of becoming more innovative.

    Innovation is the practice of developing new methods, products or services which provide value to an organization.

    Practice
    This does not have to be a formal process – innovation is a means to an end, not the end itself.

    New
    What does "new" mean to you?

    • New application of an existing method
    • Developing a completely original product
    • Adopting a service from another industry

    Value
    What does value mean to you? Look to your business strategy to understand what goals the organization is trying to achieve, then determine how "value" will be measured.

    Info-Tech Insight

    Some innovations are incremental, while some are radically transformative. Decide what kind of innovation you want to cultivate before developing your strategy.

    We can categorize innovation in three ways

    Evaluate your goals with respect to innovation: focus, strategy, and potential to transform.

    Focus: Where will you innovate?

    Focus

    Strategy: To what extent will you guide innovation efforts?

    Strategy

    Potential: How radical will your innovations be?

    Potential

    What are your ambitions?

    1. Develop a better understanding of what type of innovation you are trying to achieve by plotting out your goals on the categories on the left.
    2. All categories are independent of one another, so your goals may fall anywhere on the scales for each category.
    3. Understanding your innovation ambitions helps establish the operating model best suited for your innovation practice.
    4. In general, innovation which is more external, deliberate, and radical tends to be more centralized.

    Activity 1.1 Understand your innovation mandate

    1 hour

    1. Schedule a 30-minute discussion with the person (i.e. CEO) or group (i.e. Board of Directors) ultimately requesting the shift toward innovation. If there is no external party, then conduct this assessment yourself.
    2. Facilitate a discussion that addresses the following questions:
    • What is meant by "innovation"?
    • What are they hoping to achieve through innovation?
    • What is the innovation scope? Are any areas off-limits (i.e. org structure, new products, certain markets)?
    • What is the budget (i.e. people, money) they are willing to commit to innovation?
    • What type of innovation are they pursuing?
    1. Record this information and complete the "Our Purpose" section of the Innovation Program Template.

    Download the Innovation Program Template.

    Input

    • Knowledge of the key decision maker/sponsor for innovation

    Output

    • Understanding of the mandate for innovation, including definition, value, scope, budget, and type of innovation

    Materials

    • Innovation Program Template

    Participants

    • CINO
    • CEO, CTO, or Board of Directors (whoever is requesting/sponsoring the pursuit of innovation)

    1.2 Define your innovation ambitions

    Articulate your future state through a vision and guiding principles.

    • Vision and purpose make up the foundation on which all other design aspects will be based. These aspects should not be taken lightly, but rather they should be the force that aligns everyone to work toward a common outcome. It is incumbent on leaders to make them part of the DNA of the organization – to drive organization, structure, culture, and talent strategy.
    • Your vision statement is a future-focused statement that summarizes what you hope to achieve. It should be inspirational, ambitious, and concise.
    • Your guiding principles outline the guardrails for your innovation practice. What will your focus be? How will you approach innovation? What is off-limits?
    • Define the scope and focus for your innovation efforts. This includes what you can innovate on and what is off limits.

    Your vision statement is your North Star

    Articulate an ambitious, inspirational, and concise vision statement for your innovation efforts.

    A strong vision statement:

    • Is future-focused and outlines what you want to become and what you want to achieve.
    • Provides focus and direction.
    • Is ambitious, focused, and concise.
    • Answers: What problems are we solving? Who and what are we changing?

    Examples:

    • "We create radical new technologies to solve some of the world's hardest problems." – Google X, the Moonshot Factory
    • "To be the most innovative enterprise in the world." – 3M
    • "To use our imagination to bring happiness to millions of people." – Disney

    "Good business leaders create a vision, articulate the vision, passionately own the vision, and relentlessly drive it to completion." – Jack Welch, Former Chairman and CEO of GE

    Your guiding principles are the guardrails for creativity

    Strong guiding principles give your team the freedom and direction to innovate.

    Strong guiding principles:

    • Focus on the approach, i.e. how things are done, as opposed to what needs to be done.
    • Are specific to the organization.
    • Inform and direct decision making with actionable statements. Avoid truisms, general statements, and observations.
    • Are long-lasting and based on values, not solutions.
    • Are succinct and easily digestible.
    • Can be measured and verified.
    • Answers: How do we approach innovation? What are our core values

    Craft your guiding principles using these examples

    Encourage experimentation and risk-taking
    Innovation often requires trying new things, even if they might fail. We encourage experimentation and learn from failure, so that new ideas can be tested and refined.

    Foster collaboration and cross-functional teams
    Innovation often comes from the intersection of different perspectives and skill sets.

    Customer-centric
    Focus on creating value for the end user. This means understanding their needs and pain points, and using that knowledge to develop new methods, products, or services.

    Embrace diversity and inclusivity
    Innovation comes from a variety of perspectives, backgrounds, and experiences. We actively seek out and encourage diversity and inclusivity among our team members.

    Foster a culture of learning and continuous improvement
    Innovation requires continuous learning, development, and growth. We facilitate a culture that encourages learning and development, and that seeks feedback and uses it to improve.

    Flexible and adaptable
    We adapt to changes in the market, customer needs, and new technologies, so that it can continue to innovate and create value over time.

    Data-driven
    We use performance metrics and data to guide our innovation efforts.

    Transparency
    We are open and transparent in our processes and let the business needs guide our innovation efforts. We do not lead innovation, we facilitate it.

    Activity 1.2 Craft your vision statement and guiding principles

    1-2 hours

    1. Gather your innovation team and key program sponsors. Review the guidelines for creating vision statements and guiding principles, as well as your mandate and focus for innovation.
    2. As a group, discuss what you hope to achieve through your innovation efforts.
    3. Separately, have each person write down their ideas for a vision statement. Bring the group back together and share ideas. Group the concepts together and construct a single statement which outlines your aspirational vision.
    4. As a group, review the example guiding principles.
    5. Separately, have each person write down three to five guiding principles. Bring the group back together and share ideas. Group similar concepts together and consolidate duplicate ideas. From this list, construct six to eight guiding principles.
    6. Document your vision and guiding principles in the appropriate sections of the Innovation Program Template.

    Input

    • Understanding of your innovation mandate
    • Business vision, mission, and values
    • Sample vision statements and guiding principles

    Output

    • Vision statement
    • Guiding principles

    Materials

    • In person: Whiteboard/flip charts, sticky notes, pens, and notepads
    • Virtual: Consider using a shared document, virtual whiteboard, or online facilitation tool like MURAL
    • Innovation Program Template

    Participants

    • CINO
    • Innovation sponsors
    • Business leaders
    • Innovation team

    1.3 Determine your value proposition and metrics

    Justify the existence of the innovation program with a strong value proposition.

    • The value proposition for developing an innovation program will be different for each organization, depending on what the organization hopes to achieve. Consider your mandate for innovation as well as the type of innovation you are pursuing when crafting the value proposition.
    • Some of the reasons organizations may pursue innovation:
      • Business growth: Respond to market disruption; create new customers; take advantage of opportunities.
      • Branding: Create market differentiation; increase customer satisfaction and retention; adapt to customer needs.
      • Profitability: Improve products, services, or operations to increase competitiveness and profitability; develop more efficient processes.
      • Culture: Foster a culture of creativity and experimentation within the organization, encouraging employees to think outside the box.
      • Positive impact: Address social challenges such as poverty and climate change.

    Develop a strong value proposition for your innovation program

    Demonstrate the value to the business.

    A strong value proposition not only articulates the value that the business will derive from the innovation program but also provides a clear focus, helps to communicate the innovation goals, and ultimately drives the success of the program.

    Focus
    Prioritize and focus innovation efforts to create solutions that provide real value to the organization

    Communicate
    Communicate the mandate and benefits of innovation in a clear and compelling way and inspire people to think differently

    Measure Success
    Measure the success of your program by evaluating outcomes based on the value proposition

    Track appropriate success metrics for your innovation program

    Your success metrics should link back to your organizational goals and your innovation program's value proposition.

    Revenue Growth: Increase in revenue generated by new products or services.

    Market Share: Percentage of total market that the business captures as a result of innovation.

    Customer Satisfaction: Reviews, customer surveys, or willingness to recommend the company.

    Employee Engagement: Engagement surveys, performance, employee retention, or turnover.

    Innovation Output: The number of new products, services, or processes that have been developed.

    Return on Investment: Financial return on the resources invested in the innovation process.

    Social Impact: Number of people positively impacted, net reduction in emissions, etc.

    Time to Launch: The time it takes for a new product or service to go from idea to launch.

    Info-Tech Insight

    The total impact of innovation is often intangible and extremely difficult to capture in performance metrics. Focus on developing a few key metrics rather than trying to capture the full value of innovation.

    How much does innovation cost?

    Company Industry Revenue(2)
    (USD billions)
    R&D Spend
    (USD billions)
    R&D Spend
    (% of revenue)
    Apple Technology $394.30 $26.25 6.70%
    Microsoft Technology $203.10 $25.54 12.50%
    Amazon.com Retail $502.20 $67.71 13.40%
    Alphabet Technology $282.10 $37.94 13.40%
    Tesla Manufacturing $74.90 $3.01 4.00%
    Samsung Technology $244.39 (2021)(3) $19.0 (2021) 7.90%
    Moderna Pharmaceuticals $23.39 $2.73 11.70%
    Huawei Technology $99.9 (2021)4 Not reported -
    Sony Technology $83.80 Not reported -
    IBM Technology $60.50 $1.61 2.70%
    Meta Software $118.10 $32.61 27.60%
    Nike Commercial goods $49.10 Not reported -
    Walmart Retail $600.10 Not reported -
    Dell Technology $105.30 $2.60 2.50%
    Nvidia Technology $28.60 $6.85 23.90%


    The top innovators(1) in the world spend 5% to 15% of their revenue on innovation.

    Innovation requires a dedicated investment of time, money, and resources in order to be successful. The most innovative companies, based on Boston Consulting Group's ranking of the 50 most innovative companies in the world, spend significant portions of their revenue on research and development.

    Note: This data uses research and development as a proxy for innovation spending, which may overestimate the total spend on what this research considers true innovation.

    (1) Based on Boston Consulting Group's ranking of the 50 most innovative companies in the world, 2022
    (2) Macrotrends, based on the 12 months ending Sept 30, 2022
    (3) Statista
    (4) CNBC, 2022

    Activity 1.3 Develop your value proposition and performance metrics

    1 hour

    1. Review your mandate and vision statement. Write down your innovation goals and desired outcomes from pursuing innovation, prioritize the desired outcomes, and select the top five.
    2. For each desired outcome, develop one to two metrics which could be used to track its success. Some outcomes are difficult to track, so get creative when it comes to developing metrics. If you get stuck, think about what would differentiate a great outcome from an unsuccessful one.
    3. Once you have developed a list of three to five key metrics, read over the list and ensure that the metrics you have developed don't negatively influence your innovation. For example, a metric of the number of successful launches may drive people toward launching before a product is ready.
    4. For each metric, develop a goal. For example, you may target 1% revenue growth over the next fiscal year or 20% energy use reduction.
    5. Document your value proposition and key performance metrics in the appropriate sections of the Innovation Program Template.

    Input

    • Understanding of your innovation mandate
    • Vision statement

    Output

    • Value proposition
    • Performance metrics

    Materials

    • Innovation Program Template

    Participants

    • CINO

    Phase 2: Align Your People

    Create a culture that fosters innovative behaviors and puts processes in place to support them.

    Purpose

    People

    Practice

    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    This phase will walk you through the following activities:

    • Understand the key aspects of innovative cultures, and the behaviors associated with innovation.
    • Assess your culture and identify gaps.
    • Define your innovation operating model based on your organizational culture and the focus for innovation.
    • Build your core innovation capabilities, including an innovation core team (if required based on your operating model).

    This phase involves the following participants:

    • CINO
    • Innovation team

    2.1 Foster a culture of innovation

    Culture is the most important driver of innovation – and the most challenging to get right.

    • Fostering a culture of innovation requires a broad approach which considers the perspectives of individuals, teams, leadership, and the overall organization.
    • If you do not have support from leadership, it is very difficult to change organizational culture. It may be more effective to start with an innovation pilot or lighthouse project in order to gain support before addressing your culture.
    • Rather than looking to change outcomes, focus on the behaviors which lead to innovation – such as growth mindset and willingness to fail. If these aren't in place, your ability to innovate will be limited.
    • This section focuses on the specific behaviors associated with increased innovation. For additional resources on implementing these changes, refer to Info-Tech's other research:

    Info-Tech's Fix Your IT Culture can help you promote innovative behaviors

    Refer to Improve IT Team Effectiveness to address team challenges

    Build a culture of innovation

    Focus on behaviors, not outcomes.

    The following behaviors and key indicators either stifle or foster innovation.

    Stifles Innovation Key Indicators Fosters Innovation Key Indicators
    Fixed mindset "It is what it is" Growth mindset "I wonder if there's a better way"
    Performance focused "It's working fine" Learning focused "What can we learn from this?"
    Fear of reprisal "I'll get in trouble" Psychological safety "I can disagree"
    Apathy "We've always done it this way" Curiosity "I wonder what would happen if…"
    Cynicism "It will never work" Trust "You have good judgement"
    Punishing failure "Who did this?" Willingness to fail "It's okay to make mistakes"
    Individualism "How does this benefit me?" Collaboration "How does this benefit us?"
    Homogeneity "We never disagree" Diversity and inclusion "We appreciate different views"
    Excessive bureaucracy "We need approval" Autonomy "I can do this"
    Risk avoidance "We can't try that" Appropriate risk-taking "How can we do this safely?"

    Ensure you are not inadvertently stifling innovation.
    Review the following to ensure that the desired behaviors are promoted:

    • Hiring practices
    • Performance evaluation metrics
    • Rewards and incentives
    • Corporate policies
    • Governance structures
    • Leadership behavior

    Case study

    INDUSTRY: Commercial Real Estate and Retail
    SOURCE: Interview

    How not to approach innovation.

    This anonymous national organization owned commercial properties across the country and had the goal of becoming the most innovative real estate and retail company in the market.

    The organization pursued innovation in the digital solutions space across its commercial and retail properties. Within this space, there were significant differences in risk tolerance across teams, which resulted in the more risk-tolerant teams excluding the risk-averse members from discussions in order to circumvent corporate policies on risk tolerance. This resulted in an adversarial and siloed culture where each group believed they knew better than the other, and the more risk-averse teams felt like they were policing the actions of the risk-tolerant group.

    Results

    Morale plummeted, and many of the organization's top people left. Unfortunately, one of the solutions did not meet regulatory requirements, and the company faced negative media coverage and legal action. There was significant reputational damage as a result.

    Lessons Learned

    Considering differences in risk tolerance and risk appetite is critical when pursuing innovation. While everyone doesn't have to agree, leadership needs to understand the different perspectives and ensure that no one party is dominating the conversation over the others. An understanding of corporate risk tolerance and risk appetite is necessary to drive innovation.

    All perspectives have a place in innovation. More risk tolerant perspectives should be involved early in the ideas-generation phase, and risk-averse perspectives should be considered later when ideas are being refined.

    Speed should not override safety or circumvent corporate policies.

    Understand your risk tolerance and risk appetite

    Evaluate and align the appetite for risk.

    • It is important to understand the organization's risk tolerance as well as the desire for risk. Consider the following risk categories when investigating the organization's views on risk:
      • Financial risk: the potential for financial or property loss.
      • Operational risk: the potential for disruptions to operations.
      • Reputational risk: the potential for negative impact to brand or reputation.
      • Compliance risk: the potential for loss due to non-compliance with laws and regulations.
    • Greater risk tolerance typically enables greater innovation. Understand the varying levels of risk tolerance across your organization, and how these differences might impact innovation efforts.

    An arrow showing the directions of risk tolerance.

    It is more important to match the level of risk tolerance to the degree of innovation required. Not all innovation needs to be (or can feasibly be) disruptive.
    Many factors impact risk tolerance including:

    • Regulation
    • Organization size
    • Country
    • Industry
    • Personal experience
    • Type of risk

    Use Info-Tech's Security Risk Management research to better understand risk tolerance

    Activity 2.1 Assess your innovation culture

    1-3 hours

    1. Review the behaviors which support and stifle innovation and give each behavior a score from 1 (stifling innovation) to 5 (fostering innovation). Any behaviors which fall below a 4 on this scale should be prioritized in your efforts to create an innovative culture.
    2. Review the following policies and practices to determine how they may be contributing to the behaviors you see in your organization:
      1. Hiring practices
      2. Performance evaluation metrics
      3. Rewards, recognition, and incentives
      4. Corporate policies
      5. Governance structures
      6. Leadership behavior
    3. Identify three concrete actions you can take to correct any behaviors which are stifling innovation. Examples might be revising a policy which punishes failure or changing performance incentives to reward appropriate risk taking.
    4. Summarize your findings in the appropriate section of the Innovation Program Template.

    Input

    • Innovation behaviors

    Output

    • Understanding of your organization's culture
    • Concrete actions you can take to promote innovation

    Materials

    • List of innovative behaviors
    • Relevant policies and documents to review
    • Innovation Program Template

    Participants

    • CINO

    2.2 Define your innovation model

    Set up your innovation practice for success using proven models and methodologies.

    • There are many ways to approach innovation, from highly distributed forms where it's just part of everyone's job to very centralized and arm's-length innovation hubs or even outsourced innovation via startups. You can combine different approaches to create your own approach.
    • You may or may not have a formal innovation team, but if you do, their role is to facilitate innovation – not lead it. Innovation is most effective when it is led by the business.
    • There are many tools and methodologies you can use to facilitate innovation. Choose the one (or combination) that best suits your needs.

    Select the right model

    There is no one right way to pursue innovation, but some methods are better than others for specific situations and goals. Consider your existing culture, your innovation goals, and your budget when selecting the right methodology for your innovation.

    Model Description Advantages Disadvantages Good when…
    Grassroots Innovation Innovation is the responsibility of everyone, and there is no centralized innovation team. Ideas are piloted and scaled by the person/team which produces it.
    • Can be used in any organization or team
    • Can support low or high degree of structure
    • Low funding requirement
    • Requires a strong innovation culture
    • Often does not produce results since people don't have time to focus on innovation
    • Innovation culture is strong
    • Funding is limited
    • Goal is internal, incremental innovation
    Community of Practice Innovation is led by a cross-divisional Community of Practice (CoP) which includes representation from across the business. Champions consult with their practice areas and bring ideas forward.
    • Bringing people together can help stimulate and share ideas
    • Low funding requirement
    • Able to support many types of innovation
    • Some people may feel left out if they can't be involved
    • May not produce results if people are too busy to dedicate time to innovate
    • Innovation culture is present
    • Funding is limited
    • Goal is incremental or disruptive innovation
    Innovation Enablement
    *Most often recommended*
    A dedicated innovation team with funding set aside to support pilots with a high degree of autonomy, with the role of facilitating business-led innovation.
    • Most flexible of all options
    • Supports business-led innovation
    • Can deliver results quickly
    • Can enable a higher degree of innovation
    • Requires dedicated staff and funding
    • Innovation culture is present
    • Funding is available
    • Goal is internal or external, incremental or radical innovation
    Center of Excellence Dedicated team responsible for leading innovation on behalf of the organization. Generally, has business relationship managers who gather ideas and liaise with the business.
    • Can deliver results quickly
    • Can offer a fresh perspective
    • Can enable a higher degree of innovation
    • Requires dedicated staff and funding
    • Is typically separate from the business
    • Results may not align with the business needs or have adequate input
    • Innovation culture is weak
    • Funding is significant
    • Goal is external, disruptive innovation
    Innovation Hub An arm's length innovation team is responsible for all or much of the innovation and may not interact much with the core business.
    • Can deliver results quickly
    • Can be extremely innovative
    • Expensive
    • Results may not align with the business needs or have adequate/any input
    • Innovation culture is weak
    • Funding is very significant
    • Goal is external, radical innovation
    Outsourced Innovation Innovation is outsourced to an external organization which is not linked to the primary organization. This can take the form of working with or investing in startups.
    • Can lead to more innovative ideas than internal innovation
    • Investments can become a diverse revenue stream if startups are successful
    • Innovation does not rely on culture
    • Higher risk of failure
    • Less control over goals or focus
    • Results may not align with the business needs or have any input from users
    • Innovation does not rely on culture
    • Funding is significant
    • Goal is external or internal, radical innovation

    Use the right methodologies to support different stages of your innovation process

    A chart showing methodologies to support different stages of the integration process.

    Adapted from Niklaus Gerber via Medium, 2022

    Methodologies are most useful when they are aligned with the goals of the innovation organization.

    For example, design thinking tends to be excellent for earlier innovation planning, while Agile can allow for faster implementation and launch of initiatives later in the process.

    Consider combining two or more methodologies to create a custom approach that best suits your organization's capabilities and goals.

    Sample methodologies

    A robust innovation methodology ensures that the process for developing, prioritizing, selecting, implementing, and measuring initiatives is aligned with the results you are hoping to achieve.

    Different types of problems (drivers for innovation) may necessitate different methodologies, or a combination of methodologies.

    Hackathon: An event which brings people together to solve a well-defined problem.

    Design Thinking: Creative approach that focuses on understanding the needs of users.

    Lean Startup: Emphasizes rapid experimentation in order to validate business hypotheses.

    Design Sprint: Five-day process for answering business questions via design, prototyping, and testing.

    Agile: Iterative design process that emphasizes project management and retrospectives.

    Three Horizons: Framework that looks at opportunities on three different time horizons.

    Innovation Ambition Matrix: Helps organizations categorize projects as part of the core offering, an adjacent offering, or completely new.

    Global Innovation Management: A process of identifying, developing and implementing new ideas, products, services, or processes using alternative thinking.

    Blue Ocean Strategy: A methodology that helps organizations identify untapped market space and create new markets via unique value propositions.

    Activity 2.2 Design your innovation model

    1-2 hours

    1. Think about the following factors which influence the design of your innovation practice:
      1. Existing organizational culture
      2. Available funding to support innovation
      3. Type of innovation you are targeting
    2. Review the innovation approaches, and identify which approach is most suitable for your situation. Note why this approach was selected.
    3. Review the innovation methodologies and research those of interest. Select two to five methodologies to use for your innovation practice.
    4. Document your decisions in the Innovation Program Template.

    Input

    • Understanding of your mandate and existing culture

    Output

    • Innovation approach
    • Selected methodologies

    Materials

    • Innovation Program Template

    Participants

    • CINO
    • Innovation team

    2.3 Build your core innovation capabilities

    Develop the skills, knowledge, and experience to facilitate successful innovation.

    • Depending on the approach you selected in step 2.2, you may or may not require a dedicated innovation team. If you do, use the job descriptions and sample organization charts to build it. If not, focus on developing key capabilities which are needed to facilitate innovation.
    • Diversity is key for successful innovation – ensure your team (formal or otherwise) includes diverse perspectives and backgrounds.
    • Use your guiding principles when hiring and training your team.
    • Focus on three core roles: evangelists, enablers, and experts.

    Focus on three key roles when building your innovation team

    Types of roles will depend on the purpose and size of the innovation team.

    You don't need to grow them all internally. Consider partnering with vendors and other organizations to build capabilities.

    Evangelists

    Visionaries who inspire, support, and facilitate innovation across the business. Their responsibilities are to drive the culture of innovation.

    Key skills and knowledge:

    • Strong communication skills
    • Relationship-building
    • Consensus-building
    • Collaboration
    • Growth mindset

    Sample titles:

    • CINO
    • Chief Transformation Officer
    • Chief Digital Officer
    • Innovation Lead
    • Business Relationship Manager

    Enablers

    Translate ideas into tangible business initiatives, including assisting with business cases and developing performance metrics.

    Key skills and knowledge:

    • Critical thinking skills
    • Business knowledge
    • Facilitation skills
    • Consensus-building
    • Relationship-building

    Sample titles:

    • Product Owner
    • Design Thinking Lead
    • Data Scientist
    • Business Analyst
    • Human Factors Engineer
    • Digital Marketing Specialist

    Experts

    Provide expertise in product design, delivery and management, and responsible for supporting and executing on pilot projects.

    Key skills and knowledge:

    • Project management skills
    • Technical expertise
    • Familiarity with emerging technologies
    • Analytical skills
    • Problem-solving skills

    Sample titles:

    • Product Manager
    • Scrum Master/Agile Coach
    • Product Engineer/DevOps
    • Product Designer
    • Emerging tech experts

    Sample innovation team structure (large enterprise)

    Visualize the whole value delivery process end-to-end to help identify the types of roles, resources, and capabilities required. These capabilities can be sourced internally (i.e. grow and hire internally) or through collaboration with centers of excellence, commercial partners, etc.

    A flow chart of a sample innovation team structure.

    Streamline your process by downloading Info-Tech's job description templates:

    Activity 2.3 Build your innovation team

    2-3 hours

    1. Review your work from the previous activities as well as the organizational structure and the job description templates.
    2. Start a list with two columns: currently have and needed. Start listing some of the key roles and capabilities from earlier in this step, categorizing them appropriately.
    3. If you are using an organizational structure for your innovation process, start to frame out the structure and roles for your team.
    4. Develop a list of roles you need to hire, and the key capabilities you need from candidates. Using the job descriptions, write job postings for each role.
    5. Record your work in the appropriate section of the Innovation Program Template.

    Input

    • Previous work
    • Info-Tech job description templates

    Output

    • List of capabilities required
    • Org chart
    • Job postings for required roles

    Materials

    • Note-taking capability
    • Innovation Program Template

    Participants

    • CINO

    Related Info-Tech Research

    Fix Your IT Culture

    • Promote psychological safety and growth mindset within your organization.
    • Develop the organizational behaviors that lead to innovation.

    Improve IT Team Effectiveness

    • Address behaviors, processes, and cultural factors which impact team effectiveness.
    • Grow the team's ability to address challenges and navigate volatile, uncertain, complex and ambiguous environments.

    Master Organizational Change Management Practices

    • Transformation and change are increasingly becoming the new normal. While this normality may help make people more open to change in general, specific changes still need to be planned, communicated, and managed. Agility and continuous improvement are good but can degenerate into volatility if change isn't managed properly.

    Phase 3: Build Your Practice

    Define your innovation process, streamline pilot projects, and scale for success.

    Purpose

    People

    Practice

    1. Understand your mandate
    2. Define your innovation ambitions
    3. Determine value proposition and metrics
    1. Foster a culture of innovation
    2. Define your operating model
    3. Build core innovation capabilities
    1. Build your ideation and prioritization methodologies
    2. Define your pilot project methodology
    3. Conduct a program retrospective

    This phase will walk you through the following activities:

    • Build the methodologies needed to elicit ideas from the business.
    • Develop criteria to evaluate and prioritize ideas for piloting.
    • Define your pilot program methodologies and processes, including criteria to assess and compare the success of pilot projects.
    • Conduct an end-of-year program retrospective to evaluate the success of your innovation program.

    This phase involves the following participants:

    • CINO
    • Innovation team

    Case study

    INDUSTRY: Government
    SOURCE: Interview

    Confidential US government agency

    The business applications group at this government agency strongly believes that innovation is key to progress and has instituted a formal innovation program as part of their agile operations. The group uses a Scaled Agile Framework (SAFe) with 2-week sprints and a 12-week program cycle.

    To support innovation across the business unit, the last sprint of each cycle is dedicated toward innovation and teams do not commit to any other during these two weeks. At the end of each innovation sprint, ideas are presented to leadership and the valuable ones were either implemented initially or were given time in the next cycle of sprints for further development. This has resulted in a more innovative culture across the practice.

    Results

    There have been several successful innovations since this process began. Notably, the agency had previously purchased a robotic process automation platform which was only being used for a few specific applications. One team used their innovation sprint to expand the use cases for this solution and save nearly 10,000 hours of effort.

    Standard 12-week Program Cycle
    An image of a standard 12-week program

    Design your innovation operating model to maximize value and learning opportunities

    Pilots are an iterative process which brings together innovators and business teams to test and evaluate ideas.

    Your operating model should include several steps including ideation, validation, evaluation and prioritization, piloting, and a retrospective which follows the pilot. Use the example on this slide when designing your own innovation operating model.

    An image of the design process for innovation operation model.

    3.1 Build your ideation and prioritization methodologies

    Engage the business to generate ideas, then prioritize based on value to the business.

    • There are many ways of generating ideas, from informal discussion to formal ideation sessions or submission forms. Whatever you decide to use, make sure that you're getting the right information to evaluate ideas for prioritization.
    • Use quantitative and qualitative metrics to evaluate ideas generated during the ideation process.
      • Quantitative metrics might include potential return on investment (ROI) or effort and resources required to implement.
      • Qualitative metrics might include alignment with the organizational strategy or the level of risk associated with the idea.

    Engage the business to generate ideas

    There are many ways of generating innovative ideas. Pick the methods that best suit your organization and goals.

    Design Thinking
    A structured approach that encourages participants to think creatively about the needs of the end user.

    An image including the following words: Empathize, Define; Ideate; Test.

    Ideation Workshop
    A formal session that is used to understand a problem then generate potential solutions. Workshops can incorporate the other methodologies (such as brainstorming, design thinking, or mind mapping) to generate ideas.

    • Define the problem
    • Generate ideas
    • Capture ideas
    • Evaluate and prioritize
    • Assign next steps

    Crowdsourcing
    An informal method of gathering ideas from a large group of people. This can be a great way to generate many ideas but may lack focus.

    Value Proposition Canvas
    A visual tool which helps to identify customer (or user) needs and design products and services that meet those needs.

    an image of the Value Proposition Canvas

    Evaluate ideas and focus on those with the greatest value

    Evaluation should be transparent and use both quantitative and qualitative metrics. The exact metrics used will depend on your organization and goals.

    It is important to include qualitative metrics as these dimensions are better suited to evaluating highly innovative ideas and can capture important criteria like alignment with overall strategy and feasibility.

    Develop 5 to 10 criteria that you can use to evaluate and prioritize ideas. Some criteria may be a pass/fail (for example, minimum ROI) and some may be comparative.

    Evaluate
    The first step is to evaluate ideas to determine if they meet the minimum criteria. This might include quantitative criteria like ROI as well as qualitative criteria like strategic alignment and feasibility.

    Prioritize
    Ideas that pass the initial evaluation should be prioritized based on additional criteria which might include quantitative criteria such as potential market size and cost to implement, and qualitative criteria such as risk, impact, and creativity.

    Quantitative Metrics

    Quantitative metrics are objective and easily comparable between initiatives, providing a transparent and data-driven process for evaluation and prioritization.
    Examples:

    • Potential market size
    • ROI
    • Net present value
    • Payback period
    • Number of users impacted
    • Customer acquisition cost
    • Customer lifetime value
    • Breakeven analysis
    • Effort required to implement
    • Cost to implement

    Qualitative Metrics

    Qualitative metrics are less easily comparable but are equally important when it comes to evaluating ideas. These should be developed based on your organization strategy and innovation goals.
    Examples:

    • Strategy alignment
    • Impact on users
    • Uncertainty and risk
    • Innovation potential
    • Culture impact
    • Feasibility
    • Creativity and originality
    • Type of innovation

    Activity 3.1 Develop prioritization metrics

    1-3 hours

    1. Review your mandate, purpose, innovation goals and the sample prioritization and evaluation metrics.
    2. Write down a list of your goals and their associated metrics, then prioritize which are the most important.
    3. Determine which metrics will be used to evaluate ideas before they move on to the prioritization stage, and which metrics will be used to compare initiatives in order to determine which will receive further investment.
    4. For each evaluation metric, determine the minimum threshold required for an idea to move forward. For each prioritization metric identify the definition and how it will be evaluated. Qualitative metrics may require more precise definitions than quantitative metrics.
    5. Enter your metrics into the Initiative Prioritization Template.

    Input

    • Innovation mandate
    • Innovation goals
    • Sample metrics

    Output

    • Evaluation and prioritization metrics for ideas

    Materials

    • Whiteboard/Flip charts
    • Innovation Program Template

    Participants

    • Innovation leader

    Download the Initiative Prioritization Template

    3.2 Build your program to pilot initiatives

    Test and refine ideas through real-world pilot projects.

    • The purpose of your pilot is to test and refine ideas in the real world. In order to compare pilot projects, it's important to track key performance indicators throughout the pilot. Measurements should be useful and comparable.
    • Innovation facilitators are responsible for supporting pilot projects, including designing the pilot, setting up metrics, tracking outcomes, and facilitating retrospectives.
    • Pilots generally follow an Agile methodology where ideas may be refined as the pilot proceeds, and the process iterates until either the idea is discarded or it has been refined into an initiative which can be scaled.
    • Expect that most pilots will fail the first time, and many will fail completely. This is not a loss; lessons learned from the retrospective can be used to improve the process and later pilots.

    Use pilot projects to test and refine initiatives before scaling to the rest of the organization

    "Learning is as powerful as the outcome." – Brett Trelfa, CIO, Arkansas Blue Cross

    1. Clearly define the goals and objectives of the pilot project. Goals and objectives ensure that the pilot stays on track and can be measured.
    2. Your pilot group should include a variety of participants with diverse perspectives and skill sets, in order to gather unique insights.
    3. Continuously track the progress of the pilot project. Regularly identify areas of improvement and implement changes as necessary to refine ideas.
    4. Regularly elicit feedback from participants and iterate in order to improve the final innovation. Not all pilots will be successful, but every failure can help refine future solutions.
    5. Consider scalability. If the pilot project is successful, it should be scalable and the lessons learned should be implemented in the larger organization.

    Sample pilot metrics

    Metrics are used to validate and test pilot projects to ensure they deliver value. This is an important step before scaling to the rest of the organization.

    Adoption: How many end users have adopted the pilot solution?

    Utilization: Is the solution getting utilized?

    Support Requests: How many support requests have there been since the pilot was initiated?

    Value: Is the pilot delivering on the value that it proposed? For example, time savings.

    Feasibility: Has the feasibility of the solution changed since it was first proposed?

    Satisfaction: Focus groups or surveys can provide feedback on user/customer satisfaction.

    A/B Testing: Compare different methods, products or services.

    Info-Tech Insight

    Ensure standard core metrics are used across all pilot projects so that outcomes can be compared. Additional metrics may be used to refine and test hypotheses through the pilot process.

    Activity 3.2 Build your program to pilot initiatives

    1-2 hours

    1. Gather the innovation team and review your mandate, purpose, goals, and the sample innovation operating model and metrics.
    2. As a group, brainstorm the steps needed from idea generation to business case. Use sticky notes if in person, or a collaboration tool if remote.
    3. Determine the metrics that will be used to evaluate ideas at each decision step (for example, prior to piloting). Outline what the different decisions might be (for example, proceed, refine or discard) and what happens as a result of each decision.
    4. Document your final steps and metrics in the Innovation Program Template.

    Input

    • Innovation mandate
    • Innovation goals
    • Sample metrics

    Output

    • Pilot project methodology
    • Pilot project metrics

    Materials

    • Innovation Program Template
    • Sticky notes (in person) or digital collaboration tool (if remote)

    Participants

    • Innovation leader
    • Innovation team

    3.3 Conduct a program retrospective

    Generate value from your successful pilots by scaling ideas across the organization.

    • The final step in the innovation process is to scale ideas to the enterprise in order to realize the full potential.
    • Keeping track of notable wins is important for showing the value of the innovation program. Track performance of initiatives that come out of the innovation program, including their financial, cultural, market, and brand impacts.
    • Track the success of the innovation program itself by evaluating the number of ideas generated, the number of pilots run and the success of the pilots. Keep in mind that many failed pilots is not a failure of the program if the lessons learned were valuable.
    • Complete an innovation program retrospective every 6 to 12 months in order to adjust and make any changes if necessary to improve your process.

    Retrospectives should be objective, constructive, and action-oriented

    A retrospective is a review of your innovation program with the aim of identifying lessons learned, areas for improvement, and opportunities for growth.

    During a retrospective, the team will reflect on past experiences and use that information to inform future decision making and improve outcomes.

    The goal of a retrospective is to learn from the past and use that knowledge to improve in the future.

    Objective

    Ensure that the retrospective is based on facts and objective data, rather than personal opinions or biases.

    Constructive

    Ensure that the retrospective is a positive and constructive experience, with a focus on finding solutions rather than dwelling on problems.

    Action-Oriented

    The retrospective should result in a clear action plan with specific steps to improve future initiatives.

    Activity 3.3 Conduct a program retrospective

    1-2 hours

    1. Post a large piece of paper on the wall with a timeline from the last year. Include dates and a few key events, but not much more. Have participants place sticky notes in the spots to describe notable wins or milestones that they were proud of. This can be done as part of a formal meeting or asynchronously outside of meetings.
    2. Bring the innovation team together and review the poster with notable wins. Do any themes emerge? How does the team feel the program is doing? Are there any changes needed?
    3. Consider the metrics you use to track your innovation program success. Did the scaled projects meet their targets? Is there anything that could be refined about the innovation process?
    4. Evaluate the outcomes of your innovation program. Did it meet the targets set for it? Did the goals and innovation ambitions come to fruition?
    5. Complete this step every 6 to 12 months to assess the success of your program.
    6. Complete the "Notable Wins" section of the Innovation Program Template.

    Input

    • Innovation mandate
    • Innovation goals
    • Sample metrics

    Output

    • Notable wins
    • Action items for refining the innovation process

    Materials

    • Innovation Program Template
    • Sticky notes (in person) or digital collaboration tool (if remote)

    Participants

    • CIO
    • Innovation team
    • Others who have participated in the innovation process

    Related Info-Tech Research

    Adopt Design Thinking in Your Organization

    • A user's perspective while interacting with the products and services is very different from the organization's internal perspective while implementing and provisioning those. A design-based organization balances the two perspectives to drive user-satisfaction over end-to-end journeys.

    Prototype With an Innovation Design Sprint

    • Build and test a prototype in four days using Info-Tech's Innovation Design Sprint Methodology.
    • Create an environment for co-creation between IT and the business.

    Fund Innovation With a Minimum Viable Business Case

    • Our approach guides you through effectively designing a solution, de-risking a project through impact reduction techniques, building and pitching the case for your project, and applying the business case as a mechanism to ensure that benefits are realized.

    Summary of Accomplishment

    Congratulations on launching your innovation program!

    You have now completed your innovation strategy, covering the following topics:

    • Executive Summary
    • Our Purpose
    • Scope and Value Proposition
    • Guiding Principles
    • Building an Innovative Culture
    • Program Structure
    • Success Metrics
    • Notable Wins

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Related Info-Tech Research

    Accelerate Digital Transformation With a Digital Factory

    • Understand the foundations of good design: purpose, organizational support, and leadership.
    • Understand the design of the operating model: structure and organization, management practices, culture, environment, teams, technology platforms, and meaningful metrics and KPIs.

    Sustain and Grow the Maturity of Innovation in Your Enterprise

    • Unlock your innovation potential by looking at your innovation projects on both a macro and micro level.
    • Innovation capacity is directly linked with creativity; allow your employees' creativity to flourish using Info-Tech's positive innovation techniques.

    Define Your Digital Business Strategy

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

    Research Contributors and Experts

    Kim Osborne Rodriguez

    Kim Osborne Rodriguez
    Research Director, CIO Advisory
    Info-Tech Research Group

    Kim is a professional engineer and Registered Communications Distribution Designer with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach, with a track record of supporting successful projects.
    Kim holds a Bachelor's degree in Mechatronics Engineering from University of Waterloo.

    Joanne Lee

    Joanne Lee
    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is an executive with over 25 years of experience in digital technology and management consulting across both public and private entities from solution delivery to organizational redesign across Canada and globally.
    Prior to joining Info-Tech Research Group, Joanne was a management consultant within KPMG's CIO management consulting services and the Western Canadas Digital Health Practice lead. She has held several executive roles in the industry with the most recent position as Chief Program Officer for a large $450M EHR implementation. Her expertise spans cloud strategy, organizational design, data and analytics, governance, process redesign, transformation, and PPM. She is passionate about connecting people, concepts, and capital.
    Joanne holds a Master's in Business and Health Policy from the University of Toronto and a Bachelor of Science (Nursing) from the University of British Columbia.

    Jack Hakimian

    Jack Hakimian
    Senior Vice President
    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multi-billion-dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.
    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master's degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Michael Tweedie

    Michael Tweedie
    Practice Lead, CIO Strategy
    Info-Tech Research Group

    Mike Tweedie brings over 25 years as a technology executive. He's led several large transformation projects across core infrastructure, application, and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.
    Mike holds a Bachelor's degree in Architecture from Ryerson University.

    Mike Schembri

    Mike Schembri
    Senior Executive Advisor
    Info-Tech Research Group

    Mike is the former CIO of Fuji Xerox Australia and has 20+ years' experience serving IT and wider business leadership roles. Mike has led technical and broader business service operations teams to value and growth successfully in organizations ranging from small tech startups through global IT vendors, professional service firms, and manufacturers.
    Mike has passion for strategy and leadership and loves working with individuals/teams and seeing them grow.

    John Leidl

    John Leidl
    Senior Director, Member Services
    Info-Tech Research Group

    With over 35 years of IT experience, including senior-level VP Technology and CTO leadership positions, John has a breadth of knowledge in technology innovation, business alignment, IT operations, and business transformation. John's experience extends from start-ups to corporate enterprise and spans higher education, financial services, digital marketing, and arts/entertainment.

    Joe Riley

    Joe Riley
    Senior Workshop Director
    Info-Tech Research Group

    Joe ensures our members get the most value out of their Info-Tech memberships by scoping client needs, current state and desired business outcomes, and then drawing upon his extensive experience, certifications, and degrees (MBA, MS Ops/Org Mgt, BS Eng/Sci, ITIL, PMP, Security+, etc.) to facilitate our client's achievement of desired and aspirational business outcomes. A true advocate of ITSM, Joe approaches technology and technology practices as a tool and enabler of people, core business, and competitive advantage activities.

    Denis Goulet

    Denis Goulet
    Senior Workshop Director
    Info-Tech Research Group

    Denis is a transformational leader and experienced strategist who has worked with 100+ organizations to develop their digital, technology, and governance strategies.
    He has held positions as CIO, Chief Administrative Office (City Manager), General Manager, Vice President of Engineering, and Management Consultant, specializing in enterprise and technology strategy.

    Cole Cioran

    Cole Cioran
    Managing Partner
    Info-Tech Research Group

    I knew I wanted to build great applications that would delight their users. I did that over and over. Along the way I also discovered that it takes great teams to deliver great applications. Technology only solves problems when people, processes, and organizations change as well. This helped me go from writing software to advising some of the largest organizations in the world on how to how to build a digital delivery umbrella of Product, Agile, and DevOps and create exceptional products and services powered by technology.

    Carlene McCubbin

    Carlene McCubbin
    Research Lead, CIO Practice
    Info-Tech Research Group

    During her tenure at Info-Tech, Carlene has led the development of Info-Tech's Organization and Leadership practice and worked with multiple clients to leverage the methodologies by creating custom programs to fit each organization's needs.
    Before joining Info-Tech, Carlene received her Master of Communications Management from McGill University, where she studied development of internal and external communications, government relations, and change management.

    Isabelle Hertanto

    Isabelle Hertanto
    Principal Research Director
    Info-Tech Research Group

    Isabelle Hertanto has over 15 years of experience delivering specialized IT services to the security and intelligence community. As a former federal officer for Public Safety Canada, Isabelle trained and led teams on data exploitation and digital surveillance operations in support of Canadian national security investigations. Since transitioning into the private sector, Isabelle has held senior management and consulting roles across a variety of industry sectors, including retail, construction, energy, healthcare, and the broader Canadian public sector.

    Hans Eckman

    Hans Eckman
    Principal Research Director
    Info-Tech Research Group

    Hans Eckman is a business transformation leader helping organizations connect business strategy and innovation to operational excellence. He supports Info-Tech members in SDLC optimization, Agile and DevOps implementation, CoE/CoP creation, innovation program development, application delivery, and leadership development. Hans is based out of Atlanta, Georgia.

    Valence Howden

    Valence Howden
    Principal Research Director
    Info-Tech Research Group

    With 30 years of IT experience in the public and private sector, Valence has developed experience in many Information Management and Technology domains, with a particular focus in the areas of Service Management, Enterprise and IT Governance, Development and Execution of Strategy, Risk Management, Metrics Design and Process Design, and Implementation and Improvement. Prior to joining Info-Tech, he served in technical and client-facing roles at Bell Canada and CGI Group Inc., as well as managing the design, integration, and implementation of services and processes in the Ontario Public Sector.

    Clayton Gillett

    Clayton Gillett
    Managing Partner
    Info-Tech Research Group

    Clayton Gillett is a Managing Partner for Info-Tech, providing technology management advisory services to healthcare clients. Clayton joined Info-Tech with more than 28 years of experience in health care information technology. He has held senior IT leadership roles at Group Health Cooperative of Puget Sound and OCHIN, as well as advisory or consulting roles at ECG Management Consultants and Gartner.

    Donna Bales

    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Donna Bales is a Principal Research Director in the CIO Practice at Info-Tech Research Group specializing in research and advisory services in IT risk, governance, and compliance. She brings over 25 years of experience in strategic consulting and product development and has a history of success in leading complex, multi-stakeholder industry initiatives.

    Igor Ikonnikov

    Igor Ikonnikov
    Research Director
    Info-Tech Research Group

    Igor Ikonnikov is a Research and Advisory Director in the Data and Analytics practice. Igor has extensive experience in strategy formation and execution in the information management domain, including master data management, data governance, knowledge management, enterprise content management, big data, and analytics.
    Igor has an MBA from the Ted Rogers School of Management (Toronto, Canada) with a specialization in Management of Technology and Innovation.

    Research Contributors and Experts

    Michael Newcity

    Michael Newcity
    Chief Innovation Officer
    ArcBest

    Kevin Yoder

    Kevin Yoder
    Vice President, Innovation
    ArcBest

    Gary Boyd

    Gary Boyd
    Vice President, Information Systems & Digital Transformation
    Arkansas Blue Cross and Blue Shield

    Brett Trelfa

    Brett Trelfa
    Chief Information Officer
    Arkansas Blue Cross and Blue Shield

    Kristen Wilson-Jones

    Kristen Wilson-Jones
    Chief Technology & Product Officer
    Medcurio

    Note: additional contributors did not wish to be identified

    Bibliography

    Altringer, Beth. "A New Model for Innovation in Big Companies" Harvard Business Review. 19 Nov. 2013. Accessed 30 Jan. 2023. https://hbr.org/2013/11/a-new-model-for-innovation-in-big-companies
    Arpajian, Scott. "Five Reasons Why Innovation Fails" Forbes Magazine. 4 June 2019. Accessed 31 Jan. 2023. https://www.forbes.com/sites/forbestechcouncil/2019/06/04/five-reasons-why-innovation-fails/?sh=234e618914c6
    Baldwin, John & Gellatly, Guy. "Innovation Capabilities: The Knowledge Capital Behind the Survival and Growth of Firms" Statistics Canada. Sept. 2006. Accessed 30 Jan. 2023. https://www.bdc.ca/fr/documents/other/innovation_capabilities_en.pdf
    Bar Am, Jordan et al. "Innovation in a Crisis: Why it is More Critical Than Ever" McKinsey & Company, 17 June 2020. Accessed 12 Jan. 2023. <https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/innovation-in-a-crisis-why-it-is-more-critical-than-ever >
    Boston Consulting Group, "Most Innovative Companies 2021" BCG, April 2021. Accessed 30 Jan. 2023. https://web-assets.bcg.com/d5/ef/ea7099b64b89860fd1aa3ec4ff34/bcg-most-innovative-companies-2021-apr-2021-r.pdf
    Boston Consulting Group, "Most Innovative Companies 2022" BGC, 15 Sept. 2022. Accessed 6 Feb. 2023. https://www.bcg.com/en-ca/publications/2022/innovation-in-climate-and-sustainability-will-lead-to-green-growth
    Christensen, Clayton M. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business Review Press, 2016.
    Gerber, Niklaus. "What is innovation? A beginner's guide into different models, terminologies and methodologies" Medium. 20 Sept 2022. Accessed 7 Feb. 2023. https://world.hey.com/niklaus/what-is-innovation-a-beginner-s-guide-into-different-models-terminologies-and-methodologies-dd4a3147
    Google X, Homepage. Accessed 6 Feb. 2023. https://x.company/
    Harnoss, Johann D. & Baeza, Ramón. "Overcoming the Four Big Barriers to Innovation Success" Boston Consulting Group, 24 Sept. 2019. Accessed 30 Jan 2023. https://www.bcg.com/en-ca/publications/2019/overcoming-four-big-barriers-to-innovation-success
    Jaruzelski, Barry et al. "Global Innovation 1000 Study" Pricewaterhouse Cooper, 30 Oct. 2018. Accessed 13 Jan. 2023. <https://www.strategyand.pwc.com/gx/en/insights/innovation1000.html>
    Kharpal, Arjun. "Huawei posts first-ever yearly revenue decline as U.S. sanctions continue to bite, but profit surges" CNBC. 28 March 2022. Accessed 7 Feb. 2023. https://www.cnbc.com/2022/03/28/huawei-annual-results-2021-revenue-declines-but-profit-surges.html
    Kirsner, Scott. "The Biggest Obstacles to Innovation in Large Companies" Harvard Business Review, 30 July 2018. Accessed 12 Jan. 2023. <https://hbr.org/2018/07/the-biggest-obstacles-to-innovation-in-large-companies>
    Macrotrends. "Apple Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/AAPL/apple/revenue
    Macrotrends. "Microsoft Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/MSFT/microsoft/revenue
    Macrotrends. "Amazon Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/AMZN/amazon/revenue
    Macrotrends. "Alphabet Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/GOOG/alphabet/revenue
    Macrotrends. "Tesla Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/TSLA/tesla/revenue
    Macrotrends. "Moderna Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/MRNA/moderna/revenue
    Macrotrends. "Sony Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/SONY/sony/revenue
    Macrotrends. "IBM Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/IBM/ibm/revenue
    Macrotrends. "Meta Platforms Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/META/meta-platforms/revenue
    Macrotrends. "NIKE Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/NKE/nike/revenue
    Macrotrends. "Walmart Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/WMT/walmart/revenue
    Macrotrends. "Dell Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/DELL/dell/revenue
    Macrotrends. "NVIDIA Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/NVDA/nvidia/revenue
    Sloan, Paul. "How to Develop a Vision for Innovation" Innovation Management, 10 Aug. 2009. Accessed 7 Feb. 2023. https://innovationmanagement.se/2009/08/10/how-to-develop-a-vision-for-innovation/
    Statista. "Samsung Electronics' global revenue from 2005 to 2021" Statista. Accessed 7 Feb. 2023. https://www.statista.com/statistics/236607/global-revenue-of-samsung-electronics-since-2005/
    Tichy, Noel & Ram Charan. "Speed, Simplicity, Self-Confidence: An Interview with Jack Welch" Harvard Business Review, 2 March 2020. Accessed 7 Feb. 2023. https://hbr.org/1989/09/speed-simplicity-self-confidence-an-interview-with-jack-welch
    Weick, Karl and Kathleen Sutcliffe. Managing the Unexpected: Sustained Performance in a Complex World, Third Edition. John Wiley & Sons, 2015.
    Xuan Tian, Tracy Yue Wang, Tolerance for Failure and Corporate Innovation, The Review of Financial Studies, Volume 27, Issue 1, 2014, Pages 211–255, Accessed https://doi.org/10.1093/rfs/hhr130

    Demystify Oracle Licensing and Optimize Spend

    • Buy Link or Shortcode: {j2store}136|cart{/j2store}
    • member rating overall impact: 9.9/10 Overall Impact
    • member rating average dollars saved: $85,754 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • License keys are not needed with optional features accessible upon install. Conducting quarterly checks of the Oracle environment is critical because if products or features are installed, even if they are not actively in use, it constitutes use by Oracle and requires a license.
    • Ambiguous license models and definitions abound: terminology and licensing rules can be vague, making it difficult to purchase licensing even with the best of intentions to keep compliant.
    • Oracle has aggressively started to force new Oracle License and Service Agreements (OLSA) on customers that slightly modify language and remove pre-existing allowances to tilt the contract terms in Oracle's favor.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough requirements assessment and document the results. Well-documented license needs will be your core asset in navigating Oracle licensing and negotiating your agreement.
    • Communicate effectively. Be aware that Oracle will reach out to employees at your organization at various levels. Having your executives on the same page will help send a strong message.
    • Manage the relationship. If Oracle is managing you, there is a high probability you are over paying or providing information that may result in an audit.

    Impact and Result

    • Conducting business with Oracle is not typical compared to other vendors. To emerge successfully from a commercial transaction with Oracle, customers must learn the "Oracle way" of conducting business, which includes a best-in-class sales structure, highly unique contracts and license use policies, and a hyper-aggressive compliance function.
    • Map out the process of how to negotiate from a position of strength, examining terms and conditions, discount percentages, and agreement pitfalls.
    • Develop a strategy that leverages and utilizes an experienced Oracle DBA to gather accurate information, and then optimizes it to mitigate and meet the top challenges.

    Demystify Oracle Licensing and Optimize Spend Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your Oracle licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish licensing requirements

    Begin your proactive Oracle licensing journey by understanding which information to gather and assessing the current state and gaps.

    • Demystify Oracle Licensing and Optimize Spend – Phase 1: Establish Licensing Requirements
    • Oracle Licensing Purchase Reference Guide
    • Oracle Database Inventory Tool
    • Effective Licensing Position Tool
    • RASCI Chart

    2. Evaluate licensing options

    Review current licensing models and determine which licensing models will most appropriately fit your environment.

    • Demystify Oracle Licensing and Optimize Spend – Phase 2: Evaluate Licensing Options

    3. Evaluate agreement options

    Review Oracle’s contract types and assess which best fit the organization’s licensing needs.

    • Demystify Oracle Licensing and Optimize Spend – Phase 3: Evaluate Agreement Options
    • Oracle TCO Calculator

    4. Purchase and manage licenses

    Conduct negotiations, purchase licensing, and finalize a licensing management strategy.

    • Demystify Oracle Licensing and Optimize Spend – Phase 4: Purchase and Manage Licenses
    • Oracle Terms & Conditions Evaluation Tool
    • Controlled Vendor Communications Letter
    • Vendor Communication Management Plan
    [infographic]

    Workshop: Demystify Oracle Licensing and Optimize Spend

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Licensing Requirements

    The Purpose

    Assess current state and align goals; review business feedback

    Interview key stakeholders to define business objectives and drivers

    Key Benefits Achieved

    Have a baseline for requirements

    Assess the current state

    Determine licensing position

    Examine cloud options

    Activities

    1.1 Gather software licensing data

    1.2 Conduct a software inventory

    1.3 Perform manual checks

    1.4 Reconcile licenses

    1.5 Create your Oracle licensing team

    1.6 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Copy of your Oracle License Statement

    Software inventory report from software asset management (SAM) tool

    Oracle Database Inventory Tool

    RASCI Chart

    Oracle Licensing Effective License Position (ELP) Template

    Oracle Licensing Purchase Reference Guide

    2 Evaluate Licensing Options

    The Purpose

    Review licensing options

    Review licensing rules

    Key Benefits Achieved

    Understand how licensing works

    Determine if you need software assurance

    Discuss licensing rules, application to current environment.

    Examine cloud licensing

    Understand the importance of documenting changes

    Meet with desktop product owners to determine product strategies

    Activities

    2.1 Review full, limited, restricted, and AST use licenses

    2.2 Calculate license costs

    2.3 Determine which database platform to use

    2.4 Evaluate moving to the cloud

    2.5 Examine disaster recovery strategies

    2.6 Understand purchasing support

    2.7 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    3 Evaluate Agreement Options

    The Purpose

    Review contract option types

    Review vendors

    Key Benefits Achieved

    Understand why a type of contract is best for you

    Determine if ULA or term agreement is best

    The benefits of other types and when you should change

    Activities

    3.1 Prepare to sign or renew your ULA

    3.2 Decide on an agreement type that nets the maximum benefit

    Outputs

    Type of contract to be used

    Oracle TCO Calculator

    Oracle Licensing Purchase Reference Guide

    4 Purchase and Manage Licenses

    The Purpose

    Finalize the contract

    Prepare negotiation points

    Discuss license management

    Evaluate and develop a roadmap for future licensing

    Key Benefits Achieved

    Negotiation strategies

    Licensing management

    Introduction of SAM

    Leverage the work done on Oracle licensing to get started on SAM

    Activities

    4.1 Control the flow of communication terms and conditions

    4.2 Use Info-Tech’s readiness assessment in preparation for the audit

    4.3 Assign the right people to manage the environment

    4.4 Meet with stakeholders to discuss the licensing position, cloud offerings, and budget allocation

    Outputs

    Controlled Vendor Communications Letter

    Vendor Communication Management Plan

    Oracle Terms & Conditions Evaluation Tool

    RASCI Chart

    Oracle Licensing Purchase Reference Guide

    Tame the Project Backlog

    • Buy Link or Shortcode: {j2store}439|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • Unmanaged project backlogs can become the bane of IT departments, tying IT leaders and PMO staff down to an ever-growing receptacle of project ideas that provides little by way of strategic value and that typically represents a lack of project intake and approval discipline.
    • Decision makers frequently use the backlog to keep the peace. Lacking the time to assess the bulk of requests, or simply wanting to avoid difficult conversations with stakeholders, they “approve” everything and leave it to IT to figure it out.
    • As IT has increasing difficulty assessing – let alone starting – any of the projects in the backlog, stakeholder relations suffer. Requestors view inclusion in the backlog as a euphemism for “declined,” and often characterize the backlog as the place where good project ideas go to die.
    • Faced with these challenges, you need to make your project backlog more useful and reliable. The backlog may contain projects worth doing, but in its current untamed state, you have difficulty discerning, let alone capitalizing upon, those instances of value.

    Our Advice

    Critical Insight

    • Project backlogs are an investment and need to be treated as such. Incurring a cost impact that can be measured in terms of time and money, the backlog needs to be actively managed to ensure that you’re investing wisely and getting a good return in terms of strategic value and project throughput.
    • Unmanageable project backlogs are rooted in bad habits and poorly-defined processes. Identifying the sources that fuel backlog growth is key to long-term success. Unless the problem is addressed at the root, any gains made in the near-term will simply fade away as old, unhealthy habits re-emerge and take hold.
    • Backlog management should facilitate executive awareness about the status of backlog items as new work is being approved. In the long run, this ongoing executive engagement will not only help to keep the backlog manageable, but it will also help to bring more even workloads to IT project staff.

    Impact and Result

    • Keep the best, forget the rest. Develop a near-term approach to limit the role of the backlog to include only those items that add value to the business.
    • Shine a light. Improve executive visibility into the health and status of the backlog so that the backlog is taken into account when decision makers approve new work.
    • Evolve the organizational culture. Effectively employ organizational change management practices to evolve the culture that currently exists around the project backlog in order to ensure customer-service needs are more effectively addressed.
    • Ensure long-term sustainability. Institute processes to make sure that your list of pending projects – should you still require one after implementing this blueprint – remains minimal, maintainable, and of high value.

    Tame the Project Backlog Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how a more disciplined approach to managing your project backlog can help you realize increased value and project throughput.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a project backlog battle plan

    Calculate the cost of the project backlog and assess the root causes of its unmanageability.

    • Tame the Project Backlog – Phase 1: Create a Backlog Battle Plan
    • Project Backlog ROI Calculator

    2. Execute a near-term backlog cleanse

    Increase the manageability of the backlog by updating stale requests and removing dead weight.

    • Tame the Project Backlog – Phase 2: Execute a Near-Term Backlog Cleanse
    • Project Backlog Management Tool
    • Project Backlog Stakeholder Communications Template

    3. Ensure long-term backlog manageability

    Develop and maintain a manageable backlog growth rate by establishing disciplined backlog management processes.

    • Tame the Project Backlog – Phase 3: Ensure Long-Term Backlog Manageability
    • Project Backlog Operating Plan Template
    • Project Backlog Manager
    [infographic]

    Workshop: Tame the Project Backlog

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create a Project Backlog Battle Plan

    The Purpose

    Gauge the manageability of your project backlog in its current state.

    Calculate the total cost of your project backlog investments.

    Determine the root causes that contribute to the unmanageability of your project backlog.

    Key Benefits Achieved

    An understanding of the organizational need for more disciplined backlog management.

    Visibility into the costs incurred by the project backlog.

    An awareness of the sources that feed the growth of the project backlog and make it a challenge to maintain.

    Activities

    1.1 Calculate the sunk and marginal costs that have gone into your project backlog.

    1.2 Estimate the throughput of backlog items.

    1.3 Survey the root causes of your project backlog.

    Outputs

    The total estimated cost of the project backlog.

    A project backlog return-on-investment score.

    A project backlog root cause analysis.

    2 Execute a Near-Term Project Backlog Cleanse

    The Purpose

    Identify the most organizationally appropriate goals for your backlog cleanse.

    Pinpoint those items that warrant immediate removal from the backlog and establish a game plan for putting a bullet in them.

    Communicate backlog decisions with stakeholders in a way that minimizes friction and resistance. 

    Key Benefits Achieved

    An effective, achievable, and organizationally right-sized approach to cleansing the backlog.

    Criteria for cleanse outcomes and a protocol for carrying out the near-term cleanse.

    A project sponsor outreach plan to help ensure that decisions made during your near-term cleanse stick. 

    Activities

    2.1 Establish roles and responsibilities for the near-term cleanse.

    2.2 Determine cleanse scope.

    2.3 Develop backlog prioritization criteria.

    2.4 Prepare a communication strategy.

    Outputs

    Clear accountabilities to ensure the backlog is effectively minimized and outcomes are communicated effectively.

    Clearly defined and achievable goals.

    Effective criteria for cleansing the backlog of zombie projects and maintaining projects that are of strategic and operational value.

    A communication strategy to minimize stakeholder friction and resistance.

    3 Ensure Long-Term Project Backlog Manageability

    The Purpose

    Ensure ongoing backlog manageability.

    Make sure the executive layer is aware of the ongoing status of the backlog when making project decisions.

    Customize a best-practice toolkit to help keep the project backlog useful. 

    Key Benefits Achieved

    A list of pending projects that is minimal, maintainable, and of high value.

    Executive engagement with the backlog to ensure intake and approval decisions are made with a view of the backlog in mind.

    A backlog management tool and processes for ongoing manageability. 

    Activities

    3.1 Develop a project backlog management operating model.

    3.2 Configure a project backlog management solution.

    3.3 Assign roles and responsibilities for your long-term project backlog management processes.

    3.4 Customize a project backlog management operating plan.

    Outputs

    An operating model to structure your long-term strategy around.

    A right-sized management tool to help enable your processes and executive visibility into the backlog.

    Defined accountabilities for executing project backlog management responsibilities.

    Clearly established processes for how items get in and out of the backlog, as well as for ongoing backlog review.

    Get Started With Customer Advocacy

    • Buy Link or Shortcode: {j2store}565|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Getting started with customer advocacy (CA) is no easy task. Many customer success professionals carry out ad hoc customer advocacy activities to address immediate needs but lack a more strategic approach.

    Our Advice

    Critical Insight

    • Customer success leaders must reposition their CA program around growth; the recognition that customer advocacy is a strategic growth initiative is necessary to succeed in today’s competitive market.
    • Get key stakeholders on board early – especially Sales!
    • Always link your CA efforts back to retention and growth.
    • Make building genuine relationships with your advocates the cornerstone of your CA program.

    Impact and Result

    • Enable the organization to identify and develop meaningful relationships with top customers and advocates.
    • Understand the concepts and benefits of CA and how CA can be used to improve marketing and sales and fuel growth and competitiveness.
    • Follow SoftwareReviews’ methodology to identify where to start to apply CA within the organization.
    • Develop a customer advocacy proof of concept/pilot program to gain stakeholder approval and funding to get started with or expand efforts around customer advocacy.

    Get Started With Customer Advocacy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get Started With Customer Advocacy Executive Brief – An overview of why customer advocacy is critical to your organization and the recommended approach for getting started with a pilot program.

    Understand the strategic benefits and process for building a formal customer advocacy program. To be successful, you must reposition CA as a strategic growth initiative and continually link any CA efforts back to growth.

    • Get Started With Customer Advocacy Storyboard

    2. Define Your Advocacy Requirements – Assess your current customer advocacy efforts, identify gaps, and define your program requirements.

    With the assessment tool and steps outlined in the storyboard, you will be able to understand the gaps and pain points, where and how to improve your efforts, and how to establish program requirements.

    • Customer Advocacy Maturity Assessment Tool

    3. Win Executive Approval and Launch Pilot – Develop goals, success metrics, and timelines, and gain approval for your customer advocacy pilot.

    Align on pilot goals, key milestones, and program elements using the template and storyboard to effectively communicate with stakeholders and gain executive buy-in for your customer advocacy pilot.

    • Get Started With Customer Advocacy Executive Presentation Template

    Infographic

    Further reading

    Get Started With Customer Advocacy

    Develop a customer advocacy program to transform customer satisfaction into revenue growth.

    EXECUTIVE BRIEF

    Analyst perspective

    Customer advocacy is critical to driving revenue growth

    The image contains a picture of Emily Wright.

    Customer advocacy puts the customer at the center of everything your organization does. By cultivating a deep understanding of customer needs and how they define value and by delivering positive experiences throughout the customer journey, organizations inspire and empower customers to become evangelists for their brands or products. Both the client and solution provider enjoy satisfying and ongoing business outcomes as a result.

    Focusing on customer advocacy is critical for software solutions providers. Business-to-business (B2B) buyers are increasingly looking to their peers and third-party resources to arm themselves with information on solutions they feel they can trust before they choose to engage with solution providers. Your satisfied customers are now your most trusted and powerful resource.

    Customer advocacy helps build strong relationships with your customers, nurtures brand advocacy, gives your marketing messaging credibility, and differentiates your company from the competition; it’s critical to driving revenue growth. Companies that develop mature advocacy programs can increase Customer Lifetime Value (CLV) by 16% (Wharton Business School, 2009), increase customer retention by 35% (Deloitte, 2011), and give themselves a strong competitive advantage in an increasingly competitive marketplace.

    Emily Wright
    Senior Research Analyst, Advisory
    SoftwareReviews

    Executive summary

    Your Challenge

    Ad hoc customer advocacy (CA) efforts and reference programs, while still useful, are not enough to drive growth. Providers increase their chance for success by assessing if they face the following challenges:

    • Lack of referenceable customers that can turn into passionate advocates, or a limited pool that is at risk of burnout.
    • Lack of references for all key customer types, verticals, etc., especially in new growth segments or those that are hard to recruit.
    • Lack of a consistent program for gathering customer feedback and input to make improvements and increase customer satisfaction.
    • Lack of executive and stakeholder (e.g. Sales, Customer Success, channel partners, etc.) buy-in for the importance and value of customer advocacy.

    Building a strong customer advocacy program must be a high priority for customer service/success leaders in today’s highly competitive software markets.

    Common Obstacles

    Getting started with customer advocacy is no easy task. Many customer success professionals carry out ad hoc customer advocacy activities to address immediate needs but lack a more strategic approach. What separates them from success are several nagging obstacles:

    • Efforts lack funding and buy-in from stakeholders.
    • Senior management doesn’t fully understand the business value of a customer advocacy program.
    • Duplicate efforts are taking place between Sales, Marketing, product teams, etc., because ownership, roles, and responsibilities have not been determined.
    • Relationships are guarded/hoarded by those who feel they own the relationship (e.g. Sales, Customer Success, channel partners, etc.).
    • Customer-facing staff often lack the necessary skills to foster customer advocacy.

    SoftwareReviews’ Approach

    This blueprint will help leaders of customer advocacy programs get started with developing a formalized pilot program that will demonstrate the value of customer advocacy and lay a strong foundation to justify rollout. Through SoftwareReviews’ approach, customer advocacy leaders will:

    • Enable the organization to identify and develop meaningful relationships with top customers and advocates.
    • Understand the concepts and benefits of CA and how CA can be used to improve marketing and sales and fuel growth and competitiveness.
    • Follow SoftwareReviews’ methodology to identify where to start to apply CA within the organization.
    • Develop a customer advocacy proof of concept/pilot program to gain stakeholder approval and funding to get started with or expand efforts around customer advocacy.

    What is customer advocacy?

    “Customer advocacy is the act of putting customer needs first and working to deliver solution-based assistance through your products and services." – Testimonial Hero, 2021

    Customer advocacy is designed to keep customers loyal through customer engagement and advocacy marketing campaigns. Successful customer advocacy leaders experience decreased churn while increasing return on investment (ROI) through retention, acquisition, and cost savings.

    Businesses that implement customer advocacy throughout their organizations find new ways of supporting customers, provide additional customer value, and ensure their brands stand unique among the competition.

    Customer Advocacy Is…

    • An integral part of any marketing and/or business strategy.
    • Essential to improving and maintaining high levels of customer satisfaction.
    • Focused on delivering value to customers.
    • Not only a set of actions, but a mindset that should be fostered and reinforced through a customer-centric culture.
    • Mutually beneficial relationships for both company and customer.

    Customer Advocacy Is Not…

    • Only referrals and testimonials.
    • Solely about what you can get from your advocates.
    • Brand advocacy. Brand advocacy is the desired outcome of customer advocacy.
    • Transactional. Brand advocates must be engaged.
    • A nice-to-have.
    • Solved entirely by software. Think about what you want to achieve and how a software solution can you help you reach those goals.

    SoftwareReviews Insight

    Customer advocacy has evolved into being a valued company asset versus a simple referral program – success requires an organization-wide customer-first mindset and the recognition that customer advocacy is a strategic growth initiative necessary to succeed in today’s competitive market.

    Customer advocacy: Essential to high retention

    When customers advocate for your company and products, they are eager to retain the value they receive

    • Customer acts of advocacy correlate to high retention.
    • Acts of advocacy won’t happen unless customers feel their interests are placed ahead of your company’s, thereby increasing satisfaction and customer success. That’s the definition of a customer-centric culture.
    • And yet your company does receive significant benefits from customer advocacy:
      • When customers advocate and renew, your costs go down and margins rise because it costs less to keep a happy customer than it does to bring a new customer onboard.
      • When renewal rates are high, customer lifetime value increases, also increasing profitability.

    Acquiring a new customer can cost five times more than retaining an existing customer (Huify, 2018).

    Increasing customer retention by 5% can increase profits by 25% to 95% (Bain & Company, cited in Harvard Business Review, 2014).

    SoftwareReviews Insight

    Don’t overlook the value of customer advocacy to retention! Despite the common knowledge that it’s far easier and cheaper to sell to an existing customer than to sell to a new prospect, most companies fail to leverage their customer advocacy programs and continue to put pressure on Marketing to focus their budgets on customer acquisition.

    Customer advocacy can also be your ultimate growth strategy

    In your marketing and sales messaging, acts of advocacy serve as excellent proof points for value delivered.

    Forty-five percent of businesses rank online reviews as a top source of information for selecting software during this (top of funnel) stage, followed closely by recommendations and referrals at 42%. These sources are topped only by company websites at 54% (Clutch, 2020).

    With referrals coming from customer advocates to prospects via your lead gen engine and through seller talk tracks, customer advocacy is central to sales, marketing, and customer experience success.

    ✓ Advocates can help your new customers learn your solution and ensure higher adoption and satisfaction.
    ✓ Advocates can provide valuable, honest feedback on new updates and features.

    The image contains a picture to demonstrate the cycle of customer advocacy. The image has four circles, with one big circle in the middle and three circles surrounding with arrows pointing in both directions in between them. The middle circle is labelled customer advocacy. The three circles are labelled: sales, customer success, marketing.

    “A customer advocacy program is not just a fancy buzz word or a marketing tool that’s nice to have. It’s a core discipline that every major brand needs to integrate into their overall marketing, sales and customer success strategies if they expect to survive in this trust economy. Customer advocacy arguably is the common asset that runs throughout all marketing, sales and customer success activities regardless of the stage of the buyer’s journey and ties it all together.” – RO Innovation, 2017

    Positive experience drives acts of advocacy

    More than price or product, experience now leads the way in customer advocacy and retention

    Advocacy happens when customers recommend your product. Our research shows that the biggest drivers of likeliness to recommend and acts of customer advocacy are the positive experiences customers have with vendors and their products, not product features or cost savings. Customers want to feel that:

    1. Their productivity and performance is enhanced and the vendor is helping them to innovate and grow as a company.
    2. Their vendor inspires them and helps them to continually improve.
    3. They can rely on the vendor and the product they purchased.
    4. They are respected by the vendor.
    5. They can trust that the vendor will be on their side and save them time.

    The image contains a graph to demonstrate the correlation of likeliness to recommend a satisfaction driver. Where anything above a 0.5 indicates a strong driver of satisfaction.

    Note that anything above 0.5 indicates a strong driver of satisfaction.
    Source: SoftwareReviews buyer reviews (based on 82,560 unique reviews).

    SoftwareReviews Insight

    True customer satisfaction comes from helping customers innovate, enhancing their performance, inspiring them to continually improve, and being reliable, respectful, trustworthy, and conscious of their time. These true drivers of satisfaction should be considered in your customer advocacy and retention efforts. The experience customers have with your product and brand is what will differentiate your brand from competitors, drive advocacy, and ultimately, power business growth. Talk to a SoftwareReviews advisor to learn how users rate your product on these satisfaction drivers in the SoftwareReviews Emotional Footprint Report.

    Yet challenges exist for customer advocacy program leaders

    Customer success leaders without a strong customer advocacy program feel numerous avoidable pains:

    • Lack of compelling stories and proof points for the sales team, causing long sales cycles.
    • Heavy reliance on a small pool of worn-out references.
    • Lack of references for all needed customer types, verticals, etc.
    • Lack of a reliable customer feedback process for solution improvements.
    • Overspending on acquiring new customers due to a lack of customer proof points.
    • Missed opportunities that could grow the business (customer lifetime value, upsell/cross-sell, etc.).

    Marketing, customer success, and sales teams experiencing any one of the above challenges must consider getting started with a more formalized customer advocacy program.

    Obstacles to customer advocacy programs

    Leaders must overcome several barriers in developing a customer advocacy program:

    • Stakeholders are often unclear on the value customer advocacy programs can bring and require proof of benefits to invest.
    • Efforts are duplicated among sales, marketing, product, and customer success teams, given ownership and collaboration practices are ill-defined or nonexistent.
    • There is a culture of guarding or hoarding customer relationships by those who feel they own the relationship, or there’s high turnover among employees who own the customer relationships.
    • The governance, technology, people, skills, and/or processes to take customer advocacy to the next level are lacking.
    • Leaders don’t know where to start with customer advocacy, what needs to be improved, or what to focus on first.

    A lack of customer centricity hurts organizations

    12% of people believe when a company says they put customers first. (Source: HubSpot, 2019)

    Brands struggle to follow through on brand promises, and a mismatch between expectations and lived experience emerges. Customer advocacy can help close this gap and help companies live up to their customer-first messaging.

    42% of companies don’t conduct any customer surveys or collect feedback. (Source: HubSpot, 2019)

    Too many companies are not truly listening to their customers. Companies that don’t collect feedback aren’t going to know what to change to improve customer satisfaction. Customer advocacy will orient companies around their customer and create a reliable feedback loop that informs product and service enhancements.

    Customer advocacy is no longer a nice-to-have but a necessity for solution providers

    B2B buyers increasingly turn to peers to learn about solutions:

    “84% of B2B decision makers start the buying process with a referral.” (Source: Influitive, Gainsight & Pendo, 2020)

    “46% of B2B buyers rely on customer references for information before purchasing.” (Source: RO Innovation, 2017)

    “91% of B2B purchasers’ buying decisions are influenced by word-of-mouth recommendations.” (Source: ReferralRock, 2022)

    “76% of individuals admit that they’re more likely to trust content shared by ‘normal’ people than content shared by brands.” (Source: TrustPilot, 2020)

    By ignoring the importance of customer advocacy, companies and brands are risking stagnation and missing out on opportunities to gain competitive advantage and achieve growth.

    Getting Started With Customer Advocacy: SoftwareReviews' Approach

    1 BUILD
    Build the business case
    Identify your key stakeholders, steering committee, and working team, understand key customer advocacy principles, and note success barriers and ways to overcome them as your first steps.

    2 DEVELOP
    Develop your advocacy requirements
    Assess your current customer advocacy maturity, identify gaps in your current efforts, and develop your ideal advocate profile.

    3 WIN
    Win executive approval and implement pilot
    Determine goals and success metrics for the pilot, establish a timeline and key project milestones, create advocate communication materials, and finally gain executive buy-in and implement the pilot.

    SoftwareReviews Insight
    Building and implementing a customer advocacy pilot will help lay the foundation for a full program and demonstrate to executives and key stakeholders the impact on revenue, retention, and CLV that can be achieved through coordinated and well-planned customer advocacy efforts.

    Customer advocacy benefits

    Our research benefits customer advocacy program managers by enabling them to:

    • Explain why having a centralized, proactive customer advocacy program is important.
    • Clearly communicate the benefits and business case for having a formalized customer advocacy program.
    • Develop a customer advocacy pilot to provide a proof of concept (POC) and demonstrate the value of customer advocacy.
    • Assess the maturity of your current customer advocacy efforts and identify what to improve and how to improve to grow your customer advocacy function.

    "Advocacy is the currency for business and the fuel for explosive growth. Successful marketing executives who understand this make advocacy programs an essential part of their go-to-market strategy. They also know that advocacy isn't something you simply 'turn on': ... ultimately, it's about making human connections and building relationships that have enduring value for everyone involved."
    - Dan Cote, Influitive, Dec. 2021

    Case Study: Advocate impact on sales at Genesys

    Genesys' Goal

    Provide sales team with compelling customer reviews, quotes, stories, videos, and references.

    Approach to Advocacy

    • Customers were able to share their stories through Genesys' customer hub GCAP as quotes, reviews, etc., and could sign up to host reference forum sessions for prospective customers.
    • Content was developed that demonstrated ROI with using Genesys' solutions, including "top-tier logos, inspiring quotes, and reference forums featuring some of their top advocates" (Influitive, 2021).
    • Leveraged customer advocacy-specific software solution integration with the CRM to easily identify reference recommendations for Sales.

    Advocate Impact on Sales

    According to Influitive (2021), the impacts were:

    • 386% increase in revenue influences from references calls
    • 82% of revenue has been influence by reference calls
    • 78 reference calls resulted in closed-won opportunities
    • 250 customers and prospects attended 7 reference forums
    • 112 reference slides created for sales enablement
    • 100+ quotes were collect and transformed into 78 quote slides

    Who benefits from getting started with customer advocacy?

    This Research Is Designed for:

    • Customer advocacy leaders and marketers who are looking to:
      • Take a more strategic, proactive, and structured approach to customer advocacy.
      • Find a more effective and reliable way to gather customer feedback and input on products and services.
      • Develop and nurture a customer-oriented mindset throughout the organization.
      • Improve marketing credibility both within the company and outside to prospective customers.

    This Research Will Help You:

    • Explain why having a centralized, proactive customer advocacy program is important.
    • Clearly communicate the benefits and business case for having a formalized customer advocacy program.
    • Develop a customer advocacy pilot to provide a proof of concept (POC) and demonstrate the value of customer advocacy.
    • Assess the maturity of your current customer advocacy efforts and identify what to improve and how to improve to grow your customer advocacy function.

    This Research Will Also Assist:

    • Customer success leaders and sales directors who are responsible for:
      • Gathering customer references and testimonials.
      • Referral or voice of the customer (VoC) programs.

    This Research Will Help Them:

    • Align stakeholders on an overall program of identifying ideal advocates.
    • Coordinate customer advocacy efforts and actions.
    • Gather and make use of customer feedback to improve products, solutions, and service provided.
    • Provide an amazing customer experience throughout the entirety of the customer journey.

    SoftwareReviews’ methodology for getting started with customer advocacy

    Phase Steps

    1. Build the business case

    1. Identify your key stakeholders, steering committee, and working team
    2. Understand the concepts and benefits of customer advocacy as they apply to your organization
    3. Outline barriers to success, risks, and risk mitigation tactics

    2. Develop your advocacy requirements

    1. Assess your customer advocacy maturity using the SoftwareReviews CA Maturity Assessment Tool
    2. Identify gaps/pains in current CA efforts and add tasks to your action plan
    3. Develop ideal advocate profile/identify target advocate segment(s)

    3. Create implementation plan and pitch CA pilot

    1. Determine pilot goals and success metrics
    2. Establish timeline and create advocate communication materials
    3. Gain executive buy-in and implement pilot

    Phase Outcomes

    1. Common understanding of CA concepts and benefits
    2. Buy-in from CEO and head of Sales
    3. List of opportunities, risks, and risk mitigation tactics
    1. Identification of gaps in current customer advocacy efforts and/or activities
    2. Understanding customer advocacy readiness
    3. Identification of ideal advocate profile/target segment
    4. Basic actions to bridge gaps in CA efforts
    1. Clear objective for CA pilot
    2. Key metrics for program success
    3. Pilot timelines and milestones
    4. Executive presentation with business case for CA

    Insight summary

    Customer advocacy is a critical strategic growth initiative
    Customer advocacy (CA) has evolved into being a highly valued company asset as opposed to a simple referral program, but not everyone in the organization sees it that way. Customer success leaders must reposition their CA program around growth instead of focusing solely on retention and communicate this to key stakeholders. The recognition that customer advocacy is a strategic growth initiative is necessary to succeed in today’s competitive market.

    Get key stakeholders on board early – especially Sales!
    Work to bring the CEO and the head of Sales on your side early. Sales is the gatekeeper – they need to open the door to customers to turn them into advocates. Clearly reposition CA for growth and communicate that to the CEO and head of Sales; wider buy-in will follow.

    Identify the highest priority segment for generating acts of advocacy
    By focusing on the highest priority segment, you accomplish a number of things: generating growth in a critical customer segment, proving the value of customer advocacy to key stakeholders (especially Sales), and setting a strong foundation for customer advocacy to build upon and expand the program out to other segments.

    Always link your CA efforts back to retention and growth
    By clearly demonstrating the impact that customer advocacy has on not only retention but also overall growth, marketers will gain buy-in from key stakeholders, secure funding for a full CA program, and gain the resources needed to expand customer advocacy efforts.

    Focus on providing value to advocates
    Many organizations take a transactional approach to customer advocacy, focusing on what their advocates can do for them. To truly succeed with CA, focus on providing your advocates with value first and put them in the spotlight.

    Make building genuine relationships with your advocates the cornerstone of your CA program
    "57% of small businesses say that having a relationship with their consumers is the primary driver of repeat business" (Factory360).

    Guided Implementation

    What does our GI on getting started with building customer advocacy look like?

    Build the Business Case

    Call #1: Identify key stakeholders. Map out motivations and anticipate any concerns or objections. Determine steering committee and working team. Plan next call – 1 week.

    Call #2: Discuss concepts and benefits of customer advocacy as they apply to organizational goals. Plan next call – 1 week.

    Call #3: Discuss barriers to success, risks, and risk mitigation tactics. Plan next call – 1 week.

    Call #4: Finalize CA goals, opportunities, and risks and develop business case. Plan next call – 2 weeks.

    Develop Your Advocacy Requirements

    Call #5: Review the SoftwareReviews CA Maturity Assessment Tool. Assess your current level of customer advocacy maturity. Plan next call – 1 week.

    Call #6: Review gaps and pains in current CA efforts. Discuss tactics and possible CA pilot program goals. Begin adding tasks to action plan. Plan next call – 2 weeks.

    Call #7: Discuss ideal advocate profile and target segments. Plan next call – 2 weeks.

    Call #8: Validate and finalize ideal advocate profile. Plan next call – 1 week.

    Win Executive Approval and Implement Pilot

    Call #9: Discuss CA pilot scope. Discuss performance metrics and KPIs. Plan next call – 3 days.

    Call #10: Determine timeline and key milestones. Plan next call –2 weeks.

    Call #11: Develop advocate communication materials. Plan next call – 3 days.

    Call #12: Review final business case and coach on executive presentation. Plan next call – 1 week.

    A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization. For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst. Your engagement managers will work with you to schedule analyst calls.


    Customer Advocacy Workshop

    Pre-Workshop Day 1 Day 2 Day 3 Day 4 Day 5 Post-Workshop
    Activities Identify Stakeholders & CA Pilot Team Build the Business Case Assess Current CA Efforts Develop Advocacy Goals & Ideal Advocate Profile Develop Project Timelines, Materials, and Exec Presentation Next Steps and Wrap-Up (offsite) Pitch CA Pilot
    0.1 Identify key stakeholders to involve in customer advocacy pilot and workshop; understand their motivations and anticipate possible concerns. 1.1 Review key CA concepts and identify benefits of CA for the organization.
    1.2 Outline barriers to success, risks, and risk mitigation tactics.
    2.1 Assess your customer advocacy maturity using the SoftwareReviews CA Maturity Assessment Tool.
    2.2 Identify gaps/pains in current CA efforts.
    2.3 Prioritize gaps from diagnostic and any other critical pain points.
    3.1 Identify and document the ideal advocate profile and target customer segment for pilot.
    3.2 Determine goal(s) and success metrics for program pilot.
    4.1 Develop pilot timelines and key milestones.
    4.2 Outline materials needed and possible messaging.
    4.3 Build the executive buy-in presentation.
    5.1 Complete in-progress deliverables from the previous four days. 6.1 Present to executive team and stakeholders.
    6.2 Gain executive buy-in and key stakeholder approval.
    6.3 Execute CA pilot.
    Deliverables
    1. Rationale for CA pilot; clear benefits, and how they apply to the organization.
    2. Documented barriers to success, risks, and risk mitigation tactics.
    1. CA Maturity Assessment results.
    2. Identification of gaps in current customer advocacy efforts and/or activities.
    1. Documented ideal advocate profile/target customer segment.
    2. Clear goal(s) and success metrics for CA pilot.
    1. Documented pilot timelines and key milestones.
    2. Draft/outlines of advocate materials.
    3. Draft executive presentation with business case for CA.
    1. Finalized implementation plan for CA pilot.
    2. Finalized executive presentation with business case for CA.
    1. Buy-in from decision makers and key stakeholders.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Get started!

    Know your target market and audience, deploy well-designed strategies based on shared values, and make meaningful connections with people.

    Phase 1
    Build the Business Case

    Phase 2
    Develop Your Advocacy Requirements

    Phase 3
    Win Executive Approval and Implement Pilot

    Phase 1: Build the Business Case

    Steps
    1.1 Identify your key stakeholders, steering committee, and working team
    1.2 Understand the concepts and benefits of customer advocacy as they apply to your organization
    1.3 Outline barriers to success, risks, and risk mitigation tactics

    Phase Outcome

    • Common understanding of CA concepts and benefits
    • Buy-in from CEO and head of Sales
    • List of barriers to success, risks, and risk mitigation tactics

    Build the business case

    Step 1.1 Identify your key stakeholders, steering committee, and working team

    Total duration: 2.5-8.0 hours

    Objective
    Identify, document, and finalize your key stakeholders to know who to involve and how to get them onboard by truly understanding the forces of influence.

    Output

    • Robust stakeholder list with key stakeholders identified.
    • Steering committee and working team decided.

    Participants

    • Customer advocacy lead
    • Identified stakeholders
    • Workstream leads

    MarTech
    None

    Tools

    1.1.1 Identify Stakeholders
    (60-120 min.)

    Identify
    Using the guidance on slide 28, identify all stakeholders who would be involved or impacted by your customer advocacy pilot by entering names and titles into columns A and B on slide 27 "Stakeholder List Worksheet."

    Document
    Document as much information about each stakeholder as possible in columns C, D, E, and F into the table on slide 27.

    1.1.2 Select Steering Committee & Working Team
    (60-90 min.)

    Select
    Using the guidance on slides 28 and 29 and the information collected in the table on slide 27, identify the stakeholders that are steering committee members, functional workstream leads, or operations; document in column G on slide 27.

    Document
    Open the Executive Presentation Template to slides 5 and 6 and document your final steering committee and working team selections. Be sure to note the Executive Sponsor and Program Manager on slide 5.

    Tips & Reminders

    1. It is critical to identify "key stakeholders"; a single missed key stakeholder can disrupt an initiative. A good way to ensure that nobody is missed is to first uncover as many stakeholders as possible and later decide how important they are.
    2. Ensure steering committee representation from each department this initiative would impact or that may need to be involved in decision-making or problem-solving endeavors.

    Consult Info-Tech's Manage Stakeholder Relations blueprint for additional guidance on identifying and managing stakeholders, or contact one of our analysts for more personalized assistance and guidance.

    Stakeholder List Worksheet

    *Possible Roles
    Executive Sponsor
    Program Manager
    Workstream Lead
    Functional Lead
    Steering Committee
    Operations
    A B C D E F G
    Name Position Decision Involvement
    (Driver / Approver / Contributor / Informe
    Direct Benefit?
    (Yes / No)
    Motivation Concerns *Role in Customer Advocacy Pilot
    E.g. Jane Doe VP, Customer Success A N
    • Increase customer retention
    • Customer advocate burnout
    Workstream Lead

    Customer advocacy stakeholders

    What to consider when identifying stakeholders required for CA:
    Customer advocacy should be done as a part of a cross-functional company initiative. When identifying stakeholders, consider:

    • Who can make the ultimate decision on approving the CA program?
    • Who are the senior leadership members you need buy-in from?
    • Who do you need to support the CA program?
    • Who is affected by the CA program?
    • Who will help you build the CA program?
    • Where and among who is there enthusiasm for customer advocacy?
    • Consider stakeholders from Customer Success, Marketing, Sales, Product, PR & Social, etc.
    Key Roles Supporting an Effective Customer Advocacy Pilot
    Executive Sponsor
    • Owns the function at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with organizational strategy
    • CMO, VP of Marketing, and in SMB providers, the CEO
    Program Manager
    • Typically, a senior member of the marketing team
    • Responsible for organizing the customer advocacy pilot, preparing summary executive-level communications, and approval requests
    • Program manages the customer advocacy pilot, and in many cases, the continued formal program
    • Product Marketing Director, or other Marketing Director, who has strong program management skills, has run large-scale marketing or product programs, and is familiar with the stakeholder roles and enabling technologies
    Functional / Workstream Leads
    • Works alongside the Program Manager on planning and implementing the customer advocacy pilot and ensures functional workstreams are aligned with pilot objectives
    • Typical customer advocacy pilots will have a team comprised of representatives from Marketing, Sales, and Customer Success
    Steering Committee
    • Comprised of C-suite/management-level individuals that guide key decisions, approve requests, and mitigate any functional conflicts
    • Responsible for validating goals and priorities, enabling adequate resourcing, and critical decision making
    • CMO, CRO/Head of Sales, Head of Customer Success
    Operations
    • Comprised of individuals whose application and tech tools knowledge and skills support integration of customer advocacy functions into existing tech stack/CRM (e.g. adding custom fields into CRM)
    • Responsible for helping select technology that enables customer advocacy program activities
    • CRM, Marketing Applications, and Analytics Managers, IT Managers

    Customer advocacy working team

    Consider the skills and knowledge required for planning and executing a customer advocacy pilot.

    Workstream leads should have strong project management and collaboration skills and deep understanding of both product and customers (persona, journeys, satisfaction, etc.).

    Required Skills Suggested Functions
    • Project management
    • CRM knowledge
    • Marketing automation experience
    • MarTech knowledge
    • Understanding of buyer persona and journey
    • Product knowledge
    • Understanding of executive-level goals for the pilot
    • Content creation
    • Customer advocacy experience, if possible
    • Customer satisfaction
    • Email and event marketing experience
    • Customer Success
    • Marketing
    • Sales
    • Product
    • PR/Corporate Comms.

    Build the business case

    Step 1.2 Understand key concepts and benefits of customer advocacy

    Total duration: 2.0-4.0 hours

    Objective
    Understand customer advocacy and what benefits you seek from your customer advocacy program, and get set up to best communicate them to executives and decision makers.

    Output

    • Documented customer advocacy benefits

    Participants

    • Customer advocacy lead

    MarTech
    None

    Tools

    1.2.1 Discuss Key Concepts
    (60-120 min.)

    Envision
    Schedule a visioning session with key stakeholders and share the Get Started With Customer Advocacy Executive Brief (slides 3-23 in this deck).

    Discuss how key customer advocacy concepts can apply to your organization and how CA can contribute to organizational growth.

    Document
    Determine the top benefits sought from the customer advocacy program pilot and record them on slides 4 and 12 in the Executive Presentation Template.

    Finalize
    Work with the Executive Sponsor to finalize the "Message from the CMO" on slide 4 in the Executive Presentation Template.

    Tips & Reminders

    Keep in mind that while we're starting off broadly, the pilot for your customer advocacy program should be narrow and focused in scope.

    Build the business case

    Step 1.3 Understand barriers to success, risks, and risk mitigation tactics

    Total duration: 2.0-8.0 hours

    Objective
    Anticipate threats to pilot success; identify barriers to success, any possible risks, and what can be done to reduce the chances of a negative pilot outcome.

    Output

    • Awareness of barriers
    • Tactics to mitigate risk

    Participants

    • Customer advocacy lead
    • Key stakeholders

    MarTech
    None

    Tools

    1.3.1 Brainstorm Barriers to Success & Possible Risks
    (60-120 min.)

    Identify
    Using slide 7 of the Executive Presentation Template, brainstorm any barriers to success that may exist and risks to the customer advocacy program pilot success. Consider the people, processes, and technology that may be required.

    Document
    Document all information on slide 7 of the Executive Presentation Template.

    1.3.2 Develop Risk Mitigation Tactics
    (60-300 min.)

    Develop
    Brainstorm different ways to address any of the identified barriers to success and reduce any risks. Consider the people, processes, and technology that may be required.

    Document
    Document all risk mitigation tactics on slide 7 of the Executive Presentation Template.

    Tips & Reminders
    There are several types of risk to explore. Consider the following when brainstorming possible risks:

    • Damage to brand (if advocate guidance not provided)
    • Legal (compliance with regulations and laws around contact, incentives, etc.)
    • Advocate burnout
    • Negative advocate feedback

    Phase 2: Develop Your Advocacy Requirements

    Steps
    2.1 Assess your customer advocacy maturity
    2.2 Identify and document gaps and pain points
    2.3 Develop your ideal advocate profile

    Phase Outcome

    • Identification of gaps in current customer advocacy efforts or activities
    • Understanding of customer advocacy readiness and maturity
    • Identification of ideal advocate profile/target segment
    • Basic actions to bridge gaps in CA efforts

    Develop your advocacy requirements

    Step 2.1 Assess your customer advocacy maturity

    Total duration: 2.0-8.0 hours

    Objective
    Use the Customer Advocacy Maturity Assessment Tool to understand your organization's current level of customer advocacy maturity and what to prioritize in the program pilot.

    Output

    • Current level of customer advocacy maturity
    • Know areas to focus on in program pilot

    Participants

    • Customer advocacy lead
    • Key stakeholders

    MarTech
    None

    Tools

    2.1.1 Diagnose Current Customer Advocacy Maturity
    (60-120 min.)

    Diagnose
    Begin on tab 1 of the Customer Advocacy Maturity Assessment Tool and read all instructions.

    Navigate to tab 2. Considering the current state of customer advocacy efforts, answer the diagnostic questions in the Diagnostic tab of the Customer Advocacy Maturity Assessment Tool.

    After completing the questions, you will receive a diagnostic result on tab 3 that will identify areas of strength and weakness and make high-level recommendations for your customer advocacy program pilot.

    2.1.2 Discuss Results
    (60-300 min.)

    Discuss
    Schedule a call to discuss your customer advocacy maturity diagnostic results with a SoftwareReviews Advisor.

    Prioritize the recommendations from the diagnostic, noting which will be included in the program pilot and which require funding and resources to advance.

    Transfer
    Transfer results into slides 8 and 11 of the Executive Presentation Template.

    Tips & Reminders
    Complete the diagnostic with a handful of key stakeholders identified in the previous phase. This will help provide a more balanced and accurate assessment of your organization’s current level of customer advocacy maturity.

    Develop your advocacy requirements

    Step 2.2 Identify and document gaps and pain points

    Total duration: 2.5-8.0 hours

    Objective
    Understand the current pain points within key customer-related processes and within any current customer advocacy efforts taking place.

    Output

    • Prioritized list of pain points that could be addressed by a customer advocacy program.

    Participants

    • Customer advocacy lead
    • Key stakeholders

    MarTech
    None

    Tools

    2.2.1 Identify Pain Points
    (60-120 min.)

    Identify
    Identify and list current pain points being experienced around customer advocacy efforts and processes around sales, marketing, customer success, and product feedback.

    Add any gaps identified in the diagnostic to the list.

    Transfer
    Transfer key information into slide 9 of Executive Presentation Template.

    2.2.2 Prioritize Pain Points
    (60-300 min.)

    Prioritize
    Indicate which pains are the most important and that a customer advocacy program could help improve.

    Schedule a call to discuss the outputs of this step with a SoftwareReviews Advisor.

    Document
    Document priorities on slide 9 of Executive Presentation Template.

    Tips & Reminders

    Customer advocacy won't solve for everything; it's important to be clear about what pain points can and can't be addressed through a customer advocacy program.

    Develop your advocacy requirements

    Step 2.3 Develop your ideal advocate profile

    Total duration: 3.0-9.0 hours

    Objective
    Develop an ideal advocate persona profile that can be used to identify potential advocates, guide campaign messaging, and facilitate advocate engagement.

    Output

    • Ideal advocate persona profile

    Participants

    • Customer advocacy lead
    • Key stakeholders
    • Sales lead
    • Marketing lead
    • Customer Success lead
    • Product lead

    MarTech
    May require the use of:

    • CRM or marketing automation platform
    • Available and up-to-date customer database

    Tools

    2.3.1 Brainstorm Session Around Ideal Advocate Persona
    (60-150 min.)

    Brainstorm
    Lead the team to prioritize an initial, single, most important persona and to collaborate to complete the template.

    Choose your ideal advocate for the pilot based on your most important audience. Start with firmographics like company size, industry, and geography.

    Next, consider satisfaction levels and behavioral attributes, such as renewals, engagement, usage, and satisfaction scores.

    Identify motivations and possible incentives for advocate activities.

    Document
    Use slide 10 of the Executive Presentation Template to complete this exercise.

    2.3.2 Review and Refine Advocate Persona
    (60-300 min.)

    Review & Refine
    Place the Executive Presentation Template in a shared drive for team collaboration. Encourage the team to share persona knowledge within the shared drive version.

    Hold any necessary follow-up sessions to further refine persona.

    Validate
    Interview advocates that best represent your ideal advocate profile on their type of preferred involvement with your company, their role and needs when it comes to your solution, ways they'd be willing to advocate, and rewards sought.

    Confirm
    Incorporate feedback and inputs into slide 10 of the Executive Presentation Template. Ensure everyone agrees on persona developed.

    Tips & Reminders

    1. When identifying potential advocates, choose based on your most important audience.
    2. Ensure you're selecting those with the highest satisfaction scores.
    3. Ideally, select candidates that have, on their own, advocated previously such as in social posts, who may have acted as a reference, or who have been highly visible as a positive influence at customer events.
    4. Knowing motivations will determine the type of acts of advocacy they would be most willing to perform and the incentives for participating in the program.

    Consider the following criteria when identifying advocates and developing your ideal advocate persona:

    Demographics Firmographics Satisfaction & Needs/Value Sought Behavior Motivation
    Role - user, decision-maker, etc. Company size: # of employees Satisfaction score Purchase frequency & repeat purchases (renewals), upgrades Career building/promotion
    Department Company size: revenue NPS score Usage Collaboration with peers
    Geography CLV score Engagement (e.g. email opens, response, meetings) Educate others
    Industry Value delivered (outcomes, occasions used, etc.) Social media interaction, posts Influence (on product, service)
    Tenure as client Benefits sought
    Account size ($) Minimal and resolved service tickets, escalations
    1. When identifying potential advocates, choose based on your most important audience/segments. 2. Ensure you're selecting those with the highest satisfaction, NPS, and CLV scores. 3. When identifying potential advocates, choose based on high engagement and interaction, regular renewals, and high usage. 4. Knowing motivations will determine the type of acts of advocacy they would be most willing to perform and incentives for participating in the program.

    Phase 3: Win Executive Approval and Implement Pilot

    Steps
    3.1 Determine pilot goals and success metrics
    3.2 Establish timeline and create advocate communication materials
    3.3 Gain executive buy-in and implement pilot

    Phase Outcome

    • Clear objective for CA pilot
    • Key metrics for program success
    • Pilot timelines and milestones
    • Executive presentation with business case for CA

    Win executive approval and implement pilot

    Step 3.1 Determine pilot goals and success metrics

    Total duration: 2.0-4.0 hours

    Objective
    Set goals and determine the scope for the customer advocacy program pilot.

    Output

    • Documented business objectives for the pilot
    • Documented success metrics

    Participants

    • Customer advocacy lead
    • Key stakeholders
    • Sales lead
    • Marketing lead
    • Customer Success lead
    • Product lead

    MarTech
    May require to use, set up, or install platforms like:

    • Register to a survey platform
    • CRM or marketing automation platform

    Tools

    3.1.1 Establish Pilot Goals
    (60-120 min.)

    Set
    Organize a meeting with department heads and review organizational and individual department goals.

    Using the Venn diagram on slide 39 in this deck, identify customer advocacy goals that align with business goals. Select the highest priority goal for the pilot.

    Check that the goal aligns with benefits sought or addresses pain points identified in the previous phase.

    Document
    Document the goals on slides 9 and 16 of the Executive Presentation Template.

    3.1.2 Establish Pilot Success Metrics
    (60-120 min.)

    Decide
    Decide how you will measure the success of your program pilot using slide 40 in this document.

    Document
    Document metrics on slide 16 of the Executive Presentation Template.

    Tips & Reminders

    1. Don't boil the ocean. Pick the most important goal that can be achieved through the customer advocacy pilot to gain executive buy-in and support or resources for a formal customer advocacy program. Once successfully completed, you'll be able to tackle new goals and expand the program.
    2. Keep your metrics simple, few in number, and relatively easy to track

    Connect customer advocacy goals with organizational goals

    List possible customer advocacy goals, identifying areas of overlap with organizational goals by taking the following steps:

    1. List organizational/departmental goals in the green oval.
    2. List possible customer advocacy program goals in the purple oval.
    3. Enter goals that are covered in both the Organizational Goals and Customer Advocacy Goals sections into the Shared Goals section in the center.
    4. Highlight the highest priority goal for the customer advocacy program pilot to tackle.
    Organizational Goals Shared Goals Customer Advocacy Goals
    Example Example: Gain customer references to help advance sales and improve win rates Example: Develop pool of customer references
    [insert goal] [insert goal] Example: Gather customer feedback
    [insert goal] [insert goal] [insert goal]
    [insert goal] [insert goal] [insert goal]

    Customer advocacy success metrics for consideration

    This table provides a starting point for measuring the success of your customer advocacy pilot depending on the goals you've set.

    This list is by no means exhaustive; the metrics here can be used, or new metrics that would better capture success measurement can be created and tracked.

    Metric
    Revenue influenced by reference calls ($ / % increase)
    # of reference calls resulting in closed-won opportunities
    # of quotes collected
    % of community growth YoY
    # of pieces of product feedback collected
    # of acts of advocacy
    % membership growth
    % product usage amongst community members
    # of social shares, clicks
    CSAT score for community members
    % of registered qualified leads
    # of leads registered
    # of member sign-ups
    # of net-new referenceable customers
    % growth rate of products used by members
    % engagement rate
    # of published third-party reviews
    % increase in fulfilled RFPs

    When selecting metrics, remember:
    When choosing metrics for your customer advocacy pilot, be sure to align them to your specific goals. If possible, try to connect your advocacy efforts back to retention, growth, or revenue.

    Do not choose too many metrics; one per goal should suffice.

    Ensure that you can track the metrics you select to measure - the data is available and measuring won't be overly manual or time-consuming.

    Win executive approval and implement pilot

    Step 3.2 Establish timeline and create advocate communication materials

    Total duration: 2.5-8.0 hours

    Objective
    Outline who will be involved in what roles and capacities and what tasks and activities need to completed.

    Output

    • Timeline and milestones
    • Advocate program materials

    Participants

    • Customer advocacy lead
    • Key stakeholders
    • Sales lead
    • Marketing lead
    • Customer Success lead
    • Product lead

    MarTech
    None

    Tools

    3.2.1 Establish Timeline & Milestones
    (30-60 min.)

    List & Assign
    List all key tasks, phases, and milestones on slides 13, 14, and 15 in the Executive Presentation Template.

    Include any activities that help close gaps or address pain points from slide 9 in the Executive Presentation Template.

    Assign workstream leads on slide 15 in the Executive Presentation Template.

    Finalize all tasks and activities with working team.

    3.2.2 Design & Build Advocate Program Materials
    (180-300 min.)

    Decide
    Determine materials needed to recruit advocates and explain the program to advocate candidates.

    Determine the types of acts of advocacy you are looking for.

    Determine incentives/rewards that will be provided to advocates, such as access to new products or services.

    Build
    Build out all communication materials.

    Obtain incentives.

    Tips & Reminders

    1. When determining incentives, use the validated ideal advocate profile for guidance (i.e. what motivates your advocates?).
    2. Ensure to leave a buffer in the timeline if the need to adjust course arises.

    Win executive approval and implement pilot

    Step 3.3 Implement pilot and gain executive buy-in

    Total duration: 2.5-8.0 hours

    Objective
    Successfully implement the customer advocacy pilot program and communicate results to gain approval for full-fledged program.

    Output

    • Deliver Executive Presentation
    • Successful customer advocacy pilot
    • Provide regular updates to stakeholders, executives

    Participants

    • Customer advocacy lead
    • Workstream leads

    MarTech
    May require the use of:

    • CRM or Marketing Automation Platform
    • Available and up-to-date customer database

    Tools

    3.3.1 Complete & Deliver Executive Presentation
    (60-120 min.)

    Present
    Finalize the Executive Presentation.

    Hold stakeholder meeting and introduce the program pilot.

    3.3.2 Gain Executive Buy-in
    (60-300 min.)

    Pitch
    Present the final results of the customer advocacy pilot using the Executive Presentation Template and gain approval.

    3.3.3 Implement the Customer Advocacy Program Pilot
    (30-60 min.)

    Launch
    Launch the customer advocacy program pilot. Follow the timelines and activities outlined in the Executive Presentation Template. Track/document all advocate outreach, activity, and progress against success metrics.

    Communicate
    Establish a regular cadence to communicate with steering committee, stakeholders. Use the Executive Presentation Template to present progress and resolve roadblocks if/as they arise.

    Tips & Reminders

    1. Continually collect feedback and input from advocates and stakeholders throughout the process.
    2. Don't be afraid to make changes on the go if it helps to achieve the end goal of your pilot.
    3. If the pilot program was successful, consider scaling it up and rolling it out to more customers.

    Summary of Accomplishment

    Mission Accomplished

    • You successfully launched your customer advocacy program pilot and demonstrated clear benefits and ROI. By identifying the needs of the business and aligning those needs with key customer advocacy activities, marketers and customer advocacy leaders can prioritize the most important tasks for the pilot while also identifying potential opportunities for expansion pending executive approval.
    • SoftwareReviews' comprehensive and tactical approach takes you through the steps to build the foundation for a strategic customer advocacy program. Our methodology ensures that a customer advocacy pilot is developed to deliver the desired outcomes and ROI, increasing stakeholder buy-in and setting up your organization for customer advocacy success.

    If you would like additional support, contact us and we'll make sure you get the professional expertise you need.

    Contact your account representative for more information.
    info@softwarereviews.com
    1-888-670-8889

    Related SoftwareReviews Research

    Measure and Manage the Customer Satisfaction Metrics That Matter the Most
    Understand what truly keeps your customer satisfied. Measure what matters to improve customer experience and increase satisfaction and advocacy.

    • Understand the true drivers of satisfaction and dissatisfaction among your customer segments.
    • Establish process and cadence for effective satisfaction measurement and monitoring.
    • Know where resources are needed most to improve satisfaction levels and increase retention.

    Develop the Right Message to Engage Buyers
    Sixty percent of marketers find it hard to produce high-quality content consistently. SaaS marketers have an even more difficult job due to the technical nature of content production.

    • Create more compelling and relevant content that aligns with a buyer's needs and journey.
    • Shrink marketing and sales cycles.
    • Increase the pace of content production.

    Create a Buyer Persona and Journey
    Get deeper buyer understanding and achieve product-market fit, with easier access to market and sales.

    • Reduce time and resources wasted chasing the wrong prospects.
    • Increase open and click-through rates.
    • Perform more effective sales discovery.
    • Increase win rate.

    Bibliography

    "15 Award-Winning Customer Advocacy Success Stories." Influitive, 2021. Accessed 8 June 2023.

    "Advocacy Marketing." Influitive, June 2016. Accessed 26 Oct. 2021.

    Andrews, Marcus. "42% of Companies Don’t Listen to their Customers. Yikes." HubSpot, June 2019. Accessed 2 Nov. 2021.

    "Before you leap! Webcast." Point of Reference, Sept. 2019. Accessed 4 Nov. 2021.

    "Brand Loyalty: 5 Interesting Statistics." Factory360, Jan. 2016. Accessed 2 Nov. 2021.

    Brenner, Michael. "The Data Driven Guide to Customer Advocacy." Marketing Insider Group, Sept. 2021. Accessed 3 Feb. 2022.

    Carroll, Brian. "Why Customer Advocacy Should Be at the Heart of Your Marketing." Marketing Insider Group, Sept. 2017. Accessed 3 Feb. 2022.

    Cote, Dan. "Advocacy Blooms and Business Booms When Customers and Employees Engage." Influitive, Dec. 2021. Accessed 3 Feb. 2022.

    "Customer Success Strategy Guide." ON24, Jan. 2021. Accessed 2 Nov. 2021.

    Dalao, Kat. "Customer Advocacy: The Revenue-Driving Secret Weapon." ReferralRock, June 2017. Accessed 7 Dec. 2021.

    Frichou, Flora. "Your guide to customer advocacy: What is it, and why is it important?" TrustPilot, Jan. 2020. Accessed 26 Oct. 2021.

    Gallo, Amy. "The Value of Keeping the Right Customers." Harvard Business Review, Oct. 2014. Accessed 10 March 2022.

    Huhn, Jessica. "61 B2B Referral Marketing Statistics and Quotes." ReferralRock, March 2022. Accessed 10 March 2022.

    Kemper, Grayson. "B2B Buying Process: How Businesses Purchase B2B Services and Software." Clutch, Feb. 2020. Accessed 6 Jan. 2022.

    Kettner, Kyle. "The Evolution of Ambassador Marketing." BrandChamp.io, Oct. 2018. Accessed 2 Nov. 2021.

    Landis, Taylor. "Customer Retention Marketing vs. Customer Acquisition Marketing." OutboundEngine, April 2022. Accessed 23 April 2022.

    Miels, Emily. "What is customer advocacy? Definition and strategies." Zendesk Blog, June 2021. Accessed 27 Oct. 2021.

    Mohammad, Qasim. "The 5 Biggest Obstacles to Implementing a Successful B2B Customer Advocacy Program." HubSpot, June 2018. Accessed 6 Jan. 2022.

    Murphy, Brandon. "Brand Advocacy and Social Media - 2009 GMA Conference." Deloitte, Dec. 2009. Accessed 8 June 2023.

    Patel, Neil. "Why SaaS Brand Advocacy is More Important than Ever in 2021." Neil Patel, Feb. 2021. Accessed 4 Nov. 2021.

    Pieri, Carl. "The Plain-English Guide to Customer Advocacy." HubSpot, Apr. 2020. Accessed 27 Oct. 2021.

    Schmitt, Philipp; Skiera, Bernd; Van den Bulte, Christophe. "Referral Programs and Customer Value." Wharton Journal of Marketing, Jan. 2011. Accessed 8 June 2023.

    "The Complete Guide to Customer Advocacy." Gray Group International, 2020. Accessed 15 Oct. 2021.

    "The Customer-powered Enterprise: Playbook." Influitive, Gainsight & Pendo. 2020. Accessed 26 Oct. 2021.

    "The Winning Case for a Customer Advocacy Solution." RO Innovation, 2017. Accessed 26 Oct. 2021.

    Tidey, Will. "Acquisition vs. Retention: The Importance of Customer Lifetime Value." Huify, Feb. 2018. Accessed 10 Mar. 2022.

    "What a Brand Advocate Is and Why Your Company Needs One." RockContent, Jan. 2021. Accessed 7 Feb. 2022.

    "What is Customer Advocacy? A Definition and Strategies to Implement It." Testimonial Hero, Oct. 2021. Accessed 26 Jan. 2022.

    The latest burning platform: Exit Plans in a shifting world

    • Large vertical image:
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    The current global situation, marked by significant trade tensions and retaliatory measures between major economic powers, has elevated the importance of more detailed, robust, and executable exit plans for businesses in nearly all industries. The current geopolitical headwinds create an unpredictable environment that can severely impact supply chains, technology partnerships, and overall business operations. What was once a prudent measure is now a critical necessity – a “burning platform” – for ensuring business continuity and resilience.

    Here I will delve deeper into the essential components of an effective exit plan, outline the practical steps for its implementation, and explain the crucial role of testing in validating its readiness.

    exit plan

    Continue reading

    Customer Relationship Management Platform Selection Guide

    • Buy Link or Shortcode: {j2store}529|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $14,719 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Customer relationship management (CRM) suites are an indispensable part of a holistic strategy for managing end-to-end customer interactions.
    • After defining an approach to CRM, selection and implementation of the right CRM suite is a critical step in delivering concrete business value for marketing, sales, and customer service.
    • Despite the importance of CRM selection and implementation, many organizations struggle to define an approach to picking the right vendor and rolling out the solution in an effective and cost-efficient manner.
    • IT often finds itself in the unenviable position of taking the fall for CRM platforms that don't deliver on the promise of the CRM strategy.

    Our Advice

    Critical Insight

    • IT needs to be a trusted partner in CRM selection and implementation, but the business also needs to own the requirements and be involved from the beginning.
    • CRM requirements dictate the components of the target CRM architecture, such as deployment model, feature focus, and customization level. Savvy application directors recognize the points in the project where the CRM architecture model necessitates deviations from a "canned" roll-out plan.
    • CRM selection is a multi-step process that involves mapping target capabilities for marketing, sales, and customer service, assigning requirements across functional categories, determining the architecture model to prioritize criteria, and developing a comprehensive RFP that can be scored in a weighted fashion.
    • Companies that succeed with CRM implementation create a detailed roadmap that outlines milestones for configuration, security, points of implementation, data migration, training, and ongoing application maintenance.

    Impact and Result

    • A CRM platform that effectively meets the needs of marketing, sales, and customer service and delivers value.
    • Reduced costs during CRM selection.
    • Reduced implementation costs and time frame.
    • Faster time to results after implementation.

    Customer Relationship Management Platform Selection Guide Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Customer Relationship Management Platform Selection Guide – Speed up the process to build your business case and select your CRM solution.

    This blueprint will help you build a business case for selecting the right CRM platform, defining key requirements, and conducting a thorough analysis and scan of the ever-evolving CRM market space.

    • Customer Relationship Management Platform Selection Guide — Phases 1-3

    2. CRM Business Case Template – Document the key drivers for selecting a new CRM platform.

    Having a sound business case is essential for succeeding with a CRM. This template will allow you to document key drivers and impact, in line with the CRM Platform Selection Guide blueprint.

    • CRM Business Case Template

    3. CRM Request for Proposal Template

    Create your own request for proposal (RFP) for your customer relationship management (CRM) solution procurement process by customizing the RFP template created by Info-Tech.

    • CRM Request for Proposal Template

    4. CRM Suite Evaluation and RFP Scoring Tool

    The CRM market has many strong contenders and differentiation may be difficult. Instead of relying solely on reputation, organizations can use this RFP tool to record and objectively compare vendors according to their specific requirements.

    • CRM Suite Evaluation and RFP Scoring Tool

    5. CRM Vendor Demo Script

    Use this template to support your business's evaluation of vendors and their solutions. Provide vendors with scenarios that prompt them to display not only their solution's capabilities, but also how the tool will support your organization's particular needs.

    • CRM Vendor Demo Script

    6. CRM Use Case Fit Assessment Tool

    Use this tool to help build a CRM strategy for the organization based on the specific use case that matches your organizational needs.

    • CRM Use-Case Fit Assessment Tool
    [infographic]

    Further reading

    Customer Relationship Management Platform Selection Guide

    Speed up the process to build your business case and select your CRM solution.

    Table of Contents

    1. Analyst Perspective
    2. Executive Summary
    3. Blueprint Overview
    4. Executive Brief
    5. Phase 1: Understand CRM Functionality
    6. Phase 2: Build the Business Case and Elicit CRM requirements
    7. Phase 3: Discover the CRM Marketspace and Prepare for Implementation
    8. Conclusion

    Analyst Perspective

    A strong CRM platform is paramount to succeeding with customer engagement.

    Modern CRM platforms are the workhorses that provide functional capabilities and data curation for customer experience management. The market for CRM platforms has seen an explosion of growth over the last five years, as organizations look to mature their ability to deliver strong capabilities across marketing, sales, and customer service.

    IT needs to be a trusted partner in CRM selection and implementation, but the business also needs to own the requirements and be involved from the get-go.

    CRM selection must be a multistep process that involves defining target capabilities for marketing, sales, and customer service, prioritizing requirements across functional categories, determining the architecture model for the CRM environment, and developing a comprehensive RFP that can be scored in a weighted fashion.

    To succeed with CRM implementation, create a detailed roadmap that outlines milestones for configuration, security, points of implementation, data migration, training, and ongoing application maintenance.

    Photo of Ben Dickie, Research Lead, Customer Experience Strategy, Info-Tech Research Group. Ben Dickie
    Research Lead, Customer Experience Strategy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Customer Relationship Management (CRM) suites are an indispensable part of a holistic strategy for managing end-to-end customer interactions. Selecting the right platform that aligns with your requirements is a significant undertaking.

    After defining an approach to CRM, selection and implementation of the right CRM suite is a critical step in delivering concrete business value for marketing, sales, and customer service.
    Common Obstacles

    Despite the importance of CRM selection and implementation, many organizations struggle to define an approach to picking the right vendor and rolling out the solution in an effective and cost-efficient manner.

    The CRM market is rapidly evolving and changing, making it tricky to stay on top of the space.

    IT often finds itself in the unenviable position of taking the fall for CRM platforms that don’t deliver on the promise of the CRM strategy.
    Info-Tech’s Approach

    CRM platform selection must be driven by your overall customer experience management strategy: link your CRM selection to your organization’s CXM framework.

    Determine if you need a CRM platform that skews toward marketing, sales, or customer service; leverage use cases to help guide selection.

    Ensure strong points of integration between CRM and other software such as MMS. A CRM should not live in isolation; it must provide a 360-degree view.

    Info-Tech Insight

    IT must work in lockstep with its counterparts in marketing, sales, and customer service to define a unified vision for the CRM platform.

    Info-Tech’s methodology for selecting the right CRM platform

    1. Understand CRM Features 2. Build the Business Case & Elicit CRM Requirements 3. Discover the CRM Market Space & Prepare for Implementation
    Phase Steps
    1. Define CRM platforms
    2. Classify table stakes & differentiating capabilities
    3. Explore CRM trends
    1. Build the business case
    2. Streamline requirements elicitation for CRM
    3. Construct the RFP
    1. Discover key players in the CRM landscape
    2. Engage the shortlist & select finalist
    3. Prepare for implementation
    Phase Outcomes
    • Consensus on scope of CRM and key CRM capabilities
    • CRM selection business case
    • Top-level use cases and requirements
    • Completed CRM RFP
    • CRM market analysis
    • Shortlisted vendor
    • Implementation considerations

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    The CRM purchase process should be broken into segments:

    1. CRM vendor shortlisting with this buyer’s guide
    2. Structured approach to selection
    3. Contract review

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Call #1: Understand what a CRM platform is and the “art of the possible” for sales, marketing, and customer service. Call #2: Build the business case to select a CRM.

    Call #3: Define your key CRM requirements.

    Call #4: Build procurement items such as an RFP.
    Call #5: Evaluate the CRM solution landscape and shortlist viable options.

    Call #6: Review implementation considerations.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    INFO~TECH RESEARCH GROUP

    Customer Relationship Management Platform Selection Guide

    Speed up the process to build your business case and select your CRM solution.

    EXECUTIVE BRIEF

    Info-Tech Research Group Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.
    © 1997-2022 Info-Tech Research Group Inc.

    What exactly is a CRM platform?

    Our Definition: A customer relationship management (CRM) platform (or suite) is a core enterprise application that provides a broad feature set for supporting customer interaction processes, typically across marketing, sales and customer service. These suites supplant more basic applications for customer interaction management (such as the contact management module of an enterprise resource planning (ERP) platform or office productivity suite).

    A customer relationship management suite provides many key capabilities, including but not limited to:

    • Account management
    • Order history tracking
    • Pipeline management
    • Case management
    • Campaign management
    • Reports and analytics
    • Customer journey execution

    A CRM suite provides a host of native capabilities, but many organizations elect to tightly integrate their CRM solution with other parts of their customer experience ecosystem to provide a 360-degree view of their customers.

    Stock image of a finger touching a screen showing a stock chart.

    Info-Tech Insight

    CRM feature sets are rapidly evolving. Focus on the social component of sales, marketing, and service management features, as well as collaboration, to get the best fit for your requirements. Moreover, consider investing in best-of-breed social media management platforms (SMMPs) and internal collaboration tools to ensure sufficient functionality.

    Build a cohesive CRM selection approach that aligns business goals with CRM capabilities.

    Info-Tech Insight

    Customers expect to interact with organizations through the channels of their choice. Now more than ever, you must enable your organization to provide tailored customer experiences.

    Customer expectations are on the rise: meet them!

    A CRM platform is a crucial system for enabling good customer experiences.

    CUSTOMER EXPERIENCE IS EVOLVING

    1. Thoughtfulness is in
        Connect with customers on a personal level
    2. Service over products
        The experience is more important than the product
    3. Culture is now number one
        Culture is the most overlooked piece of customer experience strategy
    4. Engineering and service finally join forces
        Companies are combining their technology and service efforts to create strong feedback loops
    5. The B2B world is inefficiently served
        B2B needs to step up with more tools and a greater emphasis placed on customer experience

    (Source: Forbes, 2019)

    Identifying organizational objectives of high priority will assist in breaking down business needs and CRM objectives. This exercise will better align the CRM systems with the overall corporate strategy and achieve buy-in from key stakeholders.

    A strong CRM platform supports a range of organizational objectives for customer engagement.

    Increase Revenue Enable lead scoring Deploy sales collateral management tools Improve average cost per lead via a marketing automation tool
    Enhance Market Share Enhance targeting effectiveness with a CRM Increase social media presence via an SMMP Architect customer intelligence analysis
    Improve Customer Satisfaction Reduce time-to-resolution via better routing Increase accessibility to customer service with live chat Improve first contact resolution with customer KB
    Increase Customer Retention Use a loyalty management application Improve channel options for existing customers Use customer analytics to drive targeted offers
    Create Customer-Centric Culture Ensure strong training and user adoption programs Use CRM to provide 360-degree view of all customer interactions Incorporate the voice of the customer into product development

    Succeeding with CRM selection and implementation has a positive effect on driving revenues and decreasing costs

    There are three buckets of metrics and KPIs where CRM will drive improvements

    The metrics of a smooth CRM selection and implementation process include:

    • Better alignment of CRM functionality to business needs.
    • Better functionality coverage of the selected platform.
    • Decreased licensing costs via better vendor negotiation.
    • Improved end-user satisfaction with the deployed solution.
    • Fewer errors and rework during implementation.
    • Reduced total implementation costs.
    • Reduced total implementation time.

    A successful CRM deployment drives revenue

    • Increased customer acquisition due to enhanced accuracy of segmentation and targeting, superior lead qualification, and pipeline management.
    • Increased customer satisfaction and retention due to targeted campaigns (e.g. customer-specific deals), quicker service incident resolution, and longitudinal relationship management.
    • Increased revenue per customer due to comprehensive lifecycle management tools, social engagement, and targeted upselling of related products and services (enabled by better reporting/analytics).

    A successful CRM deployment decreases cost

    • Deduplication of effort across business domains as marketing, sales, and service now have a common repository of customer information and interaction tools.
    • Increased sales and service agent efficiency due to their focus on selling and resolution, rather than administrative tasks and overhead.
    • Reduced cost-to-sell and cost-to-serve due to automation of activities that were manually intensive.
    • Reduced cost of accurate data due to embedded reporting and analytics functionality.

    CRM platforms sit at the core of a well-rounded customer engagement ecosystem

    At the center is 'Customer Relationship Management Platform' surrounded by 'Web Experience Management Platform', 'E-Commerce & Point-of-Sale Solutions', 'Social Media Management Platform', 'Customer Intelligence Platform', 'Customer Service Management Tools', and 'Marketing Management Suite'.

    Customer Experience Management (CXM) Portfolio

    Customer relationship management platforms are increasingly expansive in functional scope and foundational to an organization’s customer engagement strategy. Indeed, CRMs form the centerpiece for a comprehensive CXM system, alongside tools such as customer intelligence platforms and adjacent point solutions for sales, marketing, and customer service.

    Review Info-Tech’s CXM blueprint below to build a complete, end-to-end customer interaction solution portfolio that encompasses CRM alongside other critical components. The CXM blueprint also allows you to develop strategic requirements for CRM based on customer personas and external market analysis.

    Build a Strong Technology Foundation for Customer Experience Management

    Sample of the 'Build a Strong Technology Foundation for Customer Experience Management' blueprint. Design an end-to-end technology strategy to drive sales revenue, enhance marketing effectiveness, and create compelling experiences for your customers.

    View the blueprint

    Considering a CRM switch? Switching software vendors drives high satisfaction

    Eighty percent of organizations are more satisfied after changing their software vendor.

    • Most organizations see not only a positive change in satisfaction with their new vendor, but also a substantial change in satisfaction.
    • What matters is making sure your organization is well-positioned to make a switch.
    • When it comes to switching software vendors, the grass really can be greener on the other side.

    Over half of organizations are 60%+ more satisfied after changing their vendor.

    (Source: Info-Tech Research Group, "Switching Software Vendors Overwhelmingly Drives Increased Satisfaction", 2020.)

    IT is critical to the success of your CRM selection and rollout

    Today’s shared digital landscape of the CIO and CMO

    Info-Tech Insight

    Technology is the key enabler of building strong customer experiences: IT must stand shoulder to shoulder with the business to develop a technology framework for customer relationship management.

    CIO

    IT Operations

    Service Delivery and Management

    IT Support

    IT Systems and Application

    IT Strategy and Governance

    Cybersecurity
    Collaboration and Partnership

    Digital Strategy = Transformation
    Business Goals | Innovation | Leadership | Rationalization

    Customer Experience
    Architecture | Design | Omnichannel Delivery | Management

    Insight (Market Facing)
    Analytics | Business Intelligence | Machine Learning | AI

    Marketing Integration + Operating Model
    Apps | Channels | Experiences | Data | Command Center

    Master Data
    Customer | Audience | Industry | Digital Marketing Assets
    CMO

    PEO Media

    Brand Management

    Campaign Management

    Marketing Tech

    Marketing Ops

    Privacy, Trust, and Regulatory Requirements

    (Source: ZDNet, 2020)

    CRM by the numbers

    1/3

    Statistical analysis of CRM projects indicates failures vary from 18% to 69%. Taking an average of those analyst reports, about one-third of CRM projects are considered a failure. (Source: CIO Magazine, 2017)

    92%

    92% of organizations report that CRM use is important for accomplishing revenue objectives. (Source: Hall, 2020)

    40%

    In 2019, 40% of executives name customer experience the top priority for their digital transformation. (Source: CRM Magazine, 2019)

    Case Study

    Align strategy and technology to meet consumer demand.
    INDUSTRY
    Entertainment
    SOURCE
    Forbes, 2017
    Challenge

    Beginning as a mail-out service, Netflix offered subscribers a catalog of videos to select from and have mailed to them directly. Customers no longer had to go to a retail store to rent a video. However, the lack of immediacy of direct mail as the distribution channel resulted in slow adoption.

    Blockbuster was the industry leader in video retail but was lagging in its response to industry, consumer, and technology trends around customer experience.

    Solution

    In response to the increasing presence of tech-savvy consumers on the internet, Netflix invested in developing its online platform as its primary distribution channel. The benefit of doing so was two-fold: passive brand advertising (by being present on the internet) and meeting customer demands for immediacy and convenience. Netflix also recognized the rising demand for personalized service and created an unprecedented, tailored customer experience.

    Results

    Netflix’s disruptive innovation is built on the foundation of great customer experience management. Netflix is now a $28-billion company, which is tenfold what Blockbuster was worth.

    Netflix used disruptive technologies to innovatively build a customer experience that put it ahead of the long-time video rental industry leader, Blockbuster.

    CRM Buyer’s Guide

    Phase 1

    Understand CRM Features

    Phase 1

    1.1 Define CRM platforms

    1.2 Classify table stakes & differentiating capabilities

    1.3 Explore CRM trends

    Phase 2

    2.1 Build the business case

    2.2 Streamline requirements elicitation for CRM

    2.3 Construct the RFP

    Phase 3

    3.1 Discover key players in the CRM landscape

    3.2 Engage the shortlist & select finalist

    3.3 Prepare for implementation

    This phase will walk you through the following activities:

    • Set a level of understanding of CRM technology.
    • Define which CRM features are table stakes (standard) and which are differentiating.
    • Identify the “Art of the Possible” in a modern CRM from a sales, marketing, and service lens.

    This phase involves the following participants:

    • CIO
    • Applications manager
    • Project manager
    • Sales executive
    • Marketing executive
    • Customer service executive

    Understand CRM table stakes features

    Organizations can expect nearly all CRM vendors to provide the following functionality.

    Lead Management Pipeline Management Contact Management Campaign Management Customer Service Management
    • Tracks and captures a lead’s information, automatically building a profile. Leads are then qualified through contact scoring models. Assigning leads to sales is typically automated.
    • Enables oversight over future sales. Includes revenue forecasting based on past/present trends, tracking sales velocity, and identifying ineffective sales processes.
    • Tracks and stores customer data, including demography, account and billing history, social media, and contact information. Typically, records and fields can be customized.
    • Provides integrated omnichannel campaign functionality and data analysis of customer intelligence. Data insights can be used to drive new and effective marketing campaigns.
    • Provides integrated omnichannel customer experiences to provide convenient service. Includes case and ticket management, automated escalation rules, and third-party integrations.

    Identify differentiating CRM features

    While not always “must-have” functionality, these features may be the final dealbreaker when deciding between two CRM vendors.

    Image of clustered screens with various network and business icons surounding them.
    • Workflow Automation
      Automate repetitive tasks by creating workflows that trigger actions or send follow-up reminders for next steps.
    • Advanced Analytics and Reporting
      Provides customized dashboard visualizations, detailed reporting, AI-driven virtual assistants, data extraction & analysis, and ML forecasting.
    • Customizations and Open APIs
      Broad range of available customizations (e.g. for dashboards and fields), alongside ease of integration (e.g. via plugins or APIs).
    • Document Management
      Out-of-the-box centralized content repository for storing, uploading, and sharing documents.
    • Mobile Support
      Ability to support mobile devices, OSes, and platforms with a native application or HTML-based web-access.
    • Project and Task Management
      Native project and task management functionality, enhancing cross-team organization and communication.
    • Configure, Price, Quote (CPQ)
      Create and send quotes or proposals to prospective and current customers.

    Features aren’t everything – be wary of common CRM selection pitfalls

    You can have all the right features, but systemic problems will lead to poor CRM implementation. Dig out these root causes first to ensure a successful CRM selection.

    50% of organizations believe the quality of their CRM data is “very poor” or “neutral.”

    Without addressing data governance issues, CRMs will only be as good as your data.

    Source: (Validity 2020)
    27% of organizations report that bad data costs them 10% or more in lost revenue annually.
    42% rate the trust that users have in their data as “high” or “very high.”
    54% believe that sales forecasts are accurate or very accurate.
    69% attribute poor CRM governance to missing or incomplete data, followed by duplicate data, incorrect data, and expired data. Other data issues include siloed data or disparate systems.
    73% believe that they do not have a 360-degree view of their customers.

    Ensure you understand the “art of the possible” in the CRM landscape

    Knowing what is possible will help funnel which features are most suitable for your organization – having all the bells and whistles does not always equal strong ROI.

    Holistically examine the potential of any CRM solution through three main lenses: Stock image of a person working with dashboards.

    Sales

    Identify sales opportunities through recording customers’ interactions, generating leads, nurturing contacts, and forecasting revenues.
    Stock image of people experiencing digital ideas.

    Marketing

    Analyze customer interactions to identify upsell and cross-sell opportunities, drive customer loyalty, and use customer data for targeted campaigns.
    Stock image of a customer service representative.

    Customer Service

    Improve and optimize customer engagement and retention, leveraging customer data to provide round-the-clock omnichannel experiences.

    Art of the possible: Sales

    Stock image of a person working with dashboards.

    TRACK PROSPECT INTERACTIONS

    Want to engage with a prospect but don’t know what to lead with? CRM solutions can track and analyze many of the interactions a prospect has with your organization, including with fellow staff, their clickthrough rate on marketing material, and what services they are downloading on your website. This information can then auto-generate tasks to begin lead generation.

    COORDINATE LEAD SCORING

    Information captured from a prospect is generated into contact cards; missing data (such as name and company) can be auto-captured by the CRM via crawling sites such as LinkedIn. The CRM then centralizes and scores (according to inputted business rules) a lead’s potential, ensuring sales teams coordinate and keep a track of the lead’s journey without wrongful interference.

    AI-DRIVEN REVENUE FORECASTING

    Generate accurate forecasting reports using AI-driven “virtual assistants” within the CRM platform. These assistants are personal data scientists, quickly noting discrepancies, opportunities, and what-if scenarios – tasks that might take weeks to do manually. This pulled data is then auto-forecasted, with the ability to flexibly adjust to real-time data.

    Art of the possible: Marketing

    Stock image of people experiencing digital ideas.

    DRIVE LOYALTY

    Data captured and analyzed in the CRM from customer interactions builds profiles and a deeper understanding of customers’ interests. With this data, marketing teams can deliver personalized promotions and customer service to enhance loyalty – from sending a discount on a product the customer was browsing on the website, to providing notifications about delivery statuses.

    AUTOMATE WORKFLOWS

    Building customer profiles, learning spending habits, and charting a customer’s journey for upselling or cross-selling can be automated through workflows, saving hours of manual work. These workflows can immediately respond to customer enquiries or deliver offers to the customer’s preferred channel based on their prior usage.

    TARGETED CAMPAIGNING

    Information attained through a CRM platform directly informs any marketing strategy: identifying customer segments, spending habits, building a better product based on customer feedback, and identifying high-spending customers. With any new product or offering, it is straightforward for marketing teams to understand where to target their next campaign for highest impact.

    Art of the possible: Customer service

    Stock image of a customer service representative.

    OMNICHANNEL SUPPORT

    Rapidly changing demographics and modes of communications require an evolution toward omnichannel engagement. Many customers now expect to communicate with contact centers not just by voice, but via social media. Agents need customer information synced across each channel they use, meeting the customer’s needs where they are.

    INTELLIGENT SELF-SERVICE PORTALS

    Customers want their issues resolved as quickly as possible. Machine-learning self-service options deliver personalized customer experiences, which also reduce both agent call volume and support costs for the organization.

    LEVERAGING ANALYTICS

    The future of customer service is tied up with analytics. This not only entails AI-driven capabilities that fetch the agent relevant information, skills-based routing, and using biometric data (e.g. speech) for security. It also feeds operations leaders’ need for easy access to real insights about how their customers and agents are doing.

    Best-of-Breed Point Solutions

    Full CRM Suite

    Blue smiley face. Benefits
    • Features may be more advanced for specific functional areas and a higher degree of customization may be possible.
    • If a potential delay in real-time customer data transfer is acceptable, best-of-breeds provide a similar level of functionality to suites for a lower price.
    • Best-of-breeds allow value to be realized faster than suites, as they are easier and faster to implement and configure.
    • Rip and replace is easier, and vendor updates are relatively quick to market.
    Benefits
    • Everyone in the organization works from the same set of customer data.
    • There is a “lowest common denominator” for agent learning as consistent user interfaces lower learning curves and increase efficiency in usage.
    • There is a broader range of functionality using modules.
    • Integration between functional areas will be strong and the organization will be in a better position to enable version upgrades without risking invalidation of an integration point between separate systems.
    Green smiley face.
    Purple frowny face. Challenges
    • Best-of-breeds typically cover less breadth of functionality than suites.
    • There is a lack of uniformity in user experience across best-of-breeds.
    • Data integrity risks are higher.
    • Variable infrastructure may be implemented due to multiple disparate systems, which adds to architecture complexity and increased maintenance.
    • There is potential for redundant functionality across multiple best-of-breeds.
    Challenges
    • Suites exhibit significantly higher costs compared to point solutions.
    • Suite module functionality may not have the same depth as point solutions.
    • Due to high configuration availability and larger-scale implementation requirements, the time to deploy is longer than point solutions.
    Orange frowny face.
    Info-Tech Insight

    Even if a suite is missing a potential module, the proliferation of app extensions, integrations, and services could provide a solution. Salesforce’s AppExchange, for instance, offers a plethora of options to extend its CRM solution – from telephony integration, to gamification.

    CRM Buyer’s Guide

    Phase 2

    Build the Business Case & Elicit CRM Requirements

    Phase 1

    1.1 Define CRM platforms

    1.2 Classify table stakes & differentiating capabilities

    1.3 Explore CRM trends

    Phase 2

    2.1 Build the business case

    2.2 Streamline requirements elicitation for CRM

    2.3 Construct the RFP

    Phase 3

    3.1 Discover key players in the CRM landscape

    3.2 Engage the shortlist & select finalist

    3.3 Prepare for implementation

    This phase will walk you through the following activities:

    • Identify goals, objectives, challenges, and costs to inform the business case for a new CRM platform.
    • Elicit and prioritize key requirements for your platform.
    • Port the requirements into Info-Tech’s CRM RFP Template.

    This phase involves the following participants:

    • CIO
    • Applications manager
    • Project manager
    • Sales executive
    • Marketing executive
    • Customer service executive

    Right-size the CRM selection team to ensure you get the right information but are still able to move ahead quickly

    Full-Time Resourcing: At least one of these five team members must be allocated to the selection initiative as a full-time resource.

    A silhouetted figure.

    IT Leader

    A silhouetted figure.

    Technical Lead

    A silhouetted figure.

    Business Analyst/
    Project Manager

    A silhouetted figure.

    Business Lead

    A silhouetted figure.

    Process Expert(s)

    This team member is an IT director or CIO who will provide sponsorship and oversight from the IT perspective. This team member will focus on application security, integration, and enterprise architecture. This team member elicits business needs and translates them into technology requirements. This team member will provide sponsorship from the business needs perspective. Typically, a CMO or SVP of sales. These team members are the sales, marketing, and service process owners who will help steer the CRM requirements and direction.

    Info-Tech Insight

    It is critical for the selection team to determine who has decision rights. Organizational culture will play the largest role in dictating which team member holds the final say for selection decisions. For more information on stakeholder management and involvement, see this guide.

    Be prepared to define what issues you are trying to address and why a new CRM is the right approach

    Identify the current state and review the background of what you’ve done leading up to this point, goals you’ve been asked to meet, and challenges in solving known problems to help to set the stage for why your proposed solution is needed. If your process improvements have taken you as far as you can go without improved workflows or data, specify where the gaps are.
    Arrows with icons related to the text on the right merging into one arrow. Alignment

    Alignment to strategic goals is always important, but that is especially true with CRM because customer relationship management platforms are at the intersection of your organization and your customers. What are the strategic marketing, sales and customer service goals that you want to realize (in whole or in part) by improving your CRM ecosystem?

    Impact to your business

    Identify areas where your customers may be impacted by poor experiences due to inadequate or aging technology. What’s the impact on customer retention? On revenue?

    Impact to your organization

    Define how internal stakeholders within the organization are impacted by a sub-optimal CRM experience – what are their frustrations and pain points? How do issues with your current CRM environment prevent teams in sales, marketing, or service from doing their jobs?

    Impact to your department

    Describe the challenges within IT of using disparate systems, workarounds, poor data and reporting, lack of automation, etc., and the effect these challenges have on IT’s goals.

    Align the CRM strategy with the corporate strategy

    Corporate Strategy Unified Strategy CRM Strategy
    Spectrum spanning all columns.
    Your corporate strategy:
    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.
    • The CRM strategy and the rationale for deploying a new CRM can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives (such as improving customer acquisition, entering new segments, or improving customer lifetime value).
    Your CRM strategy:
    • Communicates the organization’s budget and spending on CRM.
    • Identifies IT initiatives that will support the business and key CRM objectives.
    • Outlines staffing and resourcing for CRM initiatives.
    CRM projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with CRM capabilities. Effective alignment between sales, marketing, customer service, operations, IT, and the business should happen daily. Alignment doesn’t just need to occur at the executive level, but also at each level of the organization.

    2.1 Create your list of goals and milestones for CRM

    1-3 hours

    Input: Corporate strategy, Target key performance indicators, End-user satisfaction results (if applicable)

    Output: Prioritized list of goals with milestones that can be met with a new or improved CRM solution

    Materials: Whiteboard/flip charts, CRM Business Case Template

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales or service SMEs

    1. Review strategic goals to identify alignment to your CRM selection project. For example, digital transformation may be enhanced or enabled with a CRM solution that supports better outreach to key customer segments through improved campaign management.
    2. Next, brainstorm tactical goals with your colleagues.
    3. Identify specific goals the organization has set for the business that may be supported by improved customer prospecting, customer service, or analytics functionality through a better CRM solution.
    4. Identify specific goals your organization will be able to make possible with a new or improved CRM solution.
    5. Prioritize this list and lead with the most important goal that can be reached at the one-year, six-month, and three-month milestones.
    6. Document in the goals section of your business case.

    Download the CRM Business Case Template and record the outputs of this exercise in the strategic business goals, business drivers, and technical drivers slides.

    Identify what challenges exist with the current environment

    Ensure you are identifying issues at a high level, so as not to drown in detail, but still paint the right picture. Identify technical issues that are impacting customer experience or business goals. Typical complaints for CRM solutions that are old or have been outgrown include:

    1.

    Lack of a flexible, configurable customer data model that supports complex relationships between accounts and contacts.

    2.

    Lack of a flexible, configurable customer data model that supports complex relationships between accounts and contacts.

    3.

    Lack of meaningful reports and useable dashboards, or difficulty in surfacing them.

    4.

    Poor change enablement resulting in business interruptions.

    5.

    Inability to effectively automate routine sales, marketing, or service tasks at scale via a workflow tool.

    6.

    Lack of proper service management features, such as service knowledge management.

    7.

    Inability to ingest customer data at scale (for example, no ability to automatically log e-mails or calls).

    8.

    Major technical deficiencies and outages – the incumbent CRM platform goes down, causing business disruption.

    9.

    The platform itself doesn’t exist in the current state – everything is done in Microsoft Excel!

    Separate business issues from technical issues, but highlight where they’re connected and where technical issues are causing business issues or preventing business goals from being reached.

    Before switching vendors, evaluate your existing CRM to see if it’s being underutilized or could use an upgrade

    The cost of switching vendors can be challenging, but it will depend entirely on the quality of data and whether it makes sense to keep it.
    • Achieving success when switching vendors first requires reflection. We need to ask why we are dissatisfied with our incumbent software.
    • If the product is old and inflexible, the answer may be obvious, but don’t be afraid to include your incumbent in your evaluation if your issues might be solved with an upgrade.
    • Look at your use-case requirements to see where you want to take the CRM solution and compare them to your incumbent’s roadmap. If they don’t match, switching vendors may be the only solution. If your roadmaps align, see if you’re fully leveraging the solution or will be able to start working through process improvements.
    Pie graph with a 20% slice. Pie graph with a 25% slice.

    20%

    Small/Medium Enterprises

    25%

    Large Enterprises
    only occasionally or rarely/never use their software (Source: Software Reviews, 2020; N = 45,027)
    Fully leveraging your current software now will have two benefits:
    1. It may turn out that poor leveraging of your incumbent software was the problem all along; switching vendors won’t solve the problem by itself. As the data to the right shows, a fifth of small/medium enterprises and a quarter of large enterprises do not fully leverage their incumbent software.
    2. If you still decide to switch, you’ll be in a good negotiating position. If vendors can see you are engaged and fully leveraging your software, they will be less complacent during negotiations to win you over.
    Info-Tech Insight

    Switching vendors won’t improve poor internal processes. To be fully successful and meet the goals of the business case, new software implementations must be accompanied by process review and improvement.

    2.2 Create your list of challenges as they relate to your goals and their impacts

    1-2 hours

    Input: Goals lists, Target key performance indicators, End-user satisfaction results (if applicable)

    Output: Prioritized list of challenges preventing or hindering customer experiences

    Materials: Whiteboard/flip charts, CRM Business Case Template

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales, or service SMEs

    1. Brainstorm with your colleagues to discuss your challenges with CRM today from an application and process lens.
    2. Identify how these challenges are impacting your ability to meet the goals and identify any that are creating customer-facing issues.
    3. Group together like areas and arrange in order of most impactful. Identify which of these issues will be most relevant to the business case for a new CRM platform.
    4. Document in the current-state section of your business case.
    5. Discuss and determine if the incumbent solution can meet your needs or if you’ll need to replace it with a different product.

    Download the CRM Business Case Template and document the outputs of this exercise in the current-state section of your business case.

    Determine costs of the solution

    Ensure the business case includes both internal and external costs related to the new CRM platform, allocating costs of project managers to improve accuracy of overall costs and level of success.

    CRM solutions include application costs and costs to design processes, install, and configure. These start-up costs can be a significant factor in whether the initial purchase is feasible.

    CRM Vendor Costs

    • Application licensing
    • Implementation and configuration
    • Professional services
    • Maintenance and support
    • Training
    • 3rd Party add-ons
    • Data transformation
    • Integration
    When thinking about vendor costs, also consider the matching internal cost associated with the vendor activity (e.g. data cleansing, internal support).

    Internal Costs

    • Project management
    • Business readiness
    • Change management
    • Resourcing (user groups, design/consulting, testing)
    • Training
    • Auditors (if regulatory requirements need vetting)
    Project management is a critical success factor at all stages of an enterprise application initiative from planning to post-implementation. Ensuring that costs for such critical areas are accurately represented will contribute to success.

    Download the blueprint Improve Your Statements of Work to Hold Your Vendors Accountable to define requirements for installation and configuration.

    Bring in the right resources to guarantee success. Work with the PMO or project manager to get help with creating the SOW.

    60% of IT projects are NOT finished “mostly or always” on time (Wellingtone, 2018).

    55% of IT personnel feel that the business objectives of their software projects are clear to them (Geneca, 2017).

    Document costs and expected benefits of the new CRM

    The business case should account for the timing of both expenditures and benefits. It is naïve to expect straight-line benefit realization or a big-bang cash outflow related to the solution implementation. Proper recognition and articulation of ramp-up time will make your business case more convincing.

    Make sure your timelines are realistic for benefits realization, as these will be your project milestones and your metrics for success.

    Example:
    Q1-Q2 Q3-Q6 Q6 Onwards

    Benefits at 25%

    At the early stages of an implementation, users are still learning the new system and go-live issues are being addressed. Most of the projected process improvements are likely to be low, zero, or even negative.

    Benefits at 75%

    Gradually, as processes become more familiar, an organization can expect to move closer to realizing the forecasted benefits or at least be in a position to recognize a positive trend toward their realization.

    Benefits at 100%

    In an ideal world, all projected benefits are realized at 100% or higher. This can be considered the stage where processes have been mastered, the system is operating smoothly, and change has been broadly adopted. In reality, benefits are often overestimated.

    Costs at 50%

    As with benefits, some costs may not kick in until later in the process or when the application is fully operational. In the early phases of implementation, factor in the cost of overlapping technology where you’ll need to run redundant systems and transition any data.

    Costs at 100%

    Costs are realized quicker than benefits as implementation activities are actioned, licensing and maintenance costs are introduced, and resourcing is deployed to support vendor activities internally. Costs that were not live in the early stages are an operational reality at this stage.

    Costs at 100%+

    Costs can be expected to remain relatively static past a certain point, if estimates accurately represented all costs. In many instances, costs can exceed original estimates in the business case, where costs were either underestimated, understated, or missed.

    2.3 Document your costs and expected benefits

    1-2 hours

    Input: Quotes with payment schedule, Budget

    Output: Estimated payment schedule and cost breakdown

    Materials: Spreadsheet or whiteboard, CRM Business Case Template

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales, or service SMEs

    1. Estimate costs for the CRM solution. If you’re working with a vendor, provide the initial requirements to quote; otherwise, estimate as closely as you’re able.
    2. Calculate the five-year total cost for the solution to ensure the long-term budget is calculated.
    3. Break down costs for licenses, implementation, training, internal support, and hardware or hosting fees.
    4. Determine a reasonable breakdown of costs for the first year.
    5. Identify where residual costs of the old system may factor in if there are remaining contract obligations during the technology transition.
    6. Create a list of benefits expected to be realized within the same timeline.

    Sample of the table on the previous slide.

    Download the CRM Business Case Template and document the outputs of this exercise in the current-state section of your business case.

    Identify risks and dependencies to mitigate barriers to success as you look to roll out a CRM suite

    A risk assessment will be helpful to better understand what risks need to be mitigated to make the project a success and what risks are pending should the solution not be approved or be delayed.

    Risk Criteria Relevant Questions
    Timeline Uncertainty
    • How much risk is associated with the timeline of the CRM project?
    • Is this timeline realistic and can you reach some value in the first year?
    Success of Similar Projects
    • Have we undertaken previous projects that are similar?
    • Were those successful?
    • Did we note any future steps for improvement?
    Certainty of Forecasts
    • Where have the numbers originated?
    • How comfortable are the sponsors with the revenue and cost forecasts?
    Chance of Cost Overruns
    • How likely is the project to have cost overruns?
    • How much process and design work needs to be done prior to implementation?
    Resource Availability
    • Is this a priority project?
    • How likely are resourcing issues from a technical and business perspective?
    • Do we have the right resources?
    Change During Delivery
    • How volatile is the area in which the project is being implemented?
    • Are changes in the environment likely?
    • How complex are planned integrations?

    2.4 Identify risks to the success of the solution rollout and mitigation plan

    1-2 hours

    Input: List of goals and challenges, Target key performance indicators

    Output: Prioritized list of challenges preventing or hindering improvements for the IT teams

    Materials: Whiteboard/flip charts, CRM Business Case Template

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales, or service SMEs

    1. Brainstorm with your colleagues to discuss potential roadblocks and risks that could impact the success of the CRM project.
    2. Identify how these risks could impact your project.
    3. Document the ones that are most likely to occur and derail the project.
    4. Discuss potential solutions to mitigate risks.

    Download the CRM Business Case Template and document the outputs of this exercise in the risk and dependency section of your business case. If the risk assessment needs to be more complex, complete the Risk Indicator Analysis in Info-Tech’s Business Case Workbook.

    Start requirements gathering by identifying your most important use cases across sales, marketing, and service

    Add to your business case by identifying which top-level use cases will meet your goals.

    Examples of target use cases for a CRM project include:

    • Enhance sales acquisition capabilities (i.e. via pipeline management)
    • Enhance customer upsell and cross-sell capabilities
    • Improve customer segmentation and targeting capabilities for multi-channel marketing campaigns
    • Strengthen customer care capabilities to improve customer satisfaction and retention (i.e. via improved case management and service knowledge management)
    • Create actionable insights via enhanced reporting and analytics

    Info-Tech Insight

    Lead with the most important benefit and consider the timeline. Can you reach that goal and report success to your stakeholders within the first year? As you look toward that one-year goal, you can consider secondary benefits, some of which may be opportunities to bring early value in the solution.

    Benefits of a successful deployment of use cases will include:
    • Improved customer satisfaction
    • Improved operational efficiencies
    • Reduced customer turnover
    • Increased platform uptime
    • License or regulatory compliance
    • Positioned for growth

    Typically, we see business benefits in this order of importance. Lead with the outcome that is most important to your stakeholders.

    • Net income increases
    • Revenue generators
    • Cost reductions
    • Improved customer service

    Consider perspectives of each stakeholder to ensure functionality needs are met and high satisfaction results

    Best of breed vs. “good enough” is an important discussion and will feed your success.

    Costs can be high when customizing an ill-fitting module or creating workarounds to solve business problems, including loss of functionality, productivity, and credibility.

    • Start with use cases to drive the initial discussion, then determine which features are mandatory and which are nice-to-haves. Mandatory features will help determine high success for critical functionality and identify where “good enough” is an acceptable state.
    • Consider the implications to implementation and all use cases of buying an all-in-one solution, integration of multiple best-of-breed solutions, or customizing features that were not built into a solution.
    • Be prepared to shelve a use case for this solution and look to alternatives for integration where mandatory features cannot meet highly specialized needs that are outside of traditional CRM solutions.

    Pros and Cons

    Build vs. Buy

    Multi-Source Best of Breed

    Flexibility
    vs.
    architectural complexity

    Vendor Add-Ons & Integrations

    Lower support costs
    vs.
    configuration

    Multi-source Custom

    Flexibility
    vs.
    high skills requirements

    Single Source

    Lower support costs
    vs.
    configuration

    2.5 Define use cases and high-level features for meeting business and technical goals

    1-2 hours

    Input: List of goals and challenges

    Output: Use cases to be used for determining requirements

    Materials: Whiteboard/flip charts, CRM Business Case Template

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales, or service SMEs

    1. Identify the key customer engagement use cases that will support your overall goals as defined in the previous section.
    2. The following slide has examples of use case domains that will be enhanced from a CRM platform.
    3. Define high-level goals you wish to achieve in the first year and longer term. If you have more specific KPIs to add, and it is a requirement for your organization’s documentation, add them to this section.
    4. Take note of where processes will need to be improved to benefit from these use-case solutions – the tools are only as good as the process behind them.

    Download the CRM Business Case Template and document the outputs from this exercise in the current-state section of your business case.

    Understand the dominant use-case scenarios across organizations to narrow the list of potential CRM solutions

    Sales
    Enablement

    • Generate leads through multiple channels.
    • Rapidly sort, score, and prioritize leads based on multiple criteria.
    • Create in-depth sales forecasts segmented by multiple criteria (territory, representative, etc.).

    Marketing
    Management

    • Manage marketing campaigns across multiple channels (web, social, email, etc.).
    • Aggregate and analyze customer data to generate market intelligence.
    • Build and deploy customer-facing portals.

    Customer Service
    Management

    • Generate tickets, and triage customer service requests through multiple channels.
    • Track customer service interactions with cases.
    • There is a need to integrate customer records with contact center infrastructure.
    Info-Tech Insight

    Use your understanding of the CRM use case to accelerate the vendor shortlisting process. Since the CRM use case has a direct impact on the prioritization of a platform’s features and capabilities, you can rapidly eliminate vendors from contention or designate superfluous modules as out-of-scope.

    2.5.1 Use Info-Tech’s CRM Use-Case Fit Assessment Tool to align your CRM requirements to the vendor use cases

    30 min

    Input: Understanding of business objectives for CRM project, Use-Case Fit Assessment Tool

    Output: Use-case suitability

    Materials: Use-Case Fit Assessment Tool

    Participants: Core project team, Project managers

    1. Use the Use-Case Fit Assessment Tool to understand how your unique business requirements map into which CRM use case.
    2. This tool will assess your answers and determine your relative fit against the use-case scenarios.
    3. Fit will be assessed as “Weak,” “Moderate,” or “Strong.”
      1. Consider the common pitfalls, which were mentioned earlier, that can cause IT projects to fail. Plan and take clear steps to avoid or mitigate these concerns.
      2. Note: These use-case scenarios are not mutually exclusive, meaning your organization can align with one or more scenarios based on your answers. If your organization shows close alignment to multiple scenarios, consider focusing on finding a more robust solution and concentrate your review on vendors that performed strongly in those scenarios or meet the critical requirements for each.

    Download the CRM Use-Case Fit Assessment Tool

    Once you’ve identified the top-level use cases a CRM must support, elicit, and prioritize granular platform requirements.

    Understanding business needs through requirements gathering is the key to defining everything about what is being purchased, yet it is an area where people often make critical mistakes.

    Info-Tech Insight

    To avoid creating makeshift solutions, an organization needs to gather requirements with the desired future state in mind.

    Risks of poorly scoped requirements

    • Fail to be comprehensive and miss certain areas of scope
    • Focus on how the solution should work instead of what it must accomplish
    • Have multiple levels of detail within the requirements, which are inconsistent and confusing
    • Drill all the way down into system-level detail
    • Add unnecessary constraints based on what is done today rather than focusing on what is needed for tomorrow
    • Omit constraints or preferences that buyers think are “obvious”

    Best practices

    • Get a clear understanding of what the system needs to do and what it is expected to produce
    • Test against the principle of MECE – requirements should be “mutually exclusive and collectively exhaustive”
    • Explicitly state the obvious and assume nothing
    • Investigate what is sold on the market and how it is sold. Use language that is consistent with that of the market and focus on key differentiators – not table stakes
    • Contain the appropriate level of detail – the level should be suitable for procurement and sufficient for differentiating vendors

    Prioritize requirements to assist with vendor selection: focus on priority requirements linked to differentiated capabilities

    Prioritization is the process of ranking each requirement based on its importance to project success. Hold a meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure efforts are targeted toward the proper requirements and to plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.


    Pyramid of the MoSCoW Model.
    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994.

    The MoSCoW Model of Prioritization

    Requirements must be implemented for the solution to be considered successful.

    Requirements that are high priority should be included in the solution if possible.

    Requirements are desirable but not necessary and could be included if resources are available.

    Requirements won’t be in the next release, but will be considered for the future releases.

    Base your prioritization on the right set of criteria

    Effective Prioritization Criteria

    Criteria

    Description

    Regulatory & Legal Compliance These requirements will be considered mandatory.
    Policy Compliance Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory.
    Business Value Significance Give a higher priority to high-value requirements.
    Business Risk Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early.
    Likelihood of Success Especially in “proof of concept” projects, it is recommended that requirements have good odds.
    Implementation Complexity Give a higher priority to low implementation difficulty requirements.
    Alignment With Strategy Give a higher priority to requirements that enable the corporate strategy.
    Urgency Prioritize requirements based on time sensitivity.
    Dependencies A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it.

    2.6 Identify requirements to support your use cases

    1-2 hours

    Input: List of goals and challenges

    Output: Use cases to be used for determining requirements

    Materials: Whiteboard/flip charts, Vendor Evaluation Workbook

    Participants: CIO, Application managers, CMO/SVP sales, Marketing, sales, or service SMEs

    1. Work with the team to identify which features will be most important to support your use cases. Keep in mind there will be some features that will require more effort to implement fully. Add that into your project plan.
    2. Use the features lists on the following slides as a guide to get started on requirements.
    3. Prioritize your requirements list into mandatory features and nice-to-have features (or use the MoSCoW model from the previous slides). This will help you to eliminate vendors who don’t meet bare minimums and to score remaining vendors.
    4. Use this same list to guide your vendor demos.

    Our Improve Requirements Gathering blueprint provides a deep dive into the process of eliciting, analyzing, and validating requirements if you need to go deeper into effective techniques.

    CRM features

    Table stakes vs. differentiating

    What is a table stakes/standard feature?

    • Certain features are standard for all CRM tools, but that doesn’t mean they are all equal.
    • The existence of features doesn’t guarantee their quality or functionality to the standards you need. Never assume that “Yes” in a features list means you don’t need to ask for a demo.
    • If Table Stakes are all you need from your CRM solution, the only true differentiator for the organization is price. Otherwise, dig deeper to find the best price to value for your needs.

    What is a differentiating/additional feature?

    • Differentiating features take two forms:
      • Some CRM platforms offer differentiating features that are vertical specific.
      • Other CRM platforms offer differentiating features that are considered cutting edge. These cutting-edge features may become table stakes over time.

    Table stakes features for CRM

    Account Management Flexible account database that stores customer information, account history, and billing information. Additional functionality includes: contact deduplication, advanced field management, document linking, and embedded maps.
    Interaction Logging and Order History Ability to view all interactions that have occurred between sales teams and the customer, including purchase order history.
    Basic Pipeline Management View of all opportunities organized by their current stage in the sales process.
    Basic Case Management The ability to create and manage cases (for customer service or order fulfilment) and associate them with designated accounts or contacts.
    Basic Campaign Management Basic multi-channel campaign management (i.e. ability to execute outbound email campaigns). Budget tracking and campaign dashboards.
    Reports and Analytics In-depth reports on CRM data with dashboards and analytics for a variety of audiences.
    Mobile Support Mobile access across multiple devices (tablets, smartphones and/or wearables) with access to CRM data and dashboards.

    Additional features for CRM

    Customer Information Management Customizable records with detailed demographic information and the ability to created nested accounts (accounts with associated sub-accounts or contact records).
    Advanced Case Management Ability to track detailed interactions with members or constituents through a case view.
    Employee Collaboration Capabilities for employee-to-employee collaboration, team selling, and activity streams.
    Customer Collaboration Capabilities for outbound customer collaboration (i.e. the ability to create customer portals).
    Lead Generation Capabilities for generating qualified leads from multiple channels.
    Lead Nurturing/Lead Scoring The ability to evaluate lead warmth using multiple customer-defined criteria.
    Pipeline and Deal Management Managing deals through cases, providing quotes, and tracking client deliverables.

    Additional features for CRM (Continued)

    Marketing Campaign Management Managing outbound marketing campaigns via multiple channels (email, phone, social, mobile).
    Customer Intelligence Tools for in-depth customer insight generation and segmentation, predictive analytics, and contextual analytics.
    Multi-Channel Support Capabilities for supporting customer interactions across multiple channels (email, phone, social, mobile, IoT, etc.).
    Customer Service Workflow Management Capabilities for customer service resolution, including ticketing and service management.
    Knowledge Management Tools for capturing and sharing CRM-related knowledge, especially for customer service.
    Customer Journey Mapping Visual workflow builder with automated trigger points and business rules engine.
    Document Management The ability to curate assets and attachments and add them to account or contact records.
    Configure, Price, Quote The ability to create sales quotes/proposals from predefined price lists and rules.

    2.7 Put it all together – port your requirements into a robust RFP template that you can take to market!

    1-2 hours
    1. Once you’ve captured and prioritized your requirements – and received sign-off on them from key stakeholders – it’s time to bake them into a procurement vehicle of your choice.
    2. For complex enterprise systems like a CRM platform, Info-Tech recommends that this should take the form of a structured RFP document.
    3. Use our CRM RFP Template and associated CRM RFP Scoring Tool to jump-start the process.
    4. The next step will be conducting a market scan to identify contenders, and issuing the RFP to a shortlist of viable vendors for further evaluation.

    Need additional guidance on running an effective RFP process? Our Drive Successful Sourcing Outcomes with a Robust RFP Process has everything you need to ace the creation, administration and assessment of RFPs!

    Samples of the CRM Request for Proposal Template and CRM Suite Evaluation and RFP Scoring Tool.

    Download the CRM Request for Proposal Template

    Download the CRM Suite Evaluation and RFP Scoring Tool

    Identify whether vertical-specific CRM platforms are a best fit

    In mature vendor landscapes (like CRM) vendors begin to differentiate themselves by offering vertical-specific platforms, modules, or feature sets. These feature sets accelerate the implantation, decrease the platform’s learning curve, and drive user adoption. The three use cases below cover the most common industry-specific offerings:

    Public Sector

    • Constituent management and communication.
    • Constituent portal deployment for self-service.
    • Segment constituents based on geography, needs and preferences.

    Education

    • Top-level view into the student journey from prospect to enrolment.
    • Track student interactions with services across the institution.
    • Unify communications across different departments.

    Financial Services

    • Determine customer proclivity for new services.
    • Develop self-service banking portals.
    • Track longitudinal customer relationships from first account to retirement management.
    Info-Tech Insight

    Vertical-specific solutions require less legwork to do upfront but could cost you more in the long run. Interoperability and vendor viability must be carefully examined. Smaller players targeting niche industries often have limited integration ecosystems and less funding to keep pace with feature innovation.

    Rein-in ballooning scope for CRM selection projects

    Stretching the CRM beyond its core capabilities is a short-term solution to a long-term problem. Educate stakeholders about the limits of CRM technology.

    Common pitfalls for CRM selection

    • Tangential capabilities may require separate solutions. It is common for stakeholders to list features such as “content management” as part of the new CRM platform. While content management goes hand in hand with the CRM’s ability to manage customer interactions, document management is best handled by a standalone platform.

    Keeping stakeholders engaged and in line

    • Ballooning scope leads to stakeholder dissatisfaction. Appeasing stakeholders by over-customizing the platform will lead to integration and headaches down the road.
    • Make sure stakeholders feel heard. Do not turn down ideas in the midst of an elicitation session. Once the requirements-gathering sessions are completed, the project team has the opportunity to mark requirements as “out of scope” and communicate the reasoning behind the decision.
    • Educate stakeholders on the core functionality of CRM. Many stakeholders do not know the best-fit use cases for CRM platforms. Help end users understand what CRM is good at and where additional technologies will be needed.
    Stock image of a man leaping with a balloon.

    CRM Buyer’s Guide

    Phase 3

    Discover the CRM Market Space & Prepare for Implementation

    Phase 1

    1.1 Define CRM platforms

    1.2 Classify table stakes & differentiating capabilities

    1.3 Explore CRM trends

    Phase 2

    2.1 Build the business case

    2.2 Streamline requirements elicitation for CRM

    2.3 Construct the RFP

    Phase 3

    3.1 Discover key players in the CRM landscape

    3.2 Engage the shortlist & select finalist

    3.3 Prepare for implementation

    This phase will walk you through the following activities:

    • Dive into the key players of the CRM vendor landscape.
    • Understand best practices for building a vendor shortlist.
    • Understand key implementation considerations for CRM.

    This phase involves the following participants:

    • CIO
    • Applications manager
    • Project manager
    • Sales executive
    • Marketing executive
    • Customer service executive

    Consolidating the Vendor Shortlist Up-Front Reduces Downstream Effort

    Put the “short” back in shortlist!

    • Radically reduce effort by narrowing the field of potential vendors earlier in the selection process. Too many organizations don’t funnel their vendor shortlist until nearing the end of the selection process. The result is wasted time and effort evaluating options that are patently not a good fit.
    • Leverage external data (such as SoftwareReviews) and expert opinion to consolidate your shortlist into a smaller number of viable vendors before the investigative interview stage and eliminate time spent evaluating dozens of RFP responses.
    • Having fewer RFP responses to evaluate means you will have more time to do greater due diligence.
    Stock image of river rapids.

    Review your use cases to start your shortlist

    Your Info-Tech analysts can help you narrow down the list of vendors that will meet your requirements.

    Next steps will include:
    1. Reviewing your requirements
    2. Checking out SoftwareReviews
    3. Shortlisting your vendors
    4. Conducting demos and detailed proposal reviews
    5. Selecting and contracting with a finalist!
    Image of a person presenting a dashboard of the steps on the left.

    Get to know the key players in the CRM landscape

    The proceeding slides provide a top-level overview of the popular players you will encounter in the CRM shortlisting process.

    Logos of the key players in the CRM landscape (Salesforce, Microsoft, Oracle, HubSpot, etc).

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews

    Sample of SoftwareReviews' Data Quadrant Report. Title page of SoftwareReviews' Data Quadrant Report. The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    Sample of SoftwareReviews' Emotional Footprint. Title page of SoftwareReviews' Emotional Footprint. The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Speak with category experts to dive deeper into the vendor landscape

    SoftwareReviews

    Icon of a person.


    Fact-based reviews of business software from IT professionals.

    Icon of a magnifying glass over a chart.


    Top-tier data quality backed by a rigorous quality assurance process.

    CLICK HERE to ACCESS

    Comprehensive software reviews to make better IT decisions

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Icon of a tablet.


    Product and category reports with state-of-the-art data visualization.

    Icon of a phone.


    User-experience insight that reveals the intangibles of working with a vendor.

    SoftwareReviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. Combined with the insights of our expert analysts, our members receive unparalleled support in their buying journey.

    Logo for Salesforce.
    Est. 1999 | CA, USA | NYSE: CRM

    bio

    Link for their Twitter account. Link for their LinkedIn profile. Link for their website.
    Sales Cloud Enterprise allows you to be more efficient, more productive, more everything than ever before as it allows you to close more deals, accelerate productivity, get more leads, and make more insightful decisions.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:
    • Breadth of features
    • Quality of features
    • Sales management functionality
    Areas to Improve:
    • Cost of service
    • Ease of implementation
    • Telephony and contact center management
    Logo gif for SoftwareReviews.
    8.0
    COMPOSITE SCORE
    8.3
    CX SCORE
    +77
    EMOTIONAL FOOTPRINT
    83%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 600
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a Salesforce screen. Vendor Pulse rating. How often do we hear about Salesforce from our members for CRM? 'Very Frequently'.
    History of Salesforce in a vertical timeline.
    *Pricing correct as of August 2021. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.
    Logo for Salesforce.

    “Salesforce is the pre-eminent vendor in the CRM marketplace and is a force to be reckoned with in terms of the breadth and depth of its capabilities. The company was an early disruptor in the category, placing a strong emphasis from the get-go on a SaaS delivery model and strong end-user experience. This allowed them to rapidly gain market share at the expense of more complacent enterprise application vendors. A series of savvy acquisitions over the years has allowed Salesforce to augment their core Sales and Service Clouds with a wide variety of other solutions, from e-commerce to marketing automation to CPQ. Salesforce is a great fit for any organization looking to partner with a market leader with excellent functional breadth, strong interoperability, and a compelling technology and partner ecosystem. All of this comes at a price, however – Salesforce prices at a premium, and our members routinely opine that Salesforce’s commercial teams are overly aggressive – sometimes pushing solutions without a clear link to underpinning business requirements.”

    Ben Dickie
    Research Practice Lead, Info-Tech Research Group

    Sales Cloud Essentials Sales Cloud Professional Sales Cloud Enterprise Sales Cloud Ultimate
    • Starts at $25*
    • Per user/mo
    • Small businesses after basic functionality
    • Starts at $75*
    • Per user/mo
    • Mid-market target
    • Starts at $150*
    • Per user/mo
    • Enterprise target
    • Starts at $300*
    • Per user/mo
    • Strong upmarket feature additions
    Logo for Microsoft.


    Est. 1975 | WA, USA | NYSE: MSFT

    bio

    Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Dynamics 365 Sales is an adaptive selling solution that helps your sales team navigate the realities of modern selling. At the center of the solution is an adaptive, intelligent system – prebuilt and ready to go – that actively monitors myriad signals and distills them into actionable insights.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Business value created
    • Analytics and reporting
    • Lead management

    Areas to Improve:

    • Quote, contract, and proposals
    • Vendor support
    Logo gif for SoftwareReviews.
    8.1
    COMPOSITE SCORE
    8.3
    CX SCORE
    +84
    EMOTIONAL FOOTPRINT
    82%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 198
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a Microsoft screen.Vendor Pulse rating. How often do we hear about Microsoft Dynamics from our Members? 'Very Frequently'.

    History of Microsoft in a vertical timeline.

    *Pricing correct as of June 2022. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.
    Logo for Microsoft.
    “”

    “Microsoft Dynamics 365 is a strong and compelling player in the CRM arena. While Microsoft is no stranger to the CRM space, their offerings here have seen steady and marked improvement over the last five years. Good functional breadth paired with a modern user interface and best-in-class Microsoft stack compatibility ensures that we consistently see them on our members’ shortlists, particularly when our members are looking to roll out CRM capabilities alongside other components of the Dynamics ecosystem (such as Finance, Operations, and HR). Today, Microsoft segments the offering into discrete modules for sales, service, marketing, commerce, and CDP. While Microsoft Dynamics 365 is a strong option, it’s occasionally mired by concerns that the pace of innovation and investment lags Salesforce (its nearest competitor). Additionally, the marketing module of the product is softer than some of its competitors, and Microsoft themselves points organizations with complex marketing requirements to a strategic partnership that they have with Adobe.”

    Ben Dickie
    Research Practice Lead, Info-Tech Research Group

    D365 Sales Professional D365 Sales Enterprise D365 Sales Premium
    • Starts at $65*
    • Per user/mo
    • Midmarket focus
    • Starts at $95*
    • Per user/mo
    • Enterprise focus
    • Starts at $135*
    • Per user/mo
    • Enterprise focus with customer intelligence
    Logo for Oracle.


    Est. 1977 | CA, USA | NYSE: ORCL

    bio

    Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Oracle Engagement Cloud (CX Sales) provides a set of capabilities to help sales leaders transition smoothly from sales planning and execution through customer onboarding, account management, and support services.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Quality of features
    • Activity and workflow management
    • Analytics and reporting

    Areas to Improve:

    • Marketing management
    • Product strategy & rate of improvement
    Logo gif for SoftwareReviews.
    7.8
    COMPOSITE SCORE
    7.9
    CX SCORE
    +77
    EMOTIONAL FOOTPRINT
    78%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 140
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of an Oracle screen.Vendor Pulse rating. How often do we hear about Oracle from our members for CRM? 'Frequently'.

    History of Oracle in a vertical timeline.

    Logo for Oracle.

    “Oracle is long-term juggernaut of the enterprise applications space. Their CRM portfolio is diverse – rather than a single stack, there are multiple Oracle solutions (many made by acquisition) that support CRM capabilities – everything from Siebel to JD Edwards to NetSuite to Oracle CX applications. The latter constitute Oracle’s most modern stab at CRM and are where the bulk of feature innovation and product development is occurring within their portfolio. While historically seen as lagging behind other competitors like Salesforce and Microsoft, Oracle has made excellent strides in improving their user experience (via their Redwoods design paradigm) and building new functional capabilities within their CRM products. Indeed, SoftwareReviews shows Oracle performing well in our most recent peer-driven reports. Nonetheless, we most commonly see Oracle as a pricier ecosystem play that’s often subordinate to a heavy Oracle footprint for ERP. Many of our members also express displeasure with Oracle as a vendor and highlight their heavy-handed “threat of audit” approach. ”

    Ben Dickie
    Research Practice Lead, Info-Tech Research Group

    Oracle CX Sales - Pricing Opaque:

    “Request a Demo”

    Logo for SAP.


    Est. 1972 | Germany | NYSE: SAP

    bio

    Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    SAP is the third-largest independent software manufacturer in the world, with a presence in over 120 countries. Having been in the industry for over 40 years, SAP is perhaps best known for its ERP application, SAP ERP.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Ease of data integration

    Areas to Improve:

    • Lead management
    • Marketing management
    • Collaboration
    • Usability & intuitiveness
    • Analytics & reporting
    Logo gif for SoftwareReviews.
    7.4
    COMPOSITE SCORE
    7.8
    CX SCORE
    +74
    EMOTIONAL FOOTPRINT
    75%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 108
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a SAP screen.Vendor Pulse rating. How often do we hear about SAP from our members for CRM? 'Occasionally'.

    History of SAP in a vertical timeline.

    *Pricing correct as of August 2021. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.
    Logo for SAP.

    “SAP is another mainstay of the enterprise applications market. While they have a sound breadth of capabilities in the CRM and customer experience space, SAP consistently underperforms in many of our relevant peer-driven SoftwareReviews reports for CRM and adjacent areas. CRM seems decidedly a secondary focus for SAP, behind their more compelling play in the enterprise resource planning (ERP) space. Indeed, most instances where we see SAP in our clients’ shortlists, it’s as an ecosystem play within a broader SAP strategy. If you’re blue on the ERP side, looking to SAP’s capabilities on the CRM front makes logical sense and can help contain costs. If you’re approaching a CRM selection from a greenfield lens and with no legacy vendor baggage for SAP elsewhere, experience suggests you’ll be better served by a vendor that places a higher degree of primacy on the CRM aspect of their portfolio.”

    Ben Dickie
    Research Practice Lead, Info-Tech Research Group

    SAP CRM - Pricing Opaque:

    “Request a Demo”

    Logo for pipedrive.


    Est. 2010 | NY, USA | Private

    bio

    Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Pipedrive brings together the tools and data, the platform focuses sales professionals on fundamentals to advance deals through their pipelines. Pipedrive's goal is to make sales success inevitable - for salespeople and teams.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Sales Management
    • Account & Contact Management
    • Lead Management
    • Usability & Intuitiveness
    • Ease of Implementation

    Areas to Improve:

    • Customer Service Management
    • Marketing Management
    • Product Strategy & Rate of Improvement
    Logo gif for SoftwareReviews.
    8.3
    COMPOSITE SCORE
    8.4
    CX SCORE
    +85
    EMOTIONAL FOOTPRINT
    85%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 262
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a Pipedrive screen.Vendor Pulse rating. How often do we hear about Pipedrive from our members for CRM? 'Occasionally'.

    History of Pipedrive in a vertical timeline.

    *Pricing correct as of June 2022. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.
    Logo for Pipedrive.

    “A relatively new offering, Pipedrive has seen explosive growth over the last five years. They’re a vendor that has gone from near-obscurity to popping up frequently on our members’ shortlists. Pipedrive’s secret sauce has been a relentless focus on high-velocity sales enablement. Their focus on pipeline management, lead assessment and routing, and a good single pane of glass for sales reps has driven significant traction for the vendor when sales enablement is the driving rationale behind rolling out a new CRM platform. Bang for your buck is also strong with Pipedrive, with the vendor having a value-driven licensing and implementation model.

    Pipedrive is not without some shortcomings. It’s laser-focus on sales enablement is at the expense of deep capabilities for marketing and service management, and its profile lends itself better to SMBs and lower midmarket than it does large organizations looking for enterprise-grade CRM.”

    Ben Dickie
    Research Practice Lead, Info-Tech Research Group

    Essential Advanced Professional Enterprise
    • Starts at $12.50*
    • Per user/mo
    • Small businesses after basic functionality
    • Starts at $24.90*
    • Per user/mo
    • Small/mid-sized businesses
    • Starts at $49.90*
    • Per user/mo
    • Lower mid-market focus
    • Starts at $99*
    • Per user/mo
    • Enterprise focus
    Logo for SugarCRM.


    Est. 2004 | CA, USA | Private

    bio

    Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Produces Sugar, a SaaS-based customer relationship management application. SugarCRM is backed by Accel-KKR.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Ease of customization
    • Product strategy and rate of improvement
    • Ease of IT administration

    Areas to Improve:

    • Marketing management
    • Analytics and reporting
    Logo gif for SoftwareReviews.
    8.4
    COMPOSITE SCORE
    8.8
    CX SCORE
    +92
    EMOTIONAL FOOTPRINT
    84%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 97
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a SugarCRM screen.Vendor Pulse rating. How often do we hear about SugarCRM from our members for CRM? 'Frequently'.
    History of SugarCRM in a vertical timeline.
    *Pricing correct as of August 2021. Listed in USD and absent discounts.
    See pricing on vendor’s website for latest information.
    Logo for SugarCRM.

    “SugarCRM offers reliable baseline capabilities at a lower price point than other large CRM vendors. While SugarCRM does not offer all the bells and whistles that an Enterprise Salesforce plan might, SugarCRM is known for providing excellent vendor support. If your organization is only after standard features, SugarCRM will be a good vendor to shortlist.

    However, ensure you have the time and labor power to effectively implement and train on SugarCRM’s solutions. SugarCRM does not score highly for user-friendly experiences, with complaints centering on outdated and unintuitive interfaces. Setting up customized modules takes time to navigate, and SugarCRM does not provide a wide range of native integrations with other applications. To effectively determine whether SugarCRM does offer a feasible solution, it is recommended that organizations know exactly what kinds of integrations and modules they need.”

    Thomas Randall
    Research Director, Info-Tech Research Group

    Sugar Professional Sugar Serve Sugar Sell Sugar Enterprise Sugar Market
    • Starts at $52*
    • Per user/mo
    • Min. 3 users
    • Small businesses
    • Starts at $80*
    • Per user/mo
    • Min. 3 users
    • Focused on customer service
    • Starts at $80*
    • Per user/mo
    • Min. 3 users
    • Focused on sales automation
    • Starts at $80*
    • Per user/mo
    • Min. 3 users
    • On-premises, mid-sized businesses
    • Starts at $1000*
    • Priced per month
    • Min. 10k contacts
    • Large enterprise
    Logo for .


    Est. 2006 | MA, USA | HUBS (NYSE)

    bio

    Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Develops software for inbound customer service, marketing, and sales. Software includes CRM, SMM, lead gen, SEO, and web analytics.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Breadth of features
    • Product strategy and rate of improvement
    • Ease of customization

    Areas to Improve:

    • Ease of data integration
    • Customer service management
    • Telephony and call center management
    Logo gif for SoftwareReviews.
    8.3
    COMPOSITE SCORE
    8.4
    CX SCORE
    +84
    EMOTIONAL FOOTPRINT
    86%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 97
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a HubSpot screen.Vendor Pulse rating. How often do we hear about HubSpot from our members for CRM? 'Frequently'.

    History of HubSpot in a vertical timeline.

    *Pricing correct as of August 2021. Listed in USD and absent discounts
    See pricing on vendor’s website for latest information.
    Logo for HubSpot.

    “ HubSpot is best suited for small to mid-sized organizations that need a range of CRM tools to enable growth across sales, marketing campaigns, and customer service. Indeed, HubSpot offers a content management solution that offers a central storage location for all customer and marketing data. Moreover, HubSpot offers plenty of freemium tools for users to familiarize themselves with the software before buying. However, though HubSpot is geared toward growing businesses, smaller organizations may not see high ROI until they begin to scale. The “Starter” and “Professional” plans’ pricing is often cited by small organizations as a barrier to commitment, and the freemium tools are not a sustainable solution. If organizations can take advantage of discount behaviors from HubSpot (e.g. a startup discount), HubSpot will be a viable long-term solution. ”

    Thomas Randall
    Research Director, Info-Tech Research Group

    Starter Professional Enterprise
    • Starts at $50*
    • Per month
    • Min. 2 users
    • Small businesses
    • Starts at $500*
    • Per month
    • Min. 5 users
    • Small/mid-sized businesses
    • Starts at $1200*
    • Billed yearly
    • Min. 10 users
    • Mid-sized/small enterprise
    Logo for Zoho.


    Est. 1996 | India | Private

    bio

    Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Zoho Corporation offers a cloud software suite, providing a full operating system for CRM, alongside apps for finance, productivity, HR, legal, and more.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Business value created
    • Breadth of features
    • Collaboration capabilities

    Areas to Improve:

    • Usability and intuitiveness
    Logo gif for SoftwareReviews.
    8.7
    COMPOSITE SCORE
    8.9
    CX SCORE
    +92
    EMOTIONAL FOOTPRINT
    85%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 152
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a Zoho screen.Vendor Pulse rating. How often do we hear about Zoho from our members for CRM? 'Occasionally'.

    History of Zoho in a vertical timeline.

    *
    See pricing on vendor’s website for latest information.
    Logo for Zoho.

    “Zoho has a long list of software solutions for businesses to run end to end. As one of Zoho’s earliest software releases, though, ZohoCRM remains a flagship product. ZohoCRM’s pricing is incredibly competitive for mid/large enterprises, offering high business value for its robust feature sets. For those organizations that already utilize Zoho solutions (such as its productivity suite), ZohoCRM will be a natural extension.

    However, small/mid-sized businesses may wonder how much ROI they can get from ZohoCRM, when much of the functionality expected from a CRM (such as workflow automation) cannot be found until one jumps to the “Enterprise” plan. Given the “Enterprise” plan’s pricing is on par with other CRM vendors, there may not be much in a smaller organization’s eyes that truly distinguishes ZohoCRM unless they are already invested Zoho users.”

    Thomas Randall
    Research Director, Info-Tech Research Group

    Standard Professional Enterprise Ultimate
    • Starts at $20*
    • Per user/mo
    • Small businesses after basic functionality
    • Starts at $35*
    • Per user/mo
    • Small/mid-sized businesses
    • Adds inventory management
    • Starts at $50*
    • Per user/mo
    • Mid-sized/small enterprise
    • Adds Zia AI
    • Starts at $65*
    • Per user/mo
    • Enterprise
    • Bundles Zoho Analytics
    Logo for Zendesk.


    Est. 2009 | CA, USA | ZEN (NYSE)

    bio

    Link for their Twitter account.Link for their LinkedIn profile.Link for their website.
    Software developer for customer service. Founded in Copenhagen but moved to San Francisco after $6 million Series B funding from Charles River Ventures and Benchmark Capital.

    SoftwareReviews’ Enterprise CRM Rankings

    Strengths:

    • Quality of features
    • Breadth of features
    • Vendor support

    Areas to Improve:

    • Business value created
    • Ease of customization
    • Usability and intuitiveness
    Logo gif for SoftwareReviews.
    7.8
    COMPOSITE SCORE
    7.9
    CX SCORE
    +80
    EMOTIONAL FOOTPRINT
    72%
    LIKELINESS TO RECOMMEND
    DOWNLOAD REPORT 50
    REVIEWS
    Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF and NPS scores pulled from live data as of June 2022. Rankings and ”strengths” and ”areas to improve” pulled from January 2022 Category Report.
    Sample of a Zendesk screen.Vendor Pulse rating. How often do we hear about Zendesk from our members for CRM? 'Rarely'.

    History of Zendesk in a vertical timeline.

    *Pricing correct as of August 2021. Listed in USD and absent discounts
    See pricing on vendor’s website for latest information.
    Logo for Zendesk.

    “Zendesk’s initial growth was grounded in word-of-mouth advertising, owing to the popularity of its help desk solution’s design and functionality. Zendesk Sell has followed suit, receiving strong feedback for the breadth and quality of its features. Organizations that have already reaped the benefits of Zendesk’s customer service suite will find Zendesk Sell a straightforward fit for their sales teams.

    However, it is important to note that Zendesk Sell is predominantly focused on sales. Other key components of a CRM, such as marketing, are less fleshed out. Organizations should ensure they verify what requirements they have for a CRM before choosing Zendesk Sell – if sales process requirements (such as forecasting, call analytics, and so on) are but one part of what the organization needs, Zendesk Sell may not offer the highest ROI for the pricing offered.”

    Thomas Randall
    Research Director, Info-Tech Research Group

    Sell Team Sell Professional Sell Enterprise
    • Starts at $19*
    • Per user/mo
    • Max. 3 users
    • Small businesses
    • Basic functionality
    • Starts at $49*
    • Per user/mo
    • Small/mid-sized businesses
    • Advanced analytics
    • Starts at $99*
    • Per user/mo
    • Mid-sized/small enterprise
    • Task automation

    Speak with category experts to dive deeper into the vendor landscape

    Icon of a person.
    Fact-based reviews of business software from IT professionals.
    Icon of a magnifying glass over a chart.
    Top-tier data quality backed by a rigorous quality assurance process.
    CLICK HERE to ACCESS

    Comprehensive software reviews to make better IT decisions

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Icon of a tablet.
    Product and category reports with state-of-the-art data visualization.
    Icon of a phone.
    User-experience insight that reveals the intangibles of working with a vendor.

    SoftwareReviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. Combined with the insights of our expert analysts, our members receive unparalleled support in their buying journey.

    Conduct a day of rapid-fire vendor demos

    Zoom in on high-value use cases and answers to targeted questions

    Make sure the solution will work for your business

    Give each vendor 90 to 120 minutes to give a rapid-fire presentation. We suggest the following structure:

    • 30 minutes: company introduction and vision
    • 60 minutes: walk-through of two or three high-value demo scenarios
    • 30 minutes: targeted Q&A from the business stakeholders and procurement team
    To ensure a consistent evaluation, vendors should be asked analogous questions, and a tabulation of answers should be conducted.
    How to challenge the vendors in the investigative interview
    • Change the visualization/presentation.
    • Change the underlying data.
    • Add additional data sets to the artifacts.
    • Collaboration capabilities.
    • Perform an investigation in terms of finding BI objects and identifying previous changes, and examine the audit trail.
    Rapid-fire vendor investigative interview

    Invite vendors to come onsite (or join you via video conference) to demonstrate the product and to answer questions. Use a highly targeted demo script to help identify how a vendor’s solution will fit your organization’s particular business capability needs.

    Graphic of an alarm clock.
    To kick-start scripting your demo scenarios, leverage our CRM Demo Script Template.

    A vendor scoring model provides a clear anchor point for your evaluation of CRM vendors based on a variety of inputs

    A vendor scoring model is a systematic method for effectively assessing competing vendors. A weighted-average scoring model is an approach that strikes a strong balance between rigor and evaluation speed.

    Info-Tech Insight

    Even the best scoring model will still involve some “art” rather than science – scoring categories such as vendor viability always entails a degree of subjective interpretation.

    How do I build a scoring model?

    • Start by shortlisting the key criteria you will use to evaluate your vendors. Functional capabilities should always be a critical category, but you’ll also want to look at criteria such as affordability, architectural fit, and vendor viability.
    • Depending on the complexity of the project, you may break down some criteria into sub-categories to assist with evaluation (for example, breaking down functional capabilities into constituent use cases so you can score each one).
    • Once you’ve developed the key criteria for your project, the next step is weighting each criterion. Your weightings should reflect the priorities for the project at hand. For example, some projects may put more emphasis on affordability, others on vendor partnership.
    • Using the information collected in the subsequent phases of this blueprint, score each criterion from 1-100, then multiply by the weighting factor. Add up the weighted scores to arrive at the aggregate evaluation score for each vendor on your shortlist.

    What are some of the best practices?

    • While the criteria for each project may vary, it’s helpful to have an inventory of repeatable criteria that can be used across application selection projects. The next slide contains an example that you can add or subtract from.
    • Don’t go overboard on the number of criteria: five to 10 weighted criteria should be the norm for most projects. The more criteria (and sub-criteria) you must score against, the longer it will take to conduct your evaluation. Always remember, link the level of rigor to the size and complexity of your project! It’s possible to create a convoluted scoring model that takes significant time to fill out but yields little additional value.
    • Creation of the scoring model should be a consensus-driven activity among IT, procurement, and the key business stakeholders – it should not be built in isolation. Everyone should agree on the fundamental criteria and weights that are employed.
    • Consider using not just the outputs of investigative interviews and RFP responses to score vendors, but also third-party review services like SoftwareReviews.

    Define how you’ll score CRM proposals and demos

    Define key CRM selection criteria for your organization – this should be informed by the following goals, use cases, and requirements covered in the blueprint.

    Criteria

    Description

    Functional CapabilitiesHow well does the vendor align with the top-priority functional requirements identified in your accelerated needs assessment? What is the vendor’s functional breadth and depth?
    AffordabilityHow affordable is this vendor? Consider a three-to-five-year total cost of ownership (TCO) that encompasses not just licensing costs, but also implementation, integration, training, and ongoing support costs.
    Architectural FitHow well does this vendor align with our direction from an enterprise architecture perspective? How interoperable is the solution with existing applications in our technology stack? Does the solution meet our deployment model preferences?
    ExtensibilityHow easy is it to augment the base solution with native or third-party add-ons as our business needs may evolve?
    ScalabilityHow easy is it to expand the solution to support increased user, data, and/or customer volumes? Are there any capacity constraints of the solution?
    Vendor ViabilityHow viable is this vendor? Are they an established player with a proven track record, or a new and untested entrant to the market? What is the financial health of the vendor? How committed are they to the particular solution category?
    Vendor VisionDoes the vendor have a cogent and realistic product roadmap? Are they making sensible investments that align with your organization’s internal direction?
    Emotional FootprintHow well does the vendor’s organizational culture and team dynamics align to yours?
    Third-Party Assessments and/or ReferencesHow well-received is the vendor by unbiased, third-party sources like SoftwareReviews? For larger projects, how well does the vendor perform in reference checks (and how closely do those references mirror your own situation)?

    Decision Point: Select the Finalist

    After reviewing all vendor responses to your RFP, conducting vendor demos, and running a pilot project (if applicable), the time has arrived to select your finalist.

    All core selection team members should hold a session to score each shortlisted vendor against the criteria enumerated on the previous slide – based on an in-depth review of proposals, the demo sessions, and any pilots or technical assessments.

    The vendor that scores the highest in aggregate is your finalist.

    Congratulations – you are now ready to proceed to final negotiation and inking a contract. This blueprint provides a detailed approach on the mechanics of a major vendor negotiation.

    Leverage Info-Tech’s research to plan and execute your CRM implementation

    Use Info-Tech Research Group’s three phase implementation process to guide your own planning.
    The three phases of software implementation: 'Assess', 'Prepare', 'Govern & Course Correct'. Sample of the 'Governance and Management of Enterprise Software Implementation' blueprint.

    Establish and execute an end-to-end, agile framework to succeed with the implementation of a major enterprise application.

    Visit this link

    Prepare for implementation: establish a clear resourcing plan

    Organizations rarely have sufficient internal staffing to resource a CRM project on their own. Consider the options for closing the gap in internal resource availability.

    The most common project resourcing structures for enterprise projects are:
    Your own staff +
    1. Management consultant
    2. Vendor consultant
    3. System integrator
    Info-Tech Insight

    When contemplating a resourcing structure, consider:

    • Availability of in-house implementation competencies and resources.
    • Timeline and constraints.
    • Integration environment complexity.

    Consider the following:

    Internal vs. External Roles and Responsibilities

    Clearly delineate between internal and external team responsibilities and accountabilities, and communicate this to your technology partner up front.

    Internal vs. External Accountabilities

    Accountability is different than responsibility. Your vendor or SI partner may be responsible for completing certain tasks, but be careful not to outsource accountability for the implementation – ultimately, the internal team will be accountable.

    Partner Implementation Methodologies

    Often vendors and/or SIs will have their own preferred implementation methodology. Consider the use of your partner's implementation methodology; however, you know what will work for your organization.

    Establish team composition

    1 – 2 hours

    Input: Skills assessment, Stakeholder analysis, Vendor partner selection

    Output: Team composition

    Materials: Sticky notes, Whiteboard, Markers

    Participants: Project team

    Use Info-Tech’s Governance and Management of Enterprise Software Implementation to establish your team composition. Within that blueprint:

    1. Assess the skills necessary for an implementation. Inventory the competencies required for the implementation project team. Map your internal resources to each competency as applicable.
    2. Select your internal implementation team. Determine who needs to be involved closely with the implementation. Key stakeholders should also be considered as members of your implementation team.
    3. Identify the number of external consultants/support required for implementation. Consider your in-house skills, timeline considerations, integration environment complexity, and cost constraints as you make your team composition plan. Be sure to dedicate an internal resource to managing the vendor and partner relationships.
    4. Document the roles and responsibilities, accountabilities, and other expectations of your team as they relate to each step of the implementation.

    Governance and Management of Enterprise Software Implementation

    Sample of the 'Governance and Management of Enterprise Software Implementation' blueprint.Follow our iterative methodology with a task list focused on the business must-have functionality to achieve rapid execution and to allow staff to return to their daily work sooner.

    Visit this link

    Ensure your implementation team has a high degree of trust and communication

    If external partners are needed, dedicate an internal resource to managing the vendor and partner relationships.

    Communication

    Teams must have some type of communication strategy. This can be broken into:
    • Regularity: Having a set time each day to communicate progress and a set day to conduct retrospectives.
    • Ceremonies: Injecting awards and continually emphasizing delivery of value can encourage relationship-building and constructive motivation.
    • Escalation: Voicing any concerns and having someone responsible for addressing those concerns.

    Proximity

    Distributed teams create complexity as communication can break down. This can be mitigated by:
    • Location: Placing teams in proximity can close the barrier of geographical distance and time zone differences.
    • Inclusion: Making a deliberate attempt to pull remote team members into discussions and ceremonies.
    • Communication tools: Having the right technology (e.g. video conference) can help bring teams closer together virtually.

    Trust

    Members should trust other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:
    • Accountability: Having frequent quality reviews and feedback sessions. As work becomes more transparent, people become more accountable.
    • Role clarity: Having a clear definition of what everyone’s role is.

    Plan for your implementation of CRM based on deployment model

    Place your CRM application into your IT landscape by configuring and adjusting the tool based on your specific deployment method.

    Icon of a housing development.
    On-Premises

    1. Identify custom features and configuration items
    2. Train developers and IT staff on new software investment
    3. Install software
    4. Configure software
    5. Test installation and configuration
    6. Test functionality

    Icon of a cloud upload.
    SaaS-based

    1. Train developers and IT staff on new software investment
    2. Set up connectivity
    3. Identify VPN or internal solution
    4. Check firewalls
    5. Validate bandwidth regulations

    Integration is a top IT challenge and critical to the success of the CRM suite

    CRM suites are most effective when they are integrated with ERP and MarTech solutions.

    Data interchange between the CRM solution and other data sources is necessary

    Formulate a comprehensive map of the systems, hardware, and software with which the CRM solution must be able to integrate. Customer data needs to constantly be synchronized: without this, you lose out on one of the primary benefits of CRM. These connections must be bidirectional for maximum value (i.e. marketing data to the CRM, customer data to MMS).
    Specialized projects that include an intricate prospect or customer list and complex rules may need to be built by IT The more custom fields you have in your CRM suite and point solutions, the more schema mapping you will have to do. Include this information in the RFP to receive guidance from vendors on the ease with which integration can be achieved.

    Pay attention to legacy apps and databases

    If you have legacy CRM, POS, or customer contact software, more custom code will be required. Many vendors claim that custom integration can be performed for most systems, but custom comes at a cost. Don’t just ask if they can integrate; ask how long it will take and for references from organizations which have been successful in this.
    When assessing the current application portfolio that supports CRM, the tendency will be to focus on the applications under the CRM umbrella, relating mostly to marketing, sales, and customer service. Be sure to include systems that act as inputs to, or benefit due to outputs from, the CRM or similar applications.

    CRM data flow

    Example of a CRM data flow.

    Be sure to include enterprise applications that are not included in the CRM application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.

    Sample CRM integration map

    Sample of a CRM integration map.

    Scenario: Failure to address CRM data integration will cost you in the long run

    A company spent $15 million implementing a new CRM system in the cloud and decided NOT to spend an additional $1.5 million to do a proper cloud DI tool procurement. The mounting costs followed.

    Cost Element – Custom Data Integration

    $

    2 FTEs for double entry of sales order data $ 100,000/year
    One-time migration of product data to CRM $ 240,000 otc
    Product data maintenance $ 60,000/year
    Customer data synchronization interface build $ 60,000 otc
    Customer data interface maintenance $ 10,000/year
    Data quality issues $ 100,000/year
    New SaaS integration built in year 3 $ 300,000 otc
    New SaaS integration maintenance $ 150,000/year

    Cost Element – Data Integration Tool

    $

    DI strategy and platform implementation $1,500,000 otc
    DI tool maintenance $ 15,000/year
    New SaaS integration point in year 3 $ 300,000 otc
    Thumbs down color coded red to the adjacent chart. Custom integration is costing this organization $300,000/year for one SaaS solution.
    Thumbs up color coded blue to the adjacent chart.

    The proposed integration solution would have paid for itself in 3-4 years and saved exponential costs in the long run.

    Proactively address data quality in the CRM during implementation

    Data quality is a make-or-break issue in a CRM platform; garbage in is garbage out.
    • CRM suites are one of the leading offenders for generating poor-quality data. As such, it’s important to have a plan in place for structuring your data architecture in such a way the poor data quality is minimized from the get-go.
    • Having a plan for data quality should precede data migration efforts; some types of poor data quality can be mitigated prior to migration.
    • There are five main types of poor-quality data found in CRM platforms.
      • Duplicate data: Duplicate records can be a major issue. Leverage dedicated deduplication tools to eliminate them.
      • Stale data: Out-of-date customer information can reduce the usefulness of the platform. Use automated social listening tools to help keep data fresh.
      • Incomplete data: Records with missing info limit platform value. Specify data validation parameters to mandate that all fields are filled in.
      • Invalid and conflicting data: These can create cascading errors. Establishing conflict resolution rules in ETL tools for data integration can lessen issues.
    Info-Tech Insight

    If you have a complex POI environment, appoint data stewards for each major domain and procure a deduplication tool. As the complexity of CRM system-to-system integrations increases, so will the chance that data quality errors will crop up – for example, bidirectional POI with other sources of customer information dramatically increase the chances of conflicting/duplicate data.

    Profile data, eliminate dead weight, and enforce standards to protect data

    Identify and eliminate dead weight

    Poor data can originate in the firm’s CRM system. Custom queries, stored procedures, or profiling tools can be used to assess the key problem areas.

    Loose rules in the CRM system may lead to records of no significant value in the database. Those rules need to be fixed, but if changes are made before the data is fixed, users could encounter database or application errors, which will reduce user confidence in the system.

    • Conduct a data flow analysis: map the path that data takes through the organization.
    • Use a mass cleanup to identify and destroy dead weight data. Merge duplicates either manually or with the aid of software tools. Delete incomplete data, taking care to reassign related data.
    • COTS packages typically allow power users to merge records without creating orphaned records in related tables, but custom-built applications typically require IT expertise.

    Create and enforce standards and policies

    Now that the data has been cleaned, it’s important to protect the system from relapsing.

    Work with business users to find out what types of data require validation and which fields should have changes audited. Whenever possible, implement drop-down lists to standardize values and make programming changes to ensure that truncation ceases.

    • Truncated data is usually caused by mismatches in data structures during either one-time data loads or ongoing data integrations.
    • Don’t go overboard on assigning required fields; users will just put key data in note fields.
    • Discourage the use of unstructured note fields: the data is effectively lost except if it gets subpoenaed.
    Info-Tech Insight

    Data quality concerns proliferate with the customization level of your platform. The more extensive the custom integration points and module/database extensions that you have made, the more you will need to have a plan in place for managing data quality from a reactive and proactive standpoint.

    Create a formal communication process throughout the CRM implementation

    Establish a comprehensive communication process around the CRM enterprise roll-out to ensure that end users stay informed.

    The CRM kick-off meeting(s) should encompass: 'The high-level application overview', 'Target business-user requirements', 'Target quality of service (QoS) metrics', 'Other IT department needs', 'Tangible business benefits of application', 'Special consideration needs'. The overall objective for interdepartmental CRM kick-off meetings is to confirm that all parties agree on certain key points and understand platform rationale and functionality.

    The kick-off process will significantly improve internal communications by inviting all affected internal IT groups, including business units, to work together to address significant issues before the application process is formally activated.

    Department groups or designated trainers should take the lead and implement a process for:

    • Scheduling CRM platform roll-out/kick-off meetings.
    • Soliciting preliminary input from the attending groups to develop further training plans.
    • Establishing communication paths and the key communication agents from each department who are responsible for keeping lines open moving forward.

    Ensure requirements are met with robust user acceptance testing

    User acceptance testing (UAT) is a test procedure that helps to ensure end-user requirements are met. Test cases can reveal bugs before the suite is implemented.

    Five Secrets of UAT Success

    Bracket with colors corresponding the adjacent list items.

    1

    Create the plan With the information collected from requirements gathering, create the plan. Make sure this information is added to the main project plan documentation.

    2

    Set the agenda The time allotted will vary depending on the functionality being tested. Ensure that the test schedule allows for the resolution of issues and discussion.

    3

    Determine who will participate Work with the relevant stakeholders to identify the people who can best contribute to system testing. Look for experienced power users who have been involved in earlier decision making about the system.

    4

    Highlight acceptance criteria Together with the UAT group, pinpoint the criteria to determine system acceptability. Refer back to requirements specified in use cases in the initial requirements-gathering stages of the project.

    5

    Collect end user feedback Weaknesses in resolution workflow design, technical architecture, and existing customer service processes can be highlighted and improved on with ongoing surveys and targeted interviews.

    Calculate post-deployment metrics to assess measurable value of the project

    Track the post-deployment results from the project and compare the metrics to the current state and target state.

    CRM Selection and Implementation Metrics
    Description Formula Current or Estimated Target Post-Deployment
    End-User Satisfaction # of Satisfied Users
    # of End Users
    70% 90% 85%
    Percentage Over/Under Estimated Budget Amount Spent - 100%
    Budget
    5% 0% 2%
    Percentage Over/Under Estimated Timeline Project Length - 100%
    Estimated Timeline
    10% -5% -10%

    CRM Strategy Metrics
    Description Formula Current or Estimated Target Post-Deployment
    Number of Leads Generated (per month) # of Leads Generated 150 200 250
    Average Time to Resolution (in minutes) Time Spent on Resolution
    # of Resolutions
    30 minutes 10 minutes 15 minutes
    Cost per Interaction by Campaign Total Campaign Spending
    # of Customer Interactions
    $17.00 $12.00 $12.00

    Select the Right CRM Platform

    CRM technology is critical to facilitate an organization’s relationships with customers, service users, employees, and suppliers. Having a structured approach to building a business case, defining key requirements, and engaging with the right shortlist of vendors to pick the best finalist is crucial.

    This selection guide allows organizations to execute a structured methodology for picking a CRM that aligns with their needs. This includes:
    • Alignment and prioritization of key business and technology drivers for a CRM selection business case.
    • Identification of key use cases and requirements for CRM.
    • Construction of a robust CRM RFP.
    • A strong market scan of key players.
    • A survey of crucial implementation considerations.
    This formal CRM selection initiative will drive business-IT alignment, identify sales and marketing automation priorities, and allow for the rollout of a platform that’s highly likely to satisfy all stakeholder needs.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.
    workshops@infotech.com
    1-888-670-8889

    Insight summary

    Stakeholder satisfaction is critical to your success

    Choosing a solution for a single use case and then expanding it to cover other purposes can be a way to quickly gain approvals and then make effective use of dollars spent. However, this can also be a nightmare if the product is not fit for purpose and requires significant customization effort for future use cases. Identify use cases early, engage stakeholders to define success, and recognize where you need to find balance between a single off-the-shelf CRM platform and adjacent MarTech or sales enablement systems.

    Build a business case

    An effective business case isn’t a single-purpose document for obtaining funding. It can also be used to drive your approach to product selection, requirements gathering, and ultimately evaluating stakeholder and user satisfaction.

    Use your business case to define use cases and milestones as well as success.

    Balance process with technology

    A new solution with old processes will result in incremental increased value. Evaluate existing processes and identify opportunities to improve and remove workarounds. Then define requirements.

    You may find that the tools you have would be adequate with an upgrade and tool optimization. If not, this exercise will prepare you to select the right solution for your current and future needs.

    Drive toward early value

    Lead with the most important benefit and consider the timeline. Most stakeholders will lose interest if they don’t realize benefits within the fist year. Can you reach your goal and report success within that timeline?

    Identify secondary, incremental customer engagement improvements that can be made as you work toward the overall goal to be achieved at the one-year milestone.

    Related Info-Tech Research

    Stock image of an office worker. Build a Strong Technology Foundation for Customer Experience Management
    • Any CRM project needs to be guided by the broader strategy around customer engagement. This blueprint explores how to create a strong technology enablement approach for CXM using voice of the customer analysis.
    Stock image of a target with arrows. Improve Requirements Gathering
    • 70% of projects that fail do so because of poor requirements. If you need to double-click on best practices for eliciting, analyzing, and validating requirements as you build up your CRM picklist and RFP, this blueprint will equip you with the knowledge and tools you need to hit the ground running.
    Stock image of a pen on paper. Drive Successful Sourcing Outcomes with a Robust RFP Process
    • Managing a complex RFP process for an enterprise application like a CRM platform can be a challenging undertaking. This blueprint zooms into how to build, run, administer, and evaluate RFP responses effectively.

    Bibliography

    “Doomed From the Start? Why a Majority of Business and IT Teams Anticipate Their Software Development Projects Will Fail.” Geneca, 25 Jan. 2017. Web.

    Hall, Kerrie. “The State of CRM Data Management 2020.” Validity. 27 April 2020. Web.

    Hinchcliffe, Dion. “The Evolving Role of the CIO and CMO in Customer Experience.” ZDNet, 22 Jan. 2020. Web.

    Klie, L. “CRM Still Faces Challenges, Most Speakers Agree: CRM Systems Have Been Around for Decades, but Interoperability and Data Siloes Still Have to Be Overcome.” CRM Magazine, vol. 23, no. 5, 2019, pp. 13-14.

    Markman, Jon. "Netflix Knows What You Want... Before You Do." Forbes. 9 Jun. 2017. Web.

    Morgan, Blake. “50 Stats That Prove The Value Of Customer Experience.” Forbes, 24 Sept. 2019. Web.

    Taber, David. “What to Do When Your CRM Project Fails.” CIO Magazine, 18 Sept. 2017. Web.

    “The State of Project Management Annual Survey 2018.” Wellingtone, 2018. Web.

    “The History of Microsoft Dynamics.” Eswelt. 2021. Accessed 8 June 2022.

    “Unlock the Mysteries of Your Customer Relationships.” Harvard Business Review. 1 July 2014. Accessed 30 Mar. 2016.

    Develop the Right Message to Engage Buyers

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Sixty percent of marketers find it hard to produce high-quality content consistently. SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns

    Our Advice

    Critical Insight

    Marketing content that identifies the benefit of the product along with a deep understanding of the buyer pain points, desired value, and benefit proof points is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    Impact and Result

    Marketers that activate the SoftwareReviews message mapping architecture will be able to crack the code on the formula for improving open and click-through rates.

    By applying the SoftwareReviews message mapping architecture, clients will be able to:

    • Quickly diagnose the current state of their content marketing effectiveness compared to industry metrics.
    • Compare their current messaging approach versus the key elements of the Message Map Architecture.
    • Create more compelling and relevant content that aligns with a buyer’s needs and journey.
    • Shrink marketing and sales cycles.
    • Increase the pace of content production.

    Develop the Right Message to Engage Buyers Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop the Right Message to Engage Buyers Executive Brief – A mapping architecture to enable marketers to crack the code on the formula for improving open and click-through rates.

    Through this blueprint marketers will learn how to shift content away from low-performing content that only focuses on the product and company to high-performing customer-focused content that answers the “What’s in it for me?” question for a buyer, increasing engagement and conversions.

    Infographic

    Further reading

    Develop the Right Message to Engage Buyers

    Drive higher open rates, time-on-site, and click-through rates with buyer-relevant messaging.

    Analyst Perspective

    Develop the right message to engage buyers.

    Marketers only have seven seconds to capture a visitor's attention but often don't realize that the space between competitors and their company is that narrow. They often miss the mark on content and create reams of product and company-focused messaging that result in high bounce rates, low page views, low return visits, low conversions, and low click-through rates.

    We wouldn't want to sit in a conversation with someone who only speaks about themselves, so why would it be any different when we buy something? Today's marketers must quickly hook their visitors with content that answers the critical question of "What's in it for me?"

    Our research finds that leading content marketers craft messaging that lets their audience ”know they know them,” points out what’s in it for them, and includes proof points of promised value. This simple, yet often missed approach, we call Message Mapping, which helps marketers grab a visitor’s initial attention and when applied throughout the customer journey will turn prospects into customers, lifelong buyers, advocates, and referrals.

    Photo of Terra Higginson, Marketing Research Director, SoftwareReviews.

    Terra Higginson
    Marketing Research Director
    SoftwareReviews

    Executive Summary

    Your Challenge

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns
    Sixty percent of marketers find it hard to produce high-quality content consistently. SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.
    Common Obstacles

    Marketers struggle to create content that quickly engages the buyer because they lack:

    • Resources to create a high volume of quality content.
    • True buyer understanding.
    • Experience in how to align technical messaging with the buyer persona.
    • Easy-to-deploy content strategy tools.
    Even though most marketers will say that it’s important to produce interesting content, only 58% of B2B markers take the time to ask their customers what’s important to them. Without a true and deep understanding of buyers, marketers continue to invest their time and resources in an uninteresting product and company-focused diatribe.
    SoftwareReviews’ Approach

    By applying the SoftwareReviews’ message mapping architecture, clients will be able to:

    • Quickly diagnose the current state of their content marketing effectiveness compared to industry metrics.
    • Compare their current messaging approach against the key elements of the Message Map Architecture.
    • Create more compelling and relevant content that aligns with a buyer’s needs and journey.
    • Shrink marketing and sales cycles.
    • Increase the pace of content production.
    Marketers that activate the SoftwareReviews message mapping architecture will be able to crack the code on the formula for improving open and click-through rates.

    SoftwareReviews Insight

    Marketing content that identifies the benefit of the product, along with a deep understanding of the buyer pain points, desired value, and benefit proof-points, is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    Your Challenge

    65% of marketers find it challenging to produce engaging content.

    Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience:

    • High website bounce rates and low time on site
    • Low page views
    • A low percentage of return visitors
    • Low conversions
    • Low open and click-through rates on email campaigns

    A staggering 60% of marketers find it hard to produce high-quality content consistently and 62% don’t know how to measure the ROI of their campaigns according to OptinMonster.

    SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.


    Over 64% of marketers want to learn how to build a better content
    (Source: OptinMonster, 2021)

    Benchmark your content marketing

    Do your content marketing metrics meet the industry-standard benchmarks for the software industry?
    Visualization of industry benchmarks for 'Bounce Rate', 'Organic CTR', 'Pages/Session', 'Average Session Duration', '% of New Sessions', 'Email Open Rate', 'Email CTR', and 'Sales Cycle Length (Days)' with sources linked below.
    GrowRevenue, MarketingSherpa, Google Analytics, FirstPageSage, Google Analytics, HubSpot
    • Leaders will measure content marketing performance against these industry benchmarks.
    • If your content performance falls below these benchmarks, your content architecture may be missing the mark with prospective buyers.

    Common flaws in content messaging

    Why do marketers have a hard time consistently producing messaging that engages the buyer?

    Mistake #1

    Myopic Focus on Company and Product

    Content suffers a low ROI due to a myopic focus on the company and the product. This self-focused content fails to engage prospects and move them through the funnel.

    Mistake #2

    WIIFM Question Unanswered

    Content never answers the fundamental “What’s in it for me?” question due to a lack of true buyer understanding. This leads to an inability to communicate the value proposition to the prospect.

    Mistake #3

    Inability to Select the Right Content Format

    Marketers often guess what kind of content their buyers prefer without any real understanding or research behind what buyers would actually want to consume.

    Leaders Will Avoid the “Big Three” Pitfalls
    • While outdated content, poor content organization on your website, and poor SEO are additional strategic factors (outside the scope of this research), poor messaging structure will doom your content marketing strategy.
    • Leaders will be vigilant to diagnose current messaging structure and avoid:
      1. Making messaging all about you and your company.
      2. Failing to describe what’s in it for your prospects.
      3. Often guessing at what approach to use when structuring your messaging.

    Implications of poor content

    Without quality content, the sales and marketing cycles elongate and content marketing metrics suffer.
    • Lost sales: Research shows that B2B buyers are 57-70% done with their buying research before they ever contact sales.(Worldwide Business Research, 2022)
    • The buyer journey is increasingly digital: Research shows that 67% of the buyer's journey is now done digitally.(Worldwide Business Research, 2022)
    • Wasted time: In a Moz study of 750,000 pieces of content, 50% had zero backlinks, indicating that no one felt these assets were interesting enough to reference or share. (Moz, 2015)
    • Wasted money: SaaS companies spend $342,000 to $1,080,000 per year (or more) on content marketing. (Zenpost, 2022) The wrong content will deliver a poor ROI.

    50% — Half of the content produced has no backlinks. (Source: Moz, 2015)

    Content matters more than ever since 67% of the buyer's journey is now done digitally. (Source: Worldwide Business Research, 2022)

    Benefits of good content

    A content mapping approach lets content marketers:
    • Create highly personalized content. Content mapping helps marketers to create highly targeted content at every stage of the buyer’s journey, helping to nurture leads and prospects toward a purchase decision.
    • Describe “What’s in it for me?” to buyers. Remember that you aren’t your customer. Good content quickly answers the question “What’s in it for me?” (WIIFM) developed from the findings of the buyer persona. WIIFM-focused content engages a prospect within seven seconds.
    • Increase marketing ROI. Content marketing generates leads three times greater than traditional marketing (Patel, 2016).
    • Influence prospects. Investing in a new SaaS product isn’t something buyers do every day. In a new situation, people will often look to others to understand what they should do. Good content uses the principles of authority and social proof to build the core message of WIIFM. Authority can be conferred with awards and accolades, whereas social proof is given through testimonials, case studies, and data.
    • Build competitive advantage. Increase competitive advantage by providing content that aligns with the ideal client profile. Fifty-two percent of buyers said they were more likely to buy from a vendor after reading its content (1827 Marketing, 2022).
    Avoid value claiming. Leaders will use client testimonials as proof points because buyers believe peers more than they believe you.

    “… Since 95 percent of the people are imitators and only 5 percent initiators, people are persuaded more by the actions of others than by any proof we can offer. (Robert Cialdini, Influence: The Psychology of Persuasion)

    Full slide: 'Message Map Architecture'.

    Full slide: 'Message Map Template' with field descriptions and notes.

    Full slide: 'Message Map Template' with field descriptions, no notes.

    Full slide: 'Message Map Template' with blank fields.

    Full slide: 'Message Map Template' with 'Website Example segment.com' filled in fields.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Full slide: 'Website Example segment.com' the website as it appears online with labels on the locations of elements of the message map.

    Email & Social Post Example

    Use the message mapping architecture to create other types of content.

    Examples of emails and social media posts as they appear online with labels on the locations of elements of the message map.

    Insight Summary

    Create Content That Matters

    Marketing content that identifies the benefit of the product along with a deep understanding of the buyer pain points, desired value, and benefit proof-points is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

    What’s in It for Me?

    Most content has a focus on the product and the company. Content that lacks a true and deep understanding of the buyer suffers low engagement and low conversions. Our research shows that all content must answer ”What’s in it for me?” for a prospect.

    Social Proof & Authority

    Buyers that are faced with a new and unusual buying experience (such as purchasing SaaS) look at what others say about the product (social proof) and what experts say about the product (authority) to make buying decisions.

    Scarcity & Loss Framing

    Research shows that scarcity is a strong principle of influence that can be used in marketing messages. Loss framing is a variation of scarcity and can be used by outlining what a buyer will lose instead of what will be gained.

    Unify the Experience

    Use your message map to structure all customer-facing content across Sales, Product, and Marketing and create a unified and consistent experience across all touchpoints.

    Close the Gap

    SaaS marketers often find the gap between product and company-focused content and buyer-focused content to be so insurmountable that they never manage to overcome it without a framework like message mapping.

    Related SoftwareReviews Research

    Sample of 'Create a Buyer Persona and Journey' blueprint.

    Create a Buyer Persona and Journey

    Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.
    • Reduce time and treasure wasted chasing the wrong prospects.
    • Improve product-market fit.
    • Increase open and click-through rates in your lead gen engine.
    • Perform more effective sales discovery and increase eventual win rates.
    Sample of 'Diagnose Brand Health to Improve Business Growth' blueprint.

    Diagnose Brand Health to Improve Business Growth

    Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix it.
    • Importance of brand is recognized, endorsed, and prioritized.
    • Support and resources allocated.
    • All relevant data and information collected in one place.
    • Ability to make data-driven recommendations and decisions on how to improve.
    Sample of 'Build a More Effective Go-to-Market Strategy' blueprint.

    Build a More Effective Go-to-Market Strategy

    Creating a compelling Go-to-Market strategy, and keeping it current, is a critical software company function – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.
    • Align stakeholders on a common vision and execution plan.
    • Build a foundation of buyer and competitive understanding.
    • Deliver a team-aligned launch plan that enables commercial success.

    Bibliography

    Arakelyan, Artash. “How SaaS Companies Increase Their ROI With Content Marketing.” Clutch.co, 27 July 2018. Accessed July 2022.

    Bailyn, Evan. “Average Session Duration: Industry Benchmarks.” FirstPageSage, 16 March 2022. Accessed July 2022.

    Burstein, Daniel. “Marketing Research Chart: Average clickthrough rates by industry.” MarketingSherpa, 1 April 2014. Accessed July 2022.

    Cahoon, Sam. “Email Open Rates By Industry (& Other Top Email Benchmarks).” HubSpot, 10 June 2021. Accessed July 2022.

    Cialdini, Robert. Influence: Science and Practice. 5th ed. Pearson, 29 July 2008. Print.

    Cialdini, Robert. Influence: The Psychology of Persuasion. Revised ed. Harper Business, 26 Dec. 2006. Print.

    Content Marketing—Statistics, Evidence and Trends.” 1827 Marketing, 7 Jan. 2022. Accessed July 2022.

    Devaney, Erik. “Content Mapping 101: The Template You Need to Personalize Your Marketing.” HubSpot, 21 April 2022. Accessed July 2022.

    Hiscox Business Insurance. “Growing Your Business--and Protecting It Every Step of the Way.” Inc.com. 25 April 2022. Accessed July 2022.

    Hurley Hall, Sharon. “85 Content Marketing Statistics To Make You A Marketing Genius.” OptinMonster, 14 Jan. 2021. Accessed July 2022.

    Patel, Neil. “38 Content Marketing Stats That Every Marketer Needs to Know.” NeilPatel.com, 21 Jan. 2016. Web.

    Prater, Meg. “SaaS Sales: 7 Tips on Selling Software from a Top SaaS Company.” HubSpot, 9 June 2021. Web.

    Polykoff, Dave. “20 SaaS Content Marketing Statistics That Lead to MRR Growth in 2022.” Zenpost blog, 22 July 2022. Web.

    Rayson, Steve. “Content, Shares, and Links: Insights from Analyzing 1 Million Articles.” Moz, 8 Sept. 2015. Accessed July 2022.

    “SaaS Content Marketing: How to Measure Your SaaS Content’s Performance.” Ken Moo, 9 June 2022. Accessed July 2022.

    Taylor Gregory, Emily. “Content marketing challenges and how to overcome them.” Longitude, 14 June 2022. Accessed July 2022.

    Visitors Benchmarking Channels. Google Analytics, 2022. Accessed July 2022.

    WBR Insights. “Here's How the Relationship Between B2B Buying, Content, and Sales Reps Has Changed.” Worldwide Business Research, 2022. Accessed July 2022.

    “What’s a good bounce rate? (Here’s the average bounce rate for websites).” GrowRevenue.io, 24 Feb. 2020. Accessed July 2022.

    Digital Data Ethics

    • Download01-Title: Tech Trend Update: If Digital Ethics Then Data Equity
    • Download-01: Visit Link
    • member rating overall impact: 9/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    In the past two years, we've seen that we need quick technology solutions for acute issues. We quickly moved to homeworking and then to a hybrid form. We promptly moved many of our offline habits online.

    That necessitated a boost in data collection from us towards our customers and employees, and business partners.
    Are you sure how to approach this structurally? What is the right thing to do?

    Impact and Results

    • When you partner with another company, set clear expectations
    • When you are building your custom solution, invite constructive criticism
    • When you present yourself as the authority, consider the most vulnerable in the relationship

    innovation

    Prepare Your Organization to Successfully Embrace the “New Normal”

    • Buy Link or Shortcode: {j2store}422|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $61,749 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • The COVID-19 pandemic is creating significant challenges across every sector, but even the deepest crisis will eventually pass. However, many of the changes it has brought to how organizations function are here to stay.
    • As an IT leader, it can be challenging to envision what this future state will look like and how to position IT as a trusted partner to the business to help steer the ship as the crisis abates.

    Our Advice

    Critical Insight

    • Organizations need to cast their gaze into the “New Normal” and determine an appropriate strategy to stabilize their operations, mitigate ongoing challenges, and seize new opportunities that will be presented in a post-COVID-19 world.
    • IT needs to understand the key trends and permanent changes that will exist following the crisis and develop a proactive roadmap for rapidly adapting their technology stack, processes, and resourcing to adjust to the new normal.

    Impact and Result

    • Info-Tech recommends a three-step approach for adapting to the new normal: begin by surveying crucial changes that will occur as a result of the COVID-19 pandemic, assess their relevance to your organization’s unique situation, and create an initiatives roadmap to support the new normal.
    • This mini-blueprint will examine five key themes: changing paradigms for remote work, new product delivery models, more self-service options for customers, greater decentralization and agility for organizational decision making, and a renewed emphasis on security architecture.

    Prepare Your Organization to Successfully Embrace the “New Normal” Research & Tools

    Read the Research

    Understand the five key trends that will persist after the pandemic has passed and create a roadmap of initiatives to help your organization adapt to the "New Normal."

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Prepare Your Organization to Successfully Embrace the “New Normal” Storyboard
    [infographic]

    The First 100 Days As CIO

    • Buy Link or Shortcode: {j2store}540|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $54,525 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: High Impact Leadership
    • Parent Category Link: /lead
    • You’ve been promoted from within to the role of CIO.
    • You’ve been hired externally to take on the role of CIO.

    Our Advice

    Critical Insight

    • Foundational understanding must be achieved before you start. Hit the ground running before day one by using company documents and initial discussions to pin down the company’s type and mode.
    • Listen before you act (usually). In most situations, executives benefit from listening to peers and staff before taking action.
    • Identify quick wins early and often. Fix problems as soon as you recognize them to set the tone for your tenure.

    Impact and Result

    • Collaborate to collect the details needed to identify the right mode for your organization and determine how it will influence your plan.
    • Use Info-Tech’s diagnostic tools to align your vision with that of business executives and form a baseline for future reference.

    The First 100 Days As CIO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the first 100 days of being a new executive is a crucial time that requires the right balance of listening with taking action. See how seven calls with an executive advisor will guide you through this period.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Check in with your executive advisor over seven calls

    Organize your first 100 days as CIO into activities completed within two-week periods, aided by the guidance of an executive advisor.

    • The First 100 Days As CIO – Storyboard
    • Organizational Catalog
    • Cultural Archetype Calculator
    • IT Capability Assessment

    2. Communicate your plan to your manager

    Communicate your strategy with a presentation deck that you will complete in collaboration with Info-Tech advisors.

    • The First 100 Days As CIO – Presentation Deck

    3. View an example of the final presentation

    See an example of a completed presentation deck, from the new CIO of Gotham City.

    • The First 100 Days As CIO – Presentation Deck Example

    4. Listen to our podcast

    Check out The Business Leadership podcast in Info-Tech's special series, The First 100 Days.

    • "The First 100 Days" Podcast – Alan Fong, CTO, DealerFX
    • "The First 100 Days" Podcast – Denis Gaudreault, country manager for Intel’s Canada and Latin America region
    • "The First 100 Days" Podcast – Dave Penny & Andrew Wertkin, BlueCat
    • "The First 100 Days" Podcast – Susan Bowen, CEO, Aptum
    • "The First 100 Days" Podcast – Wayne Berger, CEO IWG Plc Canada and Latin America
    • "The First 100 Days" Podcast – Eric Wright, CEO, LexisNexis Canada
    • "The First 100 Days" Podcast – Erin Bury, CEO, Willful
    [infographic]

    Further reading

    The First 100 Days As CIO

    Partner with Info-Tech for success in this crucial period of transition.

    Analyst Perspective

    The first 100 days refers to the 10 days before you start and the first three months on the job.

    “The original concept of ‘the first 100 days’ was popularized by Franklin Delano Roosevelt, who passed a battery of new legislation after taking office as US president during the Great Depression. Now commonly extended to the business world, the first 100 days of any executive role is a critically important period for both the executive and the organization.

    But not every new leader should follow FDR’s example of an action-first approach. Instead, finding the right balance of listening and taking action is the key to success during this transitional period. The type of the organization and the mode that it’s in serves as the fulcrum that determines where the point of perfect balance lies. An executive facing a turnaround situation will want to focus on more action more quickly. One facing a sustaining success situation or a realignment situation will want to spend more time listening before taking action.” (Brian Jackson, Research Director, CIO, Info-Tech Research Group)

    Executive summary

    Situation

    • You’ve been promoted from within to the role of CIO.
    • You’ve been hired externally to take on the role of CIO.

    Complication

    Studies show that two years after a new executive transition, as many as half are regarded as failures or disappointments (McKinsey). First impressions are hard to overcome, and a CIO’s first 100 days are heavily weighted in terms of how others will assess their overall success. The best way to approach this period is determined by both the size and the mode of an organization.

    Resolution

    • Work with Info-Tech to prepare a 100-day plan that will position you for success.
    • Collaborate to collect the details needed to identify the right mode for your organization and determine how it will influence your plan.
    • Use Info-Tech’s diagnostic tools to align your vision with that of business executives and form a baseline for future reference.

    Info-Tech Insight

    1. Foundational understanding must be achieved before you start.
      Hit the ground running before day one by using company documents and initial discussions to pin down the company’s type and mode.
    2. Listen before you act (usually).
      In most situations, executives benefit from listening to peers and staff before taking action.
    3. Identify quick wins early and often.
      Fix problems as soon as you recognize them to set the tone for your tenure.

    The First 100 Days: Roadmap

    A roadmap timeline of 'The 100-Day Plan' for your first 100 days as CIO and related Info-Tech Diagnostics. Step A: 'Foundational Preparation' begins 10 days prior to your first day. Step B: 'Management's Expectations' is Days 0 to 30, with the diagnostic 'CIO-CEO Alignment'. Step C: 'Assessing the IT Team' is Days 10 to 75, with the diagnostics 'IT M&G Diagnostic' at Day 30 and 'IT Staffing Assessment' at Day 60. Step D: 'Assess the Key Stakeholders' is Days 40 to 85 with the diagnostic 'CIO Business Vision Survey'. Step E: 'Deliver First-Year Plan' is Days 80 to 100.

    Concierge service overview

    Organize a call with your executive advisor every two weeks during your first 100 days. Info-Tech recommends completing our diagnostics during this period. If you’re not able to do so, instead complete the alternative activities marked with (a).

    Call 1 Call 2 Call 3 Call 4 Call 5 Call 6 Call 7
    Activities
    Before you start: Day -10 to Day 1
    • 1.1 Interview your predecessor.
    • 1.2 Learn the corporate structure.
    • 1.3 Determine STARS mode.
    • 1.4 Create a one-page intro sheet.
    • 1.5 Update your boss.
    Day 0 to 15
    • 2.1 Introduce yourself to your team.
    • 2.2 Document your sphere of influence.
    • 2.3 Complete a competitor array.
    • 2.4 Complete the CEO-CIO Alignment Program.
    • 2.4(a) Agree on what success looks like with the boss.
    • 2.5 Inform team of IT M&G Framework.
    Day 16 to 30
    • 3.1 Determine the team’s cultural archetype.
    • 3.2 Create a cultural adjustment plan.
    • 3.3 Initiate IT M&G Diagnostic.
    • 3.4 Conduct a high-level analysis of current IT capabilities.
    • 3.4 Update your boss.
    Day 31 to 45
    • 4.1 Inform stakeholders about CIO Business Vision survey.
    • 4.2 Get feedback on initial assessments from your team.
    • 4.3 Initiate CIO Business Vision survey.
    • 4.3(a) Meet stakeholders and catalog details.
    Day 46 to 60
    • 5.1 Inform the team that you plan to conduct an IT staffing assessment.
    • 5.2 Initiate the IT Staffing Assessment.
    • 5.3 Quick wins: Make recommend-ations based on CIO Business Vision Diagnostic/IT M&G Framework.
    • 5.4 Update your boss.
    Day 61 to 75
    • 6.1 Run a start, stop, continue exercise with IT staff.
    • 6.2 Make a categorized vendor list.
    • 6.3 Determine the alignment of IT commitments with business objectives.
    Day 76 to 90
    • 7.1 Finalize your vision – mission – values statement.
    • 7.2 Quick Wins: Make recommend-ations based on IT Staffing Assessment.
    • 7.3 Create and communicate a post-100-day plan.
    • 7.4 Update your boss.
    Deliverables Presentation Deck Section A: Foundational Preparation Presentation Deck slides 9, 11-13, 19-20, 29 Presentation Deck slides 16, 17, 21 Presentation Deck slides 30, 34 Presentation Deck slides 24, 25, 2 Presentation Deck slides 27, 42

    Call 1

    Before you start: Day -10 to Day 1

    Interview your predecessor

    Interviewing your predecessor can help identify the organization’s mode and type.

    Before reaching out to your predecessor, get a sense of whether they were viewed as successful or not. Ask your manager. If the predecessor remains within the organization in a different role, understand your relationship with them and how you'll be working together.

    During the interview, make notes about follow-up questions you'll ask others at the organization.

    Ask these open-ended questions in the interview:

    • Tell me about the team.
    • Tell me about your challenges.
    • Tell me about a major project your team worked on. How did it go?
    • Who/what has been helpful during your tenure?
    • Who/what created barriers for you?
    • What do your engagement surveys reveal?
    • Tell me about your performance management programs and issues.
    • What mistakes would you avoid if you could lead again?
    • Why are you leaving?
    • Could I reach out to you again in the future?

    Learn the corporate structure

    Identify the organization’s corporate structure type based on your initial conversations with company leadership. The type of structure will dictate how much control you'll have as a functional head and help you understand which stakeholders you'll need to collaborate with.

    To Do:

    • Review the organization’s structure list and identify whether the structure is functional, prioritized, or a matrix. If it's a matrix organization, determine if it's a strong matrix (project manager holds more authority), weak matrix (functional manager holds more authority), or balanced matrix (managers hold equal authority).

    Functional

    • Most common structure.
    • Traditional departments such as sales, marketing, finance, etc.
    • Functional managers hold most authority.

    Projectized

    • Most programs are implemented through projects with focused outcomes.
    • Teams are cross-functional.
    • Project managers hold the most authority.

    Matrix

    • Combination of projectized and functional.
    • Organization is a dynamic environment.
    • Authority of functional manager flows down through division, while authority of project manager flows sideways through teams.

    This organization is a ___________________ type.

    (Source: Simplilearn)

    Presentation Deck, slide 6

    Determine the mode of the organization: STARS

    Based on your interview process and discussions with company leadership, and using Michael Watkins’ STARS assessment, determine which mode your organization is in: startup, turnaround, accelerated growth, realignment, or sustaining success.

    Knowing the mode of your organization will determine how you approach your 100-day plan. Depending on the mode, you'll rebalance your activities around the three categories of assess, listen, and deliver.

    To Do:

    • Review the STARS table on the right.

    Based on your situation, prioritize activities in this way:

    • Startup: assess, listen, deliver
    • Turnaround: deliver, listen, assess
    • Accelerated Growth: assess, listen, deliver
    • Realignment: listen, assess, deliver
    • Sustaining success: listen, assess, deliver

    This organization is a ___________________ type.

    (Source: Watkins, 2013.)

    Presentation Deck, slide 6

    Determine the mode of the organization: STARS

    STARS Startup Turnaround Accelerated Growth Realignment Sustaining Success
    Definition Assembling capabilities to start a project. Project is widely seen as being in serious trouble. Managing a rapidly expanding business. A previously successful organization is now facing problems. A vital organization is going to the next level.
    Challenges Must build strategy, structures, and systems from scratch. Must recruit and make do with limited resources. Stakeholders are demoralized; slash and burn required. Requires structure and systems to scale; hiring and onboarding. Employees need to be convinced change is needed; restructure at the top required. Risk of living in shadow of a successful former leader.
    Advantages No rigid preconceptions. High-energy environment and easy to pivot. A little change goes a long way when people recognize the need. Motivated employee base willing to stretch. Organization has clear strengths; people desire success. Likely a strong team; foundation for success likely in place.

    Satya Nadella's listen, lead, and launch approach

    CASE STUDY

    Industry Software
    Source Gregg Keizer, Computerworld, 2014

    When Satya Nadella was promoted to the CEO role at Microsoft in 2014, he received a Glassdoor approval rating of 85% and was given an "A" grade by industry analysts after his first 100 days. What did he do right?

    • Created a sense of urgency by shaking up the senior leadership team.
    • Already understood the culture as an insider.
    • Listened a lot and did many one-on-one meetings.
    • Established a vision communicated with a mantra that Microsoft would be "mobile-first, cloud-first."
    • Met his words with actions. He launched Office for iPad and made many announcements for cloud platform Azure.
    Photo of Satya Nadella, CEO, Microsoft Corp.
    Satya Nadella, CEO, Microsoft Corp. (Image source: Microsoft)

    Listen to 'The First 100 Days' podcast – Alan Fong

    Create a one-page introduction sheet to use in communications

    As a new CIO, you'll have to introduce yourself to many people in the organization. To save time on communicating who you are as a person outside of the office, create a brief one-pager that includes a photo of you, where you were born and raised, and what your hobbies are. This helps make a connection more quickly so your conversations can focus on the business at hand rather than personal topics.

    For your presentation deck, remove the personal details and just keep it professional. The personal aspects can be used as a one-pager for other communications. (Source: Personal interview with Denis Gaudreault, Country Lead, Intel.)

    Presentation Deck, slide 5

    Call 2

    Day 1 to Day 15

    Introduce yourself to your team

    Prepare a 20-second pitch about yourself that goes beyond your name and title. Touch on your experience that's relevant to your new role or the industry you're in. Be straightforward about your own perceived strengths and weaknesses so that people know what to expect from you. Focus on the value you believe you'll offer the group and use humor and humility where you're comfortable. For example:

    “Hi everyone, my name is John Miller. I have 15 years of experience marketing conferences like this one to vendors, colleges, and HR departments. What I’m good at, and the reason I'm here, is getting the right people, businesses, and great ideas in a room together. I'm not good on details; that's why I work with Tim. I promise that I'll get people excited about the conference, and the gifts and talents of everyone else in this room will take over from there. I'm looking forward to working with all of you.”

    Have a structured set of questions ready that you can ask everyone.

    For example:
    • How well is the company performing based on expectations?
    • What must the company do to sustain its financial performance and market competitiveness?
    • How do you foresee the CIO contributing to the team?
    • How have past CIOs performed from the perspective of the team?
    • What would successful performance of this role look like to you? To your peers?
    • What challenges and obstacles to success am I likely to encounter? What were the common challenges of my predecessor?
    • How do you view the culture here and how do successful projects tend to get approved?
    • What are your greatest challenges? How could I help you?

    Get to know your sphere of influence: prepare to connect with a variety of people before you get down to work

    Your ability to learn from others is critical at every stage in your first 100 days. Keep your sphere of influence in the loop as you progress through this period.

    A diagram of circles within circles representing your spheres of influence. The smallest circle is 'IT Leaders' and is noted as your 'Immediate circle'. The next largest circle is 'IT Team', then 'Peers - Business Leads', then 'Internal Clients' which is noted as you 'Extended circle'. The largest circle is 'External clients'.

    Write down the names, or at least the key people, in each segment of this diagram. This will serve as a quick reference when you're planning communications with others and will help you remember everyone as you're meeting lots of new people in your early days on the job.

    • Everyone knows their networks are important.
    • However, busy schedules can cause leaders to overlook their many audiences.
    • Plan to meet and learn from all people in your sphere to gain a full spectrum of insights.

    Presentation Deck, slide 29

    Identify how your competitors are leveraging technology for competitive advantage

    Competitor identification and analysis are critical steps for any new leader to assess the relative strengths and weaknesses of their organization and develop a sense of strategic opportunity and environmental awareness.

    Today’s CIO is accountable for driving innovation through technology. A competitive analysis will provide the foundation for understanding the current industry structure, rivalry within it, and possible competitive advantages for the organization.

    Surveying your competitive landscape prior to the first day will allow you to come to the table prepared with insights on how to support the organization and ensure that you are not vulnerable to any competitive blind spots that may exist in the evaluations conducted by the organization already.

    You will not be able to gain a nuanced understanding of the internal strengths and weaknesses until you are in the role, so focus on the external opportunities and how competitors are using technology to their advantage.

    Info-Tech Best Practice

    For a more in-depth approach to identifying and understanding relevant industry trends and turning them into insights, leverage the following Info-Tech blueprints:

    Presentation Deck, slide 9

    Assess the external competitive environment

    Associated Activity icon

    INPUT: External research

    OUTPUT: Competitor array

    1. Conduct a broad analysis of the industry as a whole. Seek to answer the following questions:
      1. Are there market developments or new markets?
      2. Are there industry or lifestyle trends, e.g. move to mobile?
      3. Are there geographic changes in the market?
      4. Are there demographic changes that are shaping decision making?
      5. Are there changes in market demand?
    2. Create a competitor array by identifying and listing key competitors. Try to be as broad as possible here and consider not only entrenched close competitors but also distant/future competitors that may disrupt the industry.
    3. Identify the strengths, weaknesses, and key brand differentiators that each competitor brings to the table. For each strength and differentiator, brainstorm ways that IT-based innovation enables each. These will provide a toolkit for deeper conversations with your peers and your business stakeholders as you move further into your first 100 days.
    Competitor Strengths Weaknesses Key Differentiators IT Enablers
    Competitor 1
    Competitor 2
    Competitor 3

    Complete the CEO-CIO Alignment Program

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: CEO-CEO Alignment Program (recommended)

    OUTPUT: Desired and target state of IT maturity, Innovation goals, Top priorities

    Materials: Presentation Deck, slides 11-13

    Participants: CEO, CIO

    Introduce the concept of the CEO-CIO Alignment Program using slide 10 of your presentation deck and the brief email text below.

    Talk to your advisory contact at Info-Tech about launching the program. More information is available on Info-Tech’s website.

    Once the report is complete, import the results into your presentation:

    • Slide 11, the CEO’s current and desired states
    • Slide 12, IT innovation goals
    • Slide 13, top projects and top departments from the CEO and the CIO

    Include any immediate recommendations you have.

    Hello CEO NAME,

    I’m excited to get started in my role as CIO, and to hit the ground running, I’d like to make sure that the IT department is aligned with the business leadership. We will accomplish this using Info-Tech Research Group’s CEO-CIO Alignment Program. It’s a simple survey of 20 questions to be completed by the CEO and the CIO.

    This survey will help me understand your perception and vision as I get my footing as CIO. I’ll be able to identify and build core IT processes that will automate IT-business alignment going forward and create an effective IT strategy that helps eliminate impediments to business growth.

    Research shows that IT departments that are effectively aligned to business goals achieve more success, and I’m determined to make our IT department as successful as possible. I look forward to further detailing the benefits of this program to you and answering any questions you may have the next time we speak.

    Regards,
    CIO NAME

    New KPIs for CEO-CIO Alignment — Recommended

    Info-Tech CEO-CIO Alignment Program

    Info-Tech's CEO-CIO Alignment Program is set up to build IT-business alignment in any organization. It helps the CIO understand CEO perspectives and priorities. The exercise leads to useful IT performance indicators, clarifies IT’s mandate and which new technologies it should invest in, and maps business goals to IT priorities.

    Benefits

    Master the Basics
    Cut through the jargon.
    Take a comprehensive look at the CEO perspective.
    Target Alignment
    Identify how IT can support top business priorities. Address CEO-CIO differences.
    Start on the Right Path
    Get on track with the CIO vision. Use correct indicators and metrics to evaluate IT from day one.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    The desired maturity level of IT — Alternative

    Associated Activity icon Use only if you can’t complete the CEO-CIO Alignment Program

    Step 1: Where are we today?

    Determine where the CEO sees the current overall maturity level of the IT organization.

    Step 2: Where do we want to be as an organization?

    Determine where the CEO wants the IT organization to be in order to effectively support the strategic direction of the business.

    A colorful visual representation of the different IT maturity levels. At the bottom is 'STRUGGLE, Unable to Provide Reliable Business Services', then moving upwards are 'SUPPORT, Reliable Infrastructure and IT Service Desk', 'OPTIMIZE, Effective Fulfillment of Work Orders, Functional Business Applications, and Reliable Service Management', 'EXPAND, Effective Execution on Business Projects, Strategic Use of Analytics and Customer Technology', and at the top is 'TRANSFORM, Reliable Technology Innovation'.

    Presentation Deck, slide 11

    Tim Cook's powerful use of language

    CASE STUDY

    Industry Consumer technology
    Source Carmine Gallo, Inc., 2019

    Apple CEO Tim Cook, an internal hire, had big shoes to fill after taking over from the late Steve Jobs. Cook's ability to control how the company is perceived is a big credit to his success. How does he do it? His favorite five words are “The way I see it..." These words allow him to take a line of questioning and reframe it into another perspective that he wants to get across. Similarly, he'll often say, "Let me tell you the way I look at it” or "To put it in perspective" or "To put it in context."

    In your first two weeks on the job, try using these phrases in your conversations with peers and direct reports. It demonstrates that you value their point of view but are independently coming to conclusions about the situation at hand.

    Photo of Tim Cook, CEO, Apple Inc.
    Tim Cook, CEO, Apple Inc. (Image source: Apple)

    Listen to 'The First 100 Days' podcast – Denis Gaudreault

    Inform your team that you plan to do an IT Management & Governance Diagnostic survey

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: IT Management & Governance Diagnostic (recommended)

    OUTPUT: Process to improve first, Processes important to the business

    Materials: Presentation Deck, slides 19-20

    Participants: CIO, IT staff

    Introduce the IT Management & Governance Diagnostic survey that will help you form your IT strategy.

    Explain that you want to understand current IT capabilities and you feel a formal approach is best. You’ll also be using this approach as an important metric to track your department’s success. Tell them that Info-Tech Research Group will be conducting the survey and it’s important to you that they take action on the email when it’s sent to them.

    Example email:

    Hello TEAM,

    I appreciate meeting each of you, and so far I’m excited about the talents and energy on the team. Now I need to understand the processes and capabilities of our department in a deeper way. I’d like to map our process landscape against an industry-wide standard, then dive deeper into those processes to understand if our team is aligned. This will help us be accountable to the business and plan the year ahead. Advisory firm Info-Tech Research Group will be reaching out to you with a simple survey that shouldn’t take too long to complete. It’s important to me that you pay attention to that message and complete the survey as soon as possible.

    Regards,
    CIO NAME

    Call 3

    Day 16 to Day 30

    Leverage team interviews as a source of determining organizational culture

    Info-Tech recommends that you hold group conversations with your team to uncover their opinions of the current organizational culture. This not only helps build transparency between you and your team but also gives you another means of observing behavior and reactions as you listen to team members’ characterizations of the current culture.

    A visualization of the organizational culture of a company asks the question 'What is culture?' Five boxes are stacked, the bottom two are noted as 'The invisible causes' and the top two are noted as 'The visible signs'. From the bottom, 'Fundamental assumptions and beliefs', 'Values and attitudes', 'The way we do things around here', 'Behaviors', and at the top, 'Environment'. (Source: Hope College Blog Network)

    Note: It is inherently difficult for people to verbalize what constitutes a culture – your strategy for extracting this information will require you to ask indirect questions to solicit the highest value information.

    Questions for Discussion:

    • What about the current organizational environment do you think most contributes to your success?
    • What barriers do you experience as you try to accomplish your work?
    • What is your favorite quality that is present in our organization?
    • What is the one thing you would most like to change about this organization?
    • Do the organization's policies and procedures support your efforts to accomplish work or do they impede your progress?
    • How effective do you think IT’s interactions are with the larger organization?
    • What would you consider to be IT’s top three guiding principles?
    • What kinds of people fail in this organization?

    Supporting Tool or Template icon See Info-Tech’s Cultural Archetype Calculator.

    Use the Competing Values Framework to define your organization’s cultural archetype

    THE COMPETING VALUES FRAMEWORK (CVF):

    CVF represents the synthesis of academic study of 39 indicators of effectiveness for organizations. Using a statistical analysis, two polarities that are highly predictive of differences in organizational effectiveness were isolated:

    1. Internal focus and integration vs. external focus and differentiation.
    2. Stability and control vs. flexibility and discretion.

    By plotting these dimensions on a matrix of competing values, four main cultural archetypes are identified with their own value drivers and theories of effectiveness.

    A map of cultural archetypes with 'Internal control and integration' on the left, 'External focus and differentiation' on the right, 'Flexibility and discretion' on top, and 'Stability and control' on the bottom. Top left is 'Clan Archetype', internal and flexible. Top right is 'Adhocracy Archetype', external and flexible. Bottom left is 'Hierarchy Archetype', internal and controlled. Bottom right is 'Market Archetype', external and controlled.

    Presentation Deck, slide 16

    Create a cultural adjustment plan

    Now that you've assessed the cultural archetype, you can plan an appropriate approach to shape the culture in a positive way. When new executives want to change culture, there are a few main options at hand:

    Autonomous evolution: Encourage teams to learn from each other. Empower hybrid teams to collaborate and reward teams that perform well.

    Planned and managed change: Create steering committee and project-oriented taskforces to work in parallel. Appoint employees that have cultural traits you'd like to replicate to hold responsibility for these bodies.

    Cultural destruction: When a toxic culture needs to be eliminated, get rid of its carriers. Putting new managers or directors in place with the right cultural traits can be a swift and effective way to realign.

    Each option boils down to creating the right set of incentives and deterrents. What behaviors will you reward and which ones will you penalize? What do those consequences look like? Sometimes, but not always, some structural changes to the team will be necessary. If you feel these changes should be made, it's important to do it sooner rather than later. (Source: “Enlarging Your Sphere of Influence in Your Organization,” MindTools Corporate, 2014.)

    As you're thinking about shaping a desired culture, it's helpful to have an easy way to remember the top qualities you want to espouse. Try creating an acronym that makes it easy for staff to remember. For example: RISE could remind your staff to be Responsive, Innovative, Sustainable, and Engaging (RISE). Draw upon your business direction from your manager to help produce desired qualities (Source: Jennifer Schaeffer).

    Presentation Deck, slide 17

    Gary Davenport’s welcome “surprise”

    CASE STUDY

    Industry Telecom
    Source Interview with Gary Davenport

    After Gary Davenport was hired on as VP of IT at MTS Allstream, his first weekend on the job was spent at an all-executive offsite meeting. There, he learned from the CEO that the IT department had a budget reduction target of 25%, like other departments in the company. “That takes your breath away,” Davenport says.

    He decided to meet the CEO monthly to communicate his plans to reduce spending while trying to satisfy business stakeholders. His top priorities were:

    1. Stabilize IT after seven different leaders in a five-year period.
    2. Get the IT department to be respected. To act like business owners instead of like servants.
    3. Better manage finances and deliver on projects.

    During Davenport’s 7.5-year tenure, the IT department became one of the top performers at MTS Allstream.

    Photo of Gary Davenport.
    Gary Davenport’s first weekend on the job at MTS Allstream included learning about a 25% reduction target. (Image source: Ryerson University)

    Listen to 'The First 100 Days' podcast – David Penny & Andrew Wertkin

    Initiate IT Management & Governance Diagnostic — Recommended

    Info-Tech Management & Governance Diagnostic

    Talk to your Info-Tech executive advisor about launching the survey shortly after informing your team to expect it. You'll just have to provide the names and email addresses of the staff you want to be involved. Once the survey is complete, you'll harvest materials from it for your presentation deck. See slides 19 and 20 of your deck and follow the instructions on what to include.

    Benefits

    A sample of the 'High Level Process Landscape' materials available from Info-Tech. A sample of the 'Strategy and Governance In Depth Results' materials available from Info-Tech. A sample of the 'Process Accountability' materials available from Info-Tech.
    Explore IT Processes
    Dive deeper into performance. Highlight problem areas.
    Align IT Team
    Build consensus by identifying opposing views.
    Ownership & Accountability
    Identify process owners and hold team members accountable.

    Supporting Tool or Template icon Additional materials available on Info-Tech’s website.

    Conduct a high-level analysis of current IT capabilities — Alternative

    Associated Activity icon

    INPUT: Interviews with IT leadership team, Capabilities graphic on next slide

    OUTPUT: High-level understanding of current IT capabilities

    Run this activity if you're not able to conduct the IT Management & Governance Diagnostic.

    Schedule meetings with your IT leadership team. (In smaller organizations, interviewing everyone may be acceptable.) Provide them a list of the core capabilities that IT delivers upon and ask them to rate them on an effectiveness scale of 1-5, with a short rationale for their score.

    • 1. Not effective (NE)
    • 2. Somewhat Effective (SE)
    • 3. Effective (E)
    • 4. Very Effective (VE)
    • 5. Extremely Effective (EE)

    Presentation Deck, slide 21

    Use the following set of IT capabilities for your assessment

    Strategy & Governance

    IT Governance Strategy Performance Measurement Policies Quality Management Innovation

    People & Resources

    Stakeholder Management Resource Management Financial Management Vendor Selection & Contract Management Vendor Portfolio Management Workforce Strategy Strategic Comm. Organizational Change Enablement

    Service Management & Operations

    Operations Management Service Portfolio Management Release Management Service Desk Incident & Problem Management Change Management Demand Management

    Infrastructure

    Asset Management Infrastructure Portfolio Management Availability & Capacity Management Infrastructure Management Configuration Management

    Information Security & Risk

    Security Strategy Risk Management Compliance, Audit & Review Security Detection Response & Recovery Security Prevention

    Applications

    Application Lifecycle Management Systems Integration Application Development User Testing Quality Assurance Application Maintenance

    PPM & Projects

    Portfolio Management Requirements Gathering Project Management

    Data & BI

    Data Architecture BI & Reporting Data Quality & Governance Database Operations Enterprise Content Management

    Enterprise Architecture

    Enterprise Architecture Solution Architecture

    Quick wins: CEO-CIO Alignment Program

    Complete this while waiting on the IT M&G survey results. Based on your completed CEO-CIO Alignment Report, identify the initiatives you can tackle immediately.

    If you are here... And want to be here... Drive toward... Innovate around...
    Business Partner Innovator Leading business transformation
    • Emerging technologies
    • Analytical capabilities
    • Risk management
    • Customer-facing tech
    • Enterprise architecture
    Trusted Operator Business Partner Optimizing business process and supporting business transformation
    • IT strategy and governance
    • Business architecture
    • Projects
    • Resource management
    • Data quality
    Firefighter Trusted Operator Optimize IT processes and services
    • Business applications
    • Service management
    • Stakeholder management
    • Work orders
    Unstable Firefighter Reduce use disruption and adequately support the business
    • Network and infrastructure
    • Service desk
    • Security
    • User devices

    Call 4

    Day 31 to Day 45

    Inform your peers that you plan to do a CIO Business Vision survey to gauge your stakeholders’ satisfaction

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: CIO Business Vision survey (recommended)

    OUTPUT: True measure of business satisfaction with IT

    Materials: Presentation Deck, slide 30

    Participants: CIO, IT staff

    Meet the business leaders at your organization face-to-face if possible. If you can't meet in person, try a video conference to establish some rapport. At the end of your introduction and after listening to what your colleague has to say, introduce the CIO Business Vision Diagnostic.

    Explain that you want to understand how to meet their business needs and you feel a formal approach is best. You'll also be using this approach as an important metric to track your department's success. Tell them that Info-Tech Research Group will be conducting the survey and it’s important to you that they take the survey when the email is sent to them.

    Example email:

    Hello PEER NAMES,

    I'm arranging for Info-Tech Research Group to invite you to take a survey that will be important to me. The CIO Business Vision survey will help me understand how to meet your business needs. It will only take about 15 minutes of your time, and the top-line results will be shared with the organization. We will use the results to plan initiatives for the future that will improve your satisfaction with IT.

    Regards,
    CIO NAME

    Gain feedback on your initial assessments from your IT team

    There are two strategies for gaining feedback on your initial assessments of the organization from the IT team:

    1. Review your personal assessments with the relevant members of your IT organization as a group. This strategy can help to build trust and an open channel for communication between yourself and your team; however, it also runs the risk of being impacted by groupthink.
    2. Ask for your team to complete their own assessments for you to compare and contrast. This strategy can help extract more candor from your team, as they are not expected to communicate what may be nuanced perceptions of organizational weaknesses or criticisms of the way certain capabilities function.

    Who you involve in this process will be impacted by the size of your organization. For larger organizations, involve everyone down to the manager level. In smaller organizations, you may want to involve everyone on the IT team to get an accurate lay of the land.

    Areas for Review:

    • Strategic Document Review: Are there any major themes or areas of interest that were not covered in my initial assessment?
    • Competitor Array: Are there any initiatives in flight to leverage new technologies?
    • Current State of IT Maturity: Does IT’s perception align with the CEO’s? Where do you believe IT has been most effective? Least effective?
    • IT’s Key Priorities: Does IT’s perception align with the CEO’s?
    • Key Performance Indicators: How has IT been measured in the past?

    Info-Tech Best Practice

    You need your team’s hearts and minds or you risk a short tenure. Overemphasizing business commitment by neglecting to address your IT team until after you meet your business stakeholders will result in a disenfranchised group. Show your team their importance.

    Susan Bowen's talent maximization

    CASE STUDY

    Industry Infrastructure Services
    Source Interview with Susan Bowen

    Susan Bowen was promoted to be the president of Cogeco Peer 1, an infrastructure services firm, when it was still a part of Cogeco Communications. Part of her mandate was to help spin out the business to a new owner, which occurred when it was acquired by Digital Colony. The firm was renamed Aptum and Bowen was put in place as CEO, which was not a certainty despite her position as president at Cogeco Peer 1. She credits her ability to put the right talent in the right place as part of the reason she succeeded. After becoming president, she sought a strong commitment from her directors. She gave them a choice about whether they'd deliver on a new set of expectations – or not. She also asks her leadership on a regular basis if they are using their talent in the right way. While it's tempting for directors to want to hold on to their best employees, those people might be able to enable many more people if they can be put in another place.

    Bowen fully rounded out her leadership team after Aptum was formed. She created a chief operating officer and a chief infrastructure officer. This helped put in place more clarity around roles at the firm and put an emphasis on client-facing services.

    Photo of Susan Bowen, CEO, Aptum.
    Susan Bowen, CEO, Aptum (Image source: Aptum)

    Listen to 'The First 100 Days' podcast – Susan Bowen

    Initiate CIO Business Vision survey – new KPIs for stakeholder management — Recommended

    Info-Tech CIO Business Vision

    Be sure to effectively communicate the context of this survey to your business stakeholders before you launch it. Plan to talk about your plans to introduce it in your first meetings with stakeholders. When ready, let your executive advisor know you want to launch the tool and provide the names and email addresses of the stakeholders you want involved. After you have the results, harvest the materials required for your presentation deck. See slide 30 and follow the instructions on what to include.

    Benefits

    Icon for Key Stakeholders. Icon for Credibility. Icon for Improve. Icon for Focus.
    Key Stakeholders
    Clarify the needs of the business.
    Credibility
    Create transparency.
    Improve
    Measure IT’s progress.
    Focus
    Find what’s important.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    Create a catalog of key stakeholder details to reference prior to future conversations — Alternative

    Only conduct this activity if you’re not able to run the CIO Business Vision diagnostic.

    Use the Organizational Catalog as a personal cheat sheet to document the key details around each of your stakeholders, including your CEO when possible.

    The catalog will be an invaluable tool to keep the competing needs of your different stakeholders in line, while ensuring you are retaining the information to build the political capital needed to excel in the C-suite.

    Note: It is important to keep this document private. While you may want to communicate components of this information, ensure your catalog remains under lock and (encryption) key.

    Screenshot of the Organizational Catalog for Stakeholders. At the top are spaces for 'Name', 'Job Title', etc. Boxes include 'Key Personal Details', 'Satisfaction Levels With IT', 'Preferred Communications', 'Key Activities', 'In-Flight and Scheduled Projects', 'Key Performance Indicators', and 'Additional Details'.

    Info-Tech Insight

    While profiling your stakeholders is important, do not be afraid to profile yourself as well. Visualizing how your interests overlap with those of your stakeholders can provide critical information on how to manage your communications so that those on the receiving end are hearing exactly what they need.

    Activity: Conduct interviews with your key business stakeholders — Alternative

    Associated Activity icon

    1. Once you have identified your key stakeholders through your interviews with your boss and your IT team, schedule a set of meetings with those individuals.
    2. Use the meetings to get to know your stakeholders, their key priorities and initiatives, and their perceptions of the effectiveness of IT.
      1. Use the probative questions to the right to elicit key pieces of information.
      2. Refer to the Organizational Catalog tool for more questions to dig deeper in each category. Ensure that you are taking notes separate from the tool and are keeping the tool itself secure, as it will contain private information specific to your interests.
    3. Following each meeting, record the results of your conversation and any key insights in the Organizational Catalog. Refer to the following slide for more details.

    Questions for Discussion:

    • Be indirect about your personal questions – share stories that will elicit details about their interests, kids, etc.
    • What are your most critical/important initiatives for the year?
    • What are your key revenue streams, products, and services?
    • What are the most important ways that IT supports your success? What is your satisfaction level with those services?
    • Are there any current in-flight projects or initiatives that are a current pain point? How can IT assist to alleviate challenges?
    • How is your success measured? What are your targets for the year on those metrics?

    Presentation Deck, slide 34

    Call 5

    Day 46 to Day 60

    Inform your team that you plan to do an IT staffing assessment

    Associated Activity icon Introduce the IT Staffing Assessment that will help you get the most out of your team

    INPUT: Email template

    OUTPUT: Ready to launch diagnostic

    Materials: Email template, List of staff, Sample of diagnostic

    Participants: CIO, IT staff

    Explain that you want to understand how the IT staff is currently spending its time by function and by activity. You want to take a formal approach to this task and also assess the team’s feelings about its effectiveness across different processes. The results of the assessment will serve as the foundation that helps you improve your team’s effectiveness within the organization.

    Example email:

    Hello PEER NAMES,

    The feedback I've heard from the team since joining the company has been incredibly useful in beginning to formulate my IT strategy. Now I want to get a clear picture of how everyone is spending their time, especially across different IT functions and activities. This will be an opportunity for you to share feedback on what we're doing well, what we need to do more of, and what we're missing. Expect to receive an email invitation to take this survey from Info-Tech Research Group. It's important to me that you complete the survey as soon as you're can. Attached you’ll find an example of the report this will generate. Thank you again for providing your time and feedback.

    Regards,
    CIO NAME

    Wayne Berger's shortcut to solve staffing woes

    CASE STUDY

    Industry Office leasing
    Source Interview with Wayne Berger

    Wayne Berger was hired to be the International Workplace Group (IWG) CEO for Canada and Latin America in 2014.

    Wayne approached his early days with the office space leasing firm as a tour of sorts, visiting nearly every one of the 48 office locations across Canada to host town hall meetings. He heard from staff at every location that they felt understaffed. But instead of simply hiring more staff, Berger actually reduced the workforce by 33%.

    He created a more flexible approach to staffing:

    • Employees no longer just reported to work at one office; instead, they were ready to go to wherever they were most needed in a specific geographic area.
    • He centralized all back-office functions for the company so that not every office had to do its own bookkeeping.
    • Finally, he changed the labor profile to consist of full-time staff, part-time staff, and time-on-demand workers.
    Photo of Wayne Berger, CEO, IWG Plc.
    Wayne Berger, CEO, IWG Plc (Image source: IWG)

    Listen to 'The First 100 Days' podcast – Wayne Berger

    Initiate IT Staffing Assessment – new KPIs to track IT performance — Recommended

    Info-Tech IT Staffing Assessment

    Info-Tech’s IT Staffing Assessment provides benchmarking of key metrics against 4,000 other organizations. Dashboard-style reports provide key metrics at a glance, including a time breakdown by IT function and by activity compared against business priorities. Run this survey at about the 45-day mark of your first 90 days. Its insights will be used to inform your long-term IT strategy.

    Benefits

    Icon for Right-Size IT Headcount. Icon for Allocate Staff Correctly. Icon for Maximize Teams.
    Right-Size IT Headcount
    Find the right level for stakeholder satisfaction.
    Allocate Staff Correctly
    Identify staff misalignments with priorities.
    Maximize Teams
    Identify how to drive staff.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    Quick wins: Make recommendations based on IT Management & Governance Framework

    Complete this exercise while waiting on the IT Staffing Assessment results. Based on your completed IT Management & Governance report, identify the initiatives you can tackle immediately. You can conduct this as a team exercise by following these steps:

    1. Create a shortlist of initiatives based on the processes that were identified as high need but scored low in effectiveness. Think as broadly as possible during this initial brainstorming.
    2. Write each initiative on a sticky note and conduct a high-level analysis of the amount of effort that would be required to complete it, as well as its alignment with the achievement of business objectives.
    3. Draw the matrix below on a whiteboard and place each sticky note onto the matrix based on its potential impact and difficulty to address.
    A matrix of initiative categories based on effort to achieve and alignment with business objectives. It is split into quadrants: the vertical axis is 'Potential Impact' with 'High, Fully supports achievement of business objectives' at the top and 'Low, Limited support of business objectives' at the bottom; the horizontal axis is 'Effort' with 'Low' on the left and 'High' on the right. Low impact, low effort is 'Low Current Value, No immediate attention required, but may become a priority in the future if business objectives change'. Low impact, high effort is 'Future Reassessment, No immediate attention required, but may become a priority in the future if business objectives change'. High impact, high effort is 'Long-Term Initiatives, High impact on business outcomes but will take more effort to implement. Schedule these in your long-term roadmap'. High impact, low effort is 'Quick Wins, High impact on business objectives with relatively small effort. Some combination of these will form your early wins'.

    Call 6

    Day 61 to Day 75

    Run a start, stop, continue exercise with your IT staff — Alternative

    This is an alternative activity to running an IT Staffing Assessment, which contains a start/stop/continue assessment. This activity can be facilitated with a flip chart or a whiteboard. Create three pages or three columns and label them Start, Stop, and Continue.

    Hand out sticky notes to each team member and then allow time for individual brainstorming. Instruct them to write down their contributions for each category on the sticky notes. After a few minutes, have everyone stick their notes in the appropriate category on the board. Discuss as a group and see what themes emerge. Record the results that you want to share in your presentation deck (GroupMap).

    Gather your team and explain the meaning of these categories:

    Start: Activities you're not currently doing but should start doing very soon.

    Stop: Activities you're currently doing but aren’t working and should cease.

    Continue: Things you're currently doing and are working well.

    Presentation Deck, slide 24

    Determine the alignment of IT commitments with business objectives

    Associated Activity icon

    INPUT: Interviews with IT leadership team

    OUTPUT: High-level understanding of in-flight commitments and investments

    Run this only as an alternative to the IT Management & Governance Diagnostic.

    1. Schedule meetings with IT leadership to understand what commitments have been made to the business in terms of new products, projects, or enhancements.
    2. Determine the following about IT’s current investment mix:
      1. What are the current IT investments and assets? How do they align to business goals?
      2. What investments in flight are related to which information assets?
      3. Are there any immediate risks identified for these key investments?
      4. What are the primary business issues that demand attention from IT consistently?
      5. What choices remain undecided in terms of strategic direction of the IT organization?
    3. Document your key investments and commitments as well as any points of misalignment between objectives and current commitments as action items to address in your long-term plans. If they are small fixes, consider them during your quick-win identification.

    Presentation Deck, slide 25

    Determine the alignment of IT commitments with business objectives

    Run this only as an alternative to the IT Staffing Assessment diagnostic.

    Schedule meetings with IT leadership to understand what commitments have been made to the business in terms of new products, projects, or enhancements.

    Determine the following about IT’s current investment mix:

    • What are the current IT investments and assets?
    • How do they align to business goals?
    • What in-flight investments are related to which information assets?
    • Are there any immediate risks identified for these key investments?
    • What are the primary business issues that demand attention from IT consistently?
    • What remains undecided in terms of strategic direction of the IT organization?

    Document your key investments and commitments, as well as any points of misalignment between objectives and current commitments, as action items to address in your long-term plans. If they are small-effort fixes, consider them during your quick-win identification.

    Presentation Deck, slide 25

    Make a categorized vendor list by IT process

    As part of learning the IT team, you should also create a comprehensive list of vendors under contract. Collaborate with the finance department to get a clear view of how much of the IT budget is spent on specific vendors. Try to match vendors to the IT processes they serve from the IT M&G framework.

    You should also organize your vendors based on their budget allocation. Go beyond just listing how much money you’re spending with each vendor and categorize them into either “transactional” relationships or “strategic relationships.” Use the grid below to organize them. Ideally, you’ll want most relationships to be high spend and strategic (Source: Gary Davenport).

    A matrix of vendor categories with the vertical axis 'Spend' increasing upward, and the horizontal axis 'Type of relationship' with values 'Transactional' or 'Strategic'. The bottom left corner is 'Low Spend Transactional', the top right corner is 'High Spend Strategic'.

    Where to source your vendor list:

    • Finance department
    • Infrastructure managers
    • Vendor manager in IT

    Further reading: Manage Your Vendors Before They Manage You

    Presentation Deck, slide 26

    Jennifer Schaeffer’s short-timeline turnaround

    CASE STUDY

    Industry Education
    Source Interview with Jennifer Schaeffer

    Jennifer Schaeffer joined Athabasca University as CIO in November 2017. She was entering a turnaround situation as the all-online university lacked an IT strategy and had built up significant technical debt. Armed with the mandate of a third-party consultant that was supported by the president, Schaeffer used a people-first approach to construct her strategy. She met with all her staff, listening to them carefully regardless of role, and consulted with the administrative council and faculty members. She reflected that feedback in her plan or explained to staff why it wasn’t relevant for the strategy. She implemented a “strategic calendaring” approach for the organization, making sure that her team members were participating in meetings where their work was assessed and valued. Drawing on Spotify as an inspiration, she designed her teams in a way that everyone was connected to the customer experience. Given her short timeline to execute, she put off a deep skills analysis of her team for a later time, as well as creating a full architectural map of her technology stack. The outcome is that 2.5 years later, the IT department is unified in using the same tooling and optimization standards. It’s more flexible and ready to incorporate government changes, such as offering more accessibility options.

    Photo of Jennifer Schaeffer.
    Jennifer Schaeffer took on the CIO role at Athabasca University in 2017 and was asked to create a five-year strategic plan in just six weeks.
    (Image source: Athabasca University)

    Listen to 'The First 100 Days' podcast – Eric Wright

    Call 7

    Day 76 to Day 90

    Finalize your vision – mission – values statement

    A clear statement for your values, vision, and mission will help crystallize your IT strategy and communicate what you're trying to accomplish to the entire organization.

    Mission: This statement describes the needs that IT was created to meet and answers the basic question of why IT exists.

    Vision: Write a statement that captures your values. Remember that the vision statement sets out what the IT organization wants to be known for now and into the future.

    Values: IT core values represent the standard axioms by which the IT department operates. Similar to the core values of the organization as a whole, IT’s core values are the set of beliefs or philosophies that guide its strategic actions.

    Further reading: IT Vision and Mission Statements Template

    Presentation Deck, slide 42

    John Chen's new strategic vision

    CASE STUDY

    Industry Mobile Services
    Source Sean Silcoff, The Globe and Mail

    John Chen, known in the industry as a successful turnaround executive, was appointed BlackBerry CEO in 2014 following the unsuccessful launch of the BlackBerry 10 mobile operating system and a new tablet.

    He spent his first three months travelling, talking to customers and suppliers, and understanding the company's situation. He assessed that it had a problem generating cash and had made some strategic errors, but there were many assets that could benefit from more investment.

    He was blunt about the state of BlackBerry, making cutting observations of the past mistakes of leadership. He also settled a key question about whether BlackBerry would focus on consumer or enterprise customers. He pointed to a base of 80,000 enterprise customers that accounted for 80% of revenue and chose to focus on that.

    His new mission for BlackBerry: to transform it from being a "mobile technology company" that pushes handset sales to "a mobile solutions company" that serves the mobile computing needs of its customers.

    Photo of John Chen, CEO of BlackBerry.
    John Chen, CEO of BlackBerry, presents at BlackBerry Security Summit 2018 in New York City (Image source: Brian Jackson)

    Listen to 'The First 100 Days' podcast – Erin Bury

    Quick wins: Make recommendations based on the CIO Business Vision survey

    Based on your completed CIO Business Vision survey, use the IT Satisfaction Scorecard to determine some initiatives. Focus on areas that are ranked as high importance to the business but low satisfaction. While all of the initiatives may be achievable given enough time, use the matrix below to identify the quick wins that you can focus on immediately. It’s important to not fail in your quick-win initiative.

    • High Visibility, Low Risk: Best bet for demonstrating your ability to deliver value.
    • Low Visibility, Low Risk: Worth consideration, depending on the level of effort required and the relative importance to the stakeholder.
    • High Visibility, High Risk: Limit higher-risk initiatives until you feel you have gained trust from your stakeholders, demonstrating your ability to deliver.
    • Low Visibility, High Risk: These will be your lowest value, quick-win initiatives. Keep them in a backlog for future consideration in case business objectives change.
    A matrix of initiative categories based on organizational visibility and risk of failure. It is split into quadrants: the vertical axis is 'Organizational Visibility' with 'High' at the top and 'Low' at the bottom; the horizontal axis is 'Risk of Failure' with 'Low' on the left and 'High' on the right. 'Low Visibility, Low Risk, Few stakeholders will benefit from the initiative’s implementation.' 'Low Visibility, High Risk, No immediate attention is required, but it may become a priority in the future if business objectives change.' 'High Visibility, Low Risk, Multiple stakeholders will benefit from the initiative’s implementation, and it has a low risk of failure.' 'High Visibility, High Risk, Multiple stakeholders will benefit from the initiative’s implementation, but it has a higher risk of failure.'

    Presentation Deck, slide 27

    Create and communicate a post-100 plan

    The last few slides of your presentation deck represent a roundup of all the assessments you’ve done and communicate your plan for the months ahead.

    Slide 38. Based on the information on the previous slide and now knowing which IT capabilities need improvement and which business priorities are important to support, estimate where you'd like to see IT staff spend their time in the near future. Will you be looking to shift staff from one area to another? Will you be looking to hire staff?

    Slide 39. Take your IT M&G initiatives from slide 19 and list them here. If you've already achieved a quick win, list it and mark it as completed to show what you've accomplished. Briefly outline the objectives, how you plan to achieve the result, and what measurement will indicate success.

    Slide 40. Reflect your CIO Business Vision initiatives from slide 31 here.

    Slide 41. Use this roadmap template to list your initiatives by roughly when they’ll be worked on and completed. Plan for when you’ll update your diagnostics.

    Expert Contributors

    Photo of Alan Fong, Chief Technology Officer, Dealer-FX Alan Fong, Chief Technology Officer, Dealer-FX
    Photo of Andrew Wertkin, Chief Strategy Officer, BlueCat NetworksPhoto of David Penny, Chief Technology Officer, BlueCat Networks Andrew Wertkin, Chief Strategy Officer, BlueCat Networks
    David Penny, Chief Technology Officer, BlueCat Networks
    Photo of Susan Bowen, CEO, Aptum Susan Bowen, CEO, Aptum
    Photo of Erin Bury, CEO, Willful Erin Bury, CEO, Willful
    Photo of Denis Gaudreault, Country Manager, Intel Canada and Latin America Denis Gaudreault, Country Manager, Intel Canada and Latin America
    Photo of Wayne Berger, CEO, IWG Plc Wayne Berger, CEO, IWG Plc
    Photo of Eric Wright, CEO, LexisNexis Canada Eric Wright, CEO, LexisNexis Canada
    Photo of Gary Davenport Gary Davenport, past president of CIO Association” of Canada, former VP of IT, Enterprise Solutions Division, MTS AllStream
    Photo of Jennifer Schaeffer, VP of IT and CIO, Athabasca University Jennifer Schaeffer, VP of IT and CIO, Athabasca University

    Bibliography

    Beaudan, Eric. “Do you have what it takes to be an executive?” The Globe and Mail, 9 July 2018. Web.

    Bersohn, Diana. “Go Live on Day One: The Path to Success for a New CIO.” PDF document. Accenture, 2015. Web.

    Bradt, George. “Executive Onboarding When Promoted From Within To Follow A Successful Leader.” Forbes, 15 Nov. 2018. Web.

    “CIO Stats: Length of CIO Tenure Varies By Industry.” CIO Journal, The Wall Street Journal. 15 Feb. 2017. Web.

    “Enlarging Your Sphere of Influence in Your Organization: Your Learning and Development Guide to Getting People on Side.” MindTools Corporate, 2014.

    “Executive Summary.” The CIO's First 100 Days: A Toolkit. PDF document. Gartner, 2012. Web.

    Forbes, Jeff. “Are You Ready for the C-Suite?” KBRS, n.d. Web.

    Gallo, Carmine. “Tim Cook Uses These 5 Words to Take Control of Any Conversation.” Inc., 9 Aug. 2019. Web.

    Giles, Sunnie. “The Most Important Leadership Competencies, According to Leaders Around the World.” Harvard Business Review, 15 March 2016. Web.

    Godin, Seth. “Ode: How to tell a great story.” Seth's Blog. 27 April 2006. Web.

    Green, Charles W. “The horizontal dimension of race: Social culture.” Hope College Blog Network, 19 Oct. 2014. Web.

    Hakobyan, Hayk. “On Louis Gerstner And IBM.” Hayk Hakobyan, n.d. Web.

    Bibliography

    Hargrove, Robert. Your First 100 Days in a New Executive Job, edited by Susan Youngquist. Kindle Edition. Masterful Coaching Press, 2011.

    Heathfield, Susan M. “Why ‘Blink’ Matters: The Power of Your First Impressions." The Balance Careers, 25 June 2019. Web.

    Hillis, Rowan, and Mark O'Donnell. “How to get off to a flying start in your new job.” Odgers Berndtson, 29 Nov. 2018. Web.

    Karaevli, Ayse, and Edward J. Zajac. “When Is an Outsider CEO a Good Choice?” MIT Sloan Management Review, 19 June 2012. Web.

    Keizer, Gregg. “Microsoft CEO Nadella Aces First-100-Day Test.” Computerworld, 15 May 2014. Web.

    Keller, Scott, and Mary Meaney. “Successfully transitioning to new leadership roles.” McKinsey & Company, May 2018. Web.

    Kress, R. “Director vs. Manager: What You Need to Know to Advance to the Next Step.” Ivy Exec, 2016. Web.

    Levine, Seth. “What does it mean to be an ‘executive’.” VC Adventure, 1 Feb. 2018. Web.

    Lichtenwalner, Benjamin. “CIO First 90 Days.” PDF document. Modern Servant Leader, 2008. Web.

    Nawaz, Sabina. “The Biggest Mistakes New Executives Make.” Harvard Business Review, 15 May 2017. Web.

    Pruitt, Sarah. “Fast Facts on the 'First 100 Days.‘” History.com, 22 Aug. 2018. Web.

    Rao, M.S. “An Action Plan for New CEOs During the First 100 Days.” Training, 4 Oct. 2014. Web.

    Reddy, Kendra. “It turns out being a VP isn't for everyone.” Financial Post, 17 July 2012. Web.

    Silcoff, Sean. “Exclusive: John Chen’s simple plan to save BlackBerry.” The Globe & Mail, 24 Feb. 2014. Web.

    Bibliography

    “Start Stop Continue Retrospective.” GroupMap, n.d. Web.

    Surrette, Mark. “Lack of Rapport: Why Smart Leaders Fail.” KBRS, n.d. Web.

    “Understanding Types of Organization – PMP Study.” Simplilearn, 4 Sept. 2019. Web.

    Wahler, Cindy. “Six Behavioral Traits That Define Executive Presence.” Forbes, 2 July 2015. Web.

    Watkins, Michael D. The First 90 Days, Updated and Expanded. Harvard Business Review Press, 2013.

    Watkins, Michael D. “7 Ways to Set Up a New Hire for Success.” Harvard Business Review, 10 May 2019. Web.

    “What does it mean to be a business executive?” Daniels College of Business, University of Denver, 12 Aug. 2014. Web.

    Yeung, Ken. “Turnaround: Marissa Mayer’s first 300 days as Yahoo’s CEO.” The Next Web, 19 May 2013. Web.

    Optimize Your Software Selection Process: Why 5 and 30 Are the Magic Numbers

    • Buy Link or Shortcode: {j2store}607|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Software selection takes forever. The process of choosing even the smallest apps can drag on for years: sometimes in perpetuity. Software selection teams are sprawling, leading to scheduling slowdowns and scope creep. Moreover, cumbersome or ad hoc selection processes lead to business-driven software selection.

    Our Advice

    Critical Insight

    • Maximize project effectiveness with a five-person team. Project satisfaction and effectiveness is stagnant or decreases once the team grows beyond five people.
    • Tight project timelines are critical. Keep stakeholders engaged with a defined application selection timeline that moves the project forward briskly – 30 days is optimal.
    • Empower both IT and end users with a standardized selection process to consistently achieve high satisfaction coming out of software selection projects.

    Impact and Result

    • Shatter stakeholder expectations with truly rapid application selections.
    • Put the “short” back in shortlist by consolidating the vendor shortlist up-front and reducing downstream effort.
    • Identify high-impact software functionality by evaluating fewer use cases.
    • Lock in hard savings and do not pay list price by using data-driven tactics.

    Optimize Your Software Selection Process: Why 5 and 30 Are the Magic Numbers Research & Tools

    Discover the Magic Numbers

    Increase project satisfaction with a five-person core software selection team that will close out projects within 30 days.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Optimize Your Software Selection Process: Why 5 and 30 Are the Magic Numbers Storyboard

    1. Align and eliminate elapsed time

    Ensure a formal selection process is in place and make a concerted effort to align stakeholder calendars.

    2. Reduce low-impact activities

    Reduce time spent watching vendor dog and pony shows, while reducing the size of your RFPs or skipping them entirely.

    3. Focus on high-impact activities

    Narrow the field to four contenders prior to in-depth comparison and engage in accelerated enterprise architecture oversight.

    4. Use these rapid and essential selection tools

    Focus on key use cases rather than lists of features.

    • The Software Selection Workbook
    • The Vendor Evaluation Workbook
    • The Guide to Software Selection: A Business Stakeholder Manual

    5. Engage Two Viable Vendors in Negotiation

    Save more by bringing two vendors to the final stage of the project and surfacing a consolidated list of demands prior to entering negotiation.

    [infographic]

    Further reading

    Optimize Your Software Selection Process: Why 5 and 30 Are the Magic Numbers

    Select your applications better, faster, and cheaper.

    How to Read This Software Selection Insight Primer

    1. 43,000 Data Points
    2. This report is based on data gathered from a survey of 43,000 real-world IT practitioners.

    3. Aggregating Feedback
    4. The data is compiled from SoftwareReviews (a sister company of Info-Tech Research Group), which collects and aggregates feedback on a wide variety of enterprise technologies.

    5. Insights Backed by Data
    6. The insights, charts, and graphs in this presentation are all derived from data submitted by real end users.

    The First Magic Number Is Five

    The optimal software selection team comprises five people

    • Derived from 43,000 data points. Analysis of thousands of software selection projects makes it clear a tight core selection team accelerates the selection process.
    • Five people make up the core team. A small but cross-functional team keeps the project moving without getting bogged down on calendar alignment and endless back-and-forth.
    • It is a balancing act. Having too few stakeholders on the core selection team will lead to missing valuable information, while having too many will lead to delays and politically driven inefficiencies.

    There Are Major Benefits to Narrowing the Selection Team Size to Five

    Limit the risk of ineffective “decision making by committee”

    Expedite resolution of key issues and accelerate crucial decisions

    Achieve alignment on critical requirements

    Streamline calendar management

    Info-Tech Insight

    Too many cooks spoil the broth: create a highly focused selection team that can devote the majority of its time to the project while it’s in flight to demonstrate faster time to value.

    Arm Yourself With Data to Choose the Right Plays for Selection

    Software selection takes forever. The process of choosing even the smallest apps can drag on for years: sometimes in perpetuity.

    Organizations keep too many players on the field, leading to scheduling slowdowns and scope creep.

    Keeping the size of the core selection team down, while liaising with more stakeholders and subject matter experts (SMEs), leads to improved results.

    Maximize project effectiveness with a five-person team. Project satisfaction and effectiveness are stagnant or decrease once the team grows beyond five people.

    Cumbersome or ad hoc selection processes lead to business-driven software selection.

    Increase stakeholder satisfaction by using a consistent selection framework that captures their needs while not being a burden.

    Empower both IT and end users with a standardized selection process to consistently achieve high satisfaction coming out of software selection projects.

    The image contains a graph that is titled: A compact selection team can save you weeks. The graph demonstrates time saved with a five person team in comparison to larger teams.

    Project Satisfaction and Effectiveness Are Stagnant Once the Team Grows Beyond Five People

    The image contains a graph to demonstrate project satisfaction and effectiveness being stagnant with a team larger than five.
    • There is only a marginal difference in selection effectiveness when more people are involved, so why include so many? It only bogs down the process!
    • Full-time resourcing: At least one member of the five team members must be allocated to the selection initiative as a full-time resource.

    Info-Tech Insight

    It sounds natural to include as many players as possible in the core selection group; however, expanding the group beyond five people does not lead to an increase in satisfaction. Consider including a general stakeholder feedback working session instead.

    Shorten Project Duration by Capping the Selection Team at Five People

    However, it is important to make all stakeholders feel heard

    The image contains a graph to demonstrate that an increase in time and effort connects with an increase in total number of people involved.

    Exclusion is not the name of the game.

    • Remember, we are talking about the core selection team.
    • Help stakeholders understand their role in the project.
    • Educate stakeholders about your approach to selection.
    • Ensure stakeholders understand why the official selection team is being capped at five people.
    • Soliciting requirements and feedback from a broader array of stakeholders is still critical.

    Large Organizations Benefit From Compact Selection Teams Just as Much as Small Firms

    Think big even if your organization is small

    Small organizations

    Teams smaller than five people are common due to limited resources.

    Medium organizations

    Selection project satisfaction peaks with teams of fewer than two people. Consider growing the team to about five people to make stakeholders feel more included with minimal drops in satisfaction.

    Large organizations

    Satisfaction peaks when teams are kept to three to five people. With many SMEs available, it is critical to choose the right players for your team.

    The image contains a multi bar graph to demonstrate the benefits of compact selection teams depending on the size of the company, small, medium, or large.

    Keep the Core Selection Team to Five People Regardless of the Software Category

    Smaller selection teams yield increased satisfaction across software categories

    Info-Tech Insight

    Core team size remains the same regardless of the application being selected. However, team composition will vary depending on the end users being targeted.

    Think beyond application complexity

    • Our instinct is to vary the size of the core selection team based on perceived application complexity.
    • The data has demonstrated that a small team yields increased satisfaction for applications across a wide array of application complexity profiles.
    • The real differentiator for complex applications will be the number of stakeholders that the core selection team liaise with, particularly for defining strong requirements.

    The image contains a graph to demonstrate satisfaction across software categories increases with smaller selection teams.

    The Second Magic Number Is 30

    Finish the project while stakeholders are still fully engaged in order to maximize satisfaction

    • 30- to 60-day project timelines are critical. Keep stakeholders engaged with a defined application selection timeline that moves the project forward briskly.
    • Strike while the iron is hot. Deliver applications in a timely manner after the initial request. Don’t let IT become the bottleneck for process optimization.
    • Minimize scope creep: As projects drag on in perpetuity, the scope of the project balloons to something that cannot possibly achieve key business objectives in a timely fashion.

    Aggressively Timeboxing the Project Yields Benefits Across Multiple Software Categories

    After four weeks, stakeholder satisfaction is variable

    The image contains a graph to demonstrate that aggressively timeboxing the project yields benefits across multiple software categories.
    Only categories with at least 1,000 responses were included in the analysis.

    Achieve peak satisfaction by allotting 30 days for an application selection project.

    • Spending two weeks or less typically leads to higher levels of satisfaction for each category because it leaves more time for negotiation, implementation, and making sure everything works properly (especially if there is a time constraint).
    • Watch out for the “satisfaction danger zone” once project enters the 6- to 12-week mark. Completing a selection in four weeks yields greater satisfaction.

    Spend Your Time Wisely to Complete the Selection in 30 Days

    Save time in the first three phases of the selection project

    Awareness

    Education & Discovery

    Evaluation

    Reduce Time

    Reduce Time

    Reduce Time

    Save time duplicating existing market research. Save time and maintain alignment with focus groups.

    Save time across tedious demos and understanding the marketplace.

    Save time gathering detailed historical requirements. Instead, focus on key issues.

    Info-Tech Insight – Awareness

    Timebox the process of impact analysis. More time should be spent performing the action than building a business case.

    Info-Tech Insight – Education

    Save time duplicating existing market research. Save time and maintain alignment with focus groups.

    Info-Tech Insight – Evaluation

    Decision committee time is valuable. Get up to speed using third-party data and written collateral. Use committee time to conduct investigative interviews instead. Salesperson charisma and marketing collateral quality should not be primary selection criteria. Sadly, this is the case far too often.

    Limit Project Duration to 30 Days Regardless of the Application Being Selected

    Timeboxing application selection yields increased satisfaction across software categories

    The image contains a graph to demonstrate selection effort in weeks by satisfaction. The graph includes informal and formal methods on the graph across the software categories.

    Info-Tech Insight

    Office collaboration tools are a great case study for increasing satisfaction with decreased time to selection. Given the sharp impetus of COVID-19, many organizations quickly selected tools like Zoom and Teams, enabling remote work with very high end-user satisfaction.

    There are alternative approaches for enterprise-sized applications:

    • New applications that demand rigorous business process improvement efforts may require allotting time for prework before engaging in the 30-day selection project.
    • To ensure that IT is using the right framework, understand the cost and complexity profile of the application you’re looking to select.

    The Data Also Shows That There Are Five Additional Keys to Improving Your Selection Process

    1. ALIGN & ELIMINATE ELAPSED TIME
    • Ensure a formal selection process is in place.
    • Balance the core selection team’s composition.
    • Make a concerted effort to align stakeholder calendars.
    2. REDUCE TIME SPENT ON LOW-IMPACT ACTIVITIES
    • Reduce time spent on internet research. Leverage hard data and experts.
    • Reduce RFP size or skip RFPs entirely.
    • Reduce time spent watching vendor dog and pony shows.
    3. FOCUS ON HIGH- IMPACT ACTIVITIES
    • Narrow the field to four contenders prior to in-depth comparison.
    • Identify portfolio overlap with accelerated enterprise architecture oversight.
    • Focus on investigative interviews and proof of concept projects.
    4. USE RAPID & ESSENTIAL ASSESSMENT TOOLS
    • Focus on key use cases, not lists of features.
    • You only need three essential tools: Info-Tech’s Vendor Evaluation Workbook, Software Selection Workbook, and Business Stakeholder Manual.
    5. ENGAGE TWO VIABLE VENDORS IN NEGOTIATION
    • Save more during negotiation by selecting two viable alternatives.
    • Surface a consolidated list of demands prior to entering negotiation.
    • Communicate your success with the organization.

    1. Align & Eliminate Elapsed Time

    ✓ Ensure a formal selection process is in place.

    ✓ Reduce time by timeboxing the project to 30 days.

    ✓ Align the calendars of the five-person core selection team.

    Improving Your IT Department’s Software Selection Capability Yields Big Results

    Time spent building a better process for software selection is a great investment

    • Enterprise application selection is an activity that every IT department must embark on, often many times per year.
    • The frequency and repeatability of software selection means it is an indispensable process to target for optimization.
    • A formal process is not always synonymous with a well-oiled process.
    • Even if you have a formal selection process already in place, it’s imperative to take a concerted approach to continuous improvement.

    It is critical to improve the selection process before formalizing

    Leverage Info-Tech’s Rapid Application Selection Framework to gain insights on how you can fine-tune and accelerate existing codified approaches to application selection.

    Before Condensing the Selection Team, First Formalize the Software Selection Process

    Software selection processes are challenging

    Vendor selection is politically charged, requiring Procurement to navigate around stakeholder biases and existing relationships.

    Stakeholders

    The process is time consuming and often started too late. In the absence of clarity around requirements, it is easy to default to looking at price instead of best functional and architectural fit.

    Timing

    Defining formal process and methodology

    Formal selection methodologies are repeatable processes that anybody can consistently follow to quickly select new technology.

    Repeatable

    The goal of formalizing the approach is to enable IT to deliver business value consistently while also empowering stakeholders to find tools that meet their needs. Remember! A formal selection process is synonymous with a bureaucratic, overblown approach.

    Driving Value

    Most Organizations Are Already Using a Formal Software Selection Methodology

    Don’t get left behind!

    • A common misconception for software selection is that only large organizations have formal processes.
    • The reality is that organizations of all sizes are making use of formal processes for software selection.
    • Moreover, using a standardized method to evaluate new technology is most likely common practice among your competitors regardless of their size.
    • It is important to remember that the level of rigor for the processes will vary based not only on project size but also on organization size.
    Only categories with at least 1,000 responses were included in the analysis.

    The image contains a double bar graph that compares the sizes of companies using formal or informal evaluation and selection methodology.

    Use a Formal Evaluation and Selection Methodology to Achieve Higher Satisfaction

    A formal selection process does not equal a bloated selection process

    • No matter what process is being used, you should consider implementing a formal methodology to reduce the amount of time required to select the software. This trend continues across different levels of software (commodity, complex, and enterprise).
    • It is worth noting that using a process can actually add more time to the selection process, so it is important to know how to use it properly.
    • Don’t use just one process: you should use a combination, but don’t use more than three when selecting your software.
    The image contains a double bar graph to demonstrate the difference between formal and informal evaluation to achieve a higher satisfaction.

    Hit a Home Run With Your Business Stakeholders

    Use a data-driven approach to select the right application vendor for their needs – fast

    The image contains a screenshot of the data-drive approach. The approach includes: awareness, education & discovery, evaluation, selection, negotiation & configuration.

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small; some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you’re looking to select. The Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology described in Implement a Proactive and Consistent Vendor Selection Process.

    Lock Down the Key Players Before Setting Up the Relevant Timeline

    You are the quarterback of your selection team

    Don’t get bogged down “waiting for the stars to align” in terms of people’s availability: if you wait for the perfect alignment, the project may never get done.

    If a key stakeholder is unavailable for weeks or months due to PTO or other commitments, don’t jeopardize project timelines to wait for them to be free. Find a relevant designate that can act in their stead!

    You don’t need the entire team on the field at once. Keep certain stakeholders on the bench to swap in and out as needed.

    Info-Tech Insight

    Assemble the key stakeholders for project kick-off to synchronize the application selection process and limit elapsed time. Getting all parties on the same page increases output satisfaction and eliminates rework. Save time and get input from key stakeholders at the project kick-off.

    Assemble a Cross-Functional Team for Best Results

    A blend of both worlds gets the best of both worlds from domain expertise (technical and business)

    The image contains a graph labelled: Likeliness to recommend. It is described in the text below.

    How to manage the cross-functional selection team:

    • There should be a combination of IT and businesspeople involved in the selection process, and ideally the ratio would be balanced.
    • No matter what you are looking for, you should never include more than five people in the selection process.
    • You can keep key stakeholders and other important individuals informed with what is going on, but they don’t necessarily have to be involved in the selection process.

    Leverage a Five-Person Team With Players From Both IT and the Business

    For maximum effectiveness, assign at least one resource to the project on a full-time basis

    IT Leader

    Technical IT

    Business Analyst/ Project Manager

    Business Lead

    Process Expert

    This team member is an IT director or CIO who will provide sponsorship and oversight from the IT perspective.

    This team member will focus on application security, integration, and enterprise architecture.

    This team member elicits business needs and translates them into technology requirements.

    This team member will provide sponsorship from the business needs perspective.

    This team member will contribute their domain-specific knowledge around the processes that the new application supports.

    Info-Tech Insight

    It is critical for the selection team to determine who has decision rights. Organizational culture will play the largest role in dictating which team member holds the final say for selection decisions.

    Ensure That Your Project Has the Right Mix of the Core Team and Ancillary Stakeholders

    Who is involved in selecting the new application?

    • Core selection team:
      • The core team ideally comprises just five members.
      • There will be representatives from IT and the specific business function that is most impacted by the application.
      • The team is typically anchored by a business analyst or project management professional.
      • This is the team that is ultimately accountable for ensuring that the project stays on track and that the right vendor is selected.
    • Ancillary stakeholders:
      • These stakeholders are brought into the selection project on an as-needed basis. They offer commentary on requirements and technical know-how.
      • They will be impacted by the project outcome but they do not bear ultimate accountability for selecting the application.
    The image contains an outer circle that lists Ancillary Stakeholders, and an inner selection team that lists core selection teams.

    Tweak the Team Composition Based on the Application Category in Question

    All applications are different. Some categories may require a slightly different balance of business and IT users.

    When to adjust the selection team’s business to IT ratio:

    • Increase the number of business stakeholders for customer-centric applications like customer relationship management and customer service management.
    • Keep projects staffed with more technical resources when selecting internal-facing tools like network monitoring platforms, next-generation firewalls, and endpoint protection systems.
    The image contains a graph to demonstrate how to tweak the team composition based on the application category.

    When to adjust the selection team’s business to IT ratio:

    • Increase the number of business stakeholders for customer-centric applications like customer relationship management and customer service management.
    • Keep projects staffed with more technical resources when selecting internal-facing tools like network monitoring platforms, next-generation firewalls, and endpoint protection systems.

    Balance the Selection Team With Decision Makers and Front-Line Resources

    Find the right balance!

    • Make sure to include key decision makers to increase the velocity of approvals.
    • However, it is critical to include the right number of front-line resources to ensure that end-user needs are adequately reflected in the requirements and decision criteria used for selection.

    The image contains a graph on the team composition with number of decision makers involved.

    Info-Tech Insight

    When selecting their software, organizations have an average of two to four business and IT decision makers/influencers on the core selection team.

    Optimize Meeting Cadence to Complete Selection in 30 Days

    Project Cadence:

    • Execute approximately one phase per week.
    • Conduct weekly checkpoints to move through your formal selection framework.
    • Allot two to four hours per touchpoint.

    The image contains a calendar with the five phases spread put over five weeks.

    Info-Tech Insight

    Use weekly touchpoints with the core selection team to eliminate broken telephone. Hold focus groups and workshops to take a more collaborative, timely, and consensus-driven approach to zero in on critical requirements.

    2. Reduce Time Spent on Low-Impact Activities

    ✓ Reduce time spent on internet research. Leverage hard data and experts.

    ✓ Reduce RFP size or skip RFPs entirely.

    ✓ Reduce time spent watching vendor dog and pony shows.

    Reduce Time Spent on Internet Research by Leveraging Hard Data and Experts

    REDUCE BIAS

    Taking a data-driven approach to vendor selection ensures that decisions are made in a manner that reduces human bias and exposure to misaligned incentives.

    SCORING MODELS

    Create a vendor scoring model that uses several different scored criteria (alignment to needs, alignment to architecture, cost, relationship, etc.) and weight them.

    AGGREGATE EXPERIENCES

    When you leverage services such as SoftwareReviews, you’re relying on amalgamated data from hundreds of others that have already been down this path: benefit from their experience!

    PEER-DRIVEN INSIGHTS

    Formally incorporate a review of Category Reports from SoftwareReviews into your vendor selection process to take advantage of peer-driven expert insights.

    Contact Us

    Info-Tech is just a phone call away. Our expert analysts can guide you to successful project completion at no additional cost to you.

    Bloated RFPs Are Weighing You Down

    Avoid “RFP overload” – parse back deliverables for smaller projects

    1. Many IT and procurement professionals are accustomed to deliverable-heavy application selection projects.
    2. Massive amounts of effort is spent creating onerous RFIs, RFPs, vendor demo scripts, reference guides, and Pugh matrices – with only incremental (if any) benefits.
    3. For smaller projects, focus on creating a minimum viable RFP that sketches out a brief need statement and highlights three or four critical process areas to avoid RFP fatigue.

    Draft a lightweight RFI (or minimum viable RFP) to give vendors a snapshot of your needs while managing effort

    An RFI or MV-RFP is a truncated RFP document that highlights core use cases to vendors while minimizing the amount of time the team has to spend building it.

    You may miss out on the right vendor if:

    • The RFP is too long or cumbersome for the vendor to respond.
    • Vendors believe their time is better spent relationship selling.
    • The RFP is unclear and leads them to believe they won’t be successful.
    • The vendor was forced to guess what you were looking for.

    How to write a successful RFI/MV-RFP:

    • Expend your energy relative to the complexity of the required solution or product you’re seeking.
    • A good MV-RFP is structured as follows: a brief description of your organization, business context, and key requirements. It should not exceed a half-dozen pages in length.
    • Be transparent.
    • This could potentially be a long-term relationship, so don’t try to trick suppliers.
    • Be clear in your expectations and focus on the key aspects of what you’re trying to achieve.

    Use the appropriate Info-Tech template for your needs (RFI, RFQ, or RFP). The Request for Information Template is best suited to the RASF approach.

    If Necessary, Make Sure That You Are Going About RFPs the Right Way

    RFPs only add satisfaction when done correctly

    The image contains a graph to demonstrate RFP and satisfaction.

    Info-Tech Insight

    Prescriptive yet flexible: Avoid RFP overload when selecting customer experience–centric applications, but a formal approach to selection is still beneficial.

    When will an RFP increase satisfaction?

    • Satisfaction is increased when the RFP is used in concert with a formal selection methodology. An RFP on its own does not drive significant value.
    • RFPs that focus on an application’s differentiating features lead to higher satisfaction with the selection process.
    • Using the RFP to evaluate mandatory or standard and/or mandatory features yields neutral results.

    Reduce Time Spent Watching Vendor Dog and Pony Shows

    Salesperson charisma and marketing collateral quality should not be primary selection criteria. Sadly, this is the case far too often.

    Use data to take control back from the vendor

    • Taking a data-driven approach to vendor selection ensures that decisions are made in a manner that reduces human bias and exposure to misaligned incentives.
    • When you leverage services such as SoftwareReviews, you’re relying on amalgamated data from hundreds of others that have already been down this path: benefit from their collective experience!

    Kill the “golf course effect” and eliminate stakeholder bias

    • A leading cause of selection failure is human bias. While rarely malicious, the reality is that decision makers and procurement staff can become unduly biased over time by vendor incentives. Conference passes, box seats, a strong interpersonal relationship – these are all things that may be valuable to a decision maker but have no bearing on the efficacy of an enterprise application.
    • A strong selection process mitigates human bias by using a weighted scoring model and basing decisions on hard data: cost, user satisfaction scores, and trusted third-party data from services such as SoftwareReviews.

    Conduct a Day of Rapid-Fire Investigative Interviews

    Zoom in on high-value use cases and answers to targeted questions

    Make sure the solution will work for your business

    Give each vendor 60 to 90 minutes to give a rapid-fire presentation. We suggest the following structure:

    • 20 minutes: company introduction and vision
    • 20 minutes: one high-value scenario walkthrough
    • 20-40 minutes: targeted Q&A from the business stakeholders and procurement team

    To ensure a consistent evaluation, vendors should be asked analogous questions, and a tabulation of answers should be conducted.

    How to challenge the vendors in the investigative interview

    • Change the visualization/presentation.
    • Change the underlying data.
    • Add additional data sets to the artifacts.
    • Collaboration capabilities.
    • Perform an investigation in terms of finding BI objects and identifying previous changes and examine the audit trail.

    Rapid-Fire Vendor Investigative Interview

    Invite vendors to come onsite (or join you via videoconference) to demonstrate the product and to answer questions. Use a highly targeted demo script to help identify how a vendor’s solution will fit your organization’s particular business capability needs.

    Spend Your Time Wisely and Accelerate the Process

    Join the B2B software selection r/evolution

    Awareness

    Education & Discovery

    Evaluation

    Selection

    Negotiation & Configuration

    Reduce Time

    Reduce Time

    Reduce Time

    Reduce Time

    Reduce Time

    Save time
    duplicating existing market research. Save time and maintain alignment with focus groups.

    Save time across tedious demos and understanding the marketplace.

    Save time gathering detailed historical requirements. Instead, focus on key issues.

    Use your time to validate how the solution will handle mission-critical requirements.

    Spend time negotiating with two viable alternatives to reduce price by up to 50%.

    Use a tier-based model to accelerate commodity and complex selection projects.

    Eliminate elapsed process time with focus groups and workshops.

    3. Focus on High-Impact Activities

    ✓ Narrow the field to four contenders prior to in-depth comparison.

    ✓ Identify portfolio overlap with accelerated enterprise architecture oversight.

    ✓ Focus on investigative interviews and proof of concept projects.

    Narrow the Field to a Maximum of Four Contenders

    Focus time spent on the players that we know can deliver strong value

    1. ACCELERATE SELECTION

    Save time by exclusively engaging vendors that support the organization’s differentiating requirements.

    2. DECISION CLARITY

    Prevent stakeholders from getting lost in the weeds with endless lists of vendors.

    3.CONDENSED DEMOS

    Limiting the project to four contenders allows you to stack demos/investigative interviews into the same day.

    4. LICENSING LEVERAGE

    Keep track of key differences between vendor offerings with a tight shortlist.

    Rapid & Effective Selection Decisions

    Consolidating the Vendor Shortlist Up-Front Reduces Downstream Effort

    Put the “short” back in shortlist!

    • Radically reduce effort by narrowing the field of potential vendors earlier in the selection process. Too many organizations don’t funnel their vendor shortlist until nearing the end of the selection process. The result is wasted time and effort evaluating options that are patently not a good fit.
    • Leverage external data (such as SoftwareReviews) and expert opinion to consolidate your shortlist into a smaller number of viable vendors before the investigative interview stage and eliminate time spent evaluating dozens of RFP responses.
    • Having fewer RFP responses to evaluate means you will have more time to do greater due diligence.

    Rapid Enterprise Architecture Evaluations Are High-Impact Activities

    When accelerating selection decisions, finding the right EA is a balancing act

    • Neglecting enterprise architecture as a shortcut to save time often leads to downstream integration problems and decreases application satisfaction.
    • On the other hand, overly drawn out enterprise architecture evaluations can lead to excessively focusing on technology integration versus having a clear and concise understanding of critical business needs.

    Info-Tech Insight

    Targeting an enterprise architecture evaluation as part of your software selection process that does not delay the selection while also providing sufficient insight into platform fit is critical.

    Key activities for rapid enterprise architecture evaluation include:

    1. Security analysis
    2. Portfolio overlap review + integration assessment
    3. Application standards check

    The data confirms that it is worthwhile to spend time on enterprise architecture

    • Considering software architecture fit up-front to determine if new software aligns with the existing application architecture directly links to greater satisfaction.
    • Stakeholders are most satisfied with their software value when there is a good architectural platform fit.
    • Stakeholders that ranked Architectural Platform Fit lower during the selection process were ultimately more unsatisfied with their software choice.

    The image contains a screenshot of data to demonstrate that it is worthwhile to spend time on enterprise architecture.

    Identify Portfolio Overlap With an Accelerated Enterprise Architecture Assessment

    Develop a clear view of any overlap within your target portfolio subset and clear rationalization/consolidation options

    • Application sprawl is a critical pain point in many organizations. It leads to wasted time, money, and effort as IT (and the business) maintain myriad applications that all serve the same functional purpose.
    • Opportunities are missed to consolidate and streamline associated business process management, training, and end-user adoption activities.
    • Identify which applications in your existing architecture serve a duplicate purpose: these applications are the ones you will want to target for consolidation.
    • As you select a new application, identify where it can be used to serve the goal for application rationalization (i.e. can we replace/retire existing applications in our portfolio by standardizing the new one?).

    Keep the scope manageable!

    • Highlight the major functional processes that are closely related to the application you’re selecting and identify which applications support each.
    • The template below represents a top-level view of a set of customer experience management (CXM) applications. Identify linkages between sets of applications and if they’re uni- or bi-directional.
    The image contains a screenshot of images that demonstrate portfolio overlap with an accelerated enterprise architecture assessment.

    Rapidly Evaluate the Security & Risk Profile for a Right-Sized Enterprise Architecture Evaluation

    There are four considerations for determining the security and risk profile for the new application

    1. Financial Risk
    • Consider the financial impact the new application has on the organization.
      • How significant is the investment in technology?
    • If this application fails to meet its business goals and deliver strong return on investment, will there be a significant amount of financial resources to mitigate the problem?
  • Data Sensitivity Risk
    • Understand the type of data that will be handled/stored by the application.
      • For example, a CRM will house customer personally identifiable information (PII) and an ECM will store confidential business documentation.
    • Determine the consequences of a potential breach (i.e. legal and financial).
  • Application Vulnerability Risk
    • Consider whether the application category has a historically strong security track record.
      • For example, enterprise cloud storage solutions may have a different level of vulnerability than an HRIS platform.
  • Infrastructure Risk
    • Determine whether the new application requires changes to infrastructure or additional security investments to safeguard expanded infrastructure.
    • Consider the ways in which the changes to infrastructure increase the vectors for security breaches.

    Spend More Time Validating Key Issues With Deep Technical Assessments

    The image contains a screenshot of an image of an iceberg. The top part of the iceberg is above water and labelled 40%. The rest of the iceberg is below water and is labelled 60%.

    Conversations With the Vendor

    • Initial conversations with the vendor build alignment on overall application capabilities, scope of work, and pricing.

    Pilot Projects and Trial Environments

    • Conduct a proof of concept project to ensure that the application satisfies your non-functional requirements.
    • Technical assessments not only demonstrate whether an application is compatible with your existing systems but also give your technical resources the confidence that the implementation process will be as smooth as possible.
    • Marketing collateral glosses over actual capabilities and differentiation. Use unbiased third-party data and detailed system training material.

    4. Use Rapid & Essential Assessment Tools

    ✓ Focus on key use cases, not lists of features.

    ✓ You only need three essential tools:

    1. Info-Tech’s Vendor Evaluation Workbook
    2. The Software Selection Workbook
    3. A Business Stakeholder Manual

    Focus on Key Use Cases, Not an Endless Laundry List of Table Stakes Features

    Focus on Critical Requirements

    Failure to differentiate must-have and nice-to-have use cases leads to applications full of non-critical features.

    Go Beyond the Table Stakes

    Accelerate the process by skipping common requirements that we know that every vendor will support.

    Streamline the Quantity of Use Cases

    Working with a tighter list of core use cases increases time spent evaluating the most impactful functionality.

    Over-Customization Kills Projects

    Eliminating dubious “sacred cow” requirements reduces costly and painful platform customization.

    Only Make Use of Essential Selection Artifacts

    Vendor selection projects often demand extensive and unnecessary documentation

    The Software Selection Workbook

    Work through the straightforward templates that tie to each phase of the Rapid Application Selection Framework, from assessing the business impact to requirements gathering.

    The image contains a screenshot of The Software Selection Workbook.

    The Vendor Evaluation Workbook

    Consolidate the vendor evaluation process into a single document. Easily compare vendors as you narrow the field to finalists.

    The image contains a screenshot of The Vendor Evaluation Workbook.

    The Guide to Software Selection: A Business Stakeholder Manual

    Quickly explain the Rapid Application Selection Framework to your team while also highlighting its benefits to stakeholders.

    The image contains a screenshot of The Guide to Software Selection: A Business Stakeholder Manual.

    Software Selection Engagement

    Five advisory calls over a five-week period to accelerate your selection process

    • Expert analyst guidance over five weeks on average to select and negotiate software.
    • Save money, align stakeholders, speed up the process, and make better decisions.
    • Use a repeatable, formal methodology to improve your application selection process.
    • Better, faster results, guaranteed, included in membership.
    The image contains a screenshot of the calendar over 30 days that outlines the five calls.

    Click here to book your selection engagement

    Software Selection Workshop

    With 40 hours of advisory assistance delivered online, select better software, faster.

    • 40 hours of expert analyst guidance.
    • Project and stakeholder management assistance.
    • Save money, align stakeholders, speed up the process, and make better decisions.
    • Better, faster results, guaranteed; $20K standard engagement fee.
    The image contains a screenshot of the calendar over 30 days that outlines the five calls.

    CLICK HERE TO BOOK YOUR WORKSHOP ENGAGEMENT

    5. Select Two Viable Options & Engage Both in Negotiation

    ✓ Save more during negotiation by selecting two viable alternatives.

    ✓ Surface a consolidated list of demands prior to entering negotiation.

    ✓ Communicate your success with the organization.

    Save More During Negotiation by Selecting Two Viable Alternatives

    VENDOR 1

    Build in a realistic plan B that allows you to apply leverage to the incumbent or primary vendor of choice.

    VENDOR 2

    If the top contender is aware that they do not have competition, they will be less inclined to make concessions.

    Maintain momentum with two options

    • Should you realize that the primary contender is no longer a viable option (i.e. security concerns), keeping a second vendor in play enables you to quickly pivot without slowing down the selection project.

    Secure best pricing by playing vendors off each other

    • Vendors are more likely to give concessions on the base price once they become aware that a direct competitor has entered the evaluation.

    Truly commit to a thorough analysis of alternatives

    • By evaluating competitive alternatives, you’ll get a more comprehensive view on market standards for a solution and be able to employ a range of negotiation tactics.

    Focus on 5-10 Specific Contract Change Requests

    Accelerate negotiation by picking your battles

    ANALYZE

    DOCUMENT

    CONSOLIDATE

    PRESENT

    • Parse the contract, order form, and terms & conditions for concerning language.
    • Leverage expertise from internal subject matter experts in addition to relevant legal council.
    • Document all concerns and challenges with the language in the vendor contract in a single spreadsheet.
    • Make vendors more receptive to your cause by going one step beyond writing what the change should be. Provide the reasoning behind the change and even the relevant context.
    • Identify the change requests that are most important for the success of the selection project.
    • Compile a list of the most critical change requests.
    • Consider including nice-to-have requests that you can leverage as strategic concessions.
    • Present the consolidated list of critical change requests to the vendor rather than sharing the entire range of potential changes to the contract.
    • Make sure to include context and background for each request.
    • Eliminate potential delays by proactively establishing a timeline for the vendor’s response.

    Share Stories of Cost Savings With the Organization

    Secure IT’s seat at the table

    Hard cost savings speak louder than words. Executive leadership will see IT as the go-to team for driving business value quickly, yet responsibly.

    Build hype around the new software

    Generate enthusiasm by highlighting the improved user experience provided by the new software that was has just been selected.

    Drive end-user adoption

    Position the cost savings as an opportunity to invest in onboarding. An application is only as valuable as your employees’ ability to effectively use it.

    Keep the process rolling

    Use the momentum from the project and its successful negotiation to roll out the accelerated selection approach to more departments across the organization.

    Overall: The Magic Number Saves You Time and Money

    Software selection takes forever. The process of choosing even the smallest apps can drag on for years: sometimes in perpetuity.

    Organizations keep too many players on the field, leading to scheduling slowdowns and scope creep.

    Keeping the size of the core selection team down, while liaising with more stakeholders and subject matter experts (SMEs), leads to improved results.

    Maximize project effectiveness with a five-person team. Project satisfaction and effectiveness are stagnant or decrease once the team grows beyond five people.

    Cumbersome or ad hoc selection processes lead to business-driven software selection.

    Increase stakeholder satisfaction by using a consistent selection framework that captures their needs while not being a burden.

    Empower both IT and end users with a standardized selection process to consistently achieve high satisfaction coming out of software selection projects.

    The image contains a graph that is titled: A compact selection team can save you weeks. The graph demonstrates time saved with a five person team in comparison to larger teams.

    Key Takeaways for Improving Your Selection Process

    1. ALIGN & ELIMINATE ELAPSED TIME

    • Ensure a formal selection process is in place and reduce time by timeboxing the project to 30 days.
    • Align the calendars of the five-person core selection team to maximize efficiency.

    2. REDUCE TIME SPENT ON LOW-IMPACT ACTIVITIES

    • Go beyond the table stakes and accelerate the process by skipping common requirements that we know that every vendor will support.
    • Only make use of essential selection artifacts.

    3. FOCUS ON HIGH- IMPACT ACTIVITIES

    • Skip the vendor dog and pony shows with investigative interviews.
    • Minimize time spent on novel-sized RFPs; instead highlight three or four critical process areas.

    4. USE RAPID & ESSENTIAL ASSESSMENT TOOLS

    • Consolidating the vendor shortlist up-front reduces downstream effort.
    • Application sprawl is a critical pain point in many organizations that leads to wasted time and money.

    5. ENGAGE TWO VIABLE VENDORS IN NEGOTIATION

    • Build in a realistic plan B that allows you to apply leverage to the incumbent or primary vendor of choice.
    • Pick your battles and focus on 5-10 specific contract change requests.

    Appendix

    This study is based on a survey of 43,000 real-world IT practitioners.

    • SoftwareReviews (a sister company of Info-Tech Research Group) collects and aggregates feedback on a wide variety of enterprise technologies.
    • The practitioners are actual end users of hundreds of different enterprise application categories.
    • The following slides highlight the supplementary data points from the comprehensive survey.

    Methodology

    A comprehensive study based on the responses of thousands of real-world practitioners.

    Qualitative & Secondary

    Using comprehensive statistical techniques, we surveyed what our members identified as key drivers of success in selecting enterprise software. Our goal was to determine how organizations can accelerate selection processes and improve outcomes by identifying where people should spend their time for the best results.

    Large-n Survey

    To determine the “Magic Numbers,” we used a large-n survey: 40,000 respondents answered questions about their applications, selection processes, organizational firmographics, and personal characteristics. We used this data to determine what drives satisfaction not only with the application but with the selection process itself.

    Quantitative Drill-Down

    We used the survey to narrow the list of game-changing practices. We then conducted additional quantitative research to understand why our respondents may have selected the responses they did.

    External audit company

    External IT audit of your company

    Based on experience
    Implementable advice
    human-based and people-oriented

    Do you seek an external expert to help you prepare for a thorough IT audit of your company? Tymans Group serves as a consulting company with extensive expertise in helping small and medium enterprises. Read on and learn more about how our consulting firm can help your company with an external IT audit.

    Why should you organize an external IT audit of your company?

    Regularly preparing for an IT audit of your company with the help of of an experienced consultancy company like Tymans Group is a great way to discover any weaknesses within your IT and data security management systems, as well as your applications and data architecture, before the real audits by your regulator happen After all, you can only tackle any possible issues when you know their exact nature and origin. Additionally, the sooner you are aware of any security threats in your company thanks to an external audit, the smaller the chances outside forces will be able to take advantage of these threats to harm your business.

    Security and risk management

    Our security and risk services

    Security strategy

    Security Strategy

    Embed security thinking through aligning your security strategy to business goals and values

    Read more

    Disaster Recovery Planning

    Disaster Recovery Planning

    Create a disaster recovey plan that is right for your company

    Read more

    Risk Management

    Risk Management

    Build your right-sized IT Risk Management Program

    Read more

    Check out all our services

    Receive practical solutions when using our guides to prepare you for an external audit.

    If you hire our consultancy firm to prepare for an external IT audit in your firm, our guides will allow you to thoroughly analyze your systems and protocols to discover flaws and threats. Based on this analysis, your firm will receive concrete advice and practical solutions on dealing with the findings of in advance of an external audit. Besides identifying threats, the findings of will also offer your business insights in possible optimizations and processes which could benefit from automation. As such, you benefit from our consultancy company’s extensive experience in corporate security management and IT.

    Book an appointment with our consultancy company to get ahead of an external audit.

    If you hire our consulting company to help you prepare for an IT audit of your firm, you will receive guides that enable you to make a critical analysis of your IT security, as well as practical solutions based on our holistic approach. We are happy to tell you more about our services for small and medium business and to offer insights into any issues you may be facing. Our help is available offline and online, through one-hour talks with our expert Gert Taeymans. Contact us to set up an appointment online or on-site now.

    Register to read more …

    2020 CIO Priorities Report

    • Buy Link or Shortcode: {j2store}97|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The velocity and magnitude of technology changes today has increased dramatically compared to anything that has come before.
    • The velocity and magnitude of advancements in technology has always seemed unprecedented in every wave of technology change we have experienced over the past 40 years. With each new wave of innovation, “unprecedented” is redefined to a new level, and so it remains true that today’s CIO is faced with unprecedented levels of change as a direct result of emerging technologies.
    • What is different today is that we are at the point where the emerging technology itself is now capable of accelerating the pace of change even more through artificial intelligence capabilities.
    • If we are to realize the business value through the adoption of emerging technologies, CIOs must address significant challenges. We believe addressing these challenges lies in the CIO priorities for 2020.

    Our Advice

    Critical Insight

    • First there was IT/business alignment, then there was IT/business integration – both states characterized as IT “getting on the same page” as the business. In the context of emerging technologies, the CIO should no longer be focused on getting on the same page as the CEO.
    • Today it is about the CEO and the CIO collaborating to write a new book about convergence of all things: technology (infrastructure and applications), people (including vendors), process, and data.
    • Digital transformation and adoption of emerging technologies is not a goal, it is a journey – a means to the end, not the end unto itself.

    Impact and Result

    • Use Info-Tech's 2020 CIO Priorities Report to ascertain, based on our research, what areas of focus for 2020 are critical for success in adopting emerging technologies.
    • Adopting these technologies requires careful planning and consideration for what is critical to your business customers.
    • This report provides focus on the business benefits of the technology and not just the capabilities themselves. It puts the CIO in a position to better understand the true value proposition of any of today’s technology advancements.

    2020 CIO Priorities Report Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the top five priorities for CIOs in 2020 and why these are so critical to success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Refine and adapt processes

    Learn about how processes can make or break your adoption of emerging technologies.

    • 2020 CIO Priorities Report – Priority 1: Refine and Adapt Processes

    2. Re-invent IT as collaboration engine

    Learn about how IT can transform its role within the organization to optimize business value.

    • 2020 CIO Priorities Report – Priority 2: Re-Invent IT as Collaboration Engine

    3. Acquire and retain talent for roles in emerging technologies

    Learn about how IT can attract and keep employees with the skills and knowledge needed to adopt these technologies for the business.

    • 2020 CIO Priorities Report – Priority 3: Acquire and Retain Talent for Roles in Emerging Technologies

    4. Define and manage cybersecurity and cyber resilience requirements related to emerging technologies

    Understand how the adoption of emerging technologies has created new levels of risk and how cybersecurity and resilience can keep pace.

    • 2020 CIO Priorities Report – Priority 4: Define and Manage Cybersecurity and Cyber Resilience Requirements Related to Emerging Technologies

    5. Leverage emerging technology to create Wow! customer experiences

    Learn how IT can leverage emerging technology for its own customers and those of its business partners.

    • 2020 CIO Priorities Report – Priority 5: Leverage Emerging Technology to Create Wow! Customer Experiences
    [infographic]

    The First 100 Days as CISO

    • Buy Link or Shortcode: {j2store}248|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 50 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Make a good first impression at your new job.
    • Obtain guidance on how you should approach the first 100 days.
    • Assess the current state of the security program and recommend areas of improvement and possible solutions.
    • Develop a high-level security strategy in three months.

    Our Advice

    Critical Insight

    • Every CISO needs to follow Info-Tech’s five-step approach to truly succeed in their new position. The meaning and expectations of a CISO role will differ from organization to organization and person to person, however, the approach to the new position will be relatively the same.
    • Eighty percent of your time will be spent listening. The first 100 days of the CISO role is an information gathering exercise that will involve several conversations with different stakeholders and business divisions. Leverage this collaborative time to understand the business, its internal and external operations, and its people. Unequivocally, active listening will build company trust and help you to build an information security vision that reflects that of the business strategy.
    • Start “working” before you actually start the job. This involves finding out as much information about the company before officially being an employee. Investigate the company website and leverage available organizational documents and initial discussions to better understand your employer’s leadership, company culture ,and business model.

    Impact and Result

    • Hit the ground running with Info-Tech’s ready-made agenda vetted by CISO professionals to impress your colleagues and superiors.
    • Gather details needed to understand the organization (i.e. people, process, technology) and determine the current state of the security program.
    • Track and assess high-level security gaps using Info-Tech’s diagnostic tools and compare yourself to your industry’s vertical using benchmarking data.
    • Deliver an executive presentation that shows key findings obtained from your security evaluation.

    The First 100 Days as CISO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the first 100 days of being a CISO is a crucial time to be strategic. Review Info-Tech’s methodology and discover our five-step approach to CISO success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare

    Review previous communications to prepare for your first day.

    • CISO Diary
    • Introduction Sheet

    2. Build relationships

    Understand how the business operates and develop meaningful relationships with your sphere of influence.

    3. Inventory components of the business

    Inventory company assets to know what to protect.

    4. Assess security posture

    Evaluate the security posture of the organization by leveraging Info-Tech’s IT Security diagnostic program.

    • Diagnostic Benchmarks: Security Governance & Management Scorecard
    • Diagnostic Benchmarks: Security Business Satisfaction Report

    5. Deliver plan

    Communicate your security vision to business stakeholders.

    • The First 100 Days as CISO Executive Presentation Template
    • The First 100 Days as CISO Executive Presentation Example
    [infographic]

    Build Your Enterprise Application Implementation Playbook

    • Buy Link or Shortcode: {j2store}605|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Given the increasing complexity of software implementations, you are continually challenged with staying above water with your current team.
    • In addition, rapid changes in the business make maintaining project sponsors’ engagement challenging.
    • Project sprawl across the organization has created a situation where each project lead tracks progress in their own way. This makes it difficult for leadership to identify what was successful – and what wasn’t.

    Our Advice

    Critical Insight

    An effective enterprise application implementation playbook is not just a list of steps, but a comprehensive view of what is necessary to support your implementation. This starts with a people-first approach. Start by asking about sponsors, stakeholders, and goals. Without asking these questions first, the implementation will be set up for failure, regardless of the technology, processes, and tools available.

    Impact and Result

    Follow these steps to build your enterprise application playbook:

    • Define your sponsor, map out your stakeholders, and lay out the vision, goals and objectives for your project.
    • Detail the scope, metrics, and the team that will make it happen.
    • Outline the steps and processes that will carry you through the implementation.

    Build Your Enterprise Application Implementation Playbook Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Enterprise Application Implementation Playbook Deck - Your implementation doesn’t start with technology, but with an effective plan that the team can align on.

    This blueprint provides the steps necessary to build your own enterprise application implementation playbook that can be deployed and leveraged by your implementation teams.

    • Build Your Enterprise Application Implementation Playbook – Phases 1-3

    2. Your Enterprise Application Implementation Playbook – The key output from leveraging this research is a completed implementation playbook.

    This is the main playbook that you build through the exercises defined in the blueprint.

    • Your Enterprise Application Implementation Playbook

    3. Your Enterprise Application Implementation Playbook - Timeline Tool – Supporting tool that captures the project timeline information, issue log, and follow-up dashboard.

    This tool provides input into the playbook around project timelines and planning.

    • Your Enterprise Application Implementation Playbook - Timeline Tool

    4. Light Project Change Request Form Template – This tool will help you record the requested change, allow assess the impact of the change and proceed the approval process.

    This provides input into the playbook around managing change requests

    • Light Project Change Request Form Template

    Infographic

    Workshop: Build Your Enterprise Application Implementation Playbook

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Project

    The Purpose

    Lay out the overall objectives, stakeholders, and governance structure for the project.

    Key Benefits Achieved

    Align everyone on the sponsor, key stakeholders, vision, and goals for your project

    Activities

    1.1 Select the project sponsor.

    1.2 Identify your stakeholders.

    1.3 Align on a project vision.

    1.4 List your guiding principles.

    1.5 Confirm your goals and objectives for the implementation project.

    1.6 Define the project governance structure.

    Outputs

    Project sponsor has been selected.

    Project stakeholders have been identified and mapped with their roles and responsibilities.

    Vision has been defined.

    Guiding principles have been defined.

    Articulated goals and objectives.

    Detailed governance structure.

    2 Set up for Success

    The Purpose

    Define the elements of the playbook that provide scope and boundaries for the implementation.

    Key Benefits Achieved

    Align the implementation team on the scope for the project and how the team should operate during the implementation.

    Activities

    2.1 Gather and review requirements, with an agreed to scope.

    2.2 Define metrics for your project.

    2.3 Define and document the risks that can impact the project.

    2.4 Establish team composition and identify the team.

    2.5 Detail your OCM structure, resources, roles, and responsibilities.

    2.6 Define requirements for training.

    2.7 Create a communications plan for stakeholder groups and delivery teams.

    Outputs

    Requirements for enterprise application implementation with an agreed-to scope.

    Metrics to help measure what success looks like for the implementation.

    Articulated list of possible risks during the implementation.

    The team responsible and accountable for implementation is identified.

    Details of your organization’s change management process.

    Outline of training required.

    An agreed-to plan for communication of project status.

    3 Document Your Plan

    The Purpose

    With the structure and boundaries in place, we can now lay out the details on the implementation plan.

    Key Benefits Achieved

    A high-level plan is in place, including next steps and a process on running retrospectives.

    Activities

    3.1 Define your implementation steps.

    3.2 Create templates to enable follow-up throughout the project.

    3.3 Decide on the tracking tools to help during your implementation.

    3.4 Define the follow-up processes.

    3.5 Define project progress communication.

    3.6 Create a Change request process.

    3.7 Define your retrospective process for continuous improvement.

    3.8 Prepare a closure document for sign-off.

    Outputs

    An agreed to high-level implementation plan.

    Follow-up templates to enable more effective follow-ups.

    Shortlist of tracking tools to leverage during the implementation.

    Defined processes to enable follow-up.

    Defined project progress communication.

    A process for managing change requests.

    A process and template for running retrospectives.

    A technique and template for closure and sign-off.

    Further reading

    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn’t start with technology, but with an effective plan that the team can align on.

    Analyst Perspective

    Your implementation is not just about technology, but about careful planning, collaboration, and control.

    Recardo de Oliveira

    A successful enterprise application implementation requires more than great software; it requires a clear line of sight to the people, processes, metrics, and tools that can help make this happen.

    Additionally, every implementation is unique with its own set of challenges. Working through these challenges requires a tailored approach taking many factors into account. Building out your playbook for your implementation is an important initial step before diving head-first into technology.

    Regardless of whether you use an implementation partner, a playbook ensures that you don’t lose your enterprise application investment before you even get started!

    Ricardo de Oliveira

    Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Given the increasing complexity of software implementations, you are continually challenged with staying above water with your current team.
    • Rapid changes in the business make maintaining project sponsors’ engagement challenging.
    • Project sprawl across the organization has created a situation where project leads track progress in their own way. This makes it difficult for leadership to identify what was successful (and what wasn’t).

    Common Obstacles

    • Your best process experts are the same people you need to keep the business running. The business cannot afford to have its best people pulled into the implementation for long periods of time.
    • Enterprise application implementations generate huge organizational changes and the adoption of the new systems and processes resulting from these projects are quite difficult.
    • People are generally resistant to change, especially large, transformational changes that will impact the day-to-day way of doing things.

    Info-Tech's Approach

    • Build your enterprise application implementation playbook. Follow these steps to build your enterprise application playbook:
      • Define your sponsor, map out your stakeholders, and lay out the vision, goals, and objectives for your project.
      • Detail the scope, metrics, and the team that will make it happen.
      • Detail the steps and processes that will carry you through the implementation

    Info-Tech Insight

    An effective enterprise application implementation playbook is not just a list of steps; it is a comprehensive view of what is necessary to support your implementation. This starts with a people-first approach. Start by asking about sponsors, stakeholders, and goals. Without asking these questions first, the implementation will be set up for failure, regardless of the technology, processes, and tools available.

    Enterprise Applications Lifescycle Advisory Services. Strategy, selection, implementation, optimization and operations.

    Insight summary

    Building an effective playbook starts with asking the right questions, not jumping straight into the technical details.

    • This blueprint provides the steps required to lay out an implementation playbook to align the team on what is necessary to support the implementation.
    • Build your Enterprise Application Implementation Playbook by:
      • Aligning and confirming project’s goals, stakeholders, governance and team.
      • Clearly defining what is in and out of scope for the project and the risks involved.
      • Building up a strong change management process.
      • Providing the tools and processes to keep track of the project.
      • Pulling it all together into an actionable playbook.

    Grapsh showing 39%

    Lack of planning is the reason that 39% of projects fail. Poor project planning can be disastrous: The consequences are usually high costs and time overruns.

    Graph showing 20%

    Almost 20% of IT projects can fail so badly that they can become a threat to a company’s existence. Lack of proper planning, poor communication, and poorly defined goals all contribute to the failure of projects.

    Graph showig 2.5%

    A PwC study of over 10,640 projects found that a tiny portion of companies – 2.5% – completed 100% of their projects successfully. These failures extract a heavy cost – failed IT projects alone cost the United States $50-$150B in lost revenue and productivity.

    Source: Forbes, 2020

    Planning and control are key to enterprise project success

    An estimated 70% of large-scale corporate projects fail largely due to a lack of change management infrastructure, proper oversight, and regular performance check-ins to track progress (McKinsey, 2015).

    Table showing that 88% of projects completed on time, 90% completed within budget and 92% meet original goals. 68% of projects have scope creep, 24% deemed failures and 46% experience budget lose when project fails

    “A survey published in HBR found that the average IT project overran its budget by 27%. Moreover, at least one in six IT projects turns into a ‘black swan’ with a cost overrun of 200% and a schedule overrun of 70%. Kmart’s massive $1.2B failed IT modernization project, for instance, was a big contributor to its bankruptcy.”

    Source: Forbes, 2020

    Sponsor commitment directly improves project success.

    Having the right sponsor significantly improves your chances of success across many different dimensions:

    1. On-time delivery
    2. Delivering within budget
    3. Delivered within an agreed-to scope
    4. Delivered with sufficient quality.
    Graph that shows Project success scores versus sponsor involvement in change communication. Shows increase for projects on time, projects on budget, within scope and overall quality.

    Source: Info-Tech, PPM Current State Scorecard Diagnostic

    Executive Brief Case Study

    Chocolate manufacturer implementing a new ERP

    INDUSTRY

    Consumer Products

    SOURCE

    Carlton, 2021

    Challenge

    Not every ERP ends in success. This case study reviews the failure of Hershey, a 147-year-old confectioner, headquartered in Hershey Pennsylvania. The enterprise saw the implementation of an ERP platform as being central to its future growth.

    Solution

    Consequently, rather than approaching its business challenge on the basis of an iterative approach, it decided to execute a holistic plan, involving every operating center in the company. Subsequently, SAP was engaged to implement a $10 million systems upgrade; however, management problems emerged immediately.

    Results

    The impact of this decision was significant, and the company was unable to conduct business because virtually every process, policy, and operating mechanism was in flux simultaneously. The consequence was the loss of $150 million in revenue, a 19% reduction in share price, and the loss of 12% in international market share.

    Remember: Poor management can scupper implementation, even when you have selected the perfect system.

    A successful software implementation provides more than simply immediate business value…

    It can build competitive advantage.

    • When software projects fail, it can jeopardize an organization’s financial standing and reputation, and in some severe cases, it can bring the company down altogether.
    • Rarely do projects fail for a single reason, but by understanding the pitfalls, developing a risk mitigation plan, closely monitoring risks, and self-evaluating during critical milestones, you can increase the probability of delivering on time, on budget, and with the intended benefits.

    Benefits are not limited to just delivering on time. Some others include:

    • Building organizational delivery competence and overall agility.
    • The opportunity to start an inventory of best practices, eventually building them into a center of excellence.
    • Developing a competitive advantage by maximizing software value and continuously transforming the business.
    • An opportunity to develop a competent pool of staff capable of executing on projects and managing organizational change.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Your Enterprise Application Implementation Playbook – Timeline Tool

    Supporting template that captures the project timeline information, issue log, and follow-up dashboard.

    Info-Tech: Project Planning and Monitoring Tool.
    Light Project Change Request Form Template

    This tool will help you record the requested change, and allow you to assess the impact of the change and proceed with the approval process.

    Info-Tech: Light change request form template.

    Key deliverable:

    Your Enterprise Application Implementation Playbook

    Record the results from the exercises to define the steps for a successful implementation.

    Build your enterprise application implementation playbook.

    Info-Tech’s methodology for Your Enterprise Application Implementation Playbook

    Phase Steps

    1. Understand the Project

    1. Identify the project sponsor
    2. Define project stakeholders
    3. Review project vision and guiding principles
    4. Review project objectives
    5. Establish project governance

    2. Set up for success

    1. Review project scope
    2. Define project metrics
    3. Prepare for project risks
    4. Identify the project team
    5. Define your change management process

    3. Document your plan

    1. Develop a master project plan
    2. Define a follow-up plan
    3. Define the follow-up process
    4. Understand what’s next
    Phase Outcomes
    • Project sponsor has been selected
    • Project stakeholders have been identified and mapped with their roles and responsibilities.
    • Vision, guiding principles, goals objectives, and governance have been defined
    • Project scope has been confirmed
    • Project metrics to identify successful implementation has been defined
    • Risks have been assessed and articulated.
    • Identified project team
    • An agreed-to change management process
    • Project plan covering the overall implementation is in place, including next steps and retrospectives

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    The three phases of guided implementation.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889 Activities and deliverables for each module of the workshop. Module 1: understanding the project, Module 2: Set up for success, Modeule 3: Document your plan, and Post Workshop: Next steps and Wrap-up(offsite).

    Phase 1

    Understand the project

    3 phases, phase 1 is highlighted.

    This phase will walk you through the following activities:

    1.1 Identify the project sponsor

    1.2 Identify project stakeholders

    1.3 Review project vision and guiding principles

    1.4 Review project objectives

    1.5 Establish project governance

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 1.1

    Identify the project sponsor

    Activities

    1.1.1 Define the project sponsor's responsibilities

    1.1.2 Shortlist potential sponsors

    1.1.3 Select the project sponsor

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Selected sponsor.

    Sponsor commitment directly improves project success.

    Having the right sponsor significantly improves your chances of success across many different dimensions:

    1. On-time delivery
    2. Delivering within budget
    3. Delivered within an agreed-to scope
    4. Delivered with sufficient quality.

    Graph that shows Project success scores versus sponsor involvement in change communication. Shows increase for projects on time, projects on budget, within scope and overall quality.

    Source: Info-Tech, PPM Current State Scorecard Diagnostic

    Typical project sponsor responsibilities

    • Help define the business goals of their projects before they start.
    • Provide guidance and support to the project manager and the project team throughout the project management lifecycle.
    • Ensure that sufficient financial resources are available for their projects.
    • Resolve problems and issues that require authority beyond that of the project manager.
    • Ensure that the business objectives of their projects are achieved and communicated.

    For further discussion on sponsor responsibilities, use Info-Tech’s blueprint, Drive Business Value With a Right-Sized Project Gating Process

    Portrait of head with multiple layers representing the responsibilities of a sponsor. From top down: Define business goals, provide guidance, ensure human ad financial resources, resolve problems and issues.

    1.1.1 Define the project sponsor’s responsibilities

    0.5-1 hour

    1. Discuss the minimum requirements for a sponsor at your organization.
    2. As a group, brainstorm the criteria necessary for an individual to be a project sponsor:
      1. Is there a limit to the number of projects they can sponsor at one time?
      2. Is there a minimum number of hours they must be available to the project team?
      3. Do they have to be at a certain seniority level in the organization?
      4. What is their role at each stage of the project lifecycle?
    3. Document these criteria on a whiteboard.
    4. Record the sponsor’s responsibilities in section 1.1 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Requirements for a sponsor
    • Your responsibilities as a sponsor

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.1 Define the project sponsor’s responsibilities (Continued)

    Example

    Project sponsor responsibilities.

    1.1.2 Shortlist potential sponsors

    0.5-1 hour

    1. Based on the responsibilities defined in Exercise 1.1.1, produce a list of the potential sponsors.
    2. Record the sponsor’s shortlist in section 1.2 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Characteristics of a sponsor
    • Your list of candidates

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.2 Shortlist potential sponsors (Continued)

    Example

    Shortlist of potential sponsors. 6 names listed with checkmarks on criteria ranking.

    Don’t forget, the project team is there to support the sponsor

    Given the burden of the sponsor role, the project team is committed to doing their best to facilitate a successful outcome.

    Project Success: Follow best practices, escalate issues, stay focused, communicate, adapt to change.

    • Follow the framework set out by the governance group at the organization to drive efficiency on the project.
    • Ensure stakeholders with proper authority are notified of issues that occur during the project.
    • Stay focused on the project tasks to drive quality on the deliverables and avoid rework after the project.
    • Communicate within the project team to drive coordination of tasks, complete deliverables, and avoid resource waste.
    • Changes are more common than not; the team must be prepared to adjust plans and stay agile to adapt to changes for the project.

    Seek the key characteristics of a sponsor

    Man walking up stairs denoting characteristics of a good sponsor. First step: Leader, second step: Strong Communicator, third step: knowledgeable, fourth step: problem solver, fifth step: delegator, final step: dedicated.

    1.1.3 Select the project sponsor

    0.5-1 hour

    1. Review the characteristics and the list of potential candidates.
    2. Assess availability, suitability, and desire of the selected sponsor.
    3. Record the selected sponsor in section 1.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • List of candidates
    • Characteristics of a sponsor
    • Your selected sponsor

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.3 Select the project sponsor (Continued)

    Example

    Name of example sponsor with their key traits listed.

    Step 1.2

    Identify the project stakeholders

    Activities

    1.2.1 Identify your stakeholders

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Stakeholders’ management plan

    How to find the right stakeholders

    Start with the obvious candidates, but keep an open mind.

    How to find stakeholders

    • Talk to your stakeholders and ask who else you should be talking to, to discover additional stakeholders and ensure you don’t miss anyone.
    • Less obvious stakeholders can be found by conducting various types of trace analysis, i.e. following various paths flowing from your initiative through to the path’s logical conclusion.

    Create a stakeholder network map for your application implementation

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Stakeholder network map showing direction of professional influence as well as bidirectional, informal influence relationships.

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your enterprise application operates in. It is every bit as important as the teams who enhance, support, and operate your applications directly.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have substantial informal relationships with your stakeholders.

    Understand how to navigate the complex web of stakeholders

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Graph showing influence vs. interest, divided into 4 quadrants. Low influence and intersest is labeled: Monitor, low influence and high interest is labeled: Keep informed, High influence and low interest is labeled: Keep satisfied, and high influence and high interest is labeled: Involve closely

    Large-scale projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    Map the organization’s stakeholders

    List of various stakeholder titles. As well as a graph showing the influence vs involvement of each stakeholder title. Influence and interest is divided into 4 quadrants: Monitor, Keep informed, keep satisfied, and involve closely.

    1.2.1 Identify your stakeholders

    1-2 hours

    1. As a group, identify all the project stakeholders. A stakeholder may be an individual such as the CEO or CFO, or it may be a group such as front-line employees.
    2. Map each stakeholder on the quadrant based on their expected influence and involvement in the project
    3. Identify stakeholders and add them to the list.
    4. Record the stakeholders list in section 1.4 of Info-Tech’s Your Enterprise Application Implementation Playbook.
    5. Download Your Enterprise Application Implementation Playbook

      Input

      Output

      • Types of stakeholders
      • Your stakeholders initial list

      Materials

      Participants

      • Whiteboard/flip charts
      • Your Enterprise Application Implementation Playbook
      • Project team
      • Operations
      • SMEs
      • Team lead and facilitators
      • IT leaders

    1.2.1 Identify your stakeholders(Continued)

    Example

    Table with rows of stakeholders: Customer, End Users, IT, Vendor and other listed. Columns provide: description, examples, value and involvement level of each stakeholder.

    Step 1.3

    Review project vision and guiding principles

    Activities

    1.3.1 Align on a project vision

    1.3.2 List your guiding principles

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Project vision and guiding principles

    Vision and guiding principles

    GUIDING PRINCIPLES

    Guiding principles are high-level rules of engagement that help to align stakeholders from the outset. Determine guiding principles to shape the scope and ensure stakeholders have the same vision.

    Creating Guiding Principles

    Guiding principles should be constructed as full sentences. These statements should be able to guide decisions.

    EXAMPLES
    • [Organization] is implementing an ERP system to streamline processes and reduce redundancies, saving time and money.
    • [Organization] is implementing an ERP to integrate disparate systems and rationalize the application portfolio.
    • [Organization] is aiming at taking advantage of industry best practices and strives to minimize the level of customization required in solution.

    Questions to Ask

    1. What is a strong statement that will help guide decision making throughout the life of the ERP project?
    2. What are your overarching requirements for business processes?
    3. What do you ultimately want to achieve?
    4. What is a statement that will ensure all stakeholders are on the same page for the project?

    1.3.1 Align on a project vision

    1-2 hours

    1. As a group, discuss whether you want to create a separate project vision statement or restate your corporate vision and/or goals.
      1. A project vision statement will provide project-guiding principles, encompass the project objectives, and give a rationale for the project.
      2. Using the corporate vision/goals will remind the business and IT that the project is to implement an enterprise application that supports and enhances the organizational objectives.
    2. Record the project vision in section 1.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Project vision statement defined during strategy building
    • Your project vision

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.3.1 Align on a project vision (Continued)

    Example

    Project Vision

    We, [Organization], will select and implement an integrated software suite that enhances the growth and profitability of the organization through streamlined global business processes, real-time data-driven decisions, increased employee productivity, and IT investment protection.

    Guiding principles examples

    The guiding principles will help guide your decision-making process. These can be adjusted to align with your internal language.

    • Support business agility: A flexible and adaptable integrated business system providing a seamless user experience.
    • Use best practices: Do not recreate or replicate what we have today; focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
    • Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
    • Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
    • Strive for "one source of truth": Unify data model and integrate processes where possible. Assess integration needs carefully.

    1.3.2 List your guiding principles

    1-2 hours

    1. Start with the guiding principles defined during the strategy building.
    2. Review each of the sample guiding principles provided and ask the following questions:
      1. Do we agree with the statement?
      2. Is this statement framed in the language we use internally? Does everyone agree on the meaning of the statement?
      3. Will this statement help guide our decision-making process?
    3. Record the guiding principles in section 1.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Guiding principles defined during strategy building
    • Your guiding principles

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.3.2 List your guiding principles (Continued)

    Example

    Guiding principals: Support business agility, use best practices, automate, stay focused, strive for `one source truth`.

    Step 1.4

    Review project objectives

    Activities

    1.4.1 Confirm your goals and objectives for the implementation project

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The objectives of the implementation project

    Review the elements of the project charter

    Leverage completed deliverables to get project managers started down the path of success.

    Deliverables of project chaters for PMs. Project purpose, scope, logistics and sign-off.

    1.4.1 List your guiding principles

    1-2 hours

    1. Articulate the high-level objectives of the project. (What are the goals of the project?)
    2. Elicit the business benefits the sponsor is committed to achieving. (What are the business benefits of the project?)
    3. Record Project goals and objectives in section 1.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Your BizDevOps objectives and metrics
    • Understanding of various collaboration methods, such as Scrum, Kanban, and Scrumban
    • Your chosen collaboration method

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.4.1 Confirm your goals and objectives for the implementation project (Continued)

    Example:

    Project Objectives: End-user visibility, New business development, employee experience. Business Benefits for each objective listed.

    Step 1.5

    Establish project governance

    Activities

    1.5.1 Define the project governance structure

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Approach to build an effective project governance

    1.5.1 List your guiding principles

    0.5-1 hour

    1. Identify the IT governance structure in place today and document the high-level function of each body (councils, steering committees, review boards, centers of excellence, etc.).
    2. Identify and document the existing enterprise applications governance structure, roles, and responsibilities (if any exist).
    3. Identify gaps and document the desired enterprise applications governance structure, roles, and responsibilities.
    4. Record the project governance structure in section 1.8 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • IT governance structure
    • Your project governance structure

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Governance is NOT management

    Three levels of governance: Team Level, Steering Committee Level, and Executive Governance Level.

    Info-Tech Insight

    You won’t get engagement unless there is a sense of accountability. Do not leave this vague. Accountability needs to be assigned to specific individuals in your organization to ensure the system development achieves what was intended by your organization and not what your system integrator (SI) intended.

    Who is accountable?

    Too many assumptions are made that the SI is accountable for all implementation activities and deliverables – this is simply untrue. All activities can be better planned for, and misunderstandings can be avoided, with a clear line of sight on roles and responsibilities and the documentation that will support these assumptions.

    Discuss, define, and document roles and responsibilities:
    • For each role (e.g. executive sponsor, delivery manager, test lead, conversion lead), clearly articulate the responsibilities of the role, who is accountable for fulfillment, and whether it’s a client role, SI role, or both.
    • Articulate the purpose of each deliverable clearly, define which individual or team has responsibility for it, and document who is expected to contribute.
    • Empower the team by granting them the authority to make decisions. Ease their reluctance to think outside the box for fear of stakeholder or user backlash.
    • The implementation cannot and will not be transformative if the wrong people are involved or if the right people have not been given the tools required to succeed in their role.

    1.5.2 List your guiding principles

    0.5-1 hour

    1. Assess the skills necessary for an enterprise implementation. Inventory the competencies required for an enterprise implementation team. Map your internal resources to each competency as applicable.
    2. Select your internal implementation team. Determine who needs to be involved closely with the implementation. Key stakeholders should also be considered as members of your implementation team.
    3. Identify the number of external consultants/support required for implementation. Consider your in-house skills, timeline, integration environment complexity, and cost constraints as you make your resourcing plan.
    4. Record governance team roles and responsibilities in 1.9 section of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Available resources (internal, external, contract)
    • Your governance structure roles and responsibilities

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.5.2 Define governance team roles and responsibilities (Continued)

    Example

    Governance team roles and their responsibilities.

    Phase 2

    Set up for success

    3 phases, phase 2 is highlighted.

    This phase will walk you through the following activities:

    2.1. Review project scope

    2.2. Define project metrics

    2.3. Prepare for project risks

    2.4. Identify the project team

    2.5. Define your change management process

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 2.1

    Review project scope

    Activities

    2.1.1 Gather and review requirements

    2.1.2 Confirm your scope for implementation

    2.1.3 Formulate a scope statement

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The project scope

    Requirements are key to defining scope

    Project scope management includes the processes required to ensure that the project includes all and only the work required to complete the project successfully. Therefore, managing project scope is about defining and controlling what is and is not included in the project.

    PMBOK defines requirements as “conditions or capabilities that are to be met by the project or present in the product, service, or result to satisfy an agreement or other formally imposed specification.” Detailed requirements should be gathered and elicited in order to provide the basis for defining the project scope.

    70% of projects fail due to poor requirements, organizations using poor practices spent 62% more, 4th highest correlation to high IT performance is requirements gathering.

    Well-executed requirements gathering results in:

    • Consistent approach from project to project, resulting in more predictable outcomes.
    • Solutions that meet the business need on the surface and under the hood.
    • Reduce risk for fast-tracked projects by establishing a right-sized approach.
    • Requirements team that can drive process improvement and improved execution.
    • Confidence when exploring solution alternatives.

    Poorly executed requirements gathering results in:

    • IT receiving the blame for any project shortcomings or failures.
    • Business needs getting lost in the translation between the initial request and final output.
    • Inadequate solutions or cost overruns and dissatisfaction with IT.
    • IT losing its credibility as stakeholders do not see the value and work around the process.
    • Late projects that tie up IT resources longer than planned, and cost overruns that come out of the IT budget.
    • Inconsistent project execution, leading to inconsistent outcomes.

    Strong stakeholder satisfaction with requirements results in higher satisfaction in other areas

    High stakeholder satisfaction with requirements results in higher satisfaction in other areas.

    Note: “High satisfaction” was classified as a score greater or equal to eight, and “low satisfaction” was every organization that scored below eight on the same questions.

    2.1.1 Gather and review requirements

    1-2 hours

    1. Once existing documentation has been gathered, evaluate the effectiveness of the documentation and decide whether you need additional information to proceed to current-state mapping.
    2. The initiative team should avoid spending too much time on the discovery phase, as the goal of discovery is to obtain enough information to produce a level-one current-state map.
    3. Consider reviewing capabilities, business processes, current applications, integration, and data migration.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Your requirements, capabilities, business processes, current applications, integration, and/or data migration
    • Your requirements, capabilities, business processes, current applications, integration, and/or data migration revisited

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.1 Requirements list

    Example

    Requirements with description, category and priority.

    2.1.2 Confirm your scope for implementation

    1-2 hours

    1. Based on the requirements, write down features of the product or services, as well as dependencies with other interfaces.
    2. Write down exclusions to guard against scope creep.
    3. Validate the scope by asking these questions:
      1. Will this scope provide a common understanding for all stakeholders, including those outside of IT, as to what the project will accomplish and what it excludes?
      2. Should any detail be added to prevent scope creep later?
    4. Record the project scope in section 2.1 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • What’s in scope
    • What’s out of scope
    • What needs to integrate
    • Your scope areas

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.2 Scope detail

    Example

    Example of scope detail. Table with scope levels: In scope, out of scope and existing scope. Each scope level has details about it listed.

    Distill your requirements into a scope statement

    Requirements are about the what and the how.
    Scope specifies the features of the product or service – what is in and what is out
    Table showing Requirement document vs. Scope statement. It lists the audience, content, inputs and outputs for each.

    The Build Your Enterprise Application Implementation Playbook 2.2 Project Scope Statement includes:

    • Scope description (features, how it interfaces with other solution components, dependencies).
    • Exclusions (what is not part of scope).
    • Deliverables (product outputs, documentation).
    • Acceptance criteria (what metrics must be satisfied for the deliverable to be accepted).
    • Final sign-off (owner).
    • Project exclusions (scope item, details).

    The scope statement should communicate the breadth of the project

    To assist in forming your scope statement, answer the following questions:
    • What are the major coverage points?
    • Who will be using the systems?
    • How will different users interact with the systems?
    • What are the objectives that need to be addressed?
    • Where do we start?
    • Where do we draw the line?

    2.1.3 Formulate a scope statement

    1-2 hours

    1. Lay out the scope description (features, how it interfaces with other solution components, dependencies).
    2. Record the exclusions (what is not part of scope).
    3. Fill out the scope statement.
    4. Record the scope statement in section 2.2 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your scope areas
    • Your scope statement

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Scope statement template
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.3 Scope statement

    Example

    Examples of scope statements showing the following: Product or service in scope, project deliverables and acceptance criteria, and project exclusions.

    Step 2.2

    Review project scope

    Activities

    2.2.1 Define metrics for your project

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The project metrics

    Building leading indicators

    Lagging KPIs are relatively simple to identify, whereas leading KPIs can be more elusive.

    For example, take the lagging KPI “Customer Satisfaction.” How do you turn that into a leading KPI? One method is to look at sources of customer complaints. In a retail sales system, backordered items will negatively impact customer satisfaction. As a leading indicator, track the number of orders with backordered lines and the percentage of the total order that was backordered.

    Performance Metrics

    Use leading and lagging metrics, as well as benchmarks, to track the progress of your system.

    Leading KPIs: Input-oriented measures:

    • Number of active users in the system.
    • Time-to-completion for processes that previously experienced efficiency pain points.

    Lagging KPIs: Output-oriented measures:

    • Faster production times.
    • Increased customer satisfaction scores

    Benchmarks: A standard to measure performance against:

    • Number of days to ramp up new users.

    Info-Tech Insight

    Leading indicators make the news; lagging indicators report on the news. Focusing on leading indicators allows you to address challenges before they become large problems with only expensive solutions.

    2.2.1 Define metrics for your project

    1-2 hours

    1. Examine outputs from any feedback mechanisms you have (satisfaction surveys, emails, existing SLAs, burndown charts, resourcing costs, licensing costs per sprint, etc.).
    2. Look at historical trends and figures when available. However, be careful of frequent anomalies, as these may indicate a root cause that needs to be addressed.
    3. Explore the definition of specific metrics across different functional teams to ensure consistency of measurement and reporting.
    4. Record the Project Metrics in section 2.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Outputs of any feedback mechanism
    • Historical trends
    • Your project tracking metrics

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.2.1 Metrics

    In addition to delivery metrics and system performance metrics, equip the business with process-based metrics to continuously prove the value of the enterprise software. Review the examples below as a starting point.

    Table showing metrics and desciption. Metrics listed are: Percent of requirements complete, issues found, issues resolved, and percent of processess complete.

    Step 2.3

    Prepare for project risks

    Activities

    2.3.1 Build a risk event menu

    2.3.2 Determine contextual risks

    2.3.3 Determine process risks

    2.3.4 Determine business risks

    2.3.5 Determine change risks

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your product canvas and product vision statement

    All risks are not created equal

    Project Risk consists of: Contextual risk, process risk, change risk and business risk.

    For more information on Info-Tech’s Four-Pillar Risk Framework, please see Right-Size Your Project Risk Investment.

    Info-Tech’s Four-Pillar Risk Framework

    Unusual risks should be detected by finding out how each project is different from the norm. Use this framework to start this process by confronting the risks that are more easily anticipated.

    2.3.1 Build a risk event menu

    0.5-1 hour

    1. Build and maintain an active menu of potential risk events across the four risk categories.
    2. Record the risk event menu in section 2.4 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Risk events
    • Your risk events menu

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.1 Risk event menu

    Example

    Risk event menu example. A table with: Contextual Risk, process risk, business risk, change risk events with examples for each.

    2.3.2 Determine contextual risks

    0.5-1 hour

    1. Contextual risk factors are those that operate within the context of your department, organization, and/or community.
    2. Fill out contextual risks.
    3. Record the contextual risks in section 2.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your contextual risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.2 Contextual risks

    Example

    two tables for Contextual risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.3 Determine process risks

    0.5-1 hour

    1. Process risks are those that involve project sponsorship, project management, business and functional requirements, work assignment, communication, and/or visibility.
    2. Fill out process risks.
    3. Record the process risks in section 2.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your process risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.3 Process risks

    Example

    two tables for Process risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.4 Determine business risks

    0.5-1 hour

    1. Business risks are those that affect the bottom line of the organization. They usually have implications on revenue, costs, and/or image.
    2. Fill out business risks.
    3. Record the business risks in section 2.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your business risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.4 Business risks

    Example

    two tables for Business risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.5 Determine change risks

    0.5-1 hour

    1. Change risks are those that result from imposing changes on the people and customers of the organization and their daily routines.
    2. Fill change risks.
    3. Record the change risks in section 2.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your business risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.5 Change risks

    Example

    two tables for Change risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    Step 2.4

    Identify the project team

    Activities

    2.4.1 Establish team composition

    2.4.2 Identify the team

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to get your project team ready

    Understand the unique external resource considerations for the implementation

    Organizations rarely have sufficient internal staffing to resource an enterprise software implementation project entirely on their own. Consider the options for closing the gap in internal resource availability.

    The most common project resourcing structures for enterprise projects are:

    1. Management consultant
    2. Vendor consultant
    3. System integrator

    When contemplating a resourcing structure, consider:

    • Availability of in-house implementation competencies and resources.
    • Timeline and cost constraints.
    • Integration environment complexity.

    CONSIDER THE FOLLOWING

    Internal Vs. External Roles and Responsibilities

    Clearly delineate between internal and external team responsibilities and accountabilities and communicate this to your technology partner upfront.

    Internal Vs. External Accountabilities

    Accountability is different than responsibility. Your vendor or SI partner may be responsible for completing certain tasks, but be careful not to outsource accountability for the implementation – ultimately, the internal team will be accountable.

    Partner Implementation Methodologies

    Often vendors and/or SIs will have their own preferred implementation methodology. Consider the use of your partner’s implementation methodology; however, you know what will work for your organization.

    Info-Tech Insight

    Selecting a partner is not just about capabilities, it’s about compatibility! Ensure you select a partner that has a culture compatible with your own.

    2.4.1 Establish team composition

    0.5-1 hour

    1. Assess the skills necessary for an enterprise implementation.
    2. Select your internal implementation team.
    3. Identify the number of external consultants/support required for implementation.
    4. Document the roles and responsibilities, accountabilities, and other expectations as they relate to each step of the implementation.
    5. Record the team composition in section 2.9 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • List of project team skills
    • Your team composition
    • Your business risks

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.4.1 Team composition

    Example

    Team composition: Role of each team member, and their skills.

    2.4.2 Identify the team

    0.5-1 hour

    1. Identify a candidate for each role and determine their responsibility in the project and their expected time commitment.
    2. The project will require a cross-functional team within IT and business units. Make sure the responsibilities are clearly communicated to the selected project sponsor.
    3. Create a RACI matrix for the project.
    4. Record the team list in section 2.10 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your team composition
    • Your team with responsibilities and commitment

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.4.2 Team list

    Example

    Team list: Role of each team member, candidate, responsibilities, and their commitment in hours per week.

    RACI example

    RACI example. Responsibilities and team member roles that are tasked with each responsibility.

    Step 2.5

    Define your change management process

    Activities

    2.5.1 Define OCM structure and resources

    2.5.2 Define OCM team’s roles and responsibilities

    2.5.3 Define requirements for training

    2.5.4 Create a communications plan for stakeholder groups, and delivery teams

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    A structure and procedures for an effective organizational change management

    Define your change management process to improve quality and adoption

    Organizational change management is the practice through which the PMO can improve user adoption rates and maximize project benefits.

    Correlation of change management effectiveness with meeting results.

    “It’s one thing to provide a new technology tool to your end users.

    It’s quite another to get them to use the tool, and still different for them to use the new tool proficiently.

    When your end users fully use a new technology and make it part of their daily work habits, they have ‘adopted’ the new tool.”

    – “End-User Adoption and Change Management Process” (2022)

    Large projects require organizational change management

    Organizational change management (OCM) governs the introduction of new business processes and technologies to ensure stakeholder adoption. The purpose of OCM is to prepare the business to accept the change.

    OCM is a separate body of knowledge. However, as a practice, it is inseparable from project management.

    In IT, project planning tends to fixate on technology, and it underestimates the behavioral and cultural factors that inhibit user adoption. Whether change is project-specific or continuous, it’s more important to instill the desire to change than to apply specific tools and techniques.

    Accountability for instilling this desire should start with the project sponsor. The project manager should support this with effective stakeholder and communication management plans.

    16% of projects with poor change management met or exceeded objectives. 71% of projects with excellent change management finish on or ahead of schedule. 67% of organizations include project change management in their initiatives.

    For further discussion on organizational change, use Info-Tech’s blueprint, Master Organizational Change Management Practices

    Your application implementation will be best served by centralizing OCM

    A centralized approach to OCM is most effective, and the PMO is already a centralized project office and is already accountable for project outcomes.

    What’s more, in organizations where accountabilities for OCM are not explicitly defined, the PMO will likely already be assumed to be the default change leader by the wider organization.

    It makes sense for the PMO to accept this accountability – in the short term at least – and claim the benefits that will come from coordinating and consistently driving successful project outcomes.

    In the long term, OCM leadership will help the PMO become a strategic partner with the executive layer and the business side.

    Short-term gains made by the PMO can be used to spark dialogues with those who authorize project spending and have the implicit fiduciary obligation to drive project benefits.

    Ultimately, it’s their job to explicitly transfer that obligation along with the commensurate resourcing and authority for OCM activities.

    Organizational resistance to change is cited as the #1 challenge to project success that PMOs face. Companies with mature PMOs that effectively manage change meet expectations 90% of the time.

    For further discussion on organizational change, use Info-Tech’s blueprint, Master Organizational Change Management Practices

    2.5.1 Define OCM structure and resources

    0.5-1 hour

    1. Assess the roles and resources that might be needed to help support these OCM efforts.
    2. Record the OCM structure in section 2.11 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your OCM structure and resources

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.5.1 OCM structure and resources

    Example

    OCM structure example. Table showing OCM activity and resources available to support.

    2.5.2 Define OCM team’s roles and responsibilities

    0.5-1 hour

    1. Assess the tasks required for the team.
    2. Determine roles and responsibilities.
    3. Record the results in the RACI matrix in section 2.13 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your communications timeline
    • Your OCM structure and resources
    • Your OCM plan and RACI matrix

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    OCM team’s roles and responsibilities

    Example

    Responsibilities for OCM team members.

    2.5.3 Define requirements for training

    0.5-1 hour

    1. Analyze HR requirements to ensure efficient use of HR and project stakeholder time.
    2. Outline appropriate HR and training activities.
    3. Define training content and make key logistical decisions concerning training delivery for staff and users.
    4. Record training requirements in section 2.14 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your OCM Plan and RACI matrix
    • Your HR training needs

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.5.3 Training requirements

    Example

    Training requirements example: Project milestones, milestone time frame, hr/training activities, activity timing, and notes.

    Project communication plans must address creation, flow, deposition, and security of project information

    A good communication management plan is like the oil that keeps moving parts going. Ensuring smooth information flow is a fundamental aspect of project management.

    Project communication management is more than keeping track of stakeholder requirements. A communication management plan must address timely and appropriate creation, flow, and deposition of information about the project – as well as the security of the information.

    Create:

    • In addition to standardized status reporting elements discussed for level 1 projects, level 2 and 3 projects may require additional information to be disseminated among key stakeholders and the PMO.

    Flow:

    • The plan must address the methods of communication. Distributed project teams require more careful planning, as they pose additional communication challenges.

    Deposit:

    • As the volume of information continues to grow exponentially, retrieving information becomes a challenge. The plan for depositing project information must be consistent with your organization’s content management policies.

    Security:

    • Preventing unauthorized access and information leaks is important for projectsthat are intended to provide the organization with a competitive edge or for projects that deal with confidential data.
    45% of organizations had established mature communications and engagement processes.

    2.5.4 Create a communications timeline

    0.5-1 hour

    1. Base your change communications on your organization’s cultural appetite for change in general.
    2. Document communications plan requirements.
    3. Create a high-level communications timeline.
    4. Tailor a communications strategy for each stakeholder group.
    5. Record the communications timeline in section 2.12 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your OCM structure and resources
    • Your project objectives
    • Your project scope
    • Your stakeholders’ management plan
    • Your communications timeline

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Example of communications timeline

    Project sponsors are the most compelling storytellers to communicate the change

    Example of project communications timeline. Planning, requirements, design, development, QA, deployment, warranty, and benefits/closure.

    Info-Tech Insight

    Communication with stakeholders and sponsors is not a single event, but a continual process throughout the lifecycle of the project implementation – and beyond!

    Phase 3

    Document your plan

    3 phases, phase 3 is highlighted.

    This phase will walk you through the following activities:

    3.1 Develop a master project plan

    3.2. Define a follow-up plan

    3.3. Define the follow-up process

    3.4. Understand what’s next

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 3.1

    Develop a master project plan

    Activities

    3.1.1 Define your implementation steps

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your resourcing and master plans

    Resources Vs. Demand

    Organizations rarely have sufficient internal staffing to resource an enterprise software implementation project entirely on their own. Consider the options for closing the gap in internal resource availability.

    Project demand: Data classification, cloud strategy, application rationalization, recovery planning etc. must be weighted against the organizations internal staffing resources.

    Competing priorities

    Example

    Table for competing priorities: List of projects, their timeline, priority notes, and their implications.

    3.1.1 Define your implementation steps

    0.5-1 hour

    1. Write each phase of the project on a separate sticky note and add it to the whiteboard. Determine what steps make up each phase. Write each step of the phase on a separate sticky note and add it to the whiteboard.
    2. Determine what tasks make up each step. Write each task of the step on a separate sticky note and add it to the whiteboard.
    3. Record the tasks in the Your Enterprise Application Implementation Playbook – Timeline tool. This tool has an example of a typical list of tasks, to help you start your master plan. Use the timeline for project planning and progress tracking.
    4. Record your project’s basic data and work schedule.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Project's work breakdown structure
    • Your project master plan

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Implementation plan – basic data

    Record your project name, project manager, and stakeholders from previous exercises.

    Example project information form: Project name, estimated start date, estimated end date, project manager, stakeholders, and time off of project.

    Implementation plan – work schedule

    Use this template to keep track of all project tasks, dates, owners, dependencies, etc.

    Use this template to keep track of all project tasks, dates, owners, dependencies, etc.

    “Actual Start Date” and “Actual Completion Date” columns must be updated to be reflected in the Gantt chart.

    This information will also be captured as the source for session 3.2.1 dashboards.

    Step 3.2

    Define a follow up plan

    Activities

    3.2.1 Create templates to enable follow-up throughout the project

    3.2.2 Decide on the tracking tools to help during your implementation

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create the processes and define the tools to track progress

    Leveraging dashboards

    Build a dashboard that reflects the leading metrics you have identified. Call out requirements that represent key milestones in the implementation.

    For further information on monitoring the project, use Info-Tech’s blueprint, Governance and Management of Enterprise Software Implementation

    Build a dashboard that reflects the leading metrics you have identified. Call out requirements that represent key milestones in the implementation.

    3.2.1 Create templates to enable follow-up throughout the project

    0.5-1 hour

    1. Create status report, dashboards/charts, budget control, risk/issues/gaps templates, and change request forms.
    2. Build a dashboard that reflects the leading metrics you have identified.
    3. Call out requirements that represent key milestones in the implementation.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your projects master plan
    • Your project follow-up kit

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Dashboards

    Based on the inputs in session 3.1.1 Define Your Implementation Steps, once the “Actual Start Date” and “Actual Completion Date” columns have been updated, this dashboard will present the project status and progress

    Based on the inputs in session 3.1.1 Define Your Implementation Steps, once the “Actual Start Date” and “Actual Completion Date” columns have been updated, this dashboard will present the project status and progress.

    This executive overview of the project's progress is meant to be used during the status meeting.

    Select the right tools

    Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

    SoftwareReviews, Requirements Management, 2023

    SoftwareReviews, Project Management, 2023

    SoftwareReviews, Business Intelligence & Analytics, 2023

    3.2.2 Decide on the tracking tools to help during your implementation

    0.5-1 hour

    1. Based on the standards within your organization, select the appropriate project tracking tools to help you track the implementation project.
    2. If you do not have any tools or wish to change them, please see leverage Info-Tech’s SoftwareReviews to help you in making your decision.
    3. Consider tooling across a number of different categories:
      1. Requirements Management
      2. Project Management
      3. Reporting and Analytics
    4. Record the project tracking tools in section 3.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project follow-up kit
    • Your project follow-up kit tools

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Example: project tools

    Table listing project tools by type, use, and products available.

    Step 3.3

    Define a follow-up process

    Activities

    3.3.1 Define project progress communication

    3.3.2 Create a change request process

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your follow-up process

    Project status updates should occur throughout the implementation

    Project status updates can be both formal and informal. Formal status updates provide a standardized means of disseminating information on project progress. It is the lifeblood of project management: Accurate and up-to-date status reporting enables your project manager to ensure that your project can continue to use the resources needed.

    Informal status updates are done over coffee with key stakeholders to address their concerns and discuss key outcomes they want to see. Informal status updates help to build a more personal relationship.

    Ask for feedback during the status update meetings. Use the meeting as an opportunity to align values, goals, and incentives.

    Codify the following considerations:

    • Minimum requirement for a formal status update:
      • Frequency of reporting, as required by the project portfolio
      • Parties to be consulted and informed
      • Recording, producing, and archiving meeting minutes, both formal and informal
    • Procedure for follow-up on feedback generated from status updates:
      • Filing change requests
      • Keeping the change requester/relevant stakeholders in the loop

    3.3.1 Define project progress communication

    0.5-1 hour

    1. Provide a standardized means of disseminating information on project progress.
    2. Create an accurate and up-to-date status report to help keep team engaged and leadership supporting the project.
    3. Record the project progress communication in section 3.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project follow-up process
    • Your project progress communication

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Project progress communication

    Example

    Example table of project progress communication. Audience, purpose, delivery/format, communicator, delivery date, and status/notes.

    Manage project scope changes

    1. Change in project scope is unpredictable and almost inevitable regardless of project size. If changes are not properly managed, the project runs the risk of scope creep and loss of progress. Therefore, changes need to be monitored and controlled.
    2. Scope change can be initiated voluntarily by the project sponsor or other stakeholders, or it could be a mandatory reaction to changing project process.
    3. Scope change may also take place due to internal factors such as a stakeholder requiring more extensive insights or external factors such as changing market conditions.
    4. Scope changes have the potential to affect project outcomes either positively or negatively, depending on how the change is managed and implemented. The project manager should take care to maintain focus on the project’s ultimate objectives; consideration needs to be given as to what to do and what to give up.
    5. If changes arise, project managers should ensure that adequate resources and actions are provided so the project can be completed on time and on budget.
    • The project manager needs to use both hard and soft skills: analytical skills for evaluating and quantifying the impact of potential changes and communication skills for communicating and negotiating with stakeholders.
    • Build trust and credibility by taking an evidence-based approach when presenting changes. This gives you room to respectfully push back on certain changes.
    • Assess changes before crossing them off the list, but don’t be afraid to say no. Greater care must be taken when there is very limited budgetary freedom or when scope changes will interfere with the critical path.
    • All change requests must be received by the project manager first so they can make sure that IT project resources are not approached with multiple ad hoc change requests.

    Document your process to manage project change requests

    1 Initial assessment

    Using the scope statement as the reference point:

    • Why do we need the change?
    • Is the change necessary?
    • What is the business value that the change brings to the project?

    Recommend alternative solutions that are easier to implement while consulting the requester.

    2 Minor change

    If the change has been classified as minor, the project manager and the project team can tackle it directly, since it doesn’t affect project budget or schedule in a significant way. Ensure that the change is documented.

    3 conduct an in-depth assessment

    The project manager should bring major changes to the attention of the project sponsor and carry out a detailed assessment of the change and its impact.

    Additional time and resources are required to do the in-depth assessment because the impact on the project can be complex and affect requirements, resources, budget, and schedule.

    4 Obtain approval from the governing body

    Present the results to the governing body. Since a major change significantly affects the project baseline beyond the authorized contingency, it is the responsibility of the governing body to either approve the change with allocation of additional resources or reject the change and maintain course.

    Flow chart to document your process to manage project change requests.

    For further discussion on change requests, use Info-Tech’s blueprint, Begin Your Projects With the End in Mind

    3.3.2 Create a change request process

    0.5-1 hour

    1. Identify any existing processes that you have for addressing changes for projects.
    2. Discuss whether or not the current change request process will suit the project at hand.
    3. Define the agreed-to change request process that fits your organization’s culture.
    4. For a change request template, you can leverage, refer to section 3.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.
    5. Make any changes to the template as necessary.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project scope
    • Your change request

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    3.3.2 Create a change request process (Continued)

    Example of a change request process form.

    Step 3.4

    Understand what's next

    Activities

    3.4.1 Run a “lessons learned” session for continuous improvement

    3.4.2 Prepare a closure document for sign-off

    3.4.3 Document optimization and future release opportunities

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Lessons learned throughout the project-guiding

    Good project planning is key to smooth project closing

    Begin with the end in mind. Without a clear scope statement and criteria for acceptance, it’s anyone’s guess when or how a project will end.

    During the closing process, the project manager should use planning and execution documents, such as the project charter and the scope statement, to assess project completeness and obtain sign-off based on the acceptance criteria.

    Project completion criteria should be clearly defined. For example, the project is defined as finished when costs are in, vendor receipts are received, financials are reviewed and approved, etc.

    However, there are other steps to be taken after completing the project deliverables. These activities include:

    • Transferring project knowledge and operations to support
    • Completing user training
    • Obtaining business sign-off and acceptance
    • Releasing resources
    • Conducting post-mortem meeting
    • Archiving project assets

    The project manager needs to complete all project management processes, including:

    • Risk management (close out risk assessment and action plan)
    • Quality management (test the final deliverables against acceptance criteria)
    • Stakeholder management (decision log, close out issues, plan and assign owners for resolutions of open issues)
    • Project team management (performance evaluation for team members as well as the project manager)

    3.4.1 Define the process for lessons learned

    0.5-1 hour

    1. Determine the reporting frequency for lessons learned.
    2. Consider attributing lessons learned to project phases.
    3. Coordinate lessons learned check-ins with project milestones to review and reflect.
    4. At each reporting session, the project team should identify challenges and successes informally.
    5. The PM and the PMO should transform the reports from each team member into formalized lessons.
    6. Record lessons learned for each project in section 3.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project's lessons learned

    Materials

    Participants

    • Project Lessons Learned Template
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Lessons learned

    Example

    Form: Project successes, notes, areas of imporvement, impact, solution.

    Watch for these potential problems with project closure

    Don’t leave the door open for stakeholder dissatisfaction. Properly close out your projects.

    Potential problems with project closure.

    For further information on project closure issues, use Info-Tech’s blueprint, Get Started With Project Management Excellence.

    3.4.2 Prepare a closure document for sign-off

    0.5-1 hour

    1. Create a realistic closure and transition process that gains sign-off from the sponsor.
    2. Prepare a project closure checklist.
    3. Transfer accountability to operations, release project resources, and avoid disrupting other projects that are trying to get started.
    4. Record the project closure document in section 3.8 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your project scope
    • Your project's closure checklist

    Materials

    Participants

    • Project closure checklist Template
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Closure checklist

    Project closure checklist. project management checklist, deliverables, goals, benefits, outstanding action items and issues, handover of technical documents, knowledge transfer, sign-off.

    For further information on closure procedures, use Info-Tech’s blueprint, Begin Your Projects With the End in Mind.

    3.4.3 Document optimization and future release opportunities

    0.5-1 hour

    Consider the future opportunities for improvement post-release:

    1. Product and vendor satisfaction opportunities
    2. Capability and feature optimization opportunities
    3. Process optimization opportunities
    4. Integration optimization opportunities
    5. Data optimization opportunities
    6. Cost-saving opportunities
    7. Record optimization and future release opportunities in section 3.9 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your project scope
    • Your optimization opportunities list

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Optimization opportunities

    Example

    Optimization types and opportunities.

    Related Info-Tech Research

    Build upon your foundations

    Build an ERP Strategy and Roadmap

    • A business-led, top-management-supported initiative partnered with IT has the greatest chance of success. This blueprint provides business and IT the methodology for getting the right level of detail for the business processes that the ERP supports thus avoiding getting lost in the details.

    Governance and Management of Enterprise Software Implementation

    • Implementing enterprise software is hard. You need a framework that will greatly improve your chance of success. Traditional Waterfall project implementations have a demonstrated a low success rate for on-time, on-budget delivery.

    Select and Implement a Human Resource Information System

    • Your organization is in the midst of a selection and implementation process for a human resource information system (HRIS), and there is a need to disambiguate the market and arrive at a shortlist of vendors.

    Select and Implement an ERP Solution

    • Selecting and implementing an ERP is one of the most expensive and time-consuming technology transformations an organization can undertake. ERP projects are notorious for time and budget overruns, with only a margin of the anticipated benefits being realized.

    Right-Size Your Project Risk Investment

    • Avoid the all-or-nothing mindset; even modest investments in risk will provide a return. Learn from and record current and historical risk events so lessons learned can easily be embedded into future projects. Assign someone to own the risk topic and make it their job to keep a relevant menu of risks.

    Related Info-Tech Research

    Build upon your foundations

    Drive Business Value With a Right-Sized Project Gating Process

    • Many organizations have implemented gating as part of their project management process. So, what separates those who are successful from those who are not? For starters, successful gating requires that each gate is treated as an essential audit. That means there need to be clear roles and responsibilities in the framework.

    Master Organizational Change Management Practices

    • Organizational change management (OCM) is often an Achilles’ heel for IT departments and business units, putting projects and programs at risk – especially large, complex, transformational projects.

    Get Started With Project Management Excellence

    • Lack of proper scoping at the beginning of the project leads to constant rescoping, rescheduling, and budget overruns.

    ERP Requirements Picklist Tool

    • Use this tool to collect ERP requirements in alignment with the major functional areas of ERP. Review the existing set of ERP requirements as a starting point to compiling your organization's requirements.

    Begin Your Projects With the End in Mind

    • Stakeholders are dissatisfied with IT’s inability to meet or even provide consistent, accurate estimates. The business’ trust in IT erodes every time a project is late, lost, or unable to start.

    Get Started With IT Project Portfolio Management

    • Most companies are struggling to get their project work done. This is due in part to the fact that many prescribed remedies are confusing, disruptive, costly, or ineffective.

    Bibliography

    7 Shocking Project Management Statistics and Lessons We Should Learn.” TeamGantt, Jan. 2017.

    Akrong, Godwin Banafo, et al. "Overcoming the Challenges of Enterprise Resource Planning (ERP): A Systematic Review Approach." IJEIS vol.18, no.1 2022: pp.1-41.

    Andriole, S. “Why No One Can Manage Projects, Especially Technology Projects.” Forbes, 1 Dec. 2020.

    Andriole, Steve. “Why No One Can Manage Projects, Especially Technology Projects.” Forbes, 1 Dec. 2020.

    Beeson, K. “ERP Implementation Plan (ERP Implementation Process Guide).” ERP Focus, 8 Aug. 2022.

    Biel, Justin. “60 Critical ERP Statistics: 2022 Market Trends, Data and Analysis.” Oracle Netsuite, 12 July 2022.

    Bloch, Michael, et al. “Delivering Large-Scale IT Projects on Time, on Budget, and on Value.” McKinsey & Company, 2012.

    Buverud, Heidi. ERP System Implementation: How Top Managers' Involvement in a Change Project Matters. 2019. Norwegian School of Economics, Ph.D. thesis.

    Carlton, R. “Four ERP Implementation Case Studies You Can Learn From.” ERP Focus, 15 July 2015.

    Gopinath, S. Project Management in the Emerging World of Disruption. PMI India Research and Academic Conference 2019. Kozhikode Publishers.

    Grabis, J. “On-Premise or Cloud Enterprise Application Deployment: Fit-Gap Perspective.” Enterprise Information Systems. Edited by Filipe, J., Śmiałek, M., Brodsky, A., Hammoudi, S. ICEIS, 2019.

    Harrin, E. The Definitive Guide to Project Sponsors. RGPM, 13 Dec. 2022.

    Jacobs-Long, Ann. “EPMO’s Can Make A Difference In Your Organization.” 9 May 2012.

    Kotadia, C. “Challenges Involved in Adapting and Implementing an Enterprise Resource Planning (ERP) Systems.” International Journal of Research and Review vol. 7 no. 12 December 2020: 538-548.

    Panorama Consulting Group. "2018 ERP Report." Panorama Consulting Group, 2018. Accessed 12 Oct. 2021.

    Panorama Consulting Group. "2021 ERP Report." Panorama Consulting Group, 2021. Accessed 12 Oct. 2021.

    PM Solutions. (2014). The State of the PMO 2014.

    PMI. Pulse of the Profession. 2017.

    Podeswa, H. “The Business Case for Agile Business Analysis.” Requirements Engineering Magazine, 21 Feb. 2017.

    Project Delivery Performance in Australia. AIPM and KPMG, 2020.

    Prosci. (2020). Prosci 2020 Benchmarking Data from 2007, 2009, 2011, 2013, 2015, 2017, 2019.

    Swartz, M. “End User Adoption and Change Management Process.” Swartz Consulting LLC, 11 July 2022.

    Trammell, H. “28 Important Project Management KPIs (& How To Track Them).” ClearPoint Strategy, 2022.

    “What are Business Requirements?" Requirements.com, 18 Oct. 2018.

    “What Is the Role of a Project Sponsor?” Six Sigma Daily, 18 May 2022.

    “When Will You Think Differently About Programme Delivery?” 4th Global Portfolio and Programme Management Survey. PricewaterhouseCoopers, Sept. 2014.

    Satisfy Digital End Users With Low- and No-Code

    • Buy Link or Shortcode: {j2store}185|cart{/j2store}
    • member rating overall impact: 8.5/10 Overall Impact
    • member rating average dollars saved: $2,460 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Your organization decided to invest in digital solutions to support their transition to a digital and automated workplace. They are ready to begin the planning and delivery of these solutions.
    • However, IT capacity is constrained due to the high and aggressive demand to meet business priorities and maintain mission critical applications. Technical experience and skills are difficult to find, and stakeholders are increasing their expectations to deliver technologies faster with high quality using less resources.
    • Stakeholders are interested in low and no code solutions as ways to their software delivery challenges and explore new digital capabilities.

    Our Advice

    Critical Insight

    • Current software delivery inefficiencies and lack of proper governance and standards impedes the ability to successfully scale and mature low and no code investments and see their full value.
    • Many operating models and culture do not enable or encourage the collaboration needed to evaluate business opportunities and underlying operational systems.This can exacerbate existing shadow IT challenges and promote a negative perception of IT.
    • Low and no code tools bring significant organizational, process, and technical changes that IT and the business may not be prepared or willing to accept and adopt, especially when these tools support business and worker managed applications and services.

    Impact and Result

    • Establish the right expectations. Profile your digital end users and their needs and challenges. Discuss current IT and business software delivery and digital product priorities to determine what to expect from low- and no-code.
    • Build your low- and no-code governance and support. Clarify the roles, processes, and tools needed for low- and no-code delivery and management through IT and business collaboration.
    • Evaluate the fit of low- and no-code and shortlist possible tools. Obtain a thorough view of the business and technical complexities of your use cases. Indicate where and how low- and no-code is expected to generate the most return.

    Satisfy Digital End Users With Low- and No-Code Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Satisfy Digital End Users With Low- and No-Code Deck – A step-by-step guide on selecting the appropriate low- and no-code tools and building the right people, processes, and technologies to support them.

    This blueprint helps you develop an approach to understand your low- and no-code challenges and priorities and to shortlist, govern, and manage the right low- and no-code tools.

    • Satisfy Digital End Users With Low- and No-Code – Phases 1-3

    2. Low- and No-Code Communication Template – Clearly communicate the goal and approach of your low- and no-code implementation in a language your audience understands.

    This template narrates a story to describe the need and expectations of your low- and no-code initiative to get buy-in from stakeholders and interested parties.

    • Low- and No-Code Communication Template

    Infographic

    Workshop: Satisfy Digital End Users With Low- and No-Code

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Select Your Tools

    The Purpose

    Understand the personas of your low- and no-code users and their needs.

    List the challenges low- and no-code is designed to solve or the opportunities you hope to exploit.

    Identify the low- and no-code tools to address your needs.

    Key Benefits Achieved

    Level set expectations on what low- and no-code can deliver.

    Identify areas where low- and no-code can be the most beneficial.

    Select the tools to best address your problem and opportunities.

    Activities

    1.1 Profile your digital end users

    1.2 Set reasonable expectations

    1.3 List your use cases

    1.4 Shortlist your tools

    Outputs

    Digital end-user skills assessment

    Low- and no-code objectives and metrics

    Low- and no-code use case opportunities

    Low- and no-code tooling shortlist

    2 Deliver Your Solution

    The Purpose

    Optimize your product delivery process to accommodate low- and no-code.

    Review and improve your product delivery and management governance model.

    Discuss how to improve your low- and no-code capacities.

    Key Benefits Achieved

    Encourage business-IT collaborative practices and improve IT’s reputation.

    Shift the right accountability and ownership to the business.

    Equip digital end users with the right skills and competencies.

    Activities

    2.1 Adapt your delivery process

    2.2 Transform your governance

    2.3 Identify your low- and no-code capacities

    Outputs

    Low- and no-code delivery process and guiding principles

    Low- and no-code governance, including roles and responsibilities, product ownership and guardrails

    List of low- and no-code capacity improvements

    3 Plan Your Adoption

    The Purpose

    Design a CoE and/or CoP to support low- and no-code capabilities.

    Build a roadmap to illustrate key low- and no-code initiatives.

    Key Benefits Achieved

    Ensure coordinated, architected, and planned implementation and adoption of low- and no-code consistently across the organization.

    Reaffirm support for digital end users new to low- and no-code.

    Clearly communicate your approach to low- and no-code.

    Activities

    3.1 Support digital end users and facilitate cross-functional sharing

    3.2 Yield results with a roadmap

    Outputs

    Low- and no-code supportive body design (e.g. center of excellence, community of practice)

    Low- and no-code roadmap

    Set Meaningful Employee Performance Measures

    • Buy Link or Shortcode: {j2store}597|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Despite the importance of performance measures, most organizations struggle with choosing appropriate metrics and standards of performance for their employees.
    • Performance measures are often misaligned with the larger strategy, gamed by employees, or too narrow to provide an accurate picture of employee achievements.
    • Additionally, many organizations track too many metrics, resulting in a bureaucratic nightmare with little payoff.

    Our Advice

    Critical Insight

    • Focus on what matters by aligning your departmental goals with the enterprise's mission and business goals. Break down departmental goals into specific goals for each employee group.
    • Employee engagement, which results in better performance, is directly correlated with employees’ understanding what is expected of them on the job and with their performance reviews reflecting their actual contributions.
    • Shed unnecessary metrics in favor of a lean, holistic approach to performance measurement. Include quantitative, qualitative, and behavioral dimensions in each goal and set appropriate measures for each dimension to meet simple targets. This encourages well-rounded behaviors and discourages rogue behavior.
    • Get rid of the stick-and-carrot approach to management. Use performance measurement to inspire and engage employees, not punish them.

    Impact and Result

    • Learn about and leverage the McLean & Company framework and process to effective employee performance measurement setting.
    • Plan effective communications and successfully manage departmental employee performance measurement by accurately recording goals, measures, and requirements.
    • Find your way through the maze of employee performance management with confidence.

    Set Meaningful Employee Performance Measures Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set Meaningful Employee Performance Measures Storyboard – This deck provides a comprehensive framework for setting, communicating, and reviewing employee performance measures that will drive business results

    This research will help you choose an appropriate measurement framework, set effective measures. and communicate and review your performance measures. Use Info-Tech's process to set meaningful measures that will inspire employees and drive performance.

    • Set Meaningful Employee Performance Measures Storyboard

    2. Employee Performance Measures Goals Cascade – A tool to assist you in turning your organizational goals into meaningful individual employee performance measures.

    This tool will help you set departmental goals based on organizational mission and business goals and choose appropriate measures and weightings for each goal. Use this template to plan a comprehensive employee measurement system.

    • Employee Performance Measures Goals Cascade

    3. Employee Performance Measures Template – A template for planning and tracking your departmental goals, employee performance measures, and reporting requirements.

    This tool will help you set departmental goals based on your organizational mission and business goals, choose appropriate measures and weightings for each goal, and visualize you progress toward set goals. Use this template to plan and implement a comprehensive employee measurement system from setting goals to communicating results.

    • Employee Performance Measures Template

    4. Feedback and Coaching Guide for Managers – A tool to guide you on how to coach your team members.

    Feedback and coaching will improve performance, increase employee engagement, and build stronger employee manager relationships. Giving feedback is an essential part of a manger's job and if done timely can help employees to correct their behavior before it becomes a bigger problem.

    • Feedback and Coaching Guide for Managers

    Infographic

    Workshop: Set Meaningful Employee Performance Measures

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Source and Set Goals

    The Purpose

    Ensure that individual goals are informed by business ones.

    Key Benefits Achieved

    Individuals understand how their goals contribute to organizational ones.

    Activities

    1.1 Understand how your department contributes to larger organizational goals.

    1.2 Determine the timelines you need to measure employees against.

    1.3 Set Business aligned department, team, and individual goals.

    Outputs

    Business-aligned department and team goals

    Business-aligned individual goals

    2 Design Measures

    The Purpose

    Create holistic performance measures.

    Key Benefits Achieved

    Holistic performance measures are created.

    Activities

    2.1 Choose your employee measurement framework: generic or individual.

    2.2 Define appropriate employee measures for preestablished goals.

    2.3 Determine employee measurement weightings to drive essential behaviors.

    Outputs

    Determined measurement framework

    Define employee measures.

    Determined weightings

    3 Communicate to Implement and Review

    The Purpose

    Learn how to communicate measures to stakeholders and review measures.

    Key Benefits Achieved

    Learn how to communicate to stakeholders and coach employees through blockers.

    Activities

    3.1 Learn how to communicate selected performance measures to stakeholders.

    3.2 How to coach employees though blockers.

    3.3 Reviewing and updating measures.

    Outputs

    Effective communication with stakeholders

    Coaching and feedback

    When to update

    4 Manager Training

    The Purpose

    Train managers in relevant areas.

    Key Benefits Achieved

    Training delivered to managers.

    Activities

    4.1 Deliver Build a Better Manager training to managers.

    4.2

    Outputs

    Manager training delivered

    Further reading

    Set Meaningful Employee Performance Measures

    Set holistic measures to inspire employee performance.

    EXECUTIVE BRIEF

    Set employees up for success by implementing performance measures that inspire great performance, not irrelevant reporting.

    Executive Summary

    Your Challenge

    In today’s competitive environment, managers must assess and inspire employee performance in order to assess the achievement of business goals.

    Despite the importance of performance measures, many leaders struggle with choosing appropriate metrics.

    Performance measures are often misaligned with the larger strategy, gamed by employees, or are too narrow to provide an accurate picture of employee achievements.

    Common Obstacles

    Managers who invest time in creating more effective performance measures will be rewarded with increased employee engagement and better employee performance.

    Too little time setting holistic employee measures often results in unintended behaviors and gaming of the system.

    Conversely, too much time setting employee measures will result in overreporting and underperforming employees.

    Info-Tech’s Approach

    Info-Tech helps managers translate organizational goals to employee measures. Communicating these to employees and other stakeholders will help managers keep better track of workforce productivity, maintain alignment with the organization’s business strategy, and improve overall results.

    Info-Tech Insight

    Performance measures are not about punishing bad performance, but inspiring higher performance to achieve business goals.

    Meaningful performance measures drive employee engagement...

    Clearly defined performance measures linked to specific goals bolster engagement by showing employees the importance of their contributions.

    Significant components of employee engagement are tied to employee performance measures.

    A diagram of employee engagement survey and their implications.

    Which, in turn, drives business success.

    Improved employee engagement is proven to improve employee performance. Setting meaningful measures can impact your bottom line.

    Impact of Engagement on Performance

    A diagram that shows Percent of Positive Responses Among Engaged vs. Disengaged
    Source: McLean & Company Employee Engagement Survey Jan 2020-Jan 2023; N=5,185 IT Employees; were either Engaged or Disengaged (Almost Engaged and Indifferent were not included)

    Engaged employees don’t just work harder, they deliver higher quality service and products.

    Engaged employees are significantly more likely to agree that they regularly accomplish more than what’s expected of them, choose to work extra hours to improve results, and take pride in the work they do.

    Without this sense of pride and ownership over the quality-of-service IT provides, IT departments are at serious risk of not being able to deliver quality service, on-time and on-budget.

    Create meaningful performance measures to drive employee engagement by helping employees understand how they contribute to the organization.

    Unfortunately, many employee measures are meaningless and fail to drive high-quality performance.

    Too many ineffective performance measures create more work for the manager rather than inspire employee performance. Determine if your measures are worth tracking – or if they are lacking.

    Meaningful performance measures are:

    Ineffective performance measures are:

    Clearly linked to organizational mission, values, and objectives.

    Based on a holistic understanding of employee performance.

    Relevant to organizational decision-making.

    Accepted by employees and managers.

    Easily understood by employees and managers.

    Valid: relevant to the role and goals and within an employee’s control.

    Reliable: consistently applied to assess different employees doing the same job.

    Difficult to track, update, and communicate.

    Easily gamed by managers or employees.

    Narrowly focused on targets rather than the quality of work.

    The cause of unintended outcomes or incentive for the wrong behaviors.

    Overly complex or elaborate.

    Easily manipulated due to reliance on simple calculations.

    Negotiable without taking into account business needs, leading to lower performance standards.

    Adopt a holistic approach to create meaningful performance measurement

    A diagram that shows a holistic approach to create meaningful performance measurement, including inputs, organizational costs, department goals, team goals, individual goals, and output.

    Info-Tech’s methodology to set the stage for more effective employee measures

    1. Source and Set Goals

    Phase Steps
    1.1 Create business-aligned department and team goals
    1.2 Create business-aligned individual goals

    Phase Outcomes
    Understand how your department contributes to larger organizational goals.
    Determine the timelines you need to measure employees against.
    Set business-aligned department, team, and individual goals.

    2. Design Measures

    Phase Steps
    1.1 Choose measurement framework
    1.2 Define employee measures
    1.3 Determine weightings

    Phase Outcomes
    Choose your employee measurement framework: generic or individual.
    Define appropriate employee measures for preestablished goals.
    Determine employee measurement weightings to drive essential behaviors.
    Ensure employee measures are communicated to the right stakeholders.

    3. Communicate to Implement and Review

    Phase Steps
    1.1 Communicate to stakeholders
    1.2 Coaching and feedback
    1.3 When to update

    Phase Outcomes
    Communicate selected performance measure to stakeholders.
    Learn how to coach employees though blockers.
    Understand how to review and when to update measures.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is four to six calls over the course of two to four months.

    What does a typical GI on this topic look like?

    A diagram that shows Guided Implementation in 3 phases.

    Mergers & Acquisitions: The Sell Blueprint

    • Buy Link or Shortcode: {j2store}324|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    There are four key scenarios or entry points for IT as the selling/divesting organization in M&As:

    • IT can suggest a divestiture to meet the business objectives of the organization.
    • IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and complies with the purchasing organization’s asks.
    • IT needs to reactively prepare its environment to enable the separation.

    Consider the ideal scenario for your IT organization.

    Our Advice

    Critical Insight

    Divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    • The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    • A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    • Transactions that are driven by digital motivations, requiring IT’s expertise.
    • There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.

    Impact and Result

    Prepare for a sale/divestiture transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Mergers & Acquisitions: The Sell Blueprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how your organization can excel its reduction strategy by engaging in M&A transactions. Review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Proactive Phase

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    • One-Pager: M&A Proactive
    • Case Study: M&A Proactive
    • Information Asset Audit Tool
    • Data Valuation Tool
    • Enterprise Integration Process Mapping Tool
    • Risk Register Tool
    • Security M&A Due Diligence Tool
    • Service Catalog Internal Service Level Agreement Template

    2. Discovery & Strategy

    Create a standardized approach for how your IT organization should address divestitures or sales.

    • One-Pager: M&A Discovery & Strategy – Sell
    • Case Study: M&A Discovery & Strategy – Sell

    3. Due Diligence & Preparation

    Comply with due diligence, prepare the IT environment for carve-out possibilities, and establish the separation project plan.

    • One-Pager: M&A Due Diligence & Preparation – Sell
    • Case Study: M&A Due Diligence & Preparation – Sell
    • IT Due Diligence Charter
    • IT Culture Diagnostic
    • M&A Separation Project Management Tool (SharePoint)
    • SharePoint Template: Step-by-Step Deployment Guide
    • M&A Separation Project Management Tool (Excel)

    4. Execution & Value Realization

    Deliver on the separation project plan successfully and communicate IT’s transaction value to the business.

    • One-Pager: M&A Execution & Value Realization – Sell
    • Case Study: M&A Execution & Value Realization – Sell

    Infographic

    Workshop: Mergers & Acquisitions: The Sell Blueprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-Transaction Discovery & Strategy

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for divesting or selling.

    Formalize the program plan.

    Create the valuation framework.

    Strategize the transaction and finalize the M&A strategy and approach.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Set up crucial elements to facilitate the success of the transaction.

    Have a repeatable transaction strategy that can be reused for multiple organizations.

    Activities

    1.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics.

    1.2 Identify key stakeholders and outline their relationship to the M&A process.

    1.3 Understand the rationale for the company's decision to pursue a divestiture or sale.

    1.4 Assess the IT/digital strategy.

    1.5 Identify pain points and opportunities tied to the divestiture/sale.

    1.6 Create the IT vision statement and mission statement and identify IT guiding principles and the transition team.

    1.7 Document the M&A governance.

    1.8 Establish program metrics.

    1.9 Create the valuation framework.

    1.10 Establish the separation strategy.

    1.11 Conduct a RACI.

    1.12 Create the communication plan.

    1.13 Prepare to assess target organizations.

    Outputs

    Business perspectives of IT

    Stakeholder network map for M&A transactions

    Business context implications for IT

    IT’s divestiture/sale strategic direction

    Governance structure

    M&A program metrics

    IT valuation framework

    Separation strategy

    RACI

    Communication plan

    Prepared to assess target organization(s)

    2 Mid-Transaction Due Diligence & Preparation

    The Purpose

    Establish the foundation.

    Discover the motivation for separation.

    Identify expectations and create the carve-out roadmap.

    Prepare and manage employees.

    Plan the separation roadmap.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Methodology identified to enable compliance during due diligence.

    Employees are set up for a smooth and successful transition.

    Separation activities are planned and assigned.

    Activities

    2.1 Gather and evaluate the stakeholders involved, M&A strategy, future-state operating model, and governance.

    2.2 Review the business rationale for the divestiture/sale.

    2.3 Establish the separation strategy.

    2.4 Create the due diligence charter.

    2.5 Create a list of IT artifacts to be reviewed in the data room.

    2.6 Create a carve-out roadmap.

    2.7 Create a service/technical transaction agreement.

    2.8 Measure staff engagement.

    2.9 Assess the current culture and identify the goal culture.

    2.10 Create employee transition and functional workplans.

    2.11 Establish the separation roadmap.

    2.12 Establish and align project metrics with identified tasks.

    2.13 Estimate integration costs.

    Outputs

    Stakeholder map

    IT strategy assessed

    IT operating model and IT governance structure defined

    Business context implications for IT

    Separation strategy

    Due diligence charter

    Data room artifacts

    Carve-out roadmap

    Service/technical transaction agreement

    Engagement assessment

    Culture assessment

    Employee transition and functional workplans

    Integration roadmap and associated resourcing

    3 Post-Transaction Execution & Value Realization

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for separation.

    Plan the separation roadmap.

    Prepare employees for the transition.

    Engage in separation.

    Assess the transaction outcomes.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Separation activities are planned and assigned.

    Employees are set up for a smooth and successful transition.

    Separation strategy and roadmap are executed to benefit the organization.

    Review what went well and identify improvements to be made in future transactions.

    Activities

    3.1 Identify key stakeholders and outline their relationship to the M&A process.

    3.2 Gather and evaluate the M&A strategy, future-state operating model, and governance.

    3.3 Review the business rationale for the divestiture/sale.

    3.4 Establish the separation strategy.

    3.5 Prioritize separation tasks.

    3.6 Establish the separation roadmap.

    3.7 Establish and align project metrics with identified tasks.

    3.8 Estimate separation costs.

    3.9 Measure staff engagement.

    3.10 Assess the current culture and identify the goal culture.

    3.11 Create employee transition and functional workplans.

    3.12 Complete the separation by regularly updating the project plan.

    3.13 Assess the service/technical transaction agreement.

    3.14 Confirm separation costs.

    3.15 Review IT’s transaction value.

    3.16 Conduct a transaction and separation SWOT.

    3.17 Review the playbook and prepare for future transactions.

    Outputs

    M&A transaction team

    Stakeholder map

    IT strategy assessed

    IT operating model and IT governance structure defined

    Business context implications for IT

    Separation strategy

    Separation roadmap and associated resourcing

    Engagement assessment

    Culture assessment

    Employee transition and functional workplans

    Updated separation project plan

    Evaluated service/technical transaction agreement

    SWOT of transaction

    M&A Sell Playbook refined for future transactions

    Further reading

    Mergers & Acquisitions: The Sell Blueprint

    For IT leaders who want to have a role in the transaction process when their business is engaging in an M&A sale or divestiture.

    EXECUTIVE BRIEF

    Analyst Perspective

    Don’t wait to be invited to the M&A table, make it.

    Photo of Brittany Lutes, Research Analyst, CIO Practice, Info-Tech Research Group.
    Brittany Lutes
    Research Analyst,
    CIO Practice
    Info-Tech Research Group
    Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice, Info-Tech Research Group.
    Ibrahim Abdel-Kader
    Research Analyst,
    CIO Practice
    Info-Tech Research Group

    IT has always been an afterthought in the M&A process, often brought in last minute once the deal is nearly, if not completely, solidified. This is a mistake. When IT is brought into the process late, the business misses opportunities to generate value related to the transaction and has less awareness of critical risks or inaccuracies.

    To prevent this mistake, IT leadership needs to develop strong business relationships and gain respect for their innovative suggestions. In fact, when it comes to modern M&A activity, IT should be the ones suggesting potential transactions to meet business needs, specifically when it comes to modernizing the business or adopting digital capabilities.

    IT needs to stop waiting to be invited to the acquisition or divestiture table. IT needs to suggest that the table be constructed and actively work toward achieving the strategic objectives of the business.

    Executive Summary

    Your Challenge

    There are four key scenarios or entry points for IT as the selling/divesting organization in M&As:

    • IT can suggest a divestiture to meet the business objectives of the organization.
    • IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and complies with the purchasing organization’s asks.
    • IT needs to reactively prepare its environment to enable the separation.

    Consider the ideal scenario for your IT organization.

    Common Obstacles

    Some of the obstacles IT faces include:

    • IT is often told about the transaction once the deal has already been solidified and is now forced to meet unrealistic business demands.
    • The business does not trust IT and therefore does not approach IT to define value or reduce risks to the transaction process.
    • The people and culture element is forgotten or not given adequate priority.

    These obstacles often arise when IT waits to be invited into the transaction process and misses critical opportunities.

    Info-Tech's Approach

    Prepare for a sale/divestiture transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Info-Tech Insight

    As the number of merger, acquisition, and divestiture transactions continues to increase, so too does IT’s opportunity to leverage the growing digital nature of these transactions and get involved at the onset.

    The changing M&A landscape

    Businesses will embrace more digital M&A transactions in the post-pandemic world

    • When the pandemic occurred, businesses reacted by either pausing (61%) or completely cancelling (46%) deals that were in the mid-transaction state (Deloitte, 2020). The uncertainty made many organizations consider whether the risks would be worth the potential benefits.
    • However, many organizations quickly realized the pandemic is not a hindrance to M&A transactions but an opportunity. Over 16,000 American companies were involved in M&A transactions in the first six months of 2021 (The Economist). For reference, this had been averaging around 10,000 per six months from 2016 to 2020.
    • In addition to this transaction growth, organizations have increasingly been embracing digital. These trends increase the likelihood that, as an IT leader, you will engage in an M&A transaction. However, it is up to you when you get involved in the transactions.

    The total value of transactions in the year after the pandemic started was $1.3 billion – a 93% increase in value compared to before the pandemic. (Nasdaq)

    71% of technology companies anticipate that divestitures will take place as a result of the COVID-19 pandemic. (EY, 2020)

    Your challenge

    IT is often not involved in the M&A transaction process. When it is, it’s often too late.

    • The most important driver of an acquisition is the ability to access new technology (DLA Piper), and yet 50% of the time, IT isn’t involved in the M&A transaction at all (IMAA Institute, 2017).
    • Additionally, IT’s lack of involvement in the process negatively impacts the business:
      • Most organizations (60%) do not have a standardized approach to integration (Steeves and Associates), let alone separation.
      • Two-thirds of the time, the divesting organization and acquiring organization will either fail together or succeed together (McKinsey, 2015).
      • Less than half (47%) of organizations actually experience the positive results sought by the M&A transaction (Steeves and Associates).
    • Organizations pursuing M&A and not involving IT are setting themselves up for failure.

    Only half of M&A deals involve IT (Source: IMAA Institute, 2017)

    Common Obstacles

    These barriers make this challenge difficult to address for many organizations:

    • IT is rarely afforded the opportunity to participate in the transaction deal. When IT is invited, this often happens later in the process where separation will be critical to business continuity.
    • IT has not had the opportunity to demonstrate that it is a valuable business partner in other business initiatives.
    • One of the most critical elements that IT often doesn’t take the time or doesn’t have the time to focus on is the people and leadership component.
    • IT waits to be invited to the process rather then actively involving themselves and suggesting how value can be added to the process.

    In hindsight, it’s clear to see: Involving IT is just good business.

    47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion. (Source: IMAA Institute, 2017)

    “Solutions exist that can save well above 50 percent on divestiture costs, while ensuring on-time delivery.” (Source: SNP)

    Info-Tech's approach

    Acquisitions & Divestitures Framework

    Acquisitions and divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    1. The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    2. Transactions that are driven by digital motivations, requiring IT’s expertise.
    3. A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    4. There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.
    A diagram highlighting the 'IT Executives' Role in Acquisitions and Divestitures' when they are integrated at different points in the 'Core Business Timeline'. There are four main entry points 'Proactive', 'Discovery and Strategy', 'Due Diligence and Preparation', and 'Execution and Value Realized'. It is highlighted that IT can and should start at 'Proactive', but most organizations start at 'Execution and Value Realized'. 'Proactive': suggest opportunities to evolve the organization; prove IT's value and engage in growth opportunities early. Innovators start here. Steps of the business timeline in 'Proactive' are 'Organization strategies are defined' and 'M and A is considered to enable strategy'. After a buy or sell transaction is initiated is 'Discovery and Strategy': pre-transaction state. If it is a Buy transaction, 'Establish IT's involvement and approach'. If it is a Sell transaction, 'Prepare to engage in negotiations'. Business Partners start here. Steps of the business timeline in 'Discovery and Strategy' are 'Searching criteria is set', 'Potential candidates are considered', and 'LOI is sent/received'. 'Due Diligence and Preparation': mid-transaction state. If it is a Buy transaction, 'Identify potential transaction benefits and risks'. If it is a Sell transaction, 'Comply, communicate, and collaborate in transaction'. Trusted Operators start here. Steps of the business timeline in 'Due Diligence and Preparation' are 'Due diligence engagement occurs', 'Final agreement is reached', and 'Preparation for transaction execution occurs'. 'Execution and Value Realization': post-transaction state. If it is a Buy transaction, 'Integrate the IT environments and achieve business value'. If it is a Sell transaction, 'Separate the IT environment and deliver on transaction terms'. Firefighters start here. Steps of the business timeline in 'Execution and Value Realization' are 'Staff and operations are addressed appropriately', 'Day 1 of implementation and integration activities occurs', '1st 100 days of new entity state occur' and 'Ongoing risk mitigating and value creating activities occur'.

    The business’ view of IT will impact how soon IT can get involved

    There are four key entry points for IT

    A colorful visualization of the four key entry points for IT and a fifth not-so-key entry point. Starting from the top: 'Innovator', Information and Technology as a Competitive Advantage, 90% Satisfaction; 'Business Partner', Effective Delivery of Strategic Business Projects, 80% Satisfaction; 'Trusted Operator', Enablement of Business Through Application and Work Orders, 70% Satisfaction; 'Firefighter', Reliable Infrastructure and IT Service Desk, 60% Satisfaction; and then 'Unstable', Inability to Consistently Deliver Basic Services, <60% Satisfaction.
    1. Innovator: IT suggests a sale or divestiture to meet the business objectives of the organization.
    2. Business Partner: IT is brought in to strategy plan the sale/divestiture from both the business’ and IT’s perspective.
    3. Trusted Operator: IT participates in due diligence activities and complies with the purchasing organization’s asks.
    4. Firefighter: IT needs to reactively prepare its environment in order to enable the separation.

    Merger, acquisition, and divestiture defined

    Merger

    A merger looks at the equal combination of two entities or organizations. Mergers are rare in the M&A space, as the organizations will combine assets and services in a completely equal 50/50 split. Two organizations may also choose to divest business entities and merge as a new company.

    Acquisition

    The most common transaction in the M&A space, where an organization will acquire or purchase another organization or entities of another organization. This type of transaction has a clear owner who will be able to make legal decisions regarding the acquired organization.

    Divestiture

    An organization may decide to sell partial elements of a business to an acquiring organization. They will separate this business entity from the rest of the organization and continue to operate the other components of the business.

    Info-Tech Insight

    A true merger does not exist, as there is always someone initiating the discussion. As a result, most M&A activity falls into acquisition or divestiture categories.

    Selling vs. buying

    The M&A process approach differs depending on whether you are the selling or buying organization

    This blueprint is only focused on the sell side:

    • Examples of sell-related scenarios include:
      • Your organization is selling to another organization with the intent of keeping its regular staff, operations, and location. This could mean minimal separation is required.
      • Your organization is selling to another organization with the intent of separating to be a part of the purchasing organization.
      • Your organization is engaging in a divestiture with the intent of:
        • Separating components to be part of the purchasing organization permanently.
        • Separating components to be part of a spinoff and establish a unit as a standalone new company.
    • As the selling organization, you could proactively seek out suitors to purchase all or components of your organization, or you could be approached by an organization.

    The buy side is focused on:

    • More than two organizations could be involved in a transaction.
    • Examples of buy-related scenarios include:
      • Your organization is buying another organization with the intent of having the purchased organization keep its regular staff, operations, and location. This could mean minimal integration is required.
      • Your organization is buying another organization in its entirety with the intent of integrating it into your original company.
      • Your organization is buying components of another organization with the intent of integrating them into your original company.
    • As the purchasing organization, you will probably be initiating the purchase and thus will be valuating the selling organization during due diligence and leading the execution plan.

    For more information on acquisitions or purchases, check out Info-Tech’s Mergers & Acquisitions: The Buy Blueprint.

    Core business timeline

    For IT to be valuable in M&As, you need to align your deliverables and your support to the key activities the business and investors are working on.

    Info-Tech’s methodology for Selling Organizations in Mergers, Acquisitions, or Divestitures

    1. Proactive

    2. Discovery & Strategy

    3. Due Diligence & Preparation

    4. Execution & Value Realization

    Phase Steps

    1. Identify Stakeholders and Their Perspective of IT
    2. Assess IT’s Current Value and Future State
    3. Drive Innovation and Suggest Growth Opportunities
    1. Establish the M&A Program Plan
    2. Prepare IT to Engage in the Separation or Sale
    1. Engage in Due Diligence and Prepare Staff
    2. Prepare to Separate
    1. Execute the Transaction
    2. Reflection and Value Realization

    Phase Outcomes

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    Create a standardized approach for how your IT organization should address divestitures or sales.

    Comply with due diligence, prepare the IT environment for carve-out possibilities, and establish the separation project plan.

    Deliver on the separation project plan successfully and communicate IT’s transaction value to the business.

    Metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Valuation & Due Diligence

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    IT's role in the selling transaction

    And IT leaders have a greater likelihood than ever of needing to support a merger, acquisition, or divestiture.

    1. Reduced Risk

      IT can identify risks that may go unnoticed when IT is not involved.
    2. Increased Accuracy

      The business can make accurate predictions around the costs, timelines, and needs of IT.
    3. Faster Integration

      Faster integration means faster value realization for the business.
    4. Informed Decision Making

      IT leaders hold critical information that can support the business in moving the transaction forward.
    5. Innovation

      IT can suggest new opportunities to generate revenue, optimize processes, or reduce inefficiencies.

    The IT executive’s critical role is demonstrated by:

    • Reduced Risk

      47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion (IMAA Institute, 2017).
    • Increased Accuracy

      Sellers often only provide 15 to 30 days for the acquiring organization to decide (Forbes, 2018), increasing the necessity of accurate pricing.
    • Faster Integration

      36% of CIOs have visibility into only business unit data, making the divestment a challenge (EY, 2021).
    • Informed Decision Making

      Only 38% of corporate and 22% of private equity firms include IT as a significant aspect in their transaction approach (IMAA Institute, 2017).
    • Innovation

      Successful CIOs involved in M&As can spend 70% of their time on aspects outside of IT and 30% of their time on technology and delivery (CIO).

    Playbook benefits

    IT Benefits

    • IT will be seen as an innovative partner to the business, and its suggestions and involvement in the organization will lead to benefits, not hindrances.
    • Develop a streamlined method to prepare the IT environment for potential carve-out and separations, ensuring risk management concerns are brought to the business’ attention immediately.
    • Create a comprehensive list of items that IT needs to do during the separation that can be prioritized and actioned.

    Business Benefits

    • The business will get accurate and relevant information about its IT environment in order to sell or divest the company to the highest bidder for a true price.
    • Fewer business interruptions will happen, because IT can accurately plan for and execute the high-priority separation tasks.
    • The business can obtain a high-value offer for the components of IT being sold and can measure the ongoing value the sale will bring.

    Insight summary

    Overarching Insight

    IT controls if and when it gets invited to support the business through a purchasing growth transaction. Take control of the process, demonstrate the value of IT, and ensure that separation of IT environments does not lead to unnecessary and costly decisions.

    Proactive Insight

    CIOs on the forefront of digital transformation need to actively look for and suggest opportunities to acquire or partner on new digital capabilities to respond to rapidly changing business needs.

    Discovery & Strategy Insight

    IT organizations that have an effective M&A program plan are more prepared for the transaction, enabling a successful outcome. A structured strategy is particularly necessary for organizations expected to deliver M&As rapidly and frequently.

    Due Diligence & Preparation Insight

    IT often faces unnecessary separation challenges because of a lack of preparation. Secure the IT environment and establish how IT will retain employees early in the transaction process.

    Execution & Value Realization Insight

    IT needs to demonstrate value and cost savings within 100 days of the transaction. The most successful transactions are when IT continuously realizes synergies a year after the transaction and beyond.

    Blueprint deliverables

    Key Deliverable: M&A Sell Playbook

    The M&A Sell Playbook should be a reusable document that enables your IT organization to successfully deliver on any divestiture transaction.

    Screenshots of the 'M and A Sell Playbook' deliverable.

    M&A Sell One-Pager

    See a one-page overview of each phase of the transaction.

    Screenshots of the 'M and A Sell One-Pagers' deliverable.

    M&A Sell Case Studies

    Read a one-page case study for each phase of the transaction.

    Screenshots of the 'M and A Sell Case Studies' deliverable.

    M&A Separation Project Management Tool (SharePoint)

    Manage the separation process of the divestiture/sale using this SharePoint template.

    Screenshots of the 'M and A Separation Project Management Tool (SharePoint)' deliverable.

    M&A Separation Project Management Tool (Excel)

    Manage the separation process of the divestiture/sale using this Excel tool if you can’t or don’t want to use SharePoint.

    Screenshots of the 'M and A Separation Project Management Tool (Excel)' deliverable.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 10 calls over the course of 2 to 4 months.

      Proactive Phase

    • Call #1: Scope requirements, objectives, and your specific challenges.
    • Discovery & Strategy Phase

    • Call #2: Determine stakeholders and business perspectives on IT.
    • Call #3: Identify how M&A could support business strategy and how to communicate.
    • Due Diligence & Preparation Phase

    • Call #4: Establish a transaction team and divestiture/sale strategic direction.
    • Call #5: Create program metrics and identify a standard separation strategy.
    • Call #6: Prepare to carve out the IT environment.
    • Call #7: Identify the separation program plan.
    • Execution & Value Realization Phase

    • Call #8: Establish employee transitions to retain key staff.
    • Call #9: Assess IT’s ability to deliver on the divestiture/sale transaction.

    The Sell Blueprint

    Phase 1

    Proactive

    Phase 1

    Phase 2 Phase 3 Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Conduct the CEO-CIO Alignment diagnostic
    • Conduct the CIO Business Vision diagnostic
    • Visualize relationships among stakeholders to identify key influencers
    • Group stakeholders into categories
    • Prioritize your stakeholders
    • Plan to communicate
    • Valuate IT
    • Assess the IT/digital strategy
    • Determine pain points and opportunities
    • Align goals to opportunities
    • Recommend reduction opportunities

    This phase involves the following participants:

    • IT and business leadership

    What is the Proactive phase?

    Embracing the digital drivers

    As the number of merger, acquisition, or divestiture transactions driven by digital means continues to increase, IT has an opportunity to not just be involved in a transaction but actively seek out potential deals.

    In the Proactive phase, the business is not currently considering a transaction. However, the business could consider one to reach its strategic goals. IT organizations that have developed respected relationships with the business leaders can suggest these potential transactions.

    Understand the business’ perspective of IT, determine who the critical M&A stakeholders are, valuate the IT environment, and examine how it supports the business goals in order to suggest an M&A transaction.

    In doing so, IT isn’t waiting to be invited to the transaction table – it’s creating it.

    Goal: To support the organization in reaching its strategic goals by suggesting M&A activities that will enable the organization to reach its objectives faster and with greater-value outcomes.

    Proactive Prerequisite Checklist

    Before coming into the Proactive phase, you should have addressed the following:

    • Understand what mergers, acquisitions, and divestitures are.
    • Understand what mergers, acquisitions, and divestitures mean for the business.
    • Understand what mergers, acquisitions, and divestitures mean for IT.

    Review the Executive Brief for more information on mergers, acquisitions, and divestitures for selling organizations.

    Proactive

    Step 1.1

    Identify M&A Stakeholders and Their Perspective of IT

    Activities

    • 1.1.1 Conduct the CEO-CIO Alignment diagnostic
    • 1.1.2 Conduct the CIO Business Vision diagnostic
    • 1.1.3 Visualize relationships among stakeholders to identify key influencers
    • 1.1.4 Group stakeholders into categories
    • 1.1.5 Prioritize your stakeholders
    • 1.16 Plan to communicate

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Understand how the business perceives IT and establish strong relationships with critical M&A stakeholders.

    Business executives' perspectives of IT

    Leverage diagnostics and gain alignment on IT’s role in the organization

    • To suggest or get involved with a merger, acquisition, or divestiture, the IT executive leader needs to be well respected by other members of the executive leadership team and the business.
    • Specifically, the Proactive phase relies on the IT organization being viewed as an Innovator within the business.
    • Identify how the CEO/business executive currently views IT and where they would like IT to move within the Maturity Ladder.
    • Additionally, understand how other critical department leaders view IT and how they view the partnership with IT.
    A colorful visualization titled 'Maturity Ladder' detailing levels of IT function that a business may choose from based on the business executives' perspectives of IT. Starting from the bottom: 'Struggle', Does not embarrass, Does not crash; 'Support', Keeps business happy, Keeps costs low; 'Optimize', Increases efficiency, Decreases costs; 'Expand', Extends into new business, Generates revenue; 'Transform', Creates new industry.

    Misalignment in target state requires further communication between the CIO and CEO to ensure IT is striving toward an agreed-upon direction.

    Info-Tech’s CIO Business Vision (CIO BV) diagnostic measures a variety of high-value metrics to provide a well-rounded understanding of stakeholder satisfaction with IT.

    Sample of Info-Tech's CIO Business Vision diagnostic measuring percentages of high-value metrics like 'IT Satisfaction' and 'IT Value' regarding business leader satisfaction. A note for these two reads 'Evaluate business leader satisfaction with IT this year and last year'. A section titled 'Relationship' has metrics such as 'Understands Needs' and 'Trains Effectively'. A note for this section reads 'Examine relationship indicators between IT and the business'. A section titled 'Security Friction' has metrics such as 'Regulatory Compliance-Driven' and 'Office/Desktop Security'.

    Business Satisfaction and Importance for Core Services

    The core services of IT are important when determining what IT should focus on. The most important services with the lowest satisfaction offer the largest area of improvement for IT to drive business value.

    Sample of Info-Tech's CIO Business Vision diagnostic specifically comparing the business satisfaction of 12 core services with their importance. Services listed include 'Service Desk', 'IT Security', 'Requirements Gathering', 'Business Apps', 'Data Quality', and more. There is a short description of the services, a percentage for the business satisfaction with the service, a percentage comparing it to last year, and a numbered ranking of importance for each service. A note reads 'Assess satisfaction and importance across 12 core IT capabilities'.

    1.1.1 Conduct the CEO-CIO Alignment diagnostic

    2 weeks

    Input: IT organization expertise and the CEO-CIO Alignment diagnostic

    Output: An understanding of an executive business stakeholder’s perception of IT

    Materials: M&A Sell Playbook, CEO-CIO Alignment diagnostic

    Participants: IT executive/CIO, Business executive/CEO

    1. The CEO-CIO Alignment diagnostic can be a powerful input. Speak with your Info-Tech account representative to conduct the diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret and draw conclusions from the results.
    3. Examine the results of the survey and note where there might be specific capabilities that could be improved.
    4. Determine whether there are any areas of significant disagreement between the you and the CEO. Mark down those areas for further conversations. Additionally, take note of areas that could be leveraged to support transactions or support your rationale in recommending transactions.

    Download the sample report.

    Record the results in the M&A Sell Playbook.

    1.1.2 Conduct the CIO Business Vision diagnostic

    2 weeks

    Input: IT organization expertise, CIO BV diagnostic

    Output: An understanding of business stakeholder perception of certain IT capabilities and services

    Materials: M&A Buy Playbook, CIO Business Vision diagnostic

    Participants: IT executive/CIO, Senior business leaders

    1. The CIO Business Vision (CIO BV) diagnostic can be a powerful tool for identifying IT capability focus areas. Speak with your account representative to conduct the CIO BV diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret the results and draw conclusions from the diagnostic.
    3. Examine the results of the survey and take note of any IT services that have low scores.
    4. Read through the diagnostic comments and note any common themes. Especially note which stakeholders identified they have a favorable relationship with IT and which stakeholders identified they have an unfavorable relationship. For those who have an unfavorable relationship, identify if they will have a critical role in a growth transaction.

    Download the sample report.

    Record the results in the M&A Sell Playbook.

    Create a stakeholder network map for M&A transactions

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Example:

    Diagram of stakeholders and their relationships with other stakeholders, such as 'Board Members', 'CFO/Finance', 'Compliance', etc. with 'CIO/IT Leader' highlighted in the middle. There are unidirectional black arrows and bi-directional green arrows indicating each connection.

      Legend
    • Black arrows indicate the direction of professional influence
    • Dashed green arrows indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape that the M&A transaction will occur within. This will identify who holds various levels of accountability and decision-making authority when a transaction does take place.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

    1.1.3 Visualize relationships among stakeholders to identify key influencers

    1-3 hours

    Input: List of M&A stakeholders

    Output: Relationships among M&A stakeholders and influencers

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership

    1. The purpose of this activity is to list all the stakeholders within your organization that will have a direct or indirect impact on the M&A transaction.
    2. Determine the critical stakeholders, and then determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      • Use black arrows to indicate the direction of professional influence.
      • Use dashed green arrows to indicate bidirectional, informal influence relationships.

    Record the results in the M&A Sell Playbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps IT leaders categorize their stakeholders by their level of influence and ownership in the merger, acquisition, or divestiture process.

    A prioritization map of stakeholder categories split into four quadrants. The vertical axis is 'Influence', from low on the bottom to high on top. The horizontal axis is 'Ownership/Interest', from low on the left to high on the right. 'Spectators' are low influence, low ownership/interest. 'Mediators' are high influence, low ownership/interest. 'Noisemakers' are low influence, high ownership/interest. 'Players' are high influence, high ownership/interest.

    There are four areas in the map, and the stakeholders within each area should be treated differently.

    Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

    Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

    Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

    Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    1.1.4 Group stakeholders into categories

    30 minutes

    Input: Stakeholder map, Stakeholder list

    Output: Categorization of stakeholders and influencers

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, Stakeholders

    1. Identify your stakeholders’ interest in and influence on the M&A process as high, medium, or low by rating the attributes below.
    2. Map your results to the model to the right to determine each stakeholder’s category.

    Same prioritization map of stakeholder categories as before. This one has specific stakeholders mapped onto it. 'CFO' is mapped as low interest and middling influence, between 'Mediator' and 'Spectator'. 'CIO' is mapped as higher than average interest and high influence, a 'Player'. 'Board Member' is mapped as high interest and high influence, a 'Player'.

    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Record the results in the M&A Sell Playbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Level of Support

    Supporter

    Evangelist

    Neutral

    Blocker

    Stakeholder Category Player Critical High High Critical
    Mediator Medium Low Low Medium
    Noisemaker High Medium Medium High
    Spectator Low Irrelevant Irrelevant Low

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How significant is that stakeholder to the M&A or divestiture process?

    These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

    1.1.5 Prioritize your stakeholders

    30 minutes

    Input: Stakeholder matrix

    Output: Stakeholder and influencer prioritization

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    1. Identify the level of support of each stakeholder by answering the following question: How significant is that stakeholder to the M&A transaction process?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

    Stakeholder

    Category

    Level of Support

    Prioritization

    CMO Spectator Neutral Irrelevant
    CIO Player Supporter Critical

    Record the results in the M&A Sell Playbook.

    Define strategies for engaging stakeholders by type

    A revisit to the map of stakeholder categories, but with strategies listed for each one, and arrows on the side instead of an axis. The vertical arrow is 'Authority', which increases upward, and the horizontal axis is Ownership/Interest which increases as it moves to the right. The strategy for 'Players' is 'Engage', for 'Mediators' is 'Satisfy', for 'Noisemakers' is 'Inform', and for 'Spectators' is 'Monitor'.

    Type

    Quadrant

    Actions

    Players High influence, high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
    Mediators High influence, low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence, high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence, low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying stakeholder groups, the IT executive leader can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of Mediators and Players are met.

    1.1.6 Plan to communicate

    30 minutes

    Input: Stakeholder priority, Stakeholder categorization, Stakeholder influence

    Output: Stakeholder communication plan

    Materials: Flip charts, Markers, Sticky notes, M&A Sell Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    The purpose of this activity is to make a communication plan for each of the stakeholders identified in the previous activities, especially those who will have a critical role in the M&A transaction process.

    1. In the M&A Sell Playbook, input the type of influence each stakeholder has on IT, how they would be categorized in the M&A process, and their level of priority. Use this information to create a communication plan.
    2. Determine the methods and frequency of communication to keep the necessary stakeholder satisfied and maintain or enhance IT’s profile within the organization.

    Record the results in the M&A Sell Playbook.

    Proactive

    Step 1.2

    Assess IT’s Current Value and Method to Achieve a Future State

    Activities

    • 1.2.1 Valuate IT
    • 1.2.2 Assess the IT/digital strategy

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical stakeholders to M&A

    Outcomes of Step

    Identify critical opportunities to optimize IT and meet strategic business goals through a merger, acquisition, or divestiture.

    How to valuate your IT environment

    And why it matters so much

    • Valuating your current organization’s IT environment is a critical step that all IT organizations should take, whether involved in an M&A or not, to fully understand what it might be worth.
    • The business investments in IT can be directly translated into a value amount. For every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
    • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT is so critical.
    • There are three ways a business or asset can be valuated:
      • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
      • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
      • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.
    • (Source: “Valuation Methods,” Corporate Finance Institute)

    Four ways to create value through digital

    1. Reduced costs
    2. Improved customer experience
    3. New revenue sources
    4. Better decision making
    5. (Source: McKinsey & Company)

    1.2.1 Valuate IT

    1 day

    Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

    Output: Valuation of IT

    Materials: Relevant templates/tools listed on the following slides, Capital budget, Operating budget, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership

    The purpose of this activity is to demonstrate that IT is not simply an operational functional area that diminishes business resources. Rather, IT contributes significant value to the business.

    1. Review each of the following slides to valuate IT’s data, applications, infrastructure and operations, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount.
    2. Input the financial amounts identified for each critical area into a summary slide. Use this information to determine where IT is delivering value to the organization.

    Info-Tech Insight

    Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

    Record the results in the M&A Sell Playbook.

    Data valuation

    Data valuation identifies how you monetize the information that your organization owns.

    Create a data value chain for your organization

    When valuating the information and data that exists in an organization, there are many things to consider.

    Info-Tech has two tools that can support this process:

    1. Information Asset Audit Tool: Use this tool first to take inventory of the different information assets that exist in your organization.
    2. Data Valuation Tool: Once information assets have been accounted for, valuate the data that exists within those information assets.

    Data Collection

    Insight Creation

    Value Creation

    Data Valuation

    01 Data Source
    02 Data Collection Method
    03 Data
    04 Data Analysis
    05 Insight
    06 Insight Delivery
    07 Consumer
    08 Value in Data
    09 Value Dimension
    10 Value Metrics Group
    11 Value Metrics
    Screenshots of Tab 2 of Info-Tech's Data Valuation Tool.

    Instructions

    1. Using the Data Valuation Tool, start gathering information based on the eight steps above to understand your organization’s journey from data to value.
    2. Identify the data value spectrum. (For example: customer sales service, citizen licensing service, etc.)
    3. Fill out the columns for data sources, data collection, and data first.
    4. Capture data analysis and related information.
    5. Then capture the value in data.
    6. Add value dimensions such as usage, quality, and economic dimensions.
      • Remember that economic value is not the only dimension, and usage/quality has a significant impact on economic value.
    7. Collect evidence to justify your data valuation calculator (market research, internal metrics, etc.).
    8. Finally, calculate the value that has a direct correlation with underlying value metrics.

    Application valuation

    Calculate the value of your IT applications

    When valuating the applications and their users in an organization, consider using a business process map. This shows how business is transacted in the company by identifying which IT applications support these processes and which business groups have access to them. Info-Tech has a business process mapping tool that can support this process:

    • Enterprise Integration Process Mapping Tool: Complete this tool first to map the different business processes to the supporting applications in your organization.

    Instructions

    1. Start by calculating user costs. This is the multiplication of: (# of users) × (% of time spent using IT) × (fully burdened salary).
    2. Identify the revenue per employee and divide that by the average cost per employee to calculate the derived productivity ratio (DPR).
    3. Once you have calculated the user costs and DPR, multiply those total values together to get the application value.
    4. User Costs

      Total User Costs

      Derived Productivity Ratio (DPR)

      Total DPR

      Application Value

      # of users % time spent using IT Fully burdened salary Multiply values from the 3 user costs columns Revenue per employee Average cost per employee (Revenue P.E) ÷ (Average cost P.E) (User costs) X (DPR)

    5. Once the total application value is established, calculate the combined IT and business costs of delivering that value. IT and business costs include inflexibility (application maintenance), unavailability (downtime costs, including disaster exposure), IT costs (common costs statistically allocated to applications), and fully loaded cost of active (full-time equivalent [FTE]) users.
    6. Calculate the net value of applications by subtracting the total IT and business costs from the total application value calculated in step 3.
    7. IT and Business Costs

      Total IT and Business Costs

      Net Value of Applications

      Application maintenance Downtime costs (include disaster exposure) Common costs allocated to applications Fully loaded costs of active (FTE) users Sum of values from the four IT and business costs columns (Application value) – (IT and business costs)

    (Source: CSO)

    Infrastructure valuation

    Assess the foundational elements of the business’ information technology

    The purpose of this exercise is to provide a high-level infrastructure valuation that will contribute to valuating your IT environment.

    Calculating the value of the infrastructure will require different methods depending on the environment. For example, a fully cloud-hosted organization will have different costs than a fully on-premises IT environment.

    Instructions:

    1. Start by listing all of the infrastructure-related items that are relevant to your organization.
    2. Once you have finalized your items column, identify the total costs/value of each item.
      • For example, total software costs would include servers and storage.
    3. Calculate the total cost/value of your IT infrastructure by adding all of values in the right column.

    Item

    Costs/Value

    Hardware Assets Total Value +$3.2 million
    Hardware Leased/Service Agreement -$
    Software Purchased +$
    Software Leased/Service Agreement -$
    Operational Tools
    Network
    Disaster Recovery
    Antivirus
    Data Centers
    Service Desk
    Other Licenses
    Total:

    For additional support, download the M&A Runbook for Infrastructure and Operations.

    Risk and security

    Assess risk responses and calculate residual risk

    The purpose of this exercise is to provide a high-level risk assessment that will contribute to valuating your IT environment. For a more in-depth risk assessment, please refer to the Info-Tech tools below:

    1. Risk Register Tool
    2. Security M&A Due Diligence Tool

    Instructions

    1. Review the probability and impact scales below and ensure you have the appropriate criteria that align to your organization before you conduct a risk assessment.
    2. Identify the probability of occurrence and estimated financial impact for each risk category detail and fill out the table on the right. Customize the table as needed so it aligns to your organization.
    3. Probability of Risk Occurrence

      Occurrence Criteria
      (Classification; Probability of Risk Event Within One Year)

      Negligible Very Unlikely; ‹20%
      Very Low Unlikely; 20 to 40%
      Low Possible; 40 to 60%
      Moderately Low Likely; 60 to 80%
      Moderate Almost Certain; ›80%

    Note: If needed, you can customize this scale with the severity designations that you prefer. However, make sure you are always consistent with it when conducting a risk assessment.

    Financial & Reputational Impact

    Budgetary and Reputational Implications
    (Financial Impact; Reputational Impact)

    Negligible (‹$10,000; Internal IT stakeholders aware of risk event occurrence)
    Very Low ($10,000 to $25,000; Business customers aware of risk event occurrence)
    Low ($25,000 to $50,000; Board of directors aware of risk event occurrence)
    Moderately Low ($50,000 to $100,000; External customers aware of risk event occurrence)
    Moderate (›$100,000; Media coverage or regulatory body aware of risk event occurrence)

    Risk Category Details

    Probability of Occurrence

    Estimated Financial Impact

    Estimated Severity (Probability X Impact)

    Capacity Planning
    Enterprise Architecture
    Externally Originated Attack
    Hardware Configuration Errors
    Hardware Performance
    Internally Originated Attack
    IT Staffing
    Project Scoping
    Software Implementation Errors
    Technology Evaluation and Selection
    Physical Threats
    Resource Threats
    Personnel Threats
    Technical Threats
    Total:

    1.2.2 Assess the IT/digital strategy

    4 hours

    Input: IT strategy, Digital strategy, Business strategy

    Output: An understanding of an executive business stakeholder’s perception of IT, Alignment of IT/digital strategy and overall organization strategy

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to review the business and IT strategies that exist to determine if there are critical capabilities that are not being supported.

    Ideally, the IT and digital strategies would have been created following development of the business strategy. However, sometimes the business strategy does not directly call out the capabilities it requires IT to support.

    1. On the left half of the corresponding slide in the M&A Sell Playbook, document the business goals, initiatives, and capabilities. Input this information from the business or digital strategies. (If more space for goals, initiatives, or capabilities is needed, duplicate the slide).
    2. On the other half of the slide, document the IT goals, initiatives, and capabilities. Input this information from the IT strategy and digital strategy.

    For additional support, see Build a Business-Aligned IT Strategy.

    Record the results in the M&A Sell Playbook.

    Proactive

    Step 1.3

    Drive Innovation and Suggest Growth Opportunities

    Activities

    • 1.3.1 Determine pain points and opportunities
    • 1.3.2 Align goals with opportunities
    • 1.3.3 Recommend reduction opportunities

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Establish strong relationships with critical M&A stakeholders and position IT as an innovative business partner that can suggest reduction opportunities.

    1.3.1 Determine pain points and opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade

    Output: List of pain points or opportunities that IT can address

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine the pain points and opportunities that exist for the organization. These can be external or internal to the organization.

    1. Identify what opportunities exist for your organization. Opportunities are the potential positives that the organization would want to leverage.
    2. Next, identify pain points, which are the potential negatives that the organization would want to alleviate.
    3. Spend time considering all the options that might exist, and keep in mind what has been identified previously.

    Opportunities and pain points can be trends, other departments’ initiatives, business perspectives of IT, etc.

    Record the results in the M&A Sell Playbook.

    1.3.2 Align goals with opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade, List of pain points and opportunities

    Output: An understanding of an executive business stakeholder’s perception of IT, Foundations for reduction strategy

    Materials: Computer, Whiteboard and markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine whether a growth or separation strategy might be a good suggestion to the business in order to meet its business objectives.

    1. For the top three to five business goals, consider:
      1. Underlying drivers
      2. Digital opportunities
      3. Whether a growth or reduction strategy is the solution
    2. Just because a growth or reduction strategy is a solution for a business goal does not necessarily indicate M&A is the way to go. However, it is important to consider before you pursue suggesting M&A.

    Record the results in the M&A Sell Playbook.

    1.3.3 Recommend reduction opportunities

    1-2 hours

    Input: Growth or separation strategy opportunities to support business goals, Stakeholder communication plan, Rationale for the suggestion

    Output: M&A transaction opportunities suggested

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to recommend a merger, acquisition, or divestiture to the business.

    1. Identify which of the business goals the transaction would help solve and why IT is the one to suggest such a goal.
    2. Leverage the stakeholder communication plan identified previously to give insight into stakeholders who would have a significant level of interest, influence, or support in the process.

    Info-Tech Insight

    With technology and digital driving many transactions, leverage your organizations’ IT environment as an asset and reason why the divestiture or sale should happen, suggesting the opportunity yourself.

    Record the results in the M&A Sell Playbook.

    By the end of this Proactive phase, you should:

    Be prepared to suggest M&A opportunities to support your company’s goals through sale or divestiture transactions

    Key outcome from the Proactive phase

    Develop progressive relationships and strong communication with key stakeholders to suggest or be aware of transformational opportunities that can be achieved through sale or divestiture strategies.

    Key deliverables from the Proactive phase
    • Business perspective of IT examined
    • Key stakeholders identified and relationship to the M&A process outlined
    • Ability to valuate the IT environment and communicate IT’s value to the business
    • Assessment of the business, digital, and IT strategies and how M&As could support those strategies
    • Pain points and opportunities that could be alleviated or supported through an M&A transaction
    • Sale or divestiture recommendations

    The Sell Blueprint

    Phase 2

    Discovery & Strategy

    Phase 1

    Phase 2

    Phase 3Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Create the mission and vision
    • Identify the guiding principles
    • Create the future-state operating model
    • Determine the transition team
    • Document the M&A governance
    • Create program metrics
    • Establish the separation strategy
    • Conduct a RACI
    • Create the communication plan
    • Assess the potential organization(s)

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for Divesting or SellingFormalize the Program PlanCreate the Valuation FrameworkStrategize the TransactionNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics
    • 0.2 Identify key stakeholders and outline their relationship to the M&A process
    • 0.3 Identify the rationale for the company's decision to pursue a divestiture or sale
    • 1.1 Review the business rationale for the divestiture/sale
    • 1.2 Assess the IT/digital strategy
    • 1.3 Identify pain points and opportunities tied to the divestiture/sale
    • 1.4 Create the IT vision statement, create the IT mission statement, and identify IT guiding principles
    • 2.1 Create the future-state operating model
    • 2.2 Determine the transition team
    • 2.3 Document the M&A governance
    • 2.4 Establish program metrics
    • 3.1 Valuate your data
    • 3.2 Valuate your applications
    • 3.3 Valuate your infrastructure
    • 3.4 Valuate your risk and security
    • 3.5 Combine individual valuations to make a single framework
    • 4.1 Establish the separation strategy
    • 4.2 Conduct a RACI
    • 4.3 Review best practices for assessing target organizations
    • 4.4 Create the communication plan
    • 5.1 Complete in-progress deliverables from previous four days
    • 5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Business perspectives of IT
    2. Stakeholder network map for M&A transactions
    1. Business context implications for IT
    2. IT’s divestiture/sale strategic direction
    1. Operating model for future state
    2. Transition team
    3. Governance structure
    4. M&A program metrics
    1. IT valuation framework
    1. Separation strategy
    2. RACI
    3. Communication plan
    1. Completed M&A program plan and strategy
    2. Prepared to assess target organization(s)

    What is the Discovery & Strategy phase?

    Pre-transaction state

    The Discovery & Strategy phase during a sale or divestiture is a unique opportunity for many IT organizations. IT organizations that can participate in the transaction at this stage are likely considered a strategic partner of the business.

    For one-off sales/divestitures, IT being invited during this stage of the process is rare. However, for organizations that are preparing to engage in many divestitures over the coming years, this type of strategy will greatly benefit from IT involvement. Again, the likelihood of participating in an M&A transaction is increasing, making it a smart IT leadership decision to, at the very least, loosely prepare a program plan that can act as a strategic pillar throughout the transaction.

    During this phase of the pre-transaction state, IT may be asked to participate in ensuring that the IT environment is able to quickly and easily carve out components/business lines and deliver on service-level agreements (SLAs).

    Goal: To identify a repeatable program plan that IT can leverage when selling or divesting all or parts of the current IT environment, ensuring customer satisfaction and business continuity

    Discovery & Strategy Prerequisite Checklist

    Before coming into the Discovery & Strategy phase, you should have addressed the following:

    • Understand the business perspective of IT.
    • Know the key stakeholders and have outlined their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT's value to the business.
    • Understand the rationale for the company's decision to pursue a sale or divestiture and the opportunities or pain points the sale should address.

    Discovery & Strategy

    Step 2.1

    Establish the M&A Program Plan

    Activities

    • 2.1.1 Create the mission and vision
    • 2.1.2 Identify the guiding principles
    • 2.1.3 Create the future-state operating model
    • 2.1.4 Determine the transition team
    • 2.1.5 Document the M&A governance
    • 2.1.6 Create program metrics

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Establish an M&A program plan that can be repeated across sales/divestitures.

    The vision and mission statements clearly articulate IT’s aspirations and purpose

    The IT vision statement communicates a desired future state of the IT organization, whereas the IT mission statement portrays the organization’s reason for being. While each serves its own purpose, they should both be derived from the business context implications for IT.

    Vision Statements

    Mission Statements

    Characteristics

    • Describe a desired future
    • Focus on ends, not means
    • Concise
    • Aspirational
    • Memorable
    • Articulate a reason for existence
    • Focus on how to achieve the vision
    • Concise
    • Easy to grasp
    • Sharply focused
    • Inspirational

    Samples

    To be a trusted advisor and partner in enabling business innovation and growth through an engaged IT workforce. (Source: Business News Daily) IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset. (Source: Forbes, 2013)

    2.1.1 Create the mission and vision statements

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction

    Output: IT’s mission and vision statements for reduction strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create mission and vision statements that reflect IT’s intent and method to support the organization as it pursues a reduction strategy.

    1. Review the definitions and characteristics of mission and vision statements.
    2. Brainstorm different versions of the mission and vision statements.
    3. Edit the statements until you get to a single version of each that accurately reflects IT’s role in the reduction process.

    Record the results in the M&A Sell Playbook.

    Guiding principles provide a sense of direction

    IT guiding principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting IT investment portfolio management, solution development, and procurement decisions.

    A diagram illustrating the place of 'IT guiding principles' in the process of making 'Decisions on the use of IT'. There are four main items, connecting lines naming the type of process in getting from one step to the next, and a line underneath clarifying the questions asked at each step. On the far left, over the question 'What decisions should be made?', is 'Business context and IT implications'. This flows forward to 'IT guiding principles', and they are connected by 'Influence'. Next, over the question 'How should decisions be made?', is the main highlighted section. 'IT guiding principles' flows forward to 'Decisions on the use of IT', and they are connected by 'Guide and inform'. On the far right, over the question 'Who has the accountability and authority to make decisions?', is 'IT policies'. This flows back to 'Decisions on the use of IT', and they are connected by 'Direct and control'.

    IT principles must be carefully constructed to make sure they are adhered to and relevant

    Info-Tech has identified a set of characteristics that IT principles should possess. These characteristics ensure the IT principles are relevant and followed in the organization.

    Approach focused. IT principles should be focused on the approach – how the organization is built, transformed, and operated – as opposed to what needs to be built, which is defined by both functional and non-functional requirements.

    Business relevant. Create IT principles that are specific to the organization. Tie IT principles to the organization’s priorities and strategic aspirations.

    Long lasting. Build IT principles that will withstand the test of time.

    Prescriptive. Inform and direct decision making with actionable IT principles. Avoid truisms, general statements, and observations.

    Verifiable. If compliance can’t be verified, people are less likely to follow the principle.

    Easily Digestible. IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren’t a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.

    Followed. Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously communicated to all stakeholders to achieve and maintain buy-in.

    In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

    Consider the example principles below

    IT Principle Name

    IT Principle Statement

    1. Risk Management We will ensure that the organization’s IT Risk Management Register is properly updated to reflect all potential risks and that a plan of action against those risks has been identified.
    2. Transparent Communication We will ensure employees are spoken to with respect and transparency throughout the transaction process.
    3. Separation for Success We will create a carve-out strategy that enables the organization and clearly communicates the resources required to succeed.
    4. Managed Data We will handle data creation, modification, separation, and use across the enterprise in compliance with our data governance policy.
    5.Deliver Better Customer Service We will reduce the number of products offered by IT, enabling a stronger focus on specific products or elements to increase customer service delivery.
    6. Compliance With Laws and Regulations We will operate in compliance with all applicable laws and regulations for both our organization and the potentially purchasing organization.
    7. Defined Value We will create a plan of action that aligns with the organization’s defined value expectations.
    8. Network Readiness We will ensure that employees and customers have immediate access to the network with minimal or no outages.
    9. Value Generator We will leverage the current IT people, processes, and technology to turn the IT organization into a value generator by developing and selling our services to purchasing organizations.

    2.1.2 Identify the guiding principles

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction, Mission and vision statements

    Output: IT’s guiding principles for reduction strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create the guiding principles that will direct the IT organization throughout the reduction strategy process.

    1. Review the role of guiding principles and the examples of guiding principles that organizations have used.
    2. Brainstorm different versions of the guiding principles. Each guiding principle should start with the phrase “We will…”
    3. Edit and consolidate the statements until you have a list of approximately eight to ten statements that accurately reflect IT’s role in the reduction process.
    4. Review the guiding principles every six months to ensure they continue to support the delivery of the business’ reduction strategy goals.

    Record the results in the M&A Sell Playbook.

    Create two IT teams to support the transaction

    IT M&A Transaction Team

    • The IT M&A Transaction Team should consist of the strongest members of the IT team who can be expected to deliver on unusual or additional tasks not asked of them in normal day-to-day operations.
    • The roles selected for this team will have very specific skills sets or deliver on critical separation capabilities, making their involvement in the combination of two or more IT environments paramount.
    • These individuals need to have a history of proving themselves very trustworthy, as they will likely be required to sign an NDA as well.
    • Expect to have to certain duplicate capabilities or roles across the M&A Team and Operational Team.

    IT Operational Team

    • This group is responsible for ensuring the business operations continue.
    • These employees might be those who are newer to the organization but can be counted on to deliver consistent IT services and products.
    • The roles of this team should ensure that end users or external customers remain satisfied.

    Key capabilities to support M&A

    Consider the following capabilities when looking at who should be a part of the IT Transaction Team.

    Employees who have a significant role in ensuring that these capabilities are being delivered will be a top priority.

    Infrastructure & Operations

    • System Separation
    • Data Management
    • Helpdesk/Desktop Support
    • Cloud/Server Management

    Business Focus

    • Service-Level Management
    • Enterprise Architecture
    • Stakeholder Management
    • Project Management

    Risk & Security

    • Privacy Management
    • Security Management
    • Risk & Compliance Management

    Build a lasting and scalable operating model

    An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy.

    It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design.

    The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

    As you assess the current operating model, consider the following:

    • Does the operating model contain all the necessary capabilities your IT organization requires to be successful?
    • What capabilities should be duplicated?
    • Are there individuals with the skill set to support those roles? If not, is there a plan to acquire or develop those skills?
    • A dedicated project team strictly focused on M&A is great. However, is it feasible for your organization? If not, what blockers exist?
    A diagram with 'Initiatives' and 'Solutions' on the left and right of an area chart, 'Customer' at the top, the area between them labelled 'Functional Area n', and six horizontal bars labelled 'IT Capability' stacked on top of each other. The 'IT Capability' bars are slightly skewed to the 'Solutions' side of the chart.

    Info-Tech Insight

    Investing time up-front getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and allowing your model to change as the business changes.

    2.1.3 Create the future-state operating model

    4 hours

    Input: Current operating model, IT strategy, IT capabilities, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Future-state operating model for divesting organizations

    Materials: Operating model, Capability overlay, Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to establish what the future-state operating model will be if your organization needs to adjust to support a divestiture transaction. If your organization plans to sell in its entirety, you may choose to skip this activity.

    1. Ensuring that all the IT capabilities are identified by the business and IT strategy, document your organization’s current operating model.
    2. Identify what core capabilities would be critical to the divesting transaction process and separation. Highlight and make copies of those capabilities in the M&A Sell Playbook. As a result of divesting, there may also be capabilities that will become irrelevant in your future state.
    3. Ensure the capabilities that will be decentralized are clearly identified. Decentralized capabilities do not exist within the central IT organization but rather in specific lines of businesses, products, or locations to better understand needs and deliver on the capability.

    An example operating model is included in the M&A Sell Playbook. This process benefits from strong reference architecture and capability mapping ahead of time.

    Record the results in the M&A Sell Playbook.

    2.1.4 Determine the transition team

    3 hours

    Input: IT capabilities, Future-state operating model, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a team that will support your IT organization throughout the transaction. Determining which capabilities and therefore which roles will be required ensures that the business will continue to get the operational support it needs.

    1. Based on the outcome of activity 2.1.3, review the capabilities that your organization will require on the transition team. Group capabilities into functional groups containing capabilities that are aligned well with one another because they have similar responsibilities and functionalities.
    2. Replace the capabilities with roles. For example, stakeholder management, requirements gathering, and project management might be one functional group. Project management and stakeholder management might combine to create a project manager role.
    3. Review the examples in the M&A Sell Playbook and identify which roles will be a part of the transition team.

    For more information, see Redesign Your Organizational Structure

    What is governance?

    And why does it matter so much to IT and the M&A process?

    • Governance is the method in which decisions get made, specifically as they impact various resources (time, money, and people).
    • Because M&A is such a highly governed transaction, it is important to document the governance bodies that exist in your organization.
    • This will give insight into what types of governing bodies there are, what decisions they make, and how that will impact IT.
    • For example, funds to support separation need to be discussed, approved, and supplied to IT from a governing body overseeing the acquisition.
    • A highly mature IT organization will have automated governance, while a seemingly non-existent governance process will be considered ad hoc.
    A pyramid with four levels representing the types of governing bodies that are available with differing levels of IT maturity. An arrow beside the pyramid points upward. The bottom of the arrow is labelled 'Traditional (People and document centric)' and the top is labelled 'Adaptive (Data centric)'. Starting at the bottom of the pyramid is level 1 'Ad Hoc Governance', 'Governance that is not well defined or understood within the organization. It occurs out of necessity but often not by the right people'. Level 2 is 'Controlled Governance', 'Governance focused on compliance and decisions driven by hierarchical authority. Levels of authority are defined and often driven by regulatory'. Level 3 is 'Agile Governance', 'Governance that is flexible to support different needs and quick response in the organization. Driven by principles and delegated throughout the company'. At the top of the pyramid is level 4 'Automated Governance', 'Governance that is entrenched and automated into organizational processes and product/service design. Empowered and fully delegated governance to maintain fit and drive organizational success and survival'.

    2.1.5 Document M&A governance

    1-2 hours

    Input: List of governing bodies, Governing body committee profiles, Governance structure

    Output: Documented method on how decisions are made as it relates to the M&A transaction

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine the method in which decisions are made throughout the M&A transaction as it relates to IT. This will require understanding both governing bodies internal to IT and those external to IT.

    1. First, determine the other governance structures within the organization that will impact the decisions made about M&A. List out these bodies or committees.
    2. Create a profile for each committee that looks at the membership, purpose of the committee, decision areas (authority), and the process of inputs and outputs. Ensure IT committees that will have a role in this process are also documented. Consider the benefits realized, risks, and resources required for each.
    3. Organize the committees into a structure, identifying the committees that have a role in defining the strategy, designing and building, and running.

    Record the results in the M&A Sell Playbook.

    Current-state structure map – definitions of tiers

    Strategy: These groups will focus on decisions that directly connect to the strategic direction of the organization.

    Design & Build: The second tier of groups will oversee prioritization of a certain area of governance as well as design and build decisions that feed into strategic decisions.

    Run: The lowest level of governance will be oversight of more-specific initiatives and capabilities within IT.

    Expect tier overlap. Some committees will operate in areas that cover two or three of these governance tiers.

    Measure the IT program’s success in terms of its ability to support the business’ M&A goals

    Upper management will measure IT’s success based on your ability to support the underlying reasons for the M&A. Using business metrics will help assure business stakeholders that IT understands their needs and is working with the business to achieve them.

    Business-Specific Metrics

    • Revenue Growth: Increase in the top line as seen by market expansion, product expansion, etc. by percentage/time.
    • Synergy Extraction: Reduction in costs as determined by the ability to identify and eliminate redundancies over time.
    • Profit Margin Growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs over time.

    IT-Specific Metrics

    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure over time.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT separation on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-separation estimates: Delivering successful IT carve-out on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Business capability support: Delivering the end state of IT that supports the expected business capabilities and growth.

    Establish your own metrics to gauge the success of IT

    Establish SMART M&A Success Metrics

    S pecific Make sure the objective is clear and detailed.
    M easurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    A ctionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    R ealistic Objectives must be achievable given your current resources or known available resources.
    T ime-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
    • What should IT consider when looking to identify potential additions, deletions, or modifications that will either add value to the organization or reduce costs/risks?
    • Provide a definition of synergies.
    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT separation on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-separation estimates: Delivering successful IT carve-out on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Revenue growth: Increase in the top line as a result, as seen by market expansion, product expansion, etc., as a result of divesting lines of the business and selling service-level agreements to the purchasing organization.
    • Synergy extraction: Reduction in costs, as determined by the ability to identify and eliminate redundancies.
    • Profit margin growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs.

    Metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Valuation & Due Diligence

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    2.1.6 Create program metrics

    1-2 hours

    Input: IT capabilities, Mission, vision, and guiding principles, Rationale for the acquisition

    Output: Program metrics to support IT throughout the M&A process

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine how IT’s success throughout a growth transaction will be measured and determined.

    1. Document a list of appropriate metrics on the whiteboard. Remember to include metrics that demonstrate the business impact. You can use the sample metrics listed on the previous slide as a starting point.
    2. Set a target and deadline for each metric. This will help the group determine when it is time to evaluate progression.
    3. Establish a baseline for each metric based on information collected within your organization.
    4. Assign an owner for tracking each metric as well as someone to be accountable for performance.

    Record the results in the M&A Sell Playbook.

    Discovery & Strategy

    Step 2.2

    Prepare IT to Engage in the Separation or Sale

    Activities

    • 2.2.1 Establish the separation strategy
    • 2.2.2 Conduct a RACI
    • 2.2.3 Create the communication plan
    • 2.2.4 Assess the potential organization(s)

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Identify IT’s plan of action when it comes to the separation/sale and align IT’s separation/sale strategy with the business’ M&A strategy.

    Separation strategies

    There are several IT separation strategies that will let you achieve your target technology environment.

    IT Separation Strategies
    • Divest. Carve out elements of the IT organization and sell them to a purchasing organization with or without a service-level agreement.
    • Sell. Sell the entire IT environment to a purchasing organization. The purchasing organization takes full responsibility in delivering and running the IT environment.
    • Spin-Off Joint Venture. Carve out elements of the IT organization and combine them with elements of a new or purchasing organization to create a new entity.

    The approach IT takes will depend on the business objectives for the M&A.

    • Generally speaking, the separation strategy is well understood and influenced by the frequency of and rationale for selling.
    • Based on the initiatives generated by each business process owner, you need to determine the IT separation strategy that will best support the desired target technology environment, especially if you are still operating or servicing elements of that IT environment.

    Key considerations when choosing an IT separation strategy include:

    • What are the main business objectives of the M&A?
    • What are the key synergies expected from the transaction?
    • What IT separation strategy best helps obtain these benefits?
    • What opportunities exist to position the business for sustainable and long-term growth?

    Separation strategies in detail

    Review highlights and drawbacks of different separation strategies

    Divest
      Highlights
    • Recommended for businesses striving to reduce costs and potentially even generate revenue for the business through the delivery of SLAs.
    • Opportunity to reduce or scale back on lines of business or products that are not driving profits.
      Drawbacks
    • May be forced to give up critical staff that have been known to deliver high value.
    • The IT department is left to deliver services to the purchasing organization with little support or consideration from the business.
    • There can be increased risk and security concerns that need to be addressed.
    Sell
      Highlights
    • Recommended for businesses looking to gain capital to exit the market profitably or to enter a new market with a large sum of capital.
    • The business will no longer exist, and as a result all operational costs, including IT, will become redundant.
      Drawbacks
    • IT is no longer needed as an operating or capital service for the organization.
    • Lost resources, including highly trained and critical staff.
    • May require packaging employees off and using the profit or capital generated to cover any closing costs.
    Spin-Off or Joint Venture
      Highlights
    • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
    • Each side has a unique offering but complementing capabilities.
      Drawbacks
    • As much as the organization is going through a separation from the original company, it will be going through an integration with the new company.
    • There could be differences in culture.
    • This could require a large amount of investment without a guarantee of profit or success.

    2.2.1 Establish the separation strategy

    1-2 hours

    Input: Business separation strategy, Guiding principles, M&A governance

    Output: IT’s separation strategy

    Materials: Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine IT’s approach to separating or selling. This approach might differ slightly from transaction to transaction. However, the businesses approach to transactions should give insight into the general separation strategy IT should adopt.

    1. Make sure you have clearly articulated the business objectives for the M&A, the technology end state for IT, and the magnitude of the overall separation.
    2. Review and discuss the highlights and drawbacks of each type of separation.
    3. Use Info-Tech’s Separation Posture Selection Framework on the next slide to select the separation posture that will appropriately enable the business. Consider these questions during your discussion:
      1. What are the main business objectives of the M&A? What key IT capabilities will need to support business objectives?
      2. What key synergies are expected from the transaction? What opportunities exist to position the business for sustainable growth?
      3. What IT separation best helps obtain these benefits?

    Record the results in the M&A Sell Playbook.

    Separation Posture Selection Framework

    Business M&A Strategy

    Resultant Technology Strategy

    M&A Magnitude (% of Seller Assets, Income, or Market Value)

    IT Separation Posture

    A. Horizontal Adopt One Model ‹100% Divest
    ›99% Sell
    B. Vertical Create Links Between Critical Systems Any Divest
    C. Conglomerate Independent Model Any Joint Venture
    Divest
    D. Hybrid: Horizontal & Conglomerate Create Links Between Critical Systems Any Divest
    Joint Venture

    M&A separation strategy

    Business M&A Strategy Resultant Technology Strategy M&A Magnitude (% of Seller Assets, Income, or Market Value) IT Separation Posture

    You may need a hybrid separation posture to achieve the technology end state.

    M&A objectives may not affect all IT domains and business functions in the same way. Therefore, the separation requirements for each business function may differ. Organizations will often choose to select and implement a hybrid separation posture to realize the technology end state.

    Each business division may have specific IT domain and capability needs that require an alternative separation strategy.

    • Example: Even when conducting a joint venture by forming a new organization, some partners might view themselves as the dominant partner and want to influence the IT environment to a greater degree.
    • Example: Some purchasing organizations will expect service-level agreements to be available for a significant period of time following the divestiture, while others will be immediately independent.

    2.2.2 Conduct a RACI

    1-2 hours

    Input: IT capabilities, Transition team, Separation strategy

    Output: Completed RACI for Transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to identify the core accountabilities and responsibilities for the roles identified as critical to your transition team. While there might be slight variation from transaction to transaction, ideally each role should be performing certain tasks.

    1. First, identify a list of critical tasks that need to be completed to support the sale or separation. For example:
      • Communicate with the company M&A team.
      • Identify the key IT solutions that can and cannot be carved out.
      • Gather data room artifacts and provide them to acquiring organization.
    2. Next, identify at the activity level which role is accountable or responsible for each activity. Enter an A for accountable, R for responsible, or A/R for both.

    Record the results in the M&A Sell Playbook.

    Communication and change

    Prepare key stakeholders for the potential changes

    • Anytime you are starting a project or program that will depend on users and stakeholders to give up their old way of doing things, change will force people to become novices again, leading to lost productivity and added stress.
    • Change management can improve outcomes for any project where you need people to adopt new tools and procedures, comply with new policies, learn new skills and behaviors, or understand and support new processes.
    • M&As move very quickly, and it can be very difficult to keep track of which stakeholders you need to be communicating with and what you should be communicating.
    • Not all organizations embrace or resist change in the same ways. Base your change communications on your organization’s cultural appetite for change in general.
      • Organizations with a low appetite for change will require more direct, assertive communications.
      • Organizations with a high appetite for change are more suited to more open, participatory approaches.

    Three key dimensions determine the appetite for cultural change:

    • Power Distance. Refers to the acceptance that power is distributed unequally throughout the organization.
      In organizations with a high power distance, the unequal power distribution is accepted by the less powerful employees.
    • Individualism. Organizations that score high in individualism have employees who are more independent. Those who score low in individualism fall into the collectivism side, where employees are strongly tied to one another or their groups.
    • Uncertainty Avoidance. Describes the level of acceptance that an organization has toward uncertainty. Those who score high in this area find that their employees do not favor uncertain situations, while those that score low in this area find that their employees are comfortable with change and uncertainty.

    2.2.3 Create the communication plan

    1-2 hours

    Input: IT’s M&A mission, vision, and guiding principles, M&A transition team, IT separation strategy, RACI

    Output: IT’s M&A communication plan

    Materials: Flip charts/whiteboard, Markers, RACI, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a communication plan that IT can leverage throughout the initiative.

    1. Create a structured communication plan that allows for continuous communication with the integration management office, senior management, and the business functional heads.
    2. Outline key topics of communication, with stakeholders, inputs, and outputs for each topic.
    3. Review Info-Tech’s example communication plan in the M&A Sell Playbook and update it with relevant information.
    4. Does this communication plan make sense for your organization? What doesn’t make sense? Adjust the communication guide to suit your organization.

    Record the results in the M&A Sell Playbook.

    Assessing potential organizations

    As soon as you have identified organizations to consider, it’s imperative to assess critical risks. Most IT leaders can attest that they will receive little to no notice when the business is pursuing a sale and IT has to assess the IT organization. As a result, having a standardized template to quickly assess the potential acquiring organization is important.

    Ways to Assess

    1. News: Assess what sort of news has been announced in relation to the organization. Have they had any risk incidents? Has a critical vendor announced working with them?
    2. LinkedIn: Scan through the LinkedIn profiles of employees. This will give you a sense of what platforms they have based on employees. It will also give insight into positive or negative employee experiences that could impact retention.
    3. Trends: Some industries will have specific solutions that are relevant and popular. Assess what the key players are (if you don’t already know) to determine the solution.
    4. Business Architecture: While this assessment won’t perfect, try to understand the business’ value streams and the critical business and IT capabilities that would be needed to support them. Will your organization or employee skills be required to support these long term?

    Info-Tech Insight

    Assessing potential organizations is not just for the purchaser. The seller should also know what the purchasing organization’s history with M&As is and what potential risks could occur if remaining connected through ongoing SLAs.

    2.2.4 Assess the potential organization(s)

    1-2 hours

    Input: Publicized historical risk events, Solutions and vendor contracts likely in the works, Trends

    Output: IT’s valuation of the potential organization(s) for selling or divesting

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to assess the organization(s) that your organization is considering selling or divesting to.

    1. Complete the Historical Valuation Worksheet in the M&A Sell Playbook to understand the type of IT organization that your company may support.
      • The business likely isn’t looking for in-depth details at this time. However, as the IT leader, it is your responsibility to ensure critical risks are identified and communicated to the business.
    2. Use the information identified to help the business narrow down which organizations could be the right organizations to sell or divest to.

    Record the results in the M&A Sell Playbook.

    By the end of this pre-transaction phase you should:

    Have a program plan for M&As and a repeatable M&A strategy for IT when engaging in reduction transactions

    Key outcomes from the Discovery & Strategy phase
    • Prepare the IT environment to support the potential sale or divestiture by identifying critical program plan elements and establishing a separation or carve-out strategy that will enable the business to reach its goals.
    • Create a M&A strategy that accounts for all the necessary elements of a transaction and ensures sufficient governance, capabilities, and metrics exist.
    Key deliverables from the Discovery & Strategy phase
    • Create vision and mission statements
    • Establish guiding principles
    • Create a future-state operating model
    • Identify the key roles for the transaction team
    • Identify and communicate the M&A governance
    • Determine target metrics
    • Identify the M&A operating model
    • Select the separation strategy framework
    • Conduct a RACI for key transaction tasks for the transaction team
    • Document the communication plan

    M&A Sell Blueprint

    Phase 3

    Due Diligence & Preparation

    Phase 1Phase 2

    Phase 3

    Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Drive value with a due diligence charter
    • Gather data room artifacts
    • Measure staff engagement
    • Assess culture
    • Create a carve-out roadmap
    • Prioritize separation tasks
    • Establish the separation roadmap
    • Identify the buyer’s IT expectations
    • Create a service/transaction agreement
    • Estimate separation costs
    • Create an employee transition plan
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Purchasing organization
    • Transition team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for SeparationIdentify Expectations and Create the Carve-Out RoadmapPrepare and Manage EmployeesPlan the Separation RoadmapNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Identify the rationale for the company's decision to pursue a divestiture/sale.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the divestiture/sale.
    • 1.2 Identify pain points and opportunities tied to the divestiture/sale.
    • 1.3 Establish the separation strategy.
    • 1.4 Create the due diligence charter.
    • 2.1 Identify the buyer’s IT expectations.
    • 2.2 Create a list of IT artifacts to be reviewed in the data room.
    • 2.3 Create a carve-out roadmap.
    • 2.4 Create a service/technical transaction agreement.
    • 3.1 Measure staff engagement.
    • 3.2 Assess the current culture and identify the goal culture.
    • 3.3 Create an employee transition plan.
    • 3.4 Create functional workplans for employees.
    • 4.1 Prioritize separation tasks.
    • 4.2 Establish the separation roadmap.
    • 4.3 Establish and align project metrics with identified tasks.
    • 4.4 Estimate separation costs.
    • 5.1 Complete in-progress deliverables from previous four days.
    • 5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Separation strategy
    3. Due diligence charter
    1. Data room artifacts identified
    2. Carve-out roadmap
    3. Service/technical transaction agreement
    1. Engagement assessment
    2. Culture assessment
    3. Employee transition plans and workplans
    1. Separation roadmap and associated resourcing
    1. Divestiture separation strategy for IT

    What is the Due Diligence & Preparation phase?

    Mid-transaction state

    The Due Diligence & Preparation phase during a sale or divestiture is a critical time for IT. If IT fails to proactively participate in this phase, IT will have to merely react to separation expectations set by the business.

    If your organization is being sold in its entirety, staff will have major concerns about their future in the new organization. Making this transition as smooth as possible and being transparent could go a long way in ensuring their success in the new organization.

    In a divestiture, this is the time to determine where it’s possible for the organization to divide or separate from itself. A lack of IT involvement in these conversations could lead to an overcommitment by the business and under-delivery by IT.

    Goal: To ensure that, as the selling or divesting organization, you comply with regulations, prepare staff for potential changes, and identify a separation strategy if necessary

    Due Diligence Prerequisite Checklist

    Before coming into the Due Diligence & Preparation phase, you must have addressed the following:

    • Understand the rationale for the company's decision to pursue a sale or divestiture and what opportunities or pain points the sale should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics.
    • Select a separation strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.

    Before coming into the Due Diligence & Preparation phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT’s value to the business.

    The Technology Value Trinity

    Delivery of Business Value & Strategic Needs

    • Digital & Technology Strategy
      The identification of objectives and initiatives necessary to achieve business goals.
    • IT Operating Model
      The model for how IT is organized to deliver on business needs and strategies.
    • Information & Technology Governance
      The governance to ensure the organization and its customers get maximum value from the use of information and technology.

    All three elements of the Technology Value Trinity work in harmony to deliver business value and achieve strategic needs. As one changes, the others need to change as well.

    • Digital and IT Strategy tells you what you need to achieve to be successful.
    • IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
    • Information & Technology Governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy. It’s the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy. This oversight evaluates, directs, and monitors the delivery of outcomes to ensure that the use of resources results in the achieving the organization’s goals.

    Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest – not based on what is in the best interest of the organization.

    Due Diligence & Preparation

    Step 3.1

    Engage in Due Diligence and Prepare Staff

    Activities

    • 3.1.1 Drive value with a due diligence charter
    • 3.1.2 Gather data room artifacts
    • 3.1.3 Measure staff engagement
    • 3.1.4 Assess culture

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Prospective IT organization
    • Transition team

    Outcomes of Step

    This step of the process is when IT should prepare and support the business in due diligence and gather the necessary information about staff changes.

    3.1.1 Drive value with a due diligence charter

    1-2 hours

    Input: Key roles for the transaction team, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team

    Output: IT Due Diligence Charter

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a charter leveraging the items completed in the previous phase, as listed on the Due Diligence Prerequisite Checklist slide, to gain executive sign-off.

    1. In the IT Due Diligence Charter in the M&A Sell Playbook, complete the aspects of the charter that are relevant for you and your organization.
    2. We recommend including these items in the charter:
      • Communication plan
      • Transition team roles
      • Goals and metrics for the transaction
      • Separation strategy
      • Sale/divestiture RACI
    3. Once the charter has been completed, ensure that business executives agree to the charter and sign off on the plan of action.

    Record the results in the M&A Sell Playbook.

    3.1.2 Gather data room artifacts

    4 hours

    Input: Future-state operating model, M&A governance, Target metrics, Selected separation strategy framework, RACI of key transaction tasks for the transaction team

    Output: List of items to acquire and verify can be provided to the purchasing organization while in the data room

    Materials: Critical domain lists on following slides, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team, Legal team, Compliance/privacy officers

    The purpose of this activity is to create a list of the key artifacts that you could be asked for during the due diligence process.

    1. Review the lists on the following pages as a starting point. Identify which domains, stakeholders, artifacts, and information should be requested for the data room.
    2. IT leadership may or may not be asked to enter the data room directly. The short notice for having to find these artifacts for the purchasing organization can leave your IT organization scrambling. Identify the critical items worth obtaining ahead of time.
    3. Once you have identified the artifacts, provide the list to the legal team or compliance/privacy officers and ensure they also agree those items can be provided. If changes to the documents need to be made, take the time to do so.
    4. Store all items in a safe and secure file or provide to the M&A team ahead of due diligence.

    **Note that if your organization is not leading/initiating the data room, then you can ignore this activity.

    Record the results in the M&A Sell Playbook.

    Critical domains

    Understand the key stakeholders and outputs for each domain

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request

    Business
    • Enterprise Architecture
    • Business Relationship Manager
    • Business Process Owners
    • Business capability map
    • Capability map (the M&A team should be taking care of this, but make sure it exists)
    • Business satisfaction with various IT systems and services
    Leadership/IT Executive
    • CIO
    • CTO
    • CISO
    • IT budgets
    • IT capital and operating budgets (from current year and previous year)
    Data & Analytics
    • Chief Data Officer
    • Data Architect
    • Enterprise Architect
    • Master data domains, system of record for each
    • Unstructured data retention requirements
    • Data architecture
    • Master data domains, sources, and storage
    • Data retention requirements
    Applications
    • Applications Manager
    • Application Portfolio Manager
    • Application Architect
    • Applications map
    • Applications inventory
    • Applications architecture
    • Copy of all software license agreements
    • Copy of all software maintenance agreements
    Infrastructure
    • Head of Infrastructure
    • Enterprise Architect
    • Infrastructure Architect
    • Infrastructure Manager
    • Infrastructure map
    • Infrastructure inventory
    • Network architecture (including which data centers host which infrastructure and applications)
    • Inventory (including separation capabilities of vendors, versions, switches, and routers)
    • Copy of all hardware lease or purchase agreements
    • Copy of all hardware maintenance agreements
    • Copy of all outsourcing/external service provider agreements
    • Copy of all service-level agreements for centrally provided, shared services and systems
    Products and Services
    • Product Manager
    • Head of Customer Interactions
    • Product lifecycle
    • Product inventory
    • Customer market strategy

    Critical domains (continued)

    Understand the key stakeholders and outputs for each domain

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request

    Operations
    • Head of Operations
    • Service catalog
    • Service overview
    • Service owners
    • Access policies and procedures
    • Availability and service levels
    • Support policies and procedures
    • Costs and approvals (internal and customer costs)
    IT Processes
    • CIO
    • IT Management
    • VP of IT Governance
    • VP of IT Strategy
    • IT process flow diagram
    • Processes in place and productivity levels (capacity)
    • Critical processes/processes the organization feels they do particularly well
    IT People
    • CIO
    • VP of Human Resources
    • IT organizational chart
    • Competency & capacity assessment
    • IT organizational structure (including resources from external service providers such as contractors) with appropriate job descriptions or roles and responsibilities
    • IT headcount and location
    Security
    • CISO
    • Security Architect
    • Security posture
    • Information security staff
    • Information security service providers
    • Information security tools
    • In-flight information security projects
    Projects
    • Head of Projects
    • Project portfolio
    • List of all future, ongoing, and recently completed projects
    Vendors
    • Head of Vendor Management
    • License inventory
    • Inventory (including what will and will not be transitioning, vendors, versions, number of licenses)

    Retain top talent throughout the transition

    Focus on retention and engagement

    • People are such a critical component of this process, especially in the selling organization.
    • Retaining employees, especially the critical employees who hold specific skills or knowledge, will ensure the success and longevity of the divesting organization, purchasing organization, or the new company.
    • Giving employees a role in the organization and ensuring they do not see their capabilities as redundant will be critical to the process.
    • It is okay if employees need to change what they were doing temporarily or even long-term. However, being transparent about these changes and highlighting their value to the process and organization(s) will help.
    • The first step to moving forward with retention is to look at the baseline engagement and culture of employees and the organization. This will help determine where to focus and allow you to identify changes in engagement that resulted from the transaction.
    • Job engagement drivers are levers that influence the engagement of employees in their day-to-day roles.
    • Organizational engagement drivers are levers that influence an employee’s engagement with the broader organization.
    • Retention drivers are employment needs. They don’t necessarily drive engagement, but they must be met for engagement to be possible.

    3.1.3 Measure staff engagement

    3-4 hours

    Input: Engagement survey

    Output: Baseline engagement scores

    Materials: Build an IT Employee Engagement Program

    Participants: IT executive/CIO, IT senior leadership, IT employees of current organization

    The purpose of this activity is to measure current staff engagement to have a baseline to measure against in the future state. This is a good activity to complete if you will be divesting or selling in entirety.

    The results from the survey should act as a baseline to determine what the organization is doing well in terms of employee engagement and what drivers could be improved upon.

    1. Review Info-Tech’s Build an IT Employee Engagement Program research and select a survey that will best meet your needs.
    2. Conduct the survey and note which drivers employees are currently satisfied with. Likewise, note where there are opportunities.
    3. Document actions that should be taken to mitigate the negative engagement drivers throughout the transaction and enhance or maintain the positive engagement drivers.

    Record the results in the M&A Sell Playbook.

    Assess culture as a part of engagement

    Culture should not be overlooked, especially as it relates to the separation of IT environments

    • There are three types of culture that need to be considered.
    • Most importantly, this transition is an opportunity to change the culture that might exist in your organization’s IT environment.
    • Make a decision on which type of culture you’d like IT to have post transition.

    Target Organization's Culture. The culture that the target organization is currently embracing. Their established and undefined governance practices will lend insight into this.

    Your Organization’s Culture. The culture that your organization is currently embracing. Examine people’s attitudes and behaviors within IT toward their jobs and the organization.

    Ideal Culture. What will the future culture of the IT organization be once separation is complete? Are there aspects that your current organization and the target organization embrace that are worth considering?

    Culture categories

    Map the results of the IT Culture Diagnostic to an existing framework

    Competitive
    • Autonomy
    • Confront conflict directly
    • Decisive
    • Competitive
    • Achievement oriented
    • Results oriented
    • High performance expectations
    • Aggressive
    • High pay for good performance
    • Working long hours
    • Having a good reputation
    • Being distinctive/different
    Innovative
    • Adaptable
    • Innovative
    • Quick to take advantage of opportunities
    • Risk taking
    • Opportunities for professional growth
    • Not constrained by rules
    • Tolerant
    • Informal
    • Enthusiastic
    Traditional
    • Stability
    • Reflective
    • Rule oriented
    • Analytical
    • High attention to detail
    • Organized
    • Clear guiding philosophy
    • Security of employment
    • Emphasis on quality
    • Focus on safety
    Cooperative
    • Team oriented
    • Fair
    • Praise for good performance
    • Supportive
    • Calm
    • Developing friends at work
    • Socially responsible

    Culture Considerations

    • What culture category was dominant for each IT organization?
    • Do you share the same dominant category?
    • Is your current dominant culture category the most ideal to have post-separation?

    3.1.4 Assess Culture

    3-4 hours

    Input: Cultural assessments for current IT organization, Cultural assessment for target IT organization

    Output: Goal for IT culture

    Materials: IT Culture Diagnostic

    Participants: IT executive/CIO, IT senior leadership, IT employees of current organization, IT employees of target organization, Company M&A team

    The purpose of this activity is to assess the different cultures that might exist within the IT environments of the organizations involved. By understanding the culture that exists in the purchasing organization, you can identify the fit and prepare impacted staff for potential changes.

    1. Complete this activity by leveraging the blueprint Fix Your IT Culture, specifically the IT Culture Diagnostic.
    2. Fill out the diagnostic for the IT department in your organization:
      1. Answer the 16 questions in tab 2, Diagnostic.
      2. Find out your dominant culture and review recommendations in tab 3, Results.
    3. Document the results from tab 3, Results, in the M&A Sell Playbook if you are trying to record all artifacts related to the transaction in one place.
    4. Repeat the activity for the purchasing organization.
    5. Leverage the information to determine what the goal for the culture of IT will be post-separation if it will differ from the current culture.

    Record the results in the M&A Sell Playbook.

    Due Diligence & Preparation

    Step 3.2

    Prepare to Separate

    Activities

    • 3.2.1 Create a carve-out roadmap
    • 3.2.2 Prioritize separation tasks
    • 3.2.3 Establish the separation roadmap
    • 3.2.4 Identify the buyer’s IT expectations
    • 3.2.5 Create a service/transaction agreement
    • 3.2.6 Estimate separation costs
    • 3.2.7 Create an employee transition plan
    • 3.2.8 Create functional workplans for employees
    • 3.2.9 Align project metrics with identified tasks

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team
    • Purchasing organization

    Outcomes of Step

    Have an established plan of action toward separation across all domains and a strategy toward resources.

    Don’t underestimate the importance of separation preparation

    Separation involves taking the IT organization and dividing it into two or more separate entities.

    Testing the carve capabilities of the IT organization often takes 3 months. (Source: Cognizant, 2014)

    Daimler-Benz lost nearly $19 billion following its purchase of Chrysler by failing to recognize the cultural differences that existed between the two car companies. (Source: Deal Room)

    Info-Tech Insight

    Separating the IT organization requires more time and effort than business leaders will know. Frequently communicate challenges and lost opportunities when carving the IT environment out.

    Separation needs

    Identify the business objectives of the sale to determine the IT strategy

    Set up a meeting with your IT due diligence team to:

    • Ensure there will be no gaps in the delivery of products and services in the future state.
    • Discuss the people and processes necessary to achieve the target technology environment and support M&A business objectives.

    Use this opportunity to:

    • Identify data and application complexities between the involved organizations.
    • Identify the IT people and process gaps, initiatives, and levels of support expected.
    • Determine your infrastructure needs to ensure effectiveness and delivery of services:
      • Does IT have the infrastructure to support the applications and business capabilities?
      • Identify any gaps between the current infrastructure in both organizations and the infrastructure required.
      • Identify any redundancies/gaps.
      • Determine the appropriate IT separation strategies.
    • Document your gaps, redundancies, initiatives, and assumptions to help you track and justify the initiatives that must be undertaken and help estimate the cost of separation.

    Separation strategies

    There are several IT separation strategies that will let you achieve your target technology environment.

    IT Separation Strategies
    • Divest. Carve out elements of the IT organization and sell them to a purchasing organization with or without a service-level agreement.
    • Sell. Sell the entire IT environment to a purchasing organization. The purchasing organization takes full responsibility in delivering and running the IT environment.
    • Spin-Off Joint Venture. Carve out elements of the IT organization and combine them with elements of a new or purchasing organization to create a new entity.

    The approach IT takes will depend on the business objectives for the M&A.

    • Generally speaking, the separation strategy is well understood and influenced by the frequency of and rationale for selling.
    • Based on the initiatives generated by each business process owner, you need to determine the IT separation strategy that will best support the desired target technology environment, especially if you are still operating or servicing elements of that IT environment.

    Key considerations when choosing an IT separation strategy include:

    • What are the main business objectives of the M&A?
    • What are the key synergies expected from the transaction?
    • What IT separation strategy best helps obtain these benefits?
    • What opportunities exist to position the business for sustainable and long-term growth?

    Separation strategies in detail

    Review highlights and drawbacks of different separation strategies

    Divest
      Highlights
    • Recommended for businesses striving to reduce costs and potentially even generate revenue for the business through the delivery of SLAs.
    • Opportunity to reduce or scale back on lines of business or products that are not driving profits.
      Drawbacks
    • May be forced to give up critical staff that have been known to deliver high value.
    • The IT department is left to deliver services to the purchasing organization with little support or consideration from the business.
    • There can be increased risk and security concerns that need to be addressed.
    Sell
      Highlights
    • Recommended for businesses looking to gain capital to exit the market profitably or to enter a new market with a large sum of capital.
    • The business will no longer exist, and as a result all operational costs, including IT, will become redundant.
      Drawbacks
    • IT is no longer needed as an operating or capital service for the organization.
    • Lost resources, including highly trained and critical staff.
    • May require packaging employees off and using the profit or capital generated to cover any closing costs.
    Spin-Off or Joint Venture
      Highlights
    • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
    • Each side has a unique offering but complementing capabilities.
      Drawbacks
    • As much as the organization is going through a separation from the original company, it will be going through an integration with the new company.
    • There could be differences in culture.
    • This could require a large amount of investment without a guarantee of profit or success.

    Preparing the carve-out roadmap

    And why it matters so much

    • When carving out the IT environment in preparation for a divestiture, it’s important to understand the infrastructure, application, and data connections that might exist.
    • Much to the business’ surprise, carving out the IT environment is not easy, especially when considering the services and products that might depend on access to certain applications or data sets.
    • Once the business has indicated which elements they anticipate divesting, be prepared for testing the functionality and ability of this carve-out, either through automation or manually. There are benefits and drawbacks to both methods:
      • Automated requires a solution and a developer to code the tests.
      • Manual requires time to find the errors, possibly more time than automated testing.
    • Identify if there are dependencies that will make the carve-out difficult.
      • For example, the business is trying to divest Product X, but that product is integrated with Product Y, which is not being sold.
      • Consider all the processes and products that specific data might support as well.
      • Moreover, the data migration tool will need to enter the ERP system and identify not just the data but all supporting and historical elements that underlie the data.

    Critical components to consider:

    • Selecting manual or automated testing
    • Determining data dependencies
    • Data migration capabilities
    • Auditing approval
    • People and skills that support specific elements being carved out

    3.2.1 Create a carve-out roadmap

    6 hours

    Input: Items included in the carve-out, Dependencies, Whether testing is completed, If the carve-out will pass audit, If the carve-out item is prepared to be separated

    Output: Carve-out roadmap

    Materials: Business’ divestiture plan, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Business leaders, Transition team

    The purpose of this activity is to prepare the IT environment by identifying a carve-out roadmap, specifically looking at data, infrastructure, and applications. Feel free to expand the roadmap to include other categories as your organization sees fit.

    1. In the Carve-Out Roadmap in the M&A Sell Playbook, identify the key elements of the carve-out in the first column.
    2. Note any dependencies the items might have. For example:
      • The business is selling Product X, which is linked to Data X and Data Y. The organization does not want to sell Data Y. Data X would be considered dependent on Data Y.
    3. Once the dependencies have been confirmed, begin automated or manual testing to examine the possibility of separating the data sets (or other dependencies) from one another.
    4. After identifying an acceptable method of separation, inform the auditing individual or body and confirm that there would be no repercussions for the planned process.

    Record the results in the M&A Sell Playbook.

    3.2.2 Prioritize separation tasks

    2 hours

    Input: Separation tasks, Transition team, M&A RACI

    Output: Prioritized separation list

    Materials: Separation task checklist, Separation roadmap

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to prioritize the different separation tasks that your organization has identified as necessary to this transaction. Some tasks might not be relevant for this particular transaction, and others might be critical.

    1. Begin by downloading the SharePoint or Excel version of the M&A Separation Project Management Tool.
    2. Identify which separation tasks you want to have as part of your project plan. Alter or remove any tasks that are irrelevant to your organization. Add in tasks you think are missing.
    3. When deciding criticality of the task, consider the effect on stakeholders, those who are impacted or influenced in the process of the task, and dependencies (e.g. data strategy needs to be addressed first before you can tackle its dependencies, like data quality).
    4. Feel free to edit the way you measure criticality. The standard tool leverages a three-point scale. At the end, you should have a list of tasks in priority order based on criticality.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Separation checklists

    Prerequisite Checklist
    • Build the project plan for separation and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the sale or divestiture
    • Develop IT's sale/divestiture strategy
      • Determine goal opportunities
      • Create the mission and vision statements
      • Create the guiding principles
      • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Establish a service/technical transaction agreement
    • Plan and communicate culture changes
    • Create an employee transition plan
    • Assess baseline engagement
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Meet compliance and regulatory standards
    • Identify and assess all of IT's risks
    Applications
    • Prioritize and address critical applications
      • CRM
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
      • ERP
      • Email
    • Develop method of separating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    • Prioritize and address critical applications
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Build a data architecture roadmap
    • Analyze data sources and domains
    • Evaluate data storage (on-premises vs. cloud)
    • Develop an enterprise content management strategy and roadmap
    • Ensure cleanliness/usability of data sets
    • Identify data sets that can remain operational if reduced/separated
    • Develop reporting and analytics capabilities
    • Confirm data strategy
    Operations
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Separate/terminate phone lists and extensions
    • Split email address books
    • Communicate helpdesk/service desk information

    Separation checklists (continued)

    Infrastructure
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    • Determine network access concerns
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Identify the licensing grant
    • Rationalize vendor services and solutions
    People
    • Design an IT operating model
    • Design your future IT organizational structure
    • Conduct a RACI for prioritized activities
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Define new job descriptions with meaningful roles and responsibilities
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Identify projects to be on hold
    • Communicate project intake process
    • Reprioritize projects
    Products & Services
    • Redefine service catalog
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    • Plan service-level agreements
    Security
    • Conduct a security assessment
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be changed/terminated
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies
    • Evaluate current process models

    3.2.2 Establish the separation roadmap

    2 hours

    Input: Prioritized separation tasks, Carve-out roadmap, Employee transition plan, Separation RACI, Costs for activities, Activity owners

    Output: Separation roadmap

    Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel), SharePoint Template: Step-by-Step Deployment Guide

    Participants: IT executive/CIO, IT senior leadership, Transition team, Company M&A team

    The purpose of this activity is to create a roadmap to support IT throughout the separation process. Using the information gathered in previous activities, you can create a roadmap that will ensure a smooth separation.

    1. Use our Separation Project Management Tool to help track critical elements in relation to the separation project. There are a few options available:
      1. Follow the instructions on the next slide if you are looking to upload our SharePoint project template. Additional instructions are available in the SharePoint Template Step-by-Step Deployment Guide.
      2. If you cannot or do not want to use SharePoint as your project management solution, download our Excel version of the tool.
        **Remember that this your tool, so customize to your liking.
    2. Identify who will own or be accountable for each of the separation tasks and establish the time frame for when each project should begin and end. This will confirm which tasks should be prioritized.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Separation Project Management Tool (SharePoint Template)

    Follow these instructions to upload our template to your SharePoint environment

    1. Create or use an existing SP site.
    2. Download the M&A Separation Project Management Tool (SharePoint) .wsp file from the Mergers & Acquisitions: The Sell Blueprint landing page.
    3. To import a template into your SharePoint environment, do the following:
      1. Open PowerShell.
      2. Connect-SPO Service (need to install PowerShell module).
      3. Enter in your tenant admin URL.
      4. Enter in your admin credentials.
      5. Set-SPO Site https://YourDomain.sharepoint.com/sites/YourSiteHe... -DenyAddAndCustomizePages 0
      OR
      1. Turn on both custom script features to allow users to run custom
    4. Screenshot of the 'Custom Script' option for importing a template into your SharePoint environment. Feature description reads 'Control whether users can run custom script on personal sites and self-service created sites. Note: changes to this setting might take up to 24 hours to take effect. For more information, see http://go.microsoft.com/fwlink/?LinkIn=397546'. There are options to prevent or allow users from running custom script on personal/self-service created sites.
    5. Enable the SharePoint Server feature.
    6. Upload the .wsp file in Solutions Gallery.
    7. Deploy by creating a subsite and select from custom options.
      • Allow or prevent custom script
      • Security considerations of allowing custom script
      • Save, download, and upload a SharePoint site as a template
    8. Refer to Microsoft documentation to understand security considerations and what is and isn’t supported:

    For more information, check out the SharePoint Template: Step-by-Step Deployment Guide.

    Supporting the transition and establishing service-level agreements

    The purpose of this part of the transition is to ensure both buyer and seller have a full understanding of expectations for after the transaction.

    • Once the organizations have decided to move forward with a deal, all parties need a clear level of agreement.
    • IT, since it is often seen as an operational division of an organization, is often expected to deliver certain services or products once the transaction has officially closed.
    • The purchasing organization or the new company might depend on IT to deliver these services until they are able to provide those services on their own.
    • Having a clear understanding of what the buyer’s expectations are and what your company, as the selling organization, can provide is important.
    • Have a conversation with the buyer and document those expectations in a signed service agreement.

    3.2.4 Identify the buyer's IT expectations

    3-4 hours

    Input: Carve-out roadmap, Separation roadmap, Up-to-date version of the agreement

    Output: Buyer’s IT expectations

    Materials: Questions for meeting

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership

    The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization. By identifying, documenting, and agreeing on what services your IT organization will be responsible for, you can obtain a final agreement to protect you as the selling organization.

    1. Buyers should not assume certain services will be provided. Organize a meeting with IT leaders and the company M&A teams to determine what services will be provided.
    2. The next slide has a series of questions that you can start from. Ensure you get detailed information about each of the services.
    3. Once you fully understand the buyer’s IT expectations, create an SLA in the next activity and obtain sign-off from both organizations.

    Questions to ask the buyer

    1. What services would you like my IT organization to provide?
    2. How long do you anticipate those services will be provided to you?
    3. How do you expect your staff/employees to communicate requests or questions to my staff/employees?
    4. Are there certain days or times that you expect these services to be delivered?
    5. How many staff do you expect should be available to support you?
    6. What should be the acceptable response time on given service requests?
    7. When it comes to the services you require, what level of support should we provide?
    8. If a service requires escalation to Level 2 or Level 3 support, are we still expected to support this service? Or are we only Level 1 support?
    9. What preventative security methods does your organization have to protect our environment during this agreement period?

    3.2.5 Create a service/ transaction agreement

    6 hours

    Input: Buyer's expectations, Separation roadmap

    Output: SLA for the purchasing organization

    Materials: Service Catalog Internal Service Level Agreement Template, M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Purchasing company M&A team, Purchasing company IT leadership

    The purpose of this activity is to determine if the buyer has specific service expectations for your IT organization post-transaction that your IT organization is agreeing to provide.

    1. Document the expected services and the related details in a service-level agreement.
    2. Provide the SLA to the purchasing organization.
    3. Obtain sign-off from both organizations on the level of service that is expected of IT.
    4. Update the M&A Separation Project Management Tool Excel or SharePoint document to reflect any additional items that the purchasing organization identified.

    *For organizations being purchased in their entirety, this activity may not be relevant.

    Modify the Service Catalog Internal Service Level Agreement with the agreed-upon terms of the SLA.

    Importance of estimating separation costs

    Change is the key driver of separation costs

    Separation costs are dependent on the following:
    • Meeting synergy targets – whether that be cost saving or growth related.
      • Employee-related costs, licensing, and reconfiguration fees play a huge part in meeting synergy targets.
    • Adjustments related to compliance or regulations – especially if there are changes to legal entities, reporting requirements, or risk mitigation standards.
    • Governance or third party–related support required to ensure timelines are met and the separation is a success.
    Separation costs vary by industry type.
    • Certain industries may have separation costs made up of mostly one type, differing from other industries, due to the complexity and demands of the transaction. For example:
      • Healthcare separation costs are mostly driven by regulatory, safety, and quality standards, as well as consolidation of the research and development function.
      • Energy and Utilities tend to have the lowest separation costs due to most transactions occurring within the same sector rather than as cross-sector investments. For example, oil and gas transactions tend to be for oil fields and rigs (strategic fixed assets), which can easily be added to the buyer’s portfolio.

    Separation costs are more related to the degree of change required than the size of the transaction.

    3.2.6 Estimate separation costs

    3-4 hours

    Input: Separation tasks, Transition team, Valuation of current IT environment, Valuation of target IT environment, Outputs from data room, Technical debt, Employees

    Output: List of anticipated costs required to support IT separation

    Materials: Separation task checklist, Separation roadmap, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to estimate the costs that will be associated with the separation. Identify and communicate a realistic figure to the larger M&A team within your company as early in the process as possible. This ensures that the funding required for the transaction is secured and budgeted for in the overarching transaction.

    1. On the associated slide in the M&A Sell Playbook, input:
      • Task
      • Domain
      • Cost type
      • Total cost amount
      • Level of certainty around the cost
    2. Provide a copy of the estimated costs to the company’s M&A team. Also provide any additional information identified earlier to help them understand the importance of those costs.

    Record the results in the M&A Sell Playbook.

    Employee transition planning

    Considering employee impact will be a huge component to ensure successful separation

    • Meet With Leadership
    • Plan Individual and Department Redeployment
    • Plan Individual and Department Layoffs
    • Monitor and Manage Departmental Effectiveness
    • For employees, the transition could mean:
      • Changing from their current role to a new role to meet requirements and expectations throughout the transition.
      • Being laid off because the role they are currently occupying has been made redundant.
    • It is important to plan for what the M&A separation needs will be and what the IT operational needs will be.
    • A lack of foresight into this long-term plan could lead to undue costs and headaches trying to retain critical staff, rehiring positions that were already let go, and keeping redundant employees longer then necessary.

    Info-Tech Insight

    Being transparent throughout the process is critical. Do not hesitate to tell employees the likelihood that their job may be made redundant. This will ensure a high level of trust and credibility for those who remain with the organization after the transaction.

    3.2.7 Create an employee transition plan

    3-4 hours

    Input: IT strategy, IT organizational design

    Output: Employee transition plans

    Materials: M&A Sell Playbook, Whiteboard, Sticky notes, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to create a transition plan for employees.

    1. Transition planning can be done at specific individual levels or more broadly to reflect a single role. Consider these four items in the transition plan:
      • Understand the direction of the employee transitions.
      • Identify employees that will be involved in the transition (moved or laid off).
      • Prepare to meet with employees.
      • Meet with employees.
    2. For each employee that will be facing some sort of change in their regular role, permanent or temporary, create a transition plan.
    3. For additional information on transitioning employees, review the blueprint Streamline Your Workforce During a Pandemic.

    **Note that if someone’s future role is a layoff, then there is no need to record anything for skills needed or method for skill development.

    Record the results in the M&A Sell Playbook.

    3.2.8 Create functional workplans for employees

    3-4 hours

    Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners

    Output: Employee functional workplans

    Materials: M&A Sell Playbook, Learning and development tools

    Participants: IT executive/CIO, IT senior leadership, IT management team, Company M&A team, Transition team

    The purpose of this activity is to create a functional workplan for the different employees so that they know what their key role and responsibilities are once the transaction occurs.

    1. First complete the transition plan from the previous activity (3.2.7) and the separation roadmap. Have these documents ready to review throughout this process.
    2. Identify the employees who will be transitioning to a new role permanently or temporarily. Creating a functional workplan is especially important for these employees.
    3. Identify the skills these employees need to have to support the separation. Record this in the corresponding slide in the M&A Sell Playbook.
    4. For each employee, identify someone who will be a point of contact for them throughout the transition.

    It is recommended that each employee have a functional workplan. Leverage the IT managers to support this task.

    Record the results in the M&A Sell Playbook.

    Metrics for separation

    Valuation & Due Diligence

    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target

    Execution & Value Realization

    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT separation
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    3.2.9 Align project metrics with identified tasks

    3-4 hours

    Input: Prioritized separation tasks, Employee transition plan, Separation RACI, Costs for activities, Activity owners, M&A goals

    Output: Separation-specific metrics to measure success

    Materials: Separation roadmap, M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Transition team

    The purpose of this activity is to understand how to measure the success of the separation project by aligning metrics to each identified task.

    1. Review the M&A goals identified by the business. Your metrics will need to tie back to those business goals.
    2. Identify metrics that align to identified tasks and measure achievement of those goals. For each metric you consider, ask the following questions:
      • What is the main goal or objective that this metric is trying to solve?
      • What does success look like?
      • Does the metric promote the right behavior?
      • Is the metric actionable? What is the story you are trying to tell with this metric?
      • How often will this get measured?
      • Are there any metrics it supports or is supported by?

    Record the results in the M&A Sell Playbook.

    By the end of this mid-transaction phase you should:

    Have successfully evaluated your IT people, processes, and technology to determine a roadmap forward for separating or selling.

    Key outcomes from the Due Diligence & Preparation phase
    • Participate in due diligence activities to comply with regulatory and auditing standards and prepare employees for the transition.
    • Create a separation roadmap that considers the tasks that will need to be completed and the resources required to support separation.
    Key deliverables from the Due Diligence & Preparation phase
    • Drive value with a due diligence charter
    • Gather data room artifacts
    • Measure staff engagement
    • Assess culture
    • Create a carve-out roadmap
    • Prioritize separation tasks
    • Establish the separation roadmap
    • Identify the buyer’s IT expectations
    • Create a service/transaction agreement
    • Estimate separation costs
    • Create an employee transition plan
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    M&A Sell Blueprint

    Phase 4

    Execution & Value Realization

    Phase 1Phase 2Phase 3

    Phase 4

    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Reduction Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Separation or Sale
    • 3.1 Engage in Due Diligence and Prepare Staff
    • 3.2 Prepare to Separate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Monitor service agreements
    • Continually update the project plan
    • Confirm separation costs
    • Review IT’s transaction value
    • Conduct a transaction and separation SWOT
    • Review the playbook and prepare for future transactions

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Engage in Separation

    Day 4

    Establish the Transaction FoundationDiscover the Motivation for IntegrationPlan the Separation RoadmapPrepare Employees for the TransitionEngage in SeparationAssess the Transaction Outcomes (Must be within 30 days of transaction date)

    Activities

    • 0.1 Identify the rationale for the company's decision to pursue a divestiture/sale.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the divestiture/sale.
    • 1.2 Identify pain points and opportunities tied to the divestiture/sale.
    • 1.3 Establish the separation strategy.
    • 1.4 Create the due diligence charter.
    • 2.1 Prioritize separation tasks.
    • 2.2 Establish the separation roadmap.
    • 2.3 Establish and align project metrics with identified tasks.
    • 2.4 Estimate separation costs.
    • 3.1 Measure staff engagement
    • 3.2 Assess the current culture and identify the goal culture.
    • 3.3 Create an employee transition plan.
    • 3.4 Create functional workplans for employees.
    • S.1 Complete the separation by regularly updating the project plan.
    • S.2 Assess the service/technical transaction agreement.
    • 4.1 Confirm separation costs.
    • 4.2 Review IT’s transaction value.
    • 4.3 Conduct a transaction and separation SWOT.
    • 4.4 Review the playbook and prepare for future transactions.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Separation strategy
    3. Due diligence charter
    1. Separation roadmap and associated resourcing
    1. Engagement assessment
    2. Culture assessment
    3. Employee transition plans and workplans
    1. Evaluate service/technical transaction agreement
    2. Updated separation project plan
    1. SWOT of transaction
    2. M&A Sell Playbook refined for future transactions

    What is the Execution & Value Realization phase?

    Post-transaction state

    Once the transaction comes to a close, it’s time for IT to deliver on the critical separation tasks. As the selling organization in this transaction, you need to ensure you have a roadmap that properly enables the ongoing delivery of your IT environment while simultaneously delivering the necessary services to the purchasing organization.

    Throughout the separation transaction, some of the most common obstacles IT should prepare for include difficulty separating the IT environment, loss of key personnel, disengaged employees, and security/compliance issues.

    Post-transaction, the business needs to understands the value they received by engaging in the transaction and the ongoing revenue they might obtain as a result of the sale. You also need to ensure that the IT environment is functioning and mitigating any high-risk outcomes.

    Goal: To carry out the planned separation activities and deliver the intended value to the business.

    Execution Prerequisite Checklist

    Before coming into the Execution & Value Realization phase, you must have addressed the following:

    • Understand the rationale for the company's decisions to pursue a sale or divestiture and what opportunities or pain points the sale should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics.
    • Select a separation strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.
    • Create a carve-out roadmap.
    • Prioritize separation tasks.
    • Establish the separation roadmap.
    • Create employee transition plans.

    Before coming into the Execution & Value Realization phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Establish a due diligence charter.
    • Be able to valuate the IT environment and communicate IT’s value to the business.
    • Gather and present due diligence data room artifacts.
    • Measure staff engagement.
    • Assess and plan for culture.
    • Estimate separation costs.
    • Create functional workplans for employees.
    • Identify the buyer’s IT expectations.
    • Create a service/ transaction agreement.

    Separation checklists

    Prerequisite Checklist
    • Build the project plan for separation and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the sale or divestiture
    • Develop IT's sale/divestiture strategy
      • Determine goal opportunities
      • Create the mission and vision statements
      • Create the guiding principles
      • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Establish a service/technical transaction agreement
    • Plan and communicate culture changes
    • Create an employee transition plan
    • Assess baseline engagement
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Meet compliance and regulatory standards
    • Identify and assess all of IT's risks
    Applications
    • Prioritize and address critical applications
      • CRM
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
      • ERP
      • Email
    • Develop method of separating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    • Prioritize and address critical applications
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Build a data architecture roadmap
    • Analyze data sources and domains
    • Evaluate data storage (on-premises vs. cloud)
    • Develop an enterprise content management strategy and roadmap
    • Ensure cleanliness/usability of data sets
    • Identify data sets that can remain operational if reduced/separated
    • Develop reporting and analytics capabilities
    • Confirm data strategy
    Operations
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Separate/terminate phone lists and extensions
    • Split email address books
    • Communicate helpdesk/service desk information

    Separation checklists (continued)

    Infrastructure
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    • Determine network access concerns
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Identify the licensing grant
    • Rationalize vendor services and solutions
    People
    • Design an IT operating model
    • Design your future IT organizational structure
    • Conduct a RACI for prioritized activities
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Define new job descriptions with meaningful roles and responsibilities
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Identify projects to be on hold
    • Communicate project intake process
    • Reprioritize projects
    Products & Services
    • Redefine service catalog
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    • Plan service-level agreements
    Security
    • Conduct a security assessment
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be changed/terminated
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies
    • Evaluate current process models

    Execution & Value Realization

    Step 4.1

    Execute the Transaction

    Activities

    • 4.1.1 Monitor service agreements
    • 4.1.2 Continually update the project plan

    This step will walk you through the following activities:

    • Monitor service agreements
    • Continually update the project plan

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Outcomes of Step

    Successfully execute the separation of the IT environments and update the project plan, strategizing against any roadblocks as they come.

    Key concerns to monitor during separation

    If you are entering the transaction at this point, consider and monitor the following three items above all else.

    Your IT environment, reputation as an IT leader, and impact on key staff will depend on monitoring these aspects.

    • Risk & Security. Make sure that the channels of communication between the purchasing organization and your IT environment are properly determined and protected. This might include updating or removing employees’ access to certain programs.
    • Retaining Employees. Employees who do not see a path forward in the organization or who feel that their skills are being underused will be quick to move on. Make sure they are engaged before, during, and after the transaction to avoid losing employees.
    • IT Environment Dependencies. Testing the IT environment several times and obtaining sign-off from auditors that this has been completed correctly should be completed well before the transaction occurs. Have a strong architecture outlining technical dependencies.

    For more information, review:

    • Reduce and Manage Your Organization’s Insider Threat Risk
    • Map Technical Skills for a Changing Infrastructure Operations Organization
    • Build a Data Architecture Roadmap

    4.1.1 Monitor service agreements

    3-6 months

    Input: Original service agreement, Risk register

    Output: Service agreement confirmed

    Materials: Original service agreement

    Participants: IT executive/CIO, IT senior leadership, External organization IT senior leadership

    The purpose of this activity is to monitor the established service agreements on an ongoing basis. Your organization is most at risk during the initial months following the transaction.

    1. Ensure the right controls exist to prevent the organization from unnecessarily opening itself up to risks.
    2. Meet with the purchasing organization/subsidiary three months after the transaction to ensure that everyone is satisfied with the level of services provided.
    3. This is not a quick and completed activity, but one that requires ongoing monitoring. Repeatedly identify potential risks worth mitigating.

    For additional information and support for this activity, see the blueprint Build an IT Risk Management Program.

    4.1.2 Continually update the project plan

    Reoccurring basis following transition

    Input: Prioritized separation tasks, Separation RACI, Activity owners

    Output: Updated separation project plan

    Materials: M&A Separation Project Plan Tool (SharePoint), M&A Separation Project Plan Tool (Excel)

    Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

    The purpose of this activity is to ensure that the project plan is continuously updated as your transaction team continues to execute on the various components outlined in the project plan.

    1. Set a regular cadence for the transaction team to meet, update the project plan, review the status of the various separation task items, and strategize how to overcome any roadblocks.
    2. Employ governance best practices in these meetings to ensure decisions can be made effectively and resources allocated strategically.

    Record the updates in the M&A Separation Project Management Tool (SharePoint).

    Record the updates in the M&A Separation Project Management Tool (Excel).

    Execution & Value Realization

    Step 4.2

    Reflection and Value Realization

    Activities

    • 4.2.1 Confirm separation costs
    • 4.2.2 Review IT’s transaction value
    • 4.2.3 Conduct a transaction and separation SWOT
    • 4.2.4 Review the playbook and prepare for future transactions

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team

    Outcomes of Step

    Review the value that IT was able to generate around the transaction and strategize about how to improve future selling or separating transactions.

    4.2.1 Confirm separation costs

    3-4 hours

    Input: Separation tasks, Carve-out roadmap, Transition team, Previous RACI, Estimated separation costs

    Output: Actual separation costs

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Transaction team, Company M&A team

    The purpose of this activity is to confirm the associated costs around separation. While the separation costs would have been estimated previously, it’s important to confirm the costs that were associated with the separation in order to provide an accurate and up-to-date report to the company’s M&A team.

    1. Taking all the original items identified previously in activity 3.2.6, identify if there were changes in the estimated costs. This can be an increase or a decrease.
    2. Ensure that each cost has a justification for why the cost changed from the original estimation.

    Record the results in the M&A Sell Playbook.

    Track cost savings and revenue generation

    Throughout the transaction, the business would have communicated its goals, rationales, and expectations for the transaction. Sometimes this is done explicitly, and other times the information is implicit. Either way, IT needs to ensure that metrics have been defined and are measuring the intended value that the business expects. Ensure that the benefits realized to the organization are being communicated regularly and frequently.

    1. Define Metrics: Select metrics to track synergies through the separation.
      1. You can track value by looking at percentages of improvement in process-level metrics depending on the savings or revenue being pursued.
      2. For example, if the value being pursued is decreasing costs, metrics could range from capacity to output, highlighting that the output remains high despite smaller IT environments.
    2. Prioritize Value-Driving Initiatives: Estimate the cost and benefit of each initiative's implementation to compare the amount of business value to the cost. The benefits and costs should be illustrated at a high level. Estimating the exact dollar value of fulfilling a synergy can be difficult and misleading.
        Steps
      • Determine the benefits that each initiative is expected to deliver.
      • Determine the high-level costs of implementation (capacity, time, resources, effort).
    3. Track Cost Savings and Revenue Generation: Develop a detailed workplan to resource the roadmap and track where costs are saved and revenue is generated as the initiatives are undertaken.

    4.2.2 Review IT’s transaction value

    3-4 hours

    Input: Prioritized separation tasks, Separation RACI, Activity owners, M&A company goals

    Output: Transaction value

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO, IT senior leadership, Company's M&A team

    The purpose of this activity is to track how your IT organization performed against the originally identified metrics.

    1. If your organization did not have the opportunity to identify metrics, determine from the company M&A what those metrics might be. Review activity 3.2.9 for more information on metrics.
    2. Identify whether the metric (which should support a goal) was at, below, or above the original target metric. This is a very critical task for IT to complete because it allows IT to confirm that they were successful in the transaction and that the business can count on them in future transactions.
    3. Be sure to record accurate and relevant information on why the outcomes (good or bad) are supporting the M&A goals set out by the business.

    Record the results in the M&A Sell Playbook.

    4.2.3 Conduct a transaction and separation SWOT

    2 hours

    Input: Separation costs, Retention rates, Value that IT contributed to the transaction

    Output: Strengths, weaknesses, opportunities, and threats

    Materials: Flip charts, Markers, Sticky notes

    Participants: IT executive/CIO, IT senior leadership, Business transaction team

    The purpose of this activity is to assess the positive and negative elements of the transaction.

    1. Consider the internal and external elements that could have impacted the outcome of the transaction.
      • Strengths. Internal characteristics that are favorable as they relate to your development environment.
      • Weaknesses Internal characteristics that are unfavorable or need improvement.
      • Opportunities External characteristics that you may use to your advantage.
      • Threats External characteristics that may be potential sources of failure or risk.

    Record the results in the M&A Sell Playbook.

    M&A Sell Playbook review

    With an acquisition complete, your IT organization is now more prepared then ever to support the business through future M&As

    • Now that the transaction is more than 80% complete, take the opportunity to review the key elements that worked well and the opportunities for improvement.
    • Critically examine the M&A Sell Playbook your IT organization created and identify what worked well to help the transaction and where your organization could adjust to do better in future transactions.
    • If your organization were to engage in another sale or divestiture under your IT leadership, how would you go about the transaction to make sure the company meets its goals?

    4.2.4 Review the playbook and prepare for future transactions

    4 hours

    Input: Transaction and separation SWOT

    Output: Refined M&A playbook

    Materials: M&A Sell Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to revise the playbook and ensure it is ready to go for future transactions.

    1. Using the outputs from the previous activity, 4.2.3, determine what strengths and opportunities there were that should be leveraged in the next transaction.
    2. Likewise, determine which threats and weaknesses could be avoided in the future transactions.
      Remember, this is your M&A Sell Playbook, and it should reflect the most successful outcome for you in your organization.

    Record the results in the M&A Sell Playbook.

    By the end of this post-transaction phase you should:

    Have completed the separation post-transaction and be fluidly delivering the critical value that the business expected of IT.

    Key outcomes from the Execution & Value Realization phase
    • Ensure the separation tasks are being completed and that any blockers related to the transaction are being removed.
    • Determine where IT was able to realize value for the business and demonstrate IT’s involvement in meeting target goals.
    Key deliverables from the Execution & Value Realization phase
    • Monitor service agreements
    • Continually update the project plan
    • Confirm separation costs
    • Review IT’s transaction value
    • Conduct a transaction and separation SWOT
    • Review the playbook and prepare for future transactions

    Summary of Accomplishment

    Problem Solved

    Congratulations, you have completed the M&A Sell Blueprint!

    Rather than reacting to a transaction, you have been proactive in tackling this initiative. You now have a process to fall back on in which you can be an innovative IT leader by suggesting how and why the business should engage in a separation or sale transaction. You have:

    • Created a standardized approach for how your IT organization should address divestitures or sales.
    • Retained critical staff and complied with any regulations throughout the transaction.
    • Delivered on the separation project plan successfully and communicated IT’s transaction value to the business.

    Now that you have done all of this, reflect on what went well and what can be improved if you were to engage in a similar divestiture or sale again.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8899

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst | CIO
    Info-Tech Research Group
    Brittany Lutes
    Senior Research Analyst | CIO
    Info-Tech Research Group
    John Annand
    Principal Research Director | Infrastructure
    Info-Tech Research Group
    Scott Bickley
    Principal Research Director | Vendor Management
    Info-Tech Research Group
    Cole Cioran
    Practice Lead | Applications
    Info-Tech Research Group
    Dana Daher
    Research Analyst | Strategy & Innovation
    Info-Tech Research Group
    Eric Dolinar
    Manager | M&A Consulting
    Deloitte Canada
    Christoph Egel
    Director, Solution Design & Deliver
    Cooper Tire & Rubber Company
    Nora Fisher
    Vice President | Executive Services Advisory
    Info-Tech Research Group
    Larry Fretz
    Vice President | Industry
    Info-Tech Research Group

    Research Contributors and Experts

    David Glazer
    Vice President of Analytics
    Kroll
    Jack Hakimian
    Senior Vice President | Workshops and Delivery
    Info-Tech Research Group
    Gord Harrison
    Senior Vice President | Research & Advisory
    Info-Tech Research Group
    Valence Howden
    Principal Research Director | CIO
    Info-Tech Research Group
    Jennifer Jones
    Research Director | Industry
    Info-Tech Research Group
    Nancy McCuaig
    Senior Vice President | Chief Technology and Data Office
    IGM Financial Inc.
    Carlene McCubbin
    Practice Lead | CIO
    Info-Tech Research Group
    Kenneth McGee
    Research Fellow | Strategy & Innovation
    Info-Tech Research Group
    Nayma Naser
    Associate
    Deloitte
    Andy Neill
    Practice Lead | Data & Analytics, Enterprise Architecture
    Info-Tech Research Group

    Research Contributors and Experts

    Rick Pittman
    Vice President | Research
    Info-Tech Research Group
    Rocco Rao
    Research Director | Industry
    Info-Tech Research Group
    Mark Rosa
    Senior Vice President & Chief Information Officer
    Mohegan Gaming and Entertainment
    Tracy-Lynn Reid
    Research Lead | People & Leadership
    Info-Tech Research Group
    Jim Robson
    Senior Vice President | Shared Enterprise Services (retired)
    Great-West Life
    Steven Schmidt
    Senior Managing Partner Advisory | Executive Services
    Info-Tech Research Group
    Nikki Seventikidis
    Senior Manager | Finance Initiative & Continuous Improvement
    CST Consultants Inc.
    Allison Straker
    Research Director | CIO
    Info-Tech Research Group
    Justin Waelz
    Senior Network & Systems Administrator
    Info-Tech Research Group
    Sallie Wright
    Executive Counselor
    Info-Tech Research Group

    Bibliography

    “5 Ways for CIOs to Accelerate Value During Mergers and Acquisitions.” Okta, n.d. Web.

    Altintepe, Hakan. “Mergers and acquisitions speed up digital transformation.” CIO.com, 27 July 2018. Web.

    “America’s elite law firms are booming.” The Economist, 15 July 2021. Web.

    Barbaglia, Pamela, and Joshua Franklin. “Global M&A sets Q1 record as dealmakers shape post-COVID world.” Nasdaq, 1 April 2021. Web.

    Boyce, Paul. “Mergers and Acquisitions Definition: Types, Advantages, and Disadvantages.” BoyceWire, 8 Oct. 2020. Web.

    Bradt, George. “83% Of Mergers Fail -- Leverage A 100-Day Action Plan For Success Instead.” Forbes, 27 Jan. 2015. Web.

    Capgemini. “Mergers and Acquisitions: Get CIOs, IT Leaders Involved Early.” Channel e2e, 19 June 2020. Web.

    Chandra, Sumit, et al. “Make Or Break: The Critical Role Of IT In Post-Merger Integration.” IMAA Institute, 2016. Web.

    Deloitte. “How to Calculate Technical Debt.” The Wall Street Journal, 21 Jan. 2015. Web.

    Ernst & Young. “IT As A Driver Of M&A Success.” IMAA Institute, 2017. Web.

    Fernandes, Nuno. “M&As In 2021: How To Improve The Odds Of A Successful Deal.” Forbes, 23 March 2021. Web.

    “Five steps to a better 'technology fit' in mergers and acquisitions.” BCS, 7 Nov. 2019. Web.

    Fricke, Pierre. “The Biggest Opportunity You’re Missing During an M&Aamp; IT Integration.” Rackspace, 4 Nov. 2020. Web.

    Garrison, David W. “Most Mergers Fail Because People Aren't Boxes.” Forbes, 24 June 2019. Web.

    Harroch, Richard. “What You Need To Know About Mergers & Acquisitions: 12 Key Considerations When Selling Your Company.” Forbes, 27 Aug. 2018. Web.

    Hope, Michele. “M&A Integration: New Ways To Contain The IT Cost Of Mergers, Acquisitions And Migrations.” Iron Mountain, n.d. Web.

    “How Agile Project Management Principles Can Modernize M&A.” Business.com, 13 April 2020. Web.

    Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 Jan. 2013. Web.

    Kanter, Rosabeth Moss. “What We Can Learn About Unity from Hostile Takeovers.” Harvard Business Review, 12 Nov. 2020. Web.

    Koller, Tim, et al. “Valuation: Measuring and Managing the Value of Companies, 7th edition.” McKinsey & Company, 2020. Web.

    Labate, John. “M&A Alternatives Take Center Stage: Survey.” The Wall Street Journal, 30 Oct. 2020. Web.

    Lerner, Maya Ber. “How to Calculate ROI on Infrastructure Automation.” DevOps.com, 1 July 2020. Web.

    Loten, Angus. “Companies Without a Tech Plan in M&A Deals Face Higher IT Costs.” The Wall Street Journal, 18 June 2019. Web.

    Low, Jia Jen. “Tackling the tech integration challenge of mergers today” Tech HQ, 6 Jan. 2020. Web.

    Lucas, Suzanne. “5 Reasons Turnover Should Scare You.” Inc. 22 March 2013. Web.

    “M&A Trends Survey: The future of M&A. Deal trends in a changing world.” Deloitte, Oct. 2020. Web.

    Maheshwari, Adi, and Manish Dabas. “Six strategies tech companies are using for successful divesting.” EY, 1 Aug. 2020. Web.

    Majaski, Christina. “Mergers and Acquisitions: What's the Difference?” Investopedia, 30 Apr. 2021.

    “Mergers & Acquisitions: Top 5 Technology Considerations.” Teksetra, 21 Jul. 2020. Web.

    “Mergers Acquisitions M&A Process.” Corporate Finance Institute, n.d. Web.

    “Mergers and acquisitions: A means to gain technology and expertise.” DLA Piper, 2020. Web.

    Nash, Kim S. “CIOs Take Larger Role in Pre-IPO Prep Work.” The Wall Street Journal, 5 March 2015. Web.

    O'Connell, Sean, et al. “Divestitures: How to Invest for Success.” McKinsey, 1 Aug. 2015. Web

    Paszti, Laila. “Canada: Emerging Trends In Information Technology (IT) Mergers And Acquisitions.” Mondaq, 24 Oct. 2019. Web.

    Patel, Kiison. “The 8 Biggest M&A Failures of All Time” Deal Room, 9 Sept. 2021. Web.

    Peek, Sean, and Paula Fernandes. “What Is a Vision Statement?” Business News Daily, 7 May 2020. Web.

    Ravid, Barak. “How divestments can re-energize the technology growth story.” EY, 14 July 2021. Web.

    Ravid, Barak. “Tech execs focus on growth amid increasingly competitive M&A market.” EY, 28 April 2021. Web.

    Resch, Scott. “5 Questions with a Mergers & Acquisitions Expert.” CIO, 25 June 2019. Web.

    Salsberg, Brian. “Four tips for estimating one-time M&A integration costs.” EY, 17 Oct. 2019. Web.

    Samuels, Mark. “Mergers and acquisitions: Five ways tech can smooth the way.” ZDNet, 15 Aug. 2018. Web.

    “SAP Divestiture Projects: Options, Approach and Challenges.” Cognizant, May, 2014. Web.

    Steeves, Dave. “7 Rules for Surviving a Merger & Acquisition Technology Integration.” Steeves and Associates, 5 Feb. 2020. Web.

    Tanaszi, Margaret. “Calculating IT Value in Business Terms.” CSO, 27 May 2004. Web.

    “The CIO Playbook. Nine Steps CIOs Must Take For Successful Divestitures.” SNP, 2016. Web.

    “The Role of IT in Supporting Mergers and Acquisitions.” Cognizant, Feb. 2015. Web.

    Torres, Roberto. “M&A playbook: How to prepare for the cost, staff and tech hurdles.” CIO Dive, 14 Nov. 2019. Web.

    “Valuation Methods.” Corporate Finance Institute, n.d. Web.

    Weller, Joe. “The Ultimate Guide to the M&A Process for Buyers and Sellers.” Smartsheet, 16 May 2019. Web.

    Adapt Your Customer Experience Strategy to Successfully Weather COVID-19

    • Buy Link or Shortcode: {j2store}536|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • COVID-19 is an unprecedented global pandemic. It’s creating significant challenges across every sector.
    • Collapse of financial markets and a steep decline in consumer confidence has most firms nervous about revenue shortfalls and cash burn rates.
    • The economic impact of COVID-19 is freezing IT budgets and sharply changing IT priorities.
    • The human impact of COVID-19 is likely to lead to staffing shortfalls and knowledge gaps.
    • COVID-19 may be in play for up to two years.

    Our Advice

    Critical Insight

    The challenges posed by the virus are compounded by the fact that consumer expectations for strong service delivery remain high:

    • Customers still expect timely, on-demand service from the businesses they engage with.
    • There is uncertainty about how to maintain strong, revenue-driving experiences when faced with the operational challenges posed by the virus.
    • COVID-19 is changing how organizations prioritize spending priorities within their CXM strategies.

    Impact and Result

    • Info-Tech recommends rapidly updating your strategy for customer experience management to ensure it can rise to the occasion.
    • Start by assessing the risk COVID-19 poses to your CXM approach and how it’ll impact marketing, sales, and customer service functions.
    • Implement actionable measures to blunt the threat of COVID-19 while protecting revenue, maintaining consistent product and service delivery, and improving the integrity of your brand. We’ll dive into five proven techniques in this brief!

    Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Research & Tools

    Start here

    Read our concise Executive Brief to find out why you should examine the impact of COVID-19 on customer experience strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Storyboard

    1. Assess the impact of COVID-19 on your CXM strategy

    Create a consolidated, updated view of your current customer experience management strategy and identify which elements can be capitalized on to dampen the impact of COVID-19 and which elements are vulnerabilities that the pandemic may threaten to exacerbate.

    2. Blunt the damage of COVID-19 with new CXM tactics

    Create a roadmap of business and technology initiatives through the lens of customer experience management that can be used to help your organization protect its revenue, maintain customer engagement, and enhance its brand integrity.

    [infographic]

    Maximize Value From Your Value-Added Reseller (VAR)

    • Buy Link or Shortcode: {j2store}215|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Organizations need to understand their value-added reseller (VAR) portfolio and the greater VAR landscape to better:

    • Manage the VAR portfolio.
    • Understand additional value each VAR can provide.
    • Maximize existing VAR commitments.
    • Evaluate the VARs’ performance.

    Our Advice

    Critical Insight

    VARs typically charge more for products because they are in some way adding value. If you’re not leveraging any of the provided value, you’re likely wasting money and should use a basic commodity-type reseller for procurement.

    Impact and Result

    This project will provide several benefits to Vendor Management and Procurement:

    • Defined VAR value and performance tracking.
    • Manageable portfolio of VARs that fully benefit the organization.
    • Added training, licensing advice, faster quoting, and invoicing resolution.
    • Reduced deployment and logistics costs.

    Maximize Value From Your Value-Added Reseller (VAR) Research & Tools

    Start here – read the Executive Brief

    Read our informative Executive Brief to find out why you should maximize value from your value-added reseller, review Info-Tech’s methodology, and understand the three ways to better manage your VARs improve performance and reduce costs.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Organize and prioritize

    Organize all your VARs and create a manageable portfolio detailing their value, specific, product, services, and certifications.

    • Maximize Value From Your Value-Added Reseller – Phase 1: Organize and Prioritize
    • VAR Listing and Prioritization Tool

    2. “EvaluRate” your VARs

    Create an in-depth evaluation of the VARs’ capabilities.

    • Maximize Value From Your Value-Added Reseller – Phase 2: EvaluRate Your VARs
    • VAR Features Checklist Tool
    • VAR Profile and EvaluRation Tool

    3. Consolidate and reduce

    Assess each VAR for low performance and opportunity to increase value or consolidate to another VAR and reduce redundancy.

    • Maximize Value From Your Value-Added Reseller – Phase 3: Consolidate and Reduce

    4. Maximize their value

    Micro-manage your primary VARs to ensure performance to commitments and maximize their value.

    • Maximize Value From Your Value-Added Reseller – Phase 4: Maximize Their Value
    • VAR Information and Scorecard Workbook
    [infographic]

    Architect Your Big Data Environment

    • Buy Link or Shortcode: {j2store}202|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Organizations may understand the transformative potential of a big data initiative, but they struggle to make the transition from the awareness of its importance to identifying a concrete use case for a pilot project.
    • The big data ecosystem is crowded and confusing, and a lack of understanding of it may cause paralysis for organizations.

    Our Advice

    Critical Insight

    • Don’t panic, and make use of the resources you already have. The skills, tools, and infrastructure for big data can break any budget quickly, but before making rash decisions, start with the resources you have in-house.
    • Big data as a service (BDaaS) is making big waves. BDaaS removes many of the hurdles associated with implementing a big data strategy and vastly lowers the barrier of entry.

    Impact and Result

    • Follow Info-Tech’s methodology for understanding the types of modern approaches to big data tools, and then determining which approach style makes the most sense for your organization.
    • Based on your big data use case, create a plan for getting started with big data tools that takes into account the backing of the use case, the organization’s priorities, and resourcing available.
    • Put a repeatable framework in place for creating a comprehensive big data tool environment that will help you decide on the necessary tools to help you realize the value from your big data use case and scale for the future.

    Architect Your Big Data Environment Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should find your optimal approach to big data tools, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plant the foundations of your big data tool architecture

    Identify your big data use case and your current data-related capabilities.

    • Architect Your Big Data Environment – Phase 1: Plant the Foundations of Your Big Data Tool Architecture
    • Big Data Execution Plan Presentation
    • Big Data Architecture Planning Tool

    2. Weigh your big data architecture decision criteria

    Determine your capacity for big data tools, as well as the level of customizability and security needed for your solution to help justify your implementation style decision.

    • Architect Your Big Data Environment – Phase 2: Weigh Your Big Data Architecture Decision Criteria

    3. Determine your approach to implementing big data tools

    Analyze the three big data implementation styles, select your approach, and complete the execution plan for your big data initiative.

    • Architect Your Big Data Environment – Phase 3: Determine Your Approach To Implementing Big Data Tools
    [infographic]

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    • Buy Link or Shortcode: {j2store}338|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement
    • According to Info-Tech research, 74% of our clients feel that IT quality management is an important process, however, only 15% said they actually had effective quality management.
    • IT is required to deliver high quality projects and services, but if CIOs are ineffective at quality management, how can IT deliver?
    • Rather than disturb the status quo with holistic quality initiatives, heads of IT leave quality in the hands of process owners, functional areas, and other segmented facets of the department.
    • CIOs are facing greater pressures to be innovative, agile, and cost-effective, but cannot do so without stable operations, an accountable staff base, and business support; all of which are achieved by high IT quality.

    Our Advice

    Critical Insight

    • Quality management needs more attention that it’s typically getting. It’s not going to happen randomly; you must take action to see results.
    • Quality must be holistic. Centralized accountability will align inconsistencies in quality and refocus IT towards a common goal.
    • Accountability is the key to quality. Clearly defined roles and responsibilities will put your staff on the hook for quality outcomes.

    Impact and Result

    • Shift your mindset to the positive implications of high quality. Info-Tech’s quality management methodology will promote innovation, agility, lower costs, and improved operations.
    • We will help you develop a fully functional quality management program in four easy steps:
      • Position your program as a group to encourage buy-in and unite IT around a common quality vision. Enact a center of excellence to build, support, and monitor the program.
      • Build flexible program requirements that will be adapted for a fit-to-purpose solution.
      • Implement the program using change management techniques to alleviate challenges and improve adoption.
      • Operate the program with a focus on continual improvement to ensure that your IT department continues to deliver high quality projects and services as stakeholder needs change.

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program Research & Tools

    Start here – read the Executive Brief

    Understand why Info-Tech’s unique approach to quality management can fix a variety of IT issues and understand the four ways we can support you in building a quality management program designed just for you.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Position the program

    Hold a positioning working session to focus the program around business needs, create solid targets, and create quality champions to get the job done.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 1: Position the Quality Program
    • Quality Management Program Charter
    • Quality Management Capability Assessment and Planning Tool
    • Quality Management Roadmap

    2. Build the program

    Build program requirements and design standard templates that will unite IT quality.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 2: Build a Quality Program
    • Quality Management Quality Plan Template
    • Quality Management Review Template
    • Quality Management Dashboard Template

    3. Implement the program

    Evaluate the readiness of the department for change and launch the program at the right time and in the right way to transform IT quality.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 3: Implement the Quality Program
    • Quality Management Communication Plan Template
    • Quality Management Readiness Assessment Template

    4. Operate the program

    Facilitate the success of key IT practice areas by operating the Center of Excellence to support the key IT practice areas’ quality initiatives.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 4: Operate the Quality Program
    • Quality Management User Satisfaction Survey
    • Quality Management Practice Area Assessment and Planning Tool
    • Quality Management Capability Improvement Plan
    [infographic]

    Workshop: Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Position Your Program

    The Purpose

    Create a quality center of excellence to lead and support quality initiatives.

    Position your quality program to meet the needs of your business.

    Develop clear targets and create a roadmap to achieve your vision. 

    Key Benefits Achieved

    Defined Center of Excellence roles & responsibilities.

    A firm vision for your program with clearly outlined targets.

    A plan for improvements to show dedication to the program and create accountability. 

    Activities

    1.1 Identify current quality maturity.

    1.2 Craft vision and mission.

    1.3 Define scope.

    1.4 Determine goals and objectives.

    1.5 Specify metrics and critical success factors.

    1.6 Develop quality principles.

    1.7 Create action plan.

    Outputs

    Completed Maturity Assessment

    Completed Project Charter

    Completed Quality Roadmap

    2 Build Your Program

    The Purpose

    Build the requirements for the quality program, including outputs for quality planning, quality assurance, quality control, and quality improvement.

    Key Benefits Achieved

    Defined standards for the quality program.

    General templates to be used to unify quality throughout IT. 

    Activities

    2.1 Define quality policy, procedures, and guidelines.

    2.2 Define your standard Quality Plan.

    2.3 Define your standard Quality Review Document.

    2.4 Develop your Standard Quality Management Dashboard.

    Outputs

    Quality Policy

    Standard Quality Plan Template

    Standard Quality Review Template

    Standard Quality Dashboard

    3 Implement Your Program

    The Purpose

    Launch the program and begin quality improvement.

    Key Benefits Achieved

    Perform a readiness assessment to ensure your organization is ready to launch its quality program.

    Create a communication plan to ensure constant and consistent communication throughout implementation. 

    Activities

    3.1 Assess organizational readiness.

    3.2 Create a communication plan.

    Outputs

    Completed Readiness Assessment

    Completed Communication Plan

    4 Operate Your Program

    The Purpose

    Have the Center of Excellence facilitate the roll-out of the quality program in your key practice areas.

    Initiate ongoing monitoring and reporting processes to enable continuous improvement.  

    Key Benefits Achieved

    Quality plans for each practice area aligned with the overall quality program.

    Periodic quality reviews to ensure plans are being acted upon.

    Methodology for implementing corrective measures to ensure quality expectations are met.

    Activities

    4.1 Perform a quality management satisfaction survey.

    4.2 Complete a practice area assessment.

    4.3 Facilitate the creation of practice area quality plans.

    4.4 Populate quality dashboards.

    4.5 Perform quality review(s).

    4.6 Address issues with corrective and preventative measures.

    4.7 Devise a plan for improvement.

    4.8 Report on quality outcomes.

    Outputs

    Completed Satisfaction Surveys

    Practice Area Assessments

    Quality Plans (for each practice area)

    Quality Reviews (for each practice area)

    Quality Improvement Plan

    Drive Ongoing Adoption With an M365 Center of Excellence

    • Buy Link or Shortcode: {j2store}66|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 20 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    There are roadblocks common to all CoEs: lack of in-house expertise, lack of resources (time, budget, etc.), and employee perception that this is just another burdensome administrative layer. These are exacerbated when building an M365 CoE.

    • Constant vendor-initiated change in M365 means expertise always needs updating.
    • The self-service architecture of M365 is at odds with centralized limits and controls.
    • M365 has a multitude of services that can be adopted across a huge swath of the organization compared to the specific capabilities and limited audience of traditional CoEs.

    Our Advice

    Critical Insight

    The M365 CoE should be somewhat decentralized to avoid an “us versus them” mentality. Having clear KPIs at the center of the program makes it easier to demonstrate improvements and competencies. COMMUNICATE these early successes! They are vital in gaining widespread credibility and momentum.

    Impact and Result

    Having a clear vision of what you want business outcomes you want your Microsoft 365 CoE to accomplish is key. This vision helps select the core competencies and deliverables of the CoE.

    • Ongoing measurement and reporting of business value generated from M365 adoption.
    • Servant leadership allows the CoE to work closely and deeply with end users, which builds them up to share knowledge with others
    • Focus and clear lines of accountability ensure that everyone involved feels part of the compromise when decisions are to be made.

    Drive Ongoing Adoption With an M365 Center of Excellence Research & Tools

    Build out your M365 CoE competencies, membership, and roles; create success metrics and build your M365 adoption, then communicate

    In this deck we explain why your M365 CoE needs to be distributed and how it should be organized. Using a roadmap will assist you in building competency and maturity through training, certifications, and building governance.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Drive Ongoing Adoption With an M365 Center of Excellence Storyboard
    [infographic]

    Further reading

    Drive Ongoing Adoption With an M365 Center of Excellence

    Accelerate business processes change and get more value from your subscription by building and sharing thanks to an effective Centre of Excellence.

    CLIENT ADVISORY DECK

    Drive Ongoing Adoption With an M365 Centre of Excellence

    Accelerate business processes change and get more value from your subscription by building and sharing thanks to an effective Centre of Excellence

    Research Team:
    John Donovan
    John Annand
    Principal Research Directors I&O Practice

    41 builds released in 2021!
    IT can no longer be expected to provide training to all users on all features

    • Traditional classroom training (online and self-paced) is time consuming and overly generic
    • Users tend to hold onto old familiar tools even as new ones roll out
    • Citizen Programming comes with a lot of promise but also the spectre of reliving the era of Access ‘97 databases
    • Seemingly small decisions around configuration have outsized impacts
    • Every enterprises’ journey through adoption is unique

    ▲20% $ spent in 2021

    148% more meetings
    66% more users collaborating on documents
    40.6B more emails

    2021 vs. 2022 Source: Microsoft The Work Trend Index

    • Who needs to be in a CoE? What daily tasks do they undertake?
    • How do you turn artifacts like best practice documents into actual behavioral change?
    • How does CoE differ from governance? And why is it going to be any more successful?
    • How does the CoE evolve over time as enterprises become more mature?

    CoE Competencies, Membership and Roles
    Communication, Standards Templates
    Adoption, and Business Success Metrics

    this image depicts the key CoE Competencies: Goals; Controls; Tools; Training; and Support

    Using these deliverables, Info-Tech will help you drive consistency in your enterprise collaboration, increase end-user satisfaction in the tools they are provided, optimize your license spending, fill the gaps between implementation of a technology and realization of business value, and empower end-users to innovate in ways that senior leadership had not imagined.

    Executive Summary

    Insight

    User adoption is the primary focus of the efforts in the CoE

    User adoption and setting up guardrails in governance are the focuses of the CoE in its early stages. Purging obsolete data from legacy share servers, and exchange, and rationalize legacy applications that are comparable to Microsoft offerings. The primary goal is M365 excellence, but that needs to be primed with a Roadmap, and laying down clear milestones to show progress, along with setting up quick wins to get buy in from the organization.

    Breakdown your CoE into distinct areas for improvement

    Due to the size and complexity of Microsoft 365, breaking it into clearly defined divisions makes sense. The parts that need to be fragmented into are, Collaboration, Power Apps, Office tools, Learning, Professional Training and Certifications, Governance and Support. Subject Matter experts needs to keep pace with the ever-changing M365 environment with enhancements continuously being rolled out. (There were 41 build releases in 2021 alone! )

    Set up your M365 CoE in a decentralized design

    Define how your CoE will be set up. It will either be centralized, distributed, or a combination of both. They all have their strengths and weaknesses; however a distributed CoE can ensure there is buy-in from the various departments across the CoE, as they participate in the decision making and therefore the direction the CoE goes. Additionally, it ensures that each segment of the CoE is accountable for the success of the M365 adoption, its usage, and delivering value to the organization.

    Summary

    Your Challenge

    You have purchased Microsoft 365 for your business, and you have determined that you are not realizing the full value and potential of the product, neither adoption nor usage – for example, you have legacy applications that the user base is reluctant to move away from, whether it be Skype, Jabber, or other collaboration tools available to them. You have released Teams to the organization but may have not shown how useful it is and you have not communicated to the business that it is your new collaboration tool, along with SharePoint Online and OneDrive. How do you fix this problem?

    Common Obstacles

    There are roadblocks common to all CoEs: lack of in-house expertise, lack of resources (time, budget, etc.) and employee perception of just another burdensome administrative layer. These are exacerbated when building an M365 CoE.

    • Constant vendor-initiated change in M365 means expertise always needs updating
    • The self-service architecture of M365 is at odds with centralized limits and controls
    • M365 is a multitude of services, adopted across a huge swath of the organization compared to the specific capabilities and limited audience of traditional CoEs

    Info-Tech’s Approach

    Having a clear vision of what business outcomes you want your Microsoft 365 CoE to accomplish is key. This vision helps select the core competencies and deliverables of the CoE.

    1. Ongoing measurement and reporting of business value generated from M365 adoption
    2. Servant leadership allows the CoE to work closely and deeply with end-users, which builds them up to share knowledge with others
    3. Focus and clear lines of accountability ensure that everyone involved feels part of the compromise when decisions are to be made

    Info-Tech Insight

    The M365 CoE should be somewhat decentralized to avoid an “us versus them” mentality. Having clear KPIs at the center of the program makes it easier to demonstrate improvements and competencies. COMMUNICATE these early successes! They are vital in gaining widespread credibility and momentum.

    Charter Mandate Authority to Operate

    Mission : To accelerate the value that M365 brings to the organization by using the M365 CoE to increase adoption, build competency through training and best practices, and deliver on end user innovation throughout the business.

    Vision Statement: To transform the organization’s efficiencies and performance through an optimized world-class M365 CoE by meeting all KPIs set out in the Charter.

    Info-Tech Insights

    A mission and vision for your M365 CoE are a necessary step to kick the program off. Not aving clear goals and a roadmap to get there will hinder your progress. It may even stall the whole objective if you cannot agree or measure what you are trying to accomplish

    • The scope of the M365 CoE is to build the adoption rate that can meet milestone goals to advance user competency, as well as the maturation of the SMEs in each segment of the CoE leadership and contributors.
    • Maturity will be measured through 100% adoption, specifically around collaboration tools and Office apps across the organization that use M365. Strategic value will be measured by core competencies within the CoE.
    • SMEs are developed and educated with certifications and other training throughout the course of the CoE development to bring “bench strength” to the vision of optimizing a world-class M365 CoE.
    • SMEs will all be certified Microsoft professionals. They will set the standard to be met within the CoE. The SMEs can either be internal candidates or external hires, depending on the current IT department competency.
    • Additional resources required will be tech savvy department leads that understand and can help in the training of staff, who also are willing to spend a certain amount of their work time in coaching colleagues.
    • They will be assisted by the training through the SMEs providing relevant material and various M365 courses both in class and self-paced online learning using M365 VIVA tools.

    Charter Metrics

    Areas in Scope:

    • Ensure Mission is aligned to the business objectives.
    • Form core team for M365 CoE, including steering committee.
    • Create document for signoff from business sponsors.
    • Build training plans for users, engineers, and admins.
    • Document best practices and build standard templates for organizational uniformity.
    • Build governance charter and priorities, setting up guardrails early to ensure compliance and security.
    • Transition away and retire all legacy on-Prem apps to M365 Cloud apps.
    • Build a RACI model for roles and responsibility.

    Info-Tech Insights

    If meaningful metrics are set up correctly, the CoE can produce results early in the one- or two-year process, demonstrating business value and increasing production amongst staff and demonstrating SME development.

    this image contains example metrics, spread across three phases.

    CoE

    What are the reason to build an M365 CoE, and what is it expected to deliver?

    What It IS NOT

    It does not design or build applications, migrate applications, or create migration plans. It does not deploy applications nor does it operate and monitor applications. While a steering committee is a key part of the M365 CoE, its real function is to set the standards to be achieved though metrics that can measure a successful, efficient, and best-in-class M365 operation. It does not set business goals but does align M365 goals to the business drivers. SMEs in the CoE give guidance on M365 best practices and assist in its adoption and users’ competency.

    What It IS

    M365 CoE means investing in and developing usage growth and adoption while maintaining governance and control. A CoE is designed to drive innovation and improvement, and as a business-wide functional unit, it can break down geographical and organizational silos that utilize their own tools and collaboration platforms. It builds a training and artifacts database of relevant and up-to-date materials.

    Why Build It

    Benefits that can be realized are:

    • Building efficiencies, delivering quality training and knowledge transfer, and reducing risk from an organized and effective governance.
    • Consistency in document and information management.
    • Reusable templates and blueprints that standardize the business processes.
    • Standardized and communicated business policies around security and best practices.
    • Overcoming the challenges that comes with the titan of a platform that is M365.

    Expected Goals and Benefits With Risk

    Demonstrated impact for sustainability
    Ensuring value is delivered
    Ability to escalate to executive branch

    The What?

    What does the M365 CoE solve?

    • M365 Adoption
    • M365 tools templates
    • SME in tools deployment and delivery
    • Training and education – create artifacts and organize training sessions and certifications
    • Empower users into super users
    • Build analytics around usage, adoption, and ROI from license optimization

    And the How?

    How does the M365 CoE do it?

    • By defining clear adoption goals and best practices
    • By building a dedicated team with the confidence to improve the user experience
    • By creating a collection of reusable artifacts.
    • By establishing a stable, tested environment ensures users are not hindered in execution of the tools
    • By continuously improving M365 processes

    What are the Risks?

    • All goals must be achievable
    • Timeline phases are based on core SME competency of the IT department and the training quality of end users
    • Current state of SMEs in house or hired to execute the mandate of the M365 CoE
    • Business success – if business is struggling to make profits and grow, its usually the CoE that will get chopped – mainly due to layoffs
    • Inability to find SMEs or train SMEs
    • Turnover in CoE due to job function changes or attrition
    • Overload of day-to-day responsibilities preventing SMEs from executing work for the CoE – Need to align SMEs and CoE steering chair to establish and enable shared responsibilities.

    Who needs to be in a CoE for M365

    Design the CoE – What model to be used?

    What are their daily tasks? Is the CoE centralized, decentralized, or a combination?

    a flow chart is depicted, starting with the executive steering committee, describing governance 365, and VP applications.

    Info-Tech Insights

    Due to the size and complexity of Microsoft 365, a decentralized model works best. Each segment of the group could in themselves be a CoE, as in governance, training, or collaboration CoE. Maintaining SME in each group will drive the success of the M365 CoE.

    Key Competencies for CoE

    • Build a team of experts in M365 with sub teams in Products.
    • Manage the business processes around M365.
    • Train and optimize technical teams.
    • Share best practices and create a knowledge base.
    • Build processes that are repeatable and self-provisioned.
    This image depicts the core Coe Competencies, Strategy; Technology; Governance; and Skills/Capabilities.

    CoE for M365

    What is the Structure? Is it centralized, decentralized, or combination? What are the pros and cons?

    Thought Model

    This image depicts a thought model describing CoE for M365.

    How does the CoE differ from governance?

    Why is it going to be any more successful?

    “These problems already exist and haven't been successfully addressed by governance – how is the CoE going to be any different?”

    • Leadership
    • Empower end users
    • Automation of processes
    • Retention policies
    • Governance priorities
    • Risk management
    • Standard procedures
    • Set metrics
    • Self service
    • Training
    • SMEs
    • Automation
    • Innovation

    CoE

    While M365 governance is an integral part of the M365 CoE, the CoE is a more strategic program aimed at providing guidance, experienced leadership, and training.

    The CoE is designed to drive innovation and improvements throughout the organization’s M365 deployment. It will build best practices, create artifacts, and mentor members to become SMEs.

    Governance

    CoE is a form of collaborative governance. Those responsible for making the rules are the same ones who are working through how the rules are implemented in practice.

    The word most associated with CoE is "nurture." The word most associated with governance is "prevent."

    The CoE is experimental and innovative and constantly revising its guidance compared to governance, which is opaque and static.

    RACI chart for CoE define activities and ownership

    The Work

    Build artifacts

    Templates

    Scripts

    Reference architecture

    Policies definition

    Blueprints

    Version control

    Measure usage and ROI

    Quality assurance

    Baseline creation and integrity

    ActivitiesSupport Steering CTraining TeamM365 Tools Admin M365 Security AdminDoc Mgt
    Monitor M365 ChangeAIRR
    CommunicationsIR
    TrainingAR
    Support – Microsoft + HelpdeskRI
    Monitor UsageR
    Security and ComplianceAR
    Decom On-PremAR
    Eliminate Shadow ITR
    Identity and AccessAR
    Automate Policies in TennantAR
    Audit MonitorAR
    Data and Information ProtectionARR
    Build TemplatesAAR
    Manage ArtifactsARA

    Steering Committee

    This image contains a screenshot of the organization of the CoE Steering Committee

    Roles and Responsibilities

    • Set the goals and metrics for the CoE charter
    • Ensure the CoE is aligned to the business objectives
    • Clear any roadblocks that may hinder progress for the team leads
    • Provide guidance on best practices
    • Set expectations for training and certifications
    • Build SME strength through mentoring
    • Promote and facilitate research into M365 developments and releases
    • Ensure knowledge transfer is documented
    • Create roadmap to ensure phase KPIs are met and drive toward excellence

    Info-Tech Insight

    Executive sponsorship is an element of the CoE that cannot be overlooked. If this occurs, the funding and longevity of the CoE will be limited. Additionally, ensure you determine if the CoE will have an end of life and what that looks like.

    M365 Governance CoE Team

    Governance and Management

    After you’ve developed and implemented your data classification framework, ongoing governance and maintenance will be critical to your success. In addition to tracking how sensitivity labels are used in practice, you’ll need to update your control requirements based on changes in regulations, cybersecurity leading practices, and the nature of the content you manage. Governance and maintenance efforts can include:

    • Establishing a governance body dedicated to data classification or adding a data classification responsibility to the charter of an existing information security body.
    • Defining roles and responsibilities for those overseeing Data Classification
    • Establishing KPIs to monitor and measure progress
    • Tracking cybersecurity leading practices and regulatory changes
    • Developing Standard Operating Procedures that support and enforce a data classification framework

    Governance CoE

    Tools Used in the Governance CoE Identity – MFA, SSO, Identity Manager, Conditional Access, AD , Microsoft Defender, Compliance Assessments Templates

    Security and Compliance - Azure Purview, Microsoft Defender Threat Analytics, Rules-Based Classification (AIP Client & Scanner), Endpoint DLP, Insider Risk Management

    Information Management – Audit Log Retention, Information Protection and Governance, Trainable Classifiers

    Licenses – Entitlement Management, Risk-Based Conditional Access.

     This image depicts the M365 Governance CoE Team organization.

    M365 Tools CoE Team

    • Collaboration tools are at the center of the product portfolio for M365.
    • Need to get users empowered to manage and operate Teams, OneDrive, and SharePoint Online and promote uniform communications and collaborate with document building, sharing, and storing.

    This image depicts a screenshot of the Tools CoE Team organization

    Collaboration SME – Teams admin, Exchange admin, SharePoint, One Drive admin, Viva Learning (Premium), and Viva Insights (Premium)

    Application SME – Covers all updates and new features related to Office programs

    Power BI SME – Covers Power Automate for Office 365, Power Apps for Office 365, and Power BI Pro

    Voice and Video – Tools-Calling Plan, Audio Conference (Full), Teams Phone, Mobility

    PMO – Manages all M365 products online and in production. Also coordinates enhancements, writes up documentation for updates, and releases them to the training CoE for publication.

    Microsoft 365 tools used to support business

    M365 Training CoE Team

    Training and certifications for both end users and technical staff managing the M365 platform. Ensure that you set goals and objectives with your training schedule.

    this image depicts the framework for the training CoE team.

    Training for SMEs can be broken into two categories:

    First line training is internal training for users, in the collaboration space. Teams, One Drive, SharePoint Online, Exchange, and specialty training on Office tools – Word, PowerPoint, Excel, and Microsoft Forms.

    Second line training is professional development for the SMEs including certifications in M365 admin, Global admin, Teams admin, and SharePoint administrator.

    Additional training and certification can be obtained in governance, information management, and in the admin center for licencing optimization and compliance.

    Tools used

    • Viva topics – Integrated knowledge and expert discovery
    • Viva Insight
    • Viva Learning
    • Viva Connections
    • Dynamics 365
    • Voice of the customer surveys

    Support M365 CoE Team

    This image depicts the framework for m365 CoE team support.

    Support CoE:

    In charge of creating a knowledge base for M365. Manages incidents with access, usage, and administering apps to desktop. Manages change issues related to updates in patching.

    Help Desk Admin:

    Resets passwords when self service fails, force sign out, manages service requests.

    Works with learning CoE to populate knowledge base with articles and templates.

    Manages end user issues with changes and enhancements for M365.

    Supporting Metrics

    • Number of calls for M365 support
    • Recurring M365 incidents
    • Number of unresolved Platform issues
    • First call resolution
    • Knowledge sharing of M365
    • Customer satisfaction
    • Turnaround time of tickets created

    Roadmap

    How does the CoE evolve over time as enterprises become more mature?

    • Depending on the complexity and regulatory requirements of the business, baseline governance and rules around external partners sharing internal documents will need to be set up.
    • Identifying your SMEs in the organization is a perquisite at the beginning stages of setting up the M365 working group.
    • Build a roadmap to get to maturity and competency that brings strategic business value.
    • Meet milestone goals through a two-year, three-phase process. Begin with setting up governance guardrails.
    • Set up foundational baselines against which metrics will be measured.
    • Set up the M365 CoE, at first with target easy wins through group training and policy communications throughout the organization.
    this image depicts the CoE Roadmap, from Foundational Baseline, to Standardize Process, to Optimization

    How do you turn artifacts like best practice documents into actual behavior change?

    this image depicts the process of turning M365 ARtifacts into actual behavioural change within a company

    Info-Tech Insights

    Building Blocks
    The building blocks for a change in end user behavior are based on four criteria which must be clearly communicated. Knowledge transfer from SMEs to the training team is key. That in turn leads to effective knowledge transfer, allowing end users to develop skills quickly that can be shared with their teams. Sharing practices leads to best practices and maintaining these in a repository that can be quickly accessed will build on the efficiencies and effectiveness of the employees.

    How Do You Empower End Users to Innovate?

    Info-Tech Insights

    Understand the Vision

    Empowering End users starts with understanding the business vision that is embedded into the M365 CoE charter.

    Ensure that the business innovation goals are aligned to the organizational strategies.

    The innovative strategies need to be clearly communicated to the employees and the tools to achieve this needs to be mapped out and trained. Clearly lay out the goals, outcomes, and expectations.

    End users need to understand how the M365 CoE will assist them in their day-to-day operations, whether in the collaboration space with their colleagues, or with power BI that assists them in their decision making though analytics.

    The Right Resources

    Arm your team with the resources they need to be successful. Building use cases as part of the training program will give the employees insight into how the M365 tools can be used in their daily work environment. It will also address the pervasive use of nonstandard tools as is seen throughout organizations that are operated in a vacuum.

    Empowering your user base though the knowledge transfer borne through the building of artifacts that deal with real life examples that join the dots for employees.

    By painting a picture of how the innovative use of the M365 platform can be achieved, users will feel empowered and use those use cases to build out their own innovative ideas.

    Hybrid Work

    Digital fabric

    Collaboration – Communication – Creation

    Cloud Services – Innovative Apps – Security

    Productivity anywhere any place

    Shared working documents in secure cloud

    Mesh for Microsoft Teams/Viva

    Power apps and dataverse for Teams

    Self Service M365

    My Apps

    My Sign-Ins

    My Groups

    My Staff

    My Access

    My Account

    Password reset

    Sample Best Practices
    Tools and Standards Templates

    Then communicate them

    Collaboration Best Practices

    Sharing documents

    Real time co-authoring

    Comment

    Meet

    Mobile

    Version History

    Security Best Practices

    This is a screenshot of the Security Best Practices

    Default Security Settings

    Microsoft Security Score

    Enable Alert Policies

    Assign RBAC for Admins

    Enable Continuous Access Evaluation

    Admin Roles Best Practices in M365

    This is a screenshot of the admin roles best ractices in M365.

    Business Success Metrics for M365 CoE

    What does success look like?

    • Are you aligning the M365 metrics to business goals?
    • Are your decisions data driven?
    • Are you able to determine opportunities to improve with your metrics – continuous process improvement?
    • Are you seeing productivity gains, and are they being measured?
    This image contains a screenshot of the Business Success Metrics for M365-CoE: SMC Training; Content published and tagged; Usage Metrics; Cost Metrics; Adoption Metrics; New Product Introduction

    Activity Output

    Start building your M365 CoE and considering the steps for the Phase 1 checklist

    BUILD A FOUNDATIONAL BASELINE

    Step 1

    1. Select Resources to create a CoE working group
    2. Define your goals and objectives
    3. Identify SMEs within the business and do a gap analysis
    4. Build the M365 charter, mission, and vision
    5. Build consensus and sponsorship from C suite
    6. Create an organizational M365 framework that provides best coverage for all touch points to the platform, from support to training to controls.
    7. Determine the type of CoE you want to create that fits your business (centralized, distributed, or a combination).

    Step 2

    1. Build training plans for SMEs and M365 teams
    2. Populate company intranet with artifacts, knowledge articles, and user training portal with all things M365
    3. Build out best practice workbooks, tools, and templates that encompass all departments
    4. Create roles and responsibilities matrix
    5. Identify “super users” in departments to assist with promoting learning and knowledge sharing.
    6. Develop Metrics scorecards on success criteria ensuring they align to business goals

    Step 3

    1. Rational M365 licensing
    2. Create communication plan promoting CoE and M365 advantages
    3. Align your governance posture and building guardrails
    4. Identify legacy apps that can be retired and replaced
    5. Train support team and analysts with metrics supporting M365 CoE goals
    6. Create baseline metrics with clear alignment to business KPIs

    Related Blueprints

    Modernize Your Microsoft Licensing for the Cloud Era

    • Take control of your Microsoft licensing and optimize spend

    Govern Office 365

    • Office 365 is as difficult to wrangle as it is valuable. Leverage best practices to produce governance outcomes aligned with your goals

    Migrate to Office 365 Now

    • One small step to cloud, one big leap to Office 365. The key is to look before you leap

    Build a Data Classification MVP for M365

    • Kickstart your governance with data classification users will actually use!

    Bibliography

    “Five Guiding Principles of a successful Center of Excellence” Perficient, n.d. Web.

    “Self Service in Microsoft 365.” Janbakker.tech, n.d. Web.

    “My Apps portal overview.” Microsoft, June 2, 2022. Web.

    “Collaboration Best Practices Microsoft365.” Microsoft, n.d. Web.

    “Security Best Practices Microsoft 365” Microsoft, July 1, 2022. Web.

    Implement and Optimize Application Integration Governance

    • Buy Link or Shortcode: {j2store}361|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Enterprises begin integrating their applications without recognizing the need for a managed and documented governance model.
    • Application Integration (AI) is an inherently complex concept, involving the communication among multiple applications, groups, and even organizations; thus developing a governance model can be overwhelming.
    • The options for AI Governance are numerous and will vary depending on the size, type, and maturity of the organization, adding yet another layer of complexity.

    Our Advice

    Critical Insight

    • Governance is essential with integrated applications. If you are planning to integrate your applications, you should already be considering a governance model.
    • Proper governance requires oversight into chains of responsibility, policy, control mechanisms, measurement, and communication.
    • People and process are key. Technology options to aid in governance of integrated apps exist, but will not greatly contribute to the success of AI.

    Impact and Result

    • Assess your capabilities and determine which area of governance requires the most attention to achieve success in AI.
    • Form an Integration Center of Competency to oversee AI governance to ensure compliance and increase success.
    • Conduct ongoing training with your personnel to ensure up-to-date skills and end user understanding.
    • Frequently revisit your AI governance strategy to ensure alignment with business goals.

    Implement and Optimize Application Integration Governance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Implement and optimize Application Integration Governance

    Know where to start and where to focus your attention in the implementation of an AI governance strategy.

    • Storyboard: Implement and Optimize Application Integration Governance

    2. Assess the organization's capabilities in AI Governance

    Assess your current and target states in AI Governance.

    • Application Integration Governance Gap Analysis Tool

    3. Create an Integration Center of Competency

    Have a governing body to oversee AI Governance.

    • Integration Center of Competency Charter Template

    4. Establish AI Governance principles and guidelines

    Create a basis for the organization’s AI governance model.

    • Application Integration Policy and Principles Template

    5. Create an AI service catalog

    Keep record of services and interfaces to reduce waste.

    • Integration Service Catalog Template
    [infographic]

    Go the Extra Mile With Blockchain

    • Buy Link or Shortcode: {j2store}130|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • The transportation and logistics industry is facing a set of inherent flaws, such as high processing fees, fraudulent information, and lack of transparency, that blockchain is set to transform and alleviate.
    • Many companies have FOMO (fear of missing out), causing them to rush toward blockchain adoption without first identifying the optimal use case.

    Our Advice

    Critical Insight

    • Understand how blockchain can alleviate your pain points before rushing to adopt the technology. You have been hearing about blockchain for some time now and are feeling pressured to adopt it. Moreover, the series of issues hindering the transportation and logistics industry, such as the lack of transparency, poor cash flow management, and high processing fees, are frustrating business leaders and thereby adding additional pressure on CIOs to adopt the technology. While blockchain is complex, you should focus on its key features of transparency, integrity, efficiency, and security to identify how it can help your organization.
    • Ensure your use case is actually useful and can be valuable to your organization by selecting a business idea that is viable, feasible, and desirable. Applying design thinking tactics to your evaluation process provides a practical approach that will help you avoid wasting resources (both time and money) and hurting IT’s image in the eyes of the business. While it is easy to get excited and invest in a new technology to help maintain your image as a thought leader, you must ensure that your use case is fully developed prior to doing so.

    Impact and Result

    • Understand blockchain’s transformative potential for the transportation and logistics industry by breaking down how its key benefits can alleviate inherent industry flaws.
    • Identify business processes and stakeholders that could benefit from blockchain.
    • Build and evaluate an inventory of use cases to determine where blockchain could have the greatest impact on your organization.
    • Articulate the value and organizational fit of your proposed use case to the business to gain their buy-in and support.

    Go the Extra Mile With Blockchain Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should care about blockchain’s transformative potential for the transportation and logistics industry and how Info-Tech will support you as you identify and build your blockchain use case.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate why blockchain can disrupt the transportation and logistics industry

    Analyze the four key benefits of blockchain as they relate to the transportation and logistics industry to understand how the technology can resolve issues being experienced by industry incumbents.

    • Go the Extra Mile With Blockchain – Phase 1: Evaluate Why Blockchain Can Disrupt the Transportation and Logistics Industry
    • Blockchain Glossary

    2. Build and evaluate an inventory of use cases

    Brainstorm a set of blockchain use cases for your organization and apply design thinking tactics to evaluate and select the optimal one to pitch to your executives for prototyping.

    • Go the Extra Mile With Blockchain – Phase 2: Build and Evaluate an Inventory of Use Cases
    • Blockchain Use Case Evaluation Tool
    • Prototype One Pager
    [infographic]

    Optimize the Mentoring Program to Build a High-Performing Learning Organization

    • Buy Link or Shortcode: {j2store}596|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Employee Development
    • Parent Category Link: /train-and-develop
    • Many organizations have introduced mentoring programs without clearly defining and communicating the purpose and goals around having a program; they simply jumped on the mentoring bandwagon.
    • As a result, these programs have little impact. They don’t add value for mentors, mentees, or the organization.
    • It can be difficult to design a program that is well-suited to your organization, will be adopted by employees, and will drive the results you are looking for.
    • In particular, it is difficult to successfully match mentors and mentees so both derive maximum value from the endeavor.

    Our Advice

    Critical Insight

    • As workforce composition shifts, there is a need for mentoring programs to move beyond the traditional senior–junior format option; organizational culture and goals will dictate the best approach.
    • An organization’s mentoring program doesn’t need to be restricted to one format; individual preferences and goals should also factor in. Be open to choosing format on a case-by-case basis.
    • Be sure to gain upper management buy-in and support early to ensure mentoring becomes a valued part of your organization.
    • Ensure that goal setting, communication, ongoing support for participants, and evaluation all play a role in your mentoring program.

    Impact and Result

    • Mentoring can have a significant positive impact on mentor, mentee, and organization.
    • Mentees gain guidance and advice on their career path and skill development. Mentors often experience re-engagement with their job and the satisfaction of helping another person.
    • Mentoring participants benefit from obtaining different perspectives of both the business and work-related problems. Participation in a mentoring program has been linked to greater access to promotions, pay raises, and increased job satisfaction.
    • Mentoring can have a number of positive outcomes for the organization, including breaking down silos, transferring institutional knowledge, accelerating leadership skills, fostering open communication and dialogue, and resolving conflict.

    Optimize the Mentoring Program to Build a High-Performing Learning Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Align the mentoring program with the organizational culture and goals

    Build a best-fit program that creates a learning culture.

    • Storyboard: Optimize the Mentoring Program to Build a High Performing Learning Organization

    2. Assess the organizational culture and current mentoring program

    Align mentoring practices with culture to improve the appropriateness and effectiveness of the program.

    • Mentoring Program Diagnostic

    3. Align mentoring practices with culture to improve the appropriateness and effectiveness of the program.

    Track project progress and have all program details defined in a central location.

    • Mentoring Project Plan Template
    • Peer Mentoring Guidelines
    • Mentoring Program Guidelines

    4. Gather feedback from the mentoring program participants

    Evaluate the success of the program.

    • Mentoring Project Feedback Surveys Template

    5. Get mentoring agreements in place

    Improve your mentoring capabilities.

    • Mentee Preparation Checklist
    • Mentoring Agreement Template
    [infographic]

    Strengthen the SSDLC for Enterprise Mobile Applications

    • Buy Link or Shortcode: {j2store}283|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • CEOs see mobile for employees as their top mandate for upcoming technology innovation initiatives, making security a key competency for development.
    • Unsecure mobile applications can cause your employees to question the mobile applications’ integrity for handling sensitive data, limiting uptake.
    • Secure mobile development tends to be an afterthought, where vulnerabilities are tested for post-production rather than during the build process.
    • Developers lack the expertise, processes, and proper tools to effectively enhance applications for mobile security.

    Our Advice

    Critical Insight

    • Organizations currently react to security issues. Info-Tech recommends a proactive approach to ensure a secure software development life cycle (SSDLC) end-to-end.
    • Organizations currently lack the secure development practices to provide highly secure mobile applications that end users can trust.
    • Enable your developers with five key secure development techniques from Info-Tech’s development toolkit.

    Impact and Result

    • Embed secure development techniques into your SDLC.
    • Create a repeatable process for your developers to continually evaluate and optimize mobile application security for new threats and corresponding mitigation steps.
    • Build capabilities within your team based on Info-Tech’s framework by supporting ongoing security improvements through monitoring and metric analysis.

    Strengthen the SSDLC for Enterprise Mobile Applications Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt secure development techniques for mobile application development, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess secure mobile development processes

    Determine the current security landscape of mobile application development.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 1: Assess Secure Mobile Development Practices
    • Systems Architecture Template
    • Mobile Application High-Level Design Requirements Template

    2. Implement and test secure mobile techniques

    Incorporate the various secure development techniques into current development practices.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 2: Implement and Test Secure Mobile Techniques

    3. Monitor and support secure mobile applications

    Create a roadmap for mobile optimization initiatives.

    • Strengthen the SSDLC for Enterprise Mobile Applications – Phase 3: Monitor and Support Secure Mobile Applications
    • Mobile Optimization Roadmap
    [infographic]

    Workshop: Strengthen the SSDLC for Enterprise Mobile Applications

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Your Secure Mobile Development Practices

    The Purpose

    Identification of the triggers of your secure mobile development initiatives.

    Assessment of the security vulnerabilities in your mobile applications from an end-user perspective.

    Identification of the execution of your mobile environment.

    Assessment of the mobile threats and vulnerabilities to your systems architecture.

    Prioritization of your mobile threats.

    Creation of your risk register.

    Key Benefits Achieved

    Key opportunity areas where a secure development optimization initiative can provide tangible benefits.

    Identification of security requirements.

    Prioritized list of security threats.

    Initial mobile security risk register created. 

    Activities

    1.1 Establish the triggers of your secure mobile development initiatives.

    1.2 Assess the security vulnerabilities in your mobile applications from an end-user perspective.

    1.3 Understand the execution of your mobile environment with a systems architecture.

    1.4 Assess the mobile threats and vulnerabilities to your systems architecture.

    1.5 Prioritize your mobile threats.

    1.6 Begin building your risk register.

    Outputs

    Mobile Application High-Level Design Requirements Document

    Systems Architecture Diagram

    2 Implement and Test Your Secure Mobile Techniques

    The Purpose

    Discovery of secure development techniques to apply to current development practices.

    Discovery of new user stories from applying secure development techniques.

    Discovery of new test cases from applying secure development techniques.

    Key Benefits Achieved

    Areas within your code that can be optimized for improving mobile application security.

    New user stories created in relation to mitigation steps.

    New test cases created in relation to mitigation steps.

    Activities

    2.1 Gauge the state of your secure mobile development practices.

    2.2 Identify the appropriate techniques to fill gaps.

    2.3 Develop user stories from security development gaps identified.

    2.4 Develop test cases from user story gaps identified.

    Outputs

    Mobile Application High-Level Design Requirements Document

    3 Monitor and Support Your Secure Mobile Applications

    The Purpose

    Identification of key metrics used to measure mobile application security issues.

    Identification of secure mobile application and development process optimization initiatives.

    Identification of enablers and blockers of your mobile security optimization.

    Key Benefits Achieved

    Metrics for measuring application security.

    Modified triaging process for addressing security issues.

    Initiatives for development optimization.

    Enablers and blockers identified for mobile security optimization initiatives.

    Process for developing your mobile optimization roadmap.

    Activities

    3.1 List the metrics that would be gathered to assess the success of your mobile security optimization.

    3.2 Adjust and modify your triaging process to enhance handling of security issues.

    3.3 Brainstorm secure mobile application and development process optimization initiatives.

    3.4 Identify the enablers and blockers of your mobile security optimization.

    3.5 Define your mobile security optimization roadmap.

    Outputs

    Mobile Optimization Roadmap

    Deliver a Customer Service Training Program to Your IT Department

    • Buy Link or Shortcode: {j2store}484|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $4,339 Average $ Saved
    • member rating average days saved: 6 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • The scope of service that the service desk must provide has expanded. With the growing complexity of technologies to support, it becomes easy to forget the customer service side of the equation. Meanwhile, customer expectations for prompt, frictionless, and exceptional service from anywhere have grown.
    • IT departments struggle to hire and retain talented service desk agents with the right mix of technical and customer service skills.
    • Some service desk agents don’t believe or understand that customer service is an integral part of their role.
    • Many IT leaders don’t ask for feedback from users to know if there even is a customer service problem.

    Our Advice

    Critical Insight

    • There’s a common misconception that customer service skills can’t be taught, so no effort is made to improve those skills.
    • Even when there is a desire to improve customer service, it’s hard for IT teams to make time for training and improvement when they’re too busy trying to keep up with tickets.
    • A talented service desk agent with both great technical and customer service skills doesn’t have to be a rare unicorn, and an agent without innate customer service skills isn’t a lost cause. Relevant and impactful customer service habits, techniques, and skills can be taught through practical, role-based training.
    • IT leaders can make time for this training through targeted, short modules along with continual on-the-job coaching and development.

    Impact and Result

    • Good customer service is critical to the success of the service desk. How a service desk treats its customers will determine its customers' satisfaction with not only IT but also the company as a whole.
    • Not every technician has innate customer service skills. IT managers need to provide targeted, practical training on what good customer service looks like at the service desk.
    • One training session is not enough to make a change. Leaders must embed the habits, create a culture of engagement and positivity, provide continual coaching and development, regularly gather customer feedback, and seek ways to improve.

    Deliver a Customer Service Training Program to Your IT Department Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should deliver customer service training to your team, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Deliver a Customer Service Training Program to Your IT Department – Executive Brief
    • Deliver a Customer Service Training Program to Your IT Department Storyboard

    1. Deliver customer service training to your IT team

    Understand the importance of customer service training, then deliver Info-Tech's training program to your IT team.

    • Customer Service Training for the Service Desk – Training Deck
    • Customer Focus Competency Worksheet
    • Cheat Sheet: Service Desk Communication
    • Cheat Sheet: Service Desk Written Communication
    [infographic]

    Integrate Threat Intelligence Into Your Security Operations

    • Buy Link or Shortcode: {j2store}320|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 2 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Organizations have limited visibility into their threat landscape, and as such are vulnerable to the latest attacks, hindering business practices, workflow, revenue generation, and damaging their public image.
    • Organizations are developing ad hoc intelligence capabilities that result in operational inefficiencies, the misalignment of resources, and the misuse of their security technology investments.
    • It is difficult to communicate the value of a threat intelligence solution when trying to secure organizational buy-in and the appropriate resourcing.
    • There is a vast array of “intelligence” in varying formats, often resulting in information overload.

    Our Advice

    Critical Insight

    1. Information alone is not actionable. A successful threat intelligence program contextualizes threat data, aligns intelligence with business objectives, and then builds processes to satisfy those objectives.
    2. Your security controls are diminishing in value (if they haven’t already). As technology in the industry evolves, threat actors will inevitably adopt new tools, tactics, and procedures; a threat intelligence program can provide relevant situational awareness to stay on top of the rapidly-evolving threat landscape.
    3. Your organization might not be the final target, but it could be a primary path for attackers. If you exist as a third-party partner to another organization, your responsibility in your technology ecosystem extends beyond your own product/service offerings. Threat intelligence provides visibility into the latest threats, which can help you avoid becoming a backdoor in the next big data breach.

    Impact and Result

    • Assess the needs and intelligence requirements of key stakeholders.
    • Garner organizational buy-in from senior management.
    • Identify organizational intelligence gaps and structure your efforts accordingly.
    • Understand the different collection solutions to identify which best supports your needs.
    • Optimize the analysis process by leveraging automation and industry best practices.
    • Establish a comprehensive threat knowledge portal.
    • Define critical threat escalation protocol.
    • Produce and share actionable intelligence with your constituency.
    • Create a deployment strategy to roll out the threat intelligence program.
    • Integrate threat intelligence within your security operations.

    Integrate Threat Intelligence Into Your Security Operations Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement a threat intelligence program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plan for a threat intelligence program

    Assess current capabilities and define an ideal target state.

    • Integrate Threat Intelligence Into Your Security Operations – Phase 1: Plan for a Threat Intelligence Program
    • Security Pressure Posture Analysis Tool
    • Threat Intelligence Maturity Assessment Tool
    • Threat Intelligence Project Charter Template
    • Threat Intelligence RACI Tool
    • Threat Intelligence Management Plan Template
    • Threat Intelligence Policy Template

    2. Design an intelligence collection strategy

    Understand the different collection solutions to identify which best supports needs.

    • Integrate Threat Intelligence Into Your Security Operations – Phase 2: Design an Intelligence Collection Strategy
    • Threat Intelligence Prioritization Tool
    • Threat Intelligence RFP MSSP Template

    3. Optimize the intelligence analysis process

    Begin analyzing and acting on gathered intelligence.

    • Integrate Threat Intelligence Into Your Security Operations – Phase 3: Optimize the Intelligence Analysis Process
    • Threat Intelligence Malware Runbook Template

    4. Design a collaboration and feedback program

    Stand up an intelligence dissemination program.

    • Integrate Threat Intelligence Into Your Security Operations – Phase 4: Design a Collaboration and Feedback Program
    • Threat Intelligence Alert Template
    • Threat Intelligence Alert and Briefing Cadence Schedule Template
    [infographic]

    Drive Customer Convenience by Enabling Text-Based Customer Support

    • Buy Link or Shortcode: {j2store}531|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Text messaging services and applications (such as SMS, iMessage, WhatsApp, and Facebook Messenger) have seen explosive growth over the last decade. They are an entrenched part of consumers’ daily lives. For many demographics, text messaging rather than audio calls is the preferred medium of communication via smartphone.
    • Despite the popularity of text messaging services and applications with consumers, organizations have been slow to adequately incorporate these channels into their customer service strategy.
    • The result is a major disconnect between the channel preferences of consumers and the customer service options being offered by businesses.

    Our Advice

    Critical Insight

    • IT must work with their counterparts in customer service to build a technology roadmap that incorporates text messaging services and apps as a core channel for customer interaction. Doing so will increase IT’s stature as an innovator in the eyes of the business, while allowing the broader organization to leapfrog competitors that have not yet added text-based support to their repertoire of service channels. Incorporating text messaging as a customer service channel will increase customer satisfaction, improve retention, and reduce cost-to-serve.
    • A prudent strategy for text-based customer service begins with defining the value proposition and creating objectives: is there a strong fit with the organization’s customers and service use cases? Next, organizations must create a technology enablement roadmap for text-based support that incorporates the right tools and applications to deliver it. Finally, the strategy must address best practices for text-based customer service workflows and appropriate resourcing.

    Impact and Result

    • Understand the value and use cases for text-based customer support.
    • Create a framework for enabling technologies that will support scalable text-based customer service.
    • Improve underlying business metrics such as customer satisfaction, retention, and time to resolution by having a plan for text-based support.
    • Better align IT with customer service and support needs.

    Drive Customer Convenience by Enabling Text-Based Customer Support Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should be leveraging text-based services for customer support, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create the business case for text-based customer support

    Understand the use cases and benefits of using text-based services for customer support, and establish how they align to the organization’s current service strategy.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 1: Create the Business Case for Text-Based Customer Support
    • Text-Based Customer Support Strategic Summary Template
    • Text-Based Customer Support Project Charter Template
    • Text-Based Customer Support Business Case Assessment

    2. Create a technology enablement framework for text-based customer support

    Identify the right applications that will be needed to adequately support a text-based support strategy.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 2: Create a Technology Enablement Framework for Text-Based Customer Support
    • Text-Based Customer Support Requirements Traceability Matrix

    3. Create customer service workflows for text-based support

    Create repeatable workflows and escalation policies for text-centric support.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 3: Create Customer Service Workflows for Text-Based Support
    • Text-Based Customer Support TCO Tool
    • Text-Based Customer Support Acceptable Use Policy
    [infographic]

    Workshop: Drive Customer Convenience by Enabling Text-Based Customer Support

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create the Business Case for Text-Based Support

    The Purpose

    Create the business case for text-based support.

    Key Benefits Achieved

    A clear direction on the drivers and value proposition of text-based customer support for your organization.

    Activities

    1.1 Identify customer personas.

    1.2 Define business and IT drivers.

    Outputs

    Identification of IT and business drivers.

    Project framework and guiding principles for the project.

    2 Create a Technology Enablement Framework for Text-Based Support

    The Purpose

    Create a technology enablement framework for text-based support.

    Key Benefits Achieved

    Prioritized requirements for text-based support and a vetted shortlist of the technologies needed to enable it.

    Activities

    2.1 Determine the correct migration strategy based on the current version of Exchange.

    2.2 Plan the user groups for a gradual deployment.

    Outputs

    Exchange migration strategy.

    User group organization by priority of migration.

    3 Create Service Workflows for Text-Based Support

    The Purpose

    Create service workflows for text-based support.

    Key Benefits Achieved

    Customer service workflows and escalation policies, as well as risk mitigation considerations.

    Present final deliverable to key stakeholders.

    Activities

    3.1 Review the text channel matrix.

    3.2 Build the inventory of customer service applications that are needed to support text-based service.

    Outputs

    Extract requirements for text-based customer support.

    4 Finalize Your Text Service Strategy

    The Purpose

    Finalize the text service strategy.

    Key Benefits Achieved

    Resource and risk mitigation plan.

    Activities

    4.1 Build core customer service workflows for text-based support.

    4.2 Identify text-centric risks and create a mitigation plan.

    4.3 Identify metrics for text-based support.

    Outputs

    Business process models assigned to text-based support.

    Formulation of risk mitigation plan.

    Key metrics for text-based support.

    Adopt an Exponential IT Mindset

    • Buy Link or Shortcode: {j2store}103|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    New technologies such as generative AI, quantum computing, 5G cellular networks, and next-generation robotics are ushering in an exciting new era of business transformation. By adopting an exponential IT mindset, IT leaders will be able to lead the autonomization of business capabilities.

    To capitalize on this upcoming opportunity, exponential IT leaders will have to become business advisors who unlock exponential value for the business and help mitigate exponential risk.

    Adopt a renewed focus on business outcomes to achieve autonomization

    An exponential IT mindset means that IT leaders will need to take a lead role in transforming business capabilities.

    • Embrace an expanded role as business advisors: CIOs will be tasked with greater responsibility for determining business strategy alongside the C-suite.
    • Know the rewards and mitigate the risks: New value chain opportunities and efficiency gains will create significant ROI. Protect these returns by mitigating higher risks to business continuity, information security, and delivery performance.
    • Plan to fully leverage technologies such as AI: It will be integral for IT to enable autonomous technologies in this new era of exponential technology progress.

    Adopt an Exponential IT Mindset Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Adopt an Exponential IT Mindset Deck – An introduction to IT’s role in the autonomization era

    The role of IT has evolved throughout the past couple generations to enable fundamental business transformations. In the autonomization era, it will have to evolve again to lead the business through a world of exponential opportunity.

    • Adopt an Exponential IT Mindset Storyboard

    Infographic

    Further reading

    Adopt an Exponential IT Mindset

    Thrive through the next paradigm shift

    Executive Summary

    For more than 40 years, information technology has significantly transformed businesses, from the computerization of operations to the digital transformation of business models. As technological disruption accelerates exponentially, a world of exponential business opportunity is within reach.

    Newly emerging technologies such as generative AI, quantum computing, 5G cellular networks, and next-generation robotics are enabling autonomous business capabilities.

    The role of IT has evolved throughout the past couple generations to enable business transformations. In the autonomization era, it will have to evolve again. IT will have a new mission, an adapted governance structure, innovative capabilities, and an advanced partnership model.

    CIOs embracing exponential IT require a new mindset. Their IT practices will need to progress to the top of the maturity ladder as they make business outcomes their own.

    Over the past two generations, we have witnessed major technology-driven business transformations

    1980s

    Computerization

    The use of computer devices, networks, and applications became widespread in the enterprise. The focus was on improving the efficiency of back-office tasks.

    2000s

    Digitalization

    As the world became connected through the internet, new digitally enabled business models emerged in the enterprise. Orders were now being received online, and many products and services were partially or fully digitized for online fulfillment.

    Recent pandemic measures contributed to a marked acceleration in the digitalization of organizations

    The massive disruption resulting from pandemic measures led businesses to shift to more digital interactions with customers.

    The global average share of customer interactions that are digital went from 36% in December 2019 to 58% in July 2020.

    The global average share of customer interactions that are digital went from 36% to 58% in less than a year.*

    Moreover, companies across business areas have accelerated the digitization of their offerings.

    The global average share of partially or fully digitized products went from 35% in 2019 to 55% in July 2020.

    The global average share of partially or fully digitized products went from 35% to 55% in the same period.*

    The adoption of digitalized business models has accelerated during the pandemic. Post-pandemic, it is unlikely for adoption to recede.

    With more business applications ported to the cloud and more data available online, “digital-first” organizations started to envisage a next wave of automation.

    *Source: “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever,” McKinsey & Company, 2020

    A majority of IT leaders plan to use artificial intelligence within their organizations in 2023

    In August 2022, Info-Tech surveyed 506 IT leaders and asked which tasks would involve AI in their organizations in 2023.

    Graph showing tasks that would involve AI in organizations in 2023.

    We found that 63% of IT leaders plan to use AI within their organizations to automate repetitive, low-level tasks by the end of 2023.

    With the release of the ChatGPT prototype in November 2022, setting a record for the fastest user growth (reaching 100 million active users just two months after launch), we foresee that AI adoption will accelerate significantly and its use will extend to more complex tasks.

    Newly emerging technologies and business realities are ushering in the next business transformation

    1980s

    Computerization

    2000s

    Digitalization

    2020s

    Autonomization

    As digitalization accelerates, a post-pandemic world with a largely online workforce and digitally transformed enterprise business models now enters an era where more business capabilities become autonomous, with humans at the center of a loop* that is gradually becoming larger.

    Deep Learning, Quantum Computing, 5G Networks, Robotics

    * Download Info-Tech’s CIO Trend Report 2019 – Become a Leader in the Loop

    The role of IT needs to evolve as it did through the previous two generations

    1980s

    Computerization

    IT professionals gathered functional requirements from the business to help automate back-office tasks and improve operational efficiency.

    2000s

    Digitalization

    IT professionals acquired business analysis skills and leveraged the SMAC (social, mobile, analytics, and cloud) stack to accelerate the automation of the front office and enable the digital transformation of business models.

    2020s

    Autonomization

    IT professionals will become business advisors and enable the establishment of autonomous yet differentiated business processes and capabilities.

    The autonomization era brings enormous opportunity for organizations, coupled with enormous risk

    Graph of Risk Severity versus Value Opportunity. Autonomization has a high value of opportunity and high risk severity.

    While some analysts have been quick to announce the demise of the IT department and the transition of the role of IT to the business, the budgets that CIOs control have continued to rise steadily over time.

    In a high-risk, high-reward endeavor to make business processes autonomous, the role of IT will continue to be pivotal, because while everyone in the organization will rush to seize the value opportunity, the technology risk will be left for IT to manage.

    Exponential IT represents a necessary change in a CIO’s focus to lead through the next paradigm shift

    EXPONENTIAL RISK

    Autonomous processes will integrate with human-led processes, creating risks to business continuity, information security, and quality of delivery. Supplier power will exacerbate business risks.

    EXPONENTIAL REWARD

    The efficiency gains and new value chains created through artificial intelligence, robotics, and additive manufacturing will be very significant. Most of this value will be realized through the augmentation of human labor.

    EXPONENTIAL DEMAND

    Autonomous solutions for productivity and back-office applications will eventually become commoditized and provided by a handful of large vendors. There will, however, be a proliferation of in-house algorithms and workflows to autonomize the middle and front office, offered by a busy landscape of industry-centric capability vendors.

    EXPONENTIAL IT

    Exponential IT involves IT leading the cognitive reengineering of the organization with evolved practices for:

    • IT governance
    • Asset management
    • Vendor management
    • Data management
    • Business continuity management
    • Information security management

    To succeed, IT will have to adopt different priorities in its mission, governance, capabilities, and partnerships

    Digitalization

    A Connected World

    Progressive IT

    • Mission

      Enable the digital transformation of the business
    • Governance

      Service metrics, security perimeters, business intelligence, compliance management
    • Capabilities

      Service management, business analysis, application portfolio management, data management
    • Partnerships

      Management of technology service agreements

    Autonomization

    An Exponential World

    Exponential IT

    • Mission

      Lead the business through autonomization.
    • Governance

      Outcome-based metrics, zero trust, ESG reporting, digital trust
    • Capabilities

      Experience management, business advisory, enterprise innovation, data differentiation
    • Partnerships

      Management of business capability agreements

    Fortune favors the bold: The CIO now has an opportunity to cement their role as business leader

    Levels of digital maturity.  From bottom: Unstable - inability to consistently deliver basic services, Firefighter - Reliable infrastructure and IT service desk, Trusted Operator - Enablement of business through applications and work orders, Business Partner - Effective delivery of strategic business projects, Innovator - Information and technology as a competitive advantage.

    Research has shown that companies that are more digitally mature have higher growth than the industry average. In these companies, the CIO is part of the executive management team.

    And while the role of the CIO is generally tied to their mandate within the organization, we have seen their role progress from doer to leader as IT climbs the maturity ladder.

    As companies strive to succeed in the next phase of technology-driven transformation, CIOs have an opportunity to demonstrate their business leadership. To do so, they will have to provide exceptionally mature services while owning business targets.

    2021 IT Talent Trend Report

    • Buy Link or Shortcode: {j2store}516|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $9,919 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • In March 2020, many organizations were forced to switch to a virtual working world. IT enabled organizations to be successful while working from home. Ultimately, this shift changed the way that we all work, and in turn, the way IT leaders manage talent.
    • Many organizations are considering long-term remote work (Kelly, 2020).
    • Change is starting but is lagging.

    Our Advice

    Critical Insight

    • Increase focus on employee experience to navigate new challenges.
    • A good employee experience is what is best for the IT department.

    Impact and Result

    • The data shows IT is changing in the area of talent management.
    • IT has a large role in enabling organizations to work from home, especially from a technological and logistics perspective. There is evidence to show that they are now expanding their role to better support employees when working from home.
    • Survey respondents identified efforts already underway for IT to improve employee experience and subsequently, IT effectiveness.

    2021 IT Talent Trend Report Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should focus on the employee experience and get an overview of what successful IT leaders are doing differently heading into 2021 – the five new talent management trends.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. DEI: A top talent objective

    The focus on diversity, equity, and inclusion (DEI) initiatives spans the entire organization beyond just HR. Learn which DEI efforts are underway with IT.

    • 2021 IT Talent Trend Report – Trend 1: DEI: A Top Talent Objective

    2. Remote work is here to stay

    Forced work-from-home demonstrated to organizations that employees can be productive while working away from the physical office. Learn more about how remote work is changing work.

    • 2021 IT Talent Trend Report – Trend 2: Remote Work Is Here to Stay

    3. A greater emphasis on wellbeing

    When the pandemic hit, organizations were significantly concerned about how employees were doing. Learn more about wellbeing.

    • 2021 IT Talent Trend Report – Trend 3: A Greater Emphasis on Wellbeing

    4. A shift in skills priorities

    Upskilling and finding sought after skills were challenging before the pandemic. How has it changed since? Learn more about skills priorities.

    • 2021 IT Talent Trend Report – Trend 4: A Shift in Skills Priorities

    5. Uncertainty unlocks performance

    The pandemic and remote work has affected performance. Learn about how uncertainty has impacted performance management.

    • 2021 IT Talent Trend Report – Trend 5: Uncertainty Unlocks Performance
    [infographic]

    Succeed With Digital Strategy Execution

    • Buy Link or Shortcode: {j2store}527|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Rising customer expectations and competitive pressures have accelerated the pace at which organizations are turning to digital transformation to drive revenue or cut costs.
    • Many digital strategies are not put into action, and instead sit on the shelf. A digital strategy that is not translated into specific projects and initiatives will provide no value to the organization.
    • Executing a digital strategy is easier said than done: IT often lacks the necessary framework to create a roadmap, or fails to understand how new applications can enable the vision outlined in the strategy.

    Our Advice

    Critical Insight

    • A digital strategy needs a clear roadmap to succeed. Too many digital strategies are lofty statements of objective with no clear avenue for actual execution: create a digital strategy application roadmap to avoid this pitfall.
    • Understand the art of execution. Application capabilities are rapidly evolving: IT must stand ready to educate the business on how new applications can be used to pursue the digital strategy.

    Impact and Result

    • IT must work with the business to parse specific technology drivers from the digital strategy, distill strategic requirements, and create a prescriptive roadmap of initiatives that will close the gaps between the current state and the target state outlined in the digital strategy. Doing so well is a path to the CIO’s office.
    • To better serve the organization, IT leaders must stay abreast of key application capabilities and trends. Exciting new developments such as artificial intelligence, IoT, and machine learning have opened up new avenues for process digitization, but IT leaders need to make a concerted effort to understand what modern applications bring to the table for technology enablement of the digital strategy.
    • Taking an agile approach to application roadmap development will help to provide a clear path forward for tackling digital strategy execution, while also allowing for flexibility to update and iterate as the internal and external environment changes.

    Succeed With Digital Strategy Execution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should have a structured approach to translating your digital strategy to specific application initiatives, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Parse digital strategy drivers

    Parse specific technology drivers out of the formal enterprise digital strategy.

    • Succeed With Digital Strategy Execution – Phase 1: Parse Your Digital Strategy for Critical Technology Drivers

    2. Map drivers to enabling technologies

    Review and understand potential enabling applications.

    • Succeed With Digital Strategy Execution – Phase 2: Map Your Drivers to Enabling Applications

    3. Create the application roadmap to support the digital strategy

    Use the drivers and an understanding of enabling applications to put together an execution roadmap that will support the digital strategy.

    • Succeed With Digital Strategy Execution – Phase 3: Create an Application Roadmap That Supports the Digital Strategy
    • Digital Strategy Roadmap Tool
    • Application Roadmap Presentation Template
    • Digital Strategy Communication and Execution Plan Template
    [infographic]

    Workshop: Succeed With Digital Strategy Execution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Validate the Digital Strategy

    The Purpose

    Review and validate the formal enterprise digital strategy.

    Key Benefits Achieved

    Confirmation of the goals, objectives, and direction of the organization’s digital strategy.

    Activities

    1.1 Review the initial digital strategy.

    1.2 Determine gaps.

    1.3 Refine digital strategy scope and vision.

    1.4 Finalize digital strategy and validate with stakeholders.

    Outputs

    Validated digital strategy

    2 Parse Critical Technology Drivers

    The Purpose

    Enumerate relevant technology drivers from the digital strategy.

    Key Benefits Achieved

    List of technology drivers to pursue based on goals articulated in the digital strategy.

    Activities

    2.1 Identify affected process domains.

    2.2 Brainstorm impacts of digital strategy on technology enablement.

    2.3 Distill critical technology drivers.

    2.4 Identify KPIs for each driver.

    Outputs

    Affected process domains (based on APQC)

    Critical technology drivers for the digital strategy

    3 Map Drivers to Enabling Applications

    The Purpose

    Relate your digital strategy drivers to specific, actionable application areas.

    Key Benefits Achieved

    Understand the interplay between the digital strategy and impacted application domains.

    Activities

    3.1 Build and review current application inventory for digital.

    3.2 Execute fit-gap analysis between drivers and current state inventory.

    3.3 Pair technology drivers to specific enabling application categories.

    Outputs

    Current-state application inventory

    Fit-gap analysis

    4 Understand Applications

    The Purpose

    Understand how different applications support the digital strategy.

    Understand the art of the possible.

    Key Benefits Achieved

    Knowledge of how applications are evolving from a features and capabilities perspective, and how this pertains to digital strategy enablement.

    Activities

    4.1 Application spotlight: customer experience.

    4.2 Application spotlight: content and collaboration.

    4.3 Application spotlight: business intelligence.

    4.4 Application spotlight: enterprise resource planning.

    Outputs

    Application spotlights

    5 Build the Digital Application Roadmap

    The Purpose

    Create a concrete, actionable roadmap of application and technology initiatives to move the digital strategy forward.

    Key Benefits Achieved

    Clear, concise articulation of application roadmap for supporting digital that can be communicated to the business.

    Activities

    5.1 Build list of enabling projects and applications.

    5.2 Create prioritization criteria.

    5.3 Build the digital strategy application roadmap.

    5.4 Socialize the roadmap.

    5.5 Delineate responsibility for roadmap execution.

    Outputs

    Application roadmap for the digital strategy

    RACI chart for digital strategy roadmap execution

    First 30 Days Pandemic Response Plan

    • Buy Link or Shortcode: {j2store}418|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Given the speed and scope of the spread of the pandemic, governments are responding with changes almost daily as to what organizations and people can and can’t do. This volatility and uncertainty challenges organizations to respond, particularly in the absence of a business continuity or crisis management plan.

    Our Advice

    Critical Insight

    • Assess the risk to and viability of your organization in order to create appropriate action and communication plans quickly.

    Impact and Result

    • HR departments must be directly involved in developing the organization’s pandemic response plan. Use Info-Tech's Risk and Viability Matrix and uncover the crucial next steps to take during the first 30 days of the COVID-19 pandemic.

    First 30 Days Pandemic Response Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a response plan for the first 30 days of a pandemic

    Manage organizational risk and viability during the first 30 days of a crisis.

    • First 30 Days Pandemic Response Plan Storyboard
    • Crisis Matrix Communications Template: Business As Usual
    • Crisis Matrix Communications Template: Organization Closing
    • Crisis Matrix Communications Template: Manage Risk and Leverage Resilience
    • Crisis Matrix Communications Template: Reduce Labor and Mitigate Risk
    [infographic]

    Select a Sourcing Partner for Your Development Team

    • Buy Link or Shortcode: {j2store}508|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Application Development
    • Parent Category Link: /application-development
    • You have identified that a change to your sourcing strategy is required, based on market and company factors.
    • You are ready to select a new sourcing partner to drive innovation, time to market, increased quality, and improved financial performance.
    • Taking on a new partner is a significant investment and risk, and you must get it right the first time.
    • You need to make a change now to prevent losing clients and falling further behind your performance targets and your market.

    Our Advice

    Critical Insight

    Selecting a sourcing partner is a function of matching complex factors to your own firm. It is not a simple RFP exercise; it requires significant introspection, proactive planning, and in-depth investigation of potential partners to choose the right fit.

    Impact and Result

    Choosing the right sourcing partner is a four-step process:

    1. Assess your companies' skills and processes in the key areas of risk to sourcing initiatives.
    2. Based on the current situation, define a profile for the matching sourcing partner.
    3. Seek matching partners from the market, either in terms of vendor partners or in terms of sourcing locations.
    4. Based on the choice of partner, build a plan to implement the partnership, define metrics to measure success, and a process to monitor.

    Select a Sourcing Partner for Your Development Team Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select a Sourcing Partner for Your Development Team Storyboard – Use this presentation to select a partner to best fit your sourcing needs and deliver long-term value.

    This project helps select a partner for sourcing of your development team so that you can realize the benefits from changing your sourcing strategy.

    • Select a Sourcing Partner for Your Development Team Storyboard

    2. Select a Sourcing Partner for Your Development Team Presentation Template – Use this template to build a presentation to detail your decision on a sourcing partner for your development team.

    This presentation template is designed to capture the results from the exercises within the storyboard and allow users to build a presentation to leadership showing how selection was done.

    • Select a Sourcing Partner for Your Development Team Presentation Template

    3. Select a Sourcing Partner for Your Development Team Presentation Example – Use this as a completed example of the template.

    This presentation template portrays what the completed template looks like by showing sample data in all tables. It allows members to see how each exercise leads to the final selection of a partner.

    • Select a Sourcing Partner for Your Development Team Example Template
    [infographic]

    Further reading

    Select a Sourcing Partner for Your Application Development Team

    Choose the right partner to enable your firm to maximize the value realized from your sourcing strategy.

    Analyst Perspective

    Selecting the right partner for your sourcing needs is no longer a cost-based exercise. Driving long-term value comes from selecting the partner who best matches your firm on a wide swath of factors and fits your needs like a glove.

    Sourcing in the past dealt with a different kind of conversation involving two key questions:

    Where will the work be done?

    How much will it cost?

    How people think about sourcing has changed significantly. People are focused on gaining a partner, and not just a vendor to execute a single transaction. They will add skills your team lacks, and an ability to adapt to your changing needs, all while ensuring you operate within any constraints based on your business.

    Selecting a sourcing partner is a matching exercise that requires you to look deep into yourself, understand key factors about your firm, and then seek the partner who best meets your profile.

    The image contains a picture of Dr. Suneel Ghei.

    Dr. Suneel Ghei
    Principal Research Director, Application Development
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • You have identified that a change to your sourcing strategy is required based on market and company factors.
    • You are ready to select a new sourcing partner to drive innovation, time to market, increased quality, and improve financial performance.
    • Taking on a new partner is a significant investment and risk, and you must get it right the first time.
    • You need to make a change now to avoid falling further behind your performance targets and your market, and losing clients.

    Almost half of all sourcing initiatives do not realize the projected savings, and the biggest reason is the choice of partner.

    The market for Application Development partners has become more diverse, increasing choice and the risk of making a costly mistake by choosing the wrong partner.

    Firms struggle with how best to support the sourcing partner and allocate resources with the right skills to maximize success, increasing the cost and time to implement, and limiting benefits.

    Making the wrong choice means inferior products, and higher costs and losing both clients and reputation.

    • Choosing the right sourcing partner is a four-step process:
    1. Assess your company's skills and processes in the key areas of risk to sourcing initiatives.
    2. Based on the current situation, define a profile for the matching sourcing partner.
    3. Seek matching partners from the market, either in terms of vendor partners or in terms of sourcing locations.
    4. Based on your choice of partner, build a plan to implement the partnership, and define metrics to measure success and a process to monitor.

    Info-Tech Insight

    Successfully selecting a sourcing partner is not a simple RFP exercise to choose the lowest cost. It is a complex process of introspection, detailed examination of partners and locations, and matching the fit. It requires you to seek a partner that is the Yin to your Yang, and failure is not an option.

    You need a new source for development resources

    You are facing immediate challenges that require a new approach to development resourcing.

    • Your firm is under fire; you are facing pressures financially from clients and your competitors.
    • Your pace of innovation and talent sourcing is too slow and too limiting.
    • Your competition is moving faster and your clients are considering their options.
    • Revenues and costs of development are trending in the wrong direction.
    • You need to act now to avoid spiraling further.

    Given how critical our applications are to the business and our clients, there is no room for error in choosing our partner.

    A study of 121 firms outsourcing various processes found that 50% of those surveyed saw no gains from the outsourcing arrangement, so it is critical to make the right choice the first time.

    Source: Zhang et al

    Big challenges await you on the journey

    The road to improving sourcing has many potholes.

    • In a study of 121 firms who moved development offshore, almost 50% of all outsourcing and offshoring initiatives do not achieve the desired results.
    • In another study focused on large corporations, it was shown that 70% of respondents saw negative outcomes from offshoring development.
    • Globalization of IT Services and the ability to work from anywhere have contributed to a significant increase in the number of development firms to choose from.
    • Choosing and implementing a new partner is costly, and the cost of choosing the wrong partner and then trying to correct your course is significant in dollars and reputation:
      • Costs to find a new partner and transition
      • Lost revenue due to product issues
      • Loss of brand and reputation due to poor choice
    • The wrong choice can also cost you in terms of your own resources, increasing the risk of losing more knowledge and skills.

    A survey of 25 large corporate firms that outsourced development offshore found that 70% of them had negative outcomes.

    (Source: University of Oregon Applied Information Management, 2019)

    Info-Tech’s approach

    Selecting the right partner is a matching exercise.

    Selecting the right partner is a complex exercise with many factors

    1. Look inward. Assess your culture, your skills, and your needs.
    • Market
    • People
    • Culture
    • Technical aspects
  • Create a profile for the perfect partner to fit your firm.
    • Sourcing Strategy
    • Priorities
    • Profile
  • Find the partner that best fits your needs
    • Define RFx
    • Target Partners
    • Evaluate
  • Implement the partner and put in metrics and process to manage.
    • Contract Partner
    • Develop Goals
    • Create Process and Metrics

    The Info-Tech difference:

    1. Assess your own organization’s characteristics and capabilities in four key areas.
    2. Based on these characteristics and the sourcing strategy you are seeking to implement, build a profile for your perfect partner.
    3. Define an RFx and assessment matrix to survey the market and select the best partner.
    4. Implement the partner with process and controls to manage the relationship, built collaboratively and in place day 1.

    Insight summary

    Overarching insight

    Successfully selecting a sourcing partner is not a simple RFP exercise to choose the lowest cost. It is a complex process of introspection, detailed examination of partners and locations, and matching the fit. It requires you to seek a partner that is the Yin to your Yang, and failure is not an option.

    Phase 1 insight

    Fitting each of these pieces to the right partner is key to building a long-term relationship of value.

    Selecting a partner requires you to look at your firm in depth from a business, technical, and organizational culture perspective.

    Phase 2 insight

    The factors we have defined serve to build us a profile for the ideal partner to engage in sourcing our development team. This profile will lead us to be able to define our RFP / RFI and assess respondents.

    Phase 3/4 insight

    Implement the relationship the same way you want it to work, as one team. Work together on contract mechanism, shared goals, metrics, and performance measurement. By making this transparent you hasten the development of a joint team, which will lead to long-term success.

    Tactical insight

    Ensure you assess not just where you are but where you are going, in choosing a partner. For example, you must consider future markets you might enter when choosing the right sourcing, or outsourcing location to maintain compliance.

    Tactical insight

    Sourcing is not a replacement for your full team. Skills must be maintained in house as well, so the partner must be willing to work with the in-house team to share knowledge and collaborate on deliverables.

    Addressing the myth – Single country offshoring or outsourcing

    Research shows that a multi-country approach has a higher chance of success.

    • Research shows that firms trying their own captive development centers fail 20% of the time. ( Journal of Information Technology, 2008)
    • Further, the overall cost of ownership for an offshore center has shown to be significantly higher than the cost of outsourcing, as the offshore center requires more internal management and leadership.
    • Research shows that offshoring requires the offshore location to also house business team members to allow key relationships to be built and ensure more access to expertise. (Arxiv, 2021)
    • Given the specificity of employment laws, cultural differences, and leadership needs, it is very beneficial to have a Corporate HR presence in countries where an offshore center is being set up. (Arxiv, 2021)
    • Lastly, given the changing climate on security, geopolitical changes, and economic factors, our research with service providers and corporate clients shows a need to have more diversity in provider location than a single center can provide.

    Info-Tech Insight

    Long-term success of sourcing requires more than a development center. It requires a location that houses business and HR staff to enable the new development team to learn and succeed.

    Addressing the myth – Outsourcing is a simple RFP for skills and lowest cost

    Success in outsourcing is an exercise in finding a match based on complex factors.

    • In the past, outsourcing was a simple RFP exercise to find the cheapest country with the skills.
    • Our research shows this is no longer true; the decision is now more complex.
    • Competition has driven costs higher, while time business integration and security constraints have served to limit the markets available.
    • Company culture fit is key to the ability to work as one team, which research shows is a key element in delivery of long-term value. (University of Oregon, 2019).
    • These are some of the many factors that need to be considered as you choose your outsourcing partner.
    • The right decision is to find the vendor that best matches the current state of your culture, meets your market constraints, and will allow for best integration to your team – it's not about cheapest or pure skills. (IEEE Access, 2020)

    Info-Tech Insight

    Finding the right outsourcing vendor is an exercise in knowing yourself and then finding the best match to align with your key traits. It's not just costs and skills, but the partner who best matches with your ability to mitigate the risks of outsourcing.

    Phase 1

    Look inward to gain insight on key factors

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will walk you through assessing and documenting the key driving factors about your firm and the current situation.

    By defining these factors, you will be able to apply this information in the matching process to select the best fit in a partner.

    This phase involves the following participants:

    Line of Business leaders

    Technology leaders

    Key criteria to assess your firm

    Research shows firms must assess themselves in different areas.

    Market factors

    • Who are your clients and your competitors, and what legal constraints do you face?

    People / Process factors

    • What employee skills are you seeking, what is your maturity in product management and stakeholder engagement, and what languages are spoken most predominantly?

    Cultural factors

    • What is your culture around communications, collaboration, change management, and conflict resolution?

    Technical factors

    • What is your current / future technical platform, and what is the maturity of your applications?

    Info-Tech Best Practice

    When assessing these areas, consider where you are today and where you want to go tomorrow, as choosing a partner is a long-term endeavor.

    Step 1.1

    Assess your market factors

    Activities

    1.1.1 Review your client list and future projections to determine your market factors.

    1.1.2 Review your competitive analysis to determine your competitive factors

    This step involves the following participants:

    Business leaders

    Product Owners

    Technology leaders

    Outcomes of this step

    Details of key market factors that will drive the selection of the right partner.

    Market factors

    The Market has a lot to say about the best match for your application development partner.

    Research in the space has defined key market-based factors that are critical when selecting a partner.

    1. Market sectors you service or plan to service – This is critical, as many market sectors have constraints on where their data can be accessed or stored. These restrictions also change over time, so they must be consistently reviewed.
    • E.g. Canadian government data must be stored and only accessed in Canada.
    • E.g. US Government contracts require service providers to avoid certain countries.
  • Your competitors – Your competitors can often seize on differences and turn them to differentiators; for example, offshoring to certain countries can be played up as a risk by a competitor who does all their work in a particular country.
  • Your clients – Research shows that clients can have very distinct views on services being performed in certain countries due to perceived risk, culture, and geopolitical factors. Understanding the views of major clients on globalization of services is a key factor in maintaining client satisfaction.
  • Info-Tech Insight

    Understanding your current and future market factors ensure that your business can not only be successful with the chosen partner today, but also in the future.

    1.1.1 Assess your market factors

    30 min

    Market factors

    1. Group your current client list into three categories:
      1. Those that have no restrictions on data security, privacy or location.
      2. Those that ask for assurances on data security, privacy and location.
      3. Those clients who have compliance restrictions related to data security, privacy, and location.
    2. Categorize future markets into the same three categories.
    3. Based on revenue projections, estimate the revenue from each category as a percentage of your total revenue.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Current client list
    • Future market plans
    • Competitive analysis
    • Completion of the Market Factors chart in the Select a Sourcing Partner for Your Development Team template
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Line of business leaders
    • Finance leaders

    Assess your market factors

    Market and sector

    Market share and constraints

    Market category

    Sector – Public, private or both

    Market share of category

    Key areas of concern

    Not constrained by data privacy, security or location

    Private

    50%

    Require assurances on data security, privacy or location

    Public

    45%

    Data access

    Have constraints that preclude choices related to data security, privacy and location

    Public

    5%

    Data residency

    1.1.2 Review your competitive factors

    30 min

    Competitive factors

    1. List your largest competitors.
    2. Document their sourcing strategies for their development team – are they all onshore or nearshore? Do they outsource?
    3. Based on this, identify competitive threats based on changing sourcing strategies.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Current client list
    • Future market plans
    • Competitive analysis
    • Completion of the Market Factors chart in the Select a Sourcing Partner for Your Development Team template
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Line of business leaders
    • Finance leaders

    Review your competitive factors

    Competitors

    Competitor sourcing strategy

    Competitive threats

    Competitor

    Where is the market?

    Is this onshore / near shore / offshore?

    Data residency

    How could competitors take advantage of a change in our sourcing strategy?

    Competitor X

    Canada / US

    All work done in house and onshore

    Kept in Canada / US

    If we source offshore, we will face a Made in Canada / US threat

    Step 1.2

    Consider your people-related factors

    Activities

    1.2.1 Define your people factors

    1.2.2 Assess your process factors

    This step involves the following participants:

    Technical leaders

    Outcomes of this step

    Details of key people factors that will drive the selection of the right partner.

    People / process factors

    People and process have a large hand in the success or failure of a partner relationship.

    • Alignment of people and process are critical to the success of the partner relationship over the long term.
    • In research on outsourcing / offshoring, Rahman et al identified ten factors that directly impact success or failure in offshoring or outsourcing of development.
    • Key among them are the following:
      • Employee skills
      • Project management
      • Maturity of process concerning product and client management
      • Language barrier

    Info-Tech Insight

    People are a critical resource in any sourcing strategy. Making sure the people and the processes will mesh seamlessly is how to ensure success.

    1.2.1 Define your people factors

    30 min

    Skills Inventory

    1. List skills needed in the development team to service current needs.
    2. Based on future innovation and product direction, add skills you foresee needing in the next 12-24 months. Where do you see a new technology platform (e.g. move from .NET to Java) or innovation (addition of Mobile)?
    3. List current skills present in the team.
    4. Identify skills gaps.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Product plans for current and future products
    • Technology platform plans for current products
    • Future innovation plans
    • People- and process-related factors that influence sourcing decisions
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Solution architects

    Assess your people - Skills inventory

    Skills required

    Strategic value

    Skills present

    Skill you are seeking

    Required today or in the future

    Rate the skill level required in this area

    Is this a strategic focus for the firm for future targets?

    Is this skill present in the team today?

    Rate current skill level (H/M/L)

    Java Development

    Future

    High

    Yes

    No

    Low

    .Net Development

    Today

    Med

    No

    Yes

    High

    1.2.2 Assess your process factors

    30 min

    Process factors

    1. Do you have a defined product ownership practice?
    2. How mature is the product ownership for the product you are seeking to change sourcing for (H/M/L)?
    3. Do you have project management principles and governance in place for software releases?
    4. What is the relative maturity / skill in the areas you are seeking sourcing for (H/M/L)?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Product plans for current and future products
    • Technology platform plans for current products
    • Future innovation plans
    • People- and process-related factors that influence sourcing decisions
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Solution architects

    Assess your process factors

    Product ownership

    Project management

    Product where sourcing is being changed

    Product ownership in place?

    Skills / maturity rating (H/M/L)

    Project management / governance in place for software releases

    Rate current maturity / skill level (H/M/L)

    ABC

    Yes

    High

    Yes

    High

    SQW

    No

    Low

    Yes

    High

    Step 1.3

    Review your current culture

    Activities

    1.3.1 Assess your communications factors

    1.3.2 Assess your conflict resolution factors

    This step involves the following participants:

    Technical leaders

    Product owners

    Project managers

    Outcomes of this step

    Details of key culture factors that will drive the selection of the right partner.

    Cultural factors

    Organization culture fit is a driver of collaboration between the teams, which drives success.

    • In their study of country attractiveness for sourcing development, Kotlarsky and Oshri point to the ability of the client and their sourcing partner to work as one team as a key to success.
    • This requires synergies in many cultural factors to avoid costly miscommunications and misinterpretations that damage collaboration.
    • Key factors in achieving this are:
      • Communications methodology and frequency; managing and communicating to the teams as one team vs two, and communicating at all levels, vs top down.
      • Managing the team as one integrated team, with collaboration enabled between all resources, rather than the more adversarial client vs partner approach.
      • Conflict resolution strategies must align so all members of the extended team work together to resolve conflict vs the traditional “Blame the Contractors”.
      • Strong change management is required to keep all team members aligned.

    Info-Tech Insight

    Synergy of culture is what enables a good partner selection to become a long-term relationship of value.

    1.3.1 Assess your communications factors

    30 min

    1. List all the methods you use to communicate with your development team – face to face, email, conference call, written.
    2. For each form of communication confirm frequency, medium, and audience (team vs one-on-one)
    3. Confirm if these communications take into account External vs Internal resources and different time zones, languages, and cultures.
    4. Is your development team broken up into teams by function, by location, by skill, etc., or do you operate as one team?

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Communication process with existing development team
    • Examples of how external staff have been integrated into the process
    • Examples of conflicts and how they were resolved
    • Documentation of key cultural characteristics that need to be part of provider profiling
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Project managers

    Assess your communications strategy

    Communications

    Type

    Frequency

    Audience

    One communication or one per audience?

    Level of two-way dialogue

    Face-to-face team meetings

    Weekly

    All developers

    One

    High

    Daily standup

    Daily

    Per team

    One per audience

    Low

    1.3.2 Assess your conflict resolution factors

    30 min

    1. How does your organization handle the following types of conflict? Rate from 1-5, with 1 being hierarchical and 5 being openly collaborative.
      1. Developers on a team disagree.
      2. Development team disagrees with manager.
      3. Development team disagrees with product owner.
      4. Development team disagrees with line of business.
    2. Rate each conflict resolution strategy based on effectiveness.
    3. Confirm if this type of strategy is used for internal and external resources, or internal only.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Communication process with existing development team
    • Examples of how external staff have been integrated into the process
    • Examples of conflicts and how they were resolved
    • Documentation of key cultural characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Project managers

    Assess your conflict resolution strategy

    Conflict

    Resolution strategy

    Effectiveness

    Audience

    Conflict type

    Rate the resolution strategy from hierarchical to collaborative (1-5)

    How effective is this method of resolution from 1-5?

    Is this strategy used for external parties as well as internal?

    Developer to product owner

    44

    Yes

    Developer to manager

    12

    Yes

    Step 1.4

    Document your technical factors

    Activities

    1.4.1 Document your product / platform factors

    1.4.2 Document your environment details

    This step involves the following participants:

    Technical leaders

    Product owners

    Outcomes of this step

    Details of key technical factors that will drive the selection of the right partner.

    Technical factors

    Technical factors are still the foundation for a Development sourcing relationship.

    • While there are many organizational factors to consider, the matching of technological factors is still the root on which the sourcing relationship is built; the end goal is to build better software.
    • Key technical Items that need to be aligned based on the research are:
      • Technical infrastructure
      • Development environments
      • Development methodology and tools
      • Deployment methodology and tools
      • Lack of/poor-quality technical documentation
    • Most RFPs focus purely on skills, but without alignment on the above items, work becomes impossible to move forward quickly, limiting the chances of success.

    Info-Tech Insight

    Technical factors are the glue that enables teams to function together. Ensuring that they are fully integrated is what enables team integration; seams in that integration represent failure points.

    1.4.1 Document your product / platform factors

    30 mins

    1. How many environments does each software release go through from the start of development through release to production?
    2. What is the infrastructure and development platform?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Document your product / platform

    Product / Platform

    Product you are seeking a sourcing solution for

    What is the current infrastructure platform?

    How many environments does the product pass through?

    What is the current development toolset?

    ABC

    Windows

    Dev – QA – Preprod - Prod

    .Net / Visual Studio

    1.4.2 Document your environment details

    30 min

    For each environment detail the following:

    1. Environment on premises or in cloud
    2. Access allowed to external parties
    3. Production data present and unmasked
    4. Deployment process: automated or manual
    5. Tools used for automated deployment
    6. Can the environment be restored to last known state automatically?
    7. Does documentation exist on the environment, processes and procedures?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Document Your Environment Details

    Environment

    Location

    Access

    Deployment

    Data

    Name of Environment

    Is the environment on premises or in the cloud (which cloud)?

    Is external access allowed?

    Is deployment automated or manual?

    Tool used for deployment

    Is reset automated?

    Does the environment contain unmasked production data?

    Dev

    Cloud

    Yes

    Automated

    Azure DevOps

    Yes

    No

    QA

    Cloud

    Yes

    Automated

    Azure DevOps

    Yes

    No

    Preprod

    On Premises

    No

    Manual

    N/A

    No

    Yes

    Phase 2

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will help you to build a profile of the partner you should target in your search for a sourcing partner.

    This phase involves the following participants:

    Technology leaders

    Procurement leaders

    Product owners

    Project managers

    Build a profile for the right partner

    • Finding the perfect partner is a puzzle to solve, an exercise between the firm and the partners.
    • It is necessary to be able to prioritize and to identify opportunities where you can adapt to create a fit.
    • You must also bring forward the sourcing model you are seeking and prioritize factors based on that; for example, if you are seeking a nearshore partner, language may be less of a factor.

    Review factors based on sourcing choice

    Different factors are more important depending on whether you are insourcing or outsourcing.

    Key risks for insourcing

    • Alignment on communication strategy and method
    • Ability to align culturally
    • Need for face-to-face relationship building
    • Need for coaching skills

    Key risks for outsourcing

    • Giving control to the vendor
    • Legal and regulatory issues
    • Lack of knowledge at the vendor
    • Language and cultural fit

    Assessing your firm's position

    • The model you derived from the Sourcing Strategy research will inform the prioritization of factors for matching partners.

    Info-Tech Insight

    To find the best location for insourcing, or the best vendor for outsourcing, you need to identify your firm's positions on key risk areas.

    Step 2.1

    Recall your sourcing strategy

    Activities

    2.1.1 Define the key factors in your sourcing strategy

    This step involves the following participants:

    Technology Leaders

    Outcomes of this step

    Documentation of the Sourcing Strategy you arrived at in the Define a Sourcing Strategy exercises

    Choosing the right model

    The image contains a screenshot of the legend that will be used down below. The legend contains circles, from the left there is a empty circle, a one quarter filled circle, half filled circle, three-quarter filled circle , and a fully filled in circle.

    Determinant

    Key Questions to Ask

    Onshore

    Nearshore

    Offshore

    Outsource role(s)

    Outsource team

    Outsource product(s)

    Business dependence

    How much do you rely on business resources during the development cycle?

    The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the empty circle to demonstrate low.

    Absorptive capacity

    How successful has the organization been at bringing outside knowledge back into the firm?

    The image contains a screenshot of the empty circle to demonstrate low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Integration complexity

    How many integrations are required for the product to function – fewer than 5, 5-10, or more than 10?

    The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the empty circle to demonstrate low.

    Product ownership

    Do you have full-time product owners in place for the products? Do product owners have control of their roadmaps?

    The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Organization culture fit

    What are your organization’s communication and conflict resolution strategies? Is your organization geographically dispersed?

    The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Vendor mgmt skills

    What is your skill level in vendor management? How old are your longest-standing vendor relationships?

    The image contains a screenshot of the empty circle to demonstrate low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    2.1.1 Define the key factors in your sourcing strategy

    30 min

    For each product you are seeking a sourcing strategy for, document the following:

    1. Product or team name.
    2. Sourcing strategy based on Define a Sourcing Strategy.
    3. The primary drivers that led to this selection – Business Dependence, Absorptive Capacity, Integration Complexity, Product Ownership, Culture or Vendor Management.
    4. The reasoning for the selection based on that factor – e.g. we chose nearshoring based on high business dependence by our development team.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Sourcing Strategy from Define a Sourcing Strategy for your Development Team
    • Reasoning that drove the sourcing strategy selection
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leadership

    Define sourcing strategy factors

    Sourcing strategy

    Factors that led to selection

    Product you are seeking a sourcing solution for

    Strategy defined

    Key factors that led to that choice

    Reasoning

    ABC

    Outsourcing - Offshore

    • Product ownership
    • Business integration
    • Product maturity
    • Technical environment

    Mature product ownership and low requirement for direct business involvement.

    Mature product with lower environments in cloud.

    Step 2.2

    Prioritize your company factors

    Activities

    2.2.1 Prioritize the factors from your sourcing strategy and confirm if mitigation or adaptation are possible.

    This step involves the following participants:

    IT Leadership team

    Outcomes of this step

    Prioritized list of key factors

    2.2.1 Prioritize your sourcing strategy factors

    30 min

    1. For each of the factors listed in exercise 2.1, prioritize them by importance to the firm.
    2. For each factor, please confirm if there is room to drive change internally to overcome the lack of a match – for example, if the culture being changed in language and conflict resolution is an option, then say Yes for that factor.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Sourcing Strategy factors from 2.1
    • Prioritized list of sourcing strategy factors
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders

    Sourcing strategy factors and priority

    Sourcing strategy

    Factors that led to selection

    Priority of factor in decision

    Change possible

    Product you are seeking a sourcing solution for

    Strategy defined

    Key factors that led to your choice

    Reasoning

    Priority of factor 1-x

    Is there an opportunity to adapt this factor to a partner?

    ABC

    Outsourcing - offshore

    • Product ownership
    • Business integration
    • Product maturity
    • Technical environment

    Mature product ownership

    Low requirement for direct business involvement

    Mature product with lower environments in cloud

    2

    1

    3

    N

    N

    Y

    Step 2.3

    Create target profile

    Activities

    2.3.1 Profile your best fit

    This step involves the following participants:

    IT Leadership team

    Outcomes of this step

    Profile of the target partner

    Profiling your best fit

    Creating a target profile will help you determine which partners should be included in the process.

    Given the complexity of all the factors and trying to find the best fit from a multitude of partners, Info-Tech recommends forming a target profile for your best fit of partner.

    This profile provides a detailed assessment matrix to use to review potential partners.

    Profile should be created based on priority; "must haves" are high priority, while properties that have mitigation opportunities are optional or lower priority.

    Criteria

    Priority

    Some US Govt contracts – data and staff in NATO

    1

    Windows environment – Azure DEVOPS

    2

    Clients in FS

    3

    Agile SDLC

    4

    Collaborative communication and conflict resolution

    5

    Mature product management

    6

    Languages English and Spanish

    7

    Partner Profile

    • Teams in NATO and non-NATO countries
    • Windows skills with Azure
    • Financial Services experience
    • Utilize Agile and willing to plug into our teams
    • Used to collaborating with clients in one team environment
    • One centre in Latin / South America

    Info-Tech Insight

    The factors we have defined serve to build us a profile for the ideal partner to engage in sourcing our development team. This profile will lead us to be able to define our RFP / RFI and assess respondents.

    Case study: Cognizant is partnering with clients on product development

    INDUSTRY: Technology Services

    SOURCE: Interview with Jay MacIsaac, Cognizant

    Cognizant is driving quality solutions for clients

    • Strives to be primarily an industry-aligned organization that delivers multiple service lines in multiple geographies.
    • Seeks to carefully consider client culture to create one team.
    • Value proposition is a consultative approach bringing thought leadership and mutually adding value to the relationship vs the more traditional order taker development partner
    • Wants to share in solution development to facilitate shared successes. Geographic alignment drives knowledge of the client and their challenges, not just about time zone and supportability.
    • Offers one of the largest offshore capabilities in the world, supported by local and nearshore resources to drive local knowledge.
    • Realizes today’s clients don’t typically want a black box, they are sophisticated and want transparency around the process and solution, to have a partner.
    • Understands that clients do want to know where the work is being delivered from and how it's being delivered, and want to help manage expectations and overall risk.

    Synergy with Info-Tech’s approach

    • Best relationship comes when teams operate as one.
    • Clients are seeking value, not a development black box.
    • Clients want to have a partner they can engage with, not just an order taker.
    • Goal is a one-team culture with shared goals and delivering business value.
    • Ideal is a partner that will add to their thinking, not echo it.

    Results of this approach

    • Cognizant is continuing to deliver double-digit growth and continues to strive for top quartile performance.
    • Growth in the client base has seen the company grow to over 340,000 associates worldwide.

    Case study: Cabot Technology Solutions uses industry knowledge to drive successful partnerships

    INDUSTRY: Technology Services

    SOURCE: Interview with Shibu Basheer, Cabot Technology Solutions

    Cabot Technology Solutions findings

    • Cabot Technology Solutions looks to partner with clients and deliver expertise and value, not just application development.
      • Focus on building deep knowledge in their chosen vertical, Healthcare.
      • Focus on partnering with clients in this space who are seeking a partner to provide industry knowledge and use this to propel them forward.
      • Look to work with clients seeking a one team philosophy.
      • Avoid clients looking for a cheap provider.
    • Recognizing the initial apprehension to India as a location, they have built a practice in Ontario that serves as a bridge for their offshore team.
    • Cabot overcame initial views and built trust, while integrating the India team in parallel.

    Synergy with Info-Tech approach

    • Preference is partners, not a client/vendor relationship.
    • Single country model is set aside in favor of mix of near and offshore.
    • Culture is a one team approach, not the more adversarial order-taker approach.
    • Goal is to build long-term relationships of value, not task management.

    Results of this approach

    • Cabot is a recognized as a top software development company in many markets across the USA.
    • Cabot continues to drive growth and build referenceable client relationships across North America.

    2.3.1 Profile your best fit

    30 min

    1. Document the list of skills you are seeking from the People Factors – Skills Inventory in Section 1.2 – these represent the skills you are seeking in a partner.
    2. Document the culture you are looking for in a partner with respect to communications and conflict resolution in the culture section of the requirements – this comes from Section 1.3.
    3. Confirm the type of partner you are seeking – nearshore, offshore, or outsourcing based on the sourcing strategy priorities in Section 2.2.
    4. Confirm constraints that the partner must work under based on constraints from your market and competitor factors in Section 1.1.
    5. Confirm your technical requirements in terms of environments, tools, and processes that the vendor must align to from Section 1.4.

    Download the Select a Sourcing Partner Presentation Template

    Input Output

    All exercises done in Steps 11-1.4 and 2.1-2.2

    Profile of a target partner to drive the RFx Criteria

    Materials Participants

    Select a Sourcing Partner for Your Development Team Presentation template

    Development leaders

    Deployment team leaders

    Infrastructure leaders

    IT operations leaders

    Product owners

    Project managers

    RFP skills requirement

    People skills required

    Product ownership

    Project management

    Skill

    Skill level required

    Tools / platform requirement

    Details of product management methodology and skills

    Details of firm's project management methodology

    .NET

    Medium

    Windows

    Highly mature, high skill

    Highly mature, high skill

    Java

    High

    Windows

    Low

    High

    RFx cultural characteristics

    Communication strategy

    Conflict resolution

    Organization / management

    Communication mediums supported

    Frequency of meetings expected

    Conflict resolutions strategies used at the firm

    Management methodology

    Face to face

    Weekly

    Collaborative

    Online

    Daily

    Hierarchical with manager

    Hierarchical

    RFx market constraints

    Constraints

    Partner proposal

    Constraint type

    Restrictions

    Market size required for

    Reasoning

    Data residency

    Data must stay in Canada for Canadian Gov't clients

    5% Canada public sector

    Competitive

    Offshoring dev means competition can take advantage

    95% Clients

    Need strategy to show data and leadership in NA, but delivering more innovation at lower cost by going offshore

    RFx technical requirements

    Technical environments

    Infrastructure

    Alignment of SDLC

    Tools required for development team

    Access control software required

    Infrastructure location

    Number of environments from development to production

    .Net Visual Studio

    Microsoft

    Azure

    4

    RFx scope of services

    Work being sourced

    Team sizing

    Work being sourced

    Skill level required

    Average size of release

    Releases per year

    Java development of new product

    High

    3-month development

    6

    .NET staff augmentation

    Medium

    ½-month development

    12

    Phase 3

    Choose the partner that will best enable you to move forward as one integrated team.

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    For more details on Partner Selection, please refer to our research blueprint entitled Select an ERP Partner

    This phase will help you define your RFx for your provider search

    This phase involves the following participants:

    Vendor Management Team

    IT Leadership

    Finance Team

    Finding the right fit should always come before rates to determine value

    The right fit

    Determined in previous activities

    Negotiating will eventually bring the two together

    Value

    Rates

    Determined by skill and location

    Statement of Work (SOW) quality

    A quality SOW is the result of a quality RFI/RFP (RFx).

    The process up to now has been gathering the materials needed to build a quality RFx. Take this opportunity to review the outputs of the preceding activities to ensure that:

    • All the right stake holders have been engaged.
    • The requirements are complete.

    Info-Tech’s RFP Review as a Service looks for key items to ensure your RFx will generate quality responses and SOWs.

    • Is it well-structured with a consistent use of fonts and bullets?
    • Is it laid out in sections that are easily identifiable and progress from high-level to more detailed information?
    • Can a vendor quickly identify the ten (or fewer) things that are most important to you?

    The image contains a screenshot of the Request for Proposal Review as a Service.

    Step 3.1

    Review your RFx

    Activities

    3.1.1 Select your RFx template

    3.1.2 Finalize your RFx

    3.1.3 Weight each evaluation criteria

    This step involves the following participants:

    • Project team
    • Evaluation team
    • Vendor management team
    • CIO

    Outcomes of this step

    • Completed RFx

    Info-Tech’s RFI/RFP process

    Info-Tech has well-established vendor management templates and practices

    • Identify Need
    • Define Business Requirements
    • Gain Business Authorization
    • Perform RFI/RFP
    • Negotiate Agreement
    • Purchase Goods and Services
    • Assess and Measure Performance

    Info-Tech Best Practice

    You’ll want to customize templates for your organization, but we strongly suggest that you take whatever you feel best meets your needs from both the long- and short-form RFPs presented in this blueprint.

    The secret to managing an RFP is to make it manageable. And the secret to making an RFP manageable is to treat it like any other aspect of business – by developing a process. With a process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.

    Your RFP process should be tailored to fit the needs and specifics of your organization and IT.

    Info-Tech Insight

    Create a better RFP process using Info-Tech’s well-established templates and methodology.

    Create a Better RFP Process

    In a hurry? Consider an enhanced RFI instead of an RFP.

    While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations. An enhanced RFI (ERFI) is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.

    Stage 1:

    Create an RFI with all the customary components. Next, add a few additional RFP-like requirements (e.g. operational and technical requirements). Make sure you include a request for budgetary pricing and provide any significant features and functionality requirements so that the vendors have enough information to propose solutions. In addition, allow the vendors to ask questions through your single point of coordination and share answers with all the vendors. Finally, notify the vendors that you will not be doing an RFP – this is it!

    Stage 2:

    Review the vendors’ proposals and select the best two. Negotiate with both vendors and then make your decision.

    The ERFI shortens the typical RFP process, maintains leverage for your organization, and works great with low- to medium-spend items (however your organization defines them). You’ll get clarification on vendors’ competencies and capabilities, obtain a fair market price, and meet your internal clients’ aggressive timelines while still taking steps to protect your organization.

    RFI Template

    The image contains a screenshot of the RFI Template.

    Use this template to create your RFI baseline template. Be sure to modify and configure the template to your organization’s specifications.

    Request for Information Template

    Long-Form RFP Template

    Configure Info-Tech’s Long-Form RFP Template for major initiatives

    The image contains a screenshot of the long-form RFP Template.

    A long-form or major RFP is an excellent tool for more complex and complicated requirements. This example is for a baseline RFP.

    It starts with best-in-class RFP terms and conditions that are essential to maintaining your control throughout the RFP process. The specific requirements for the business, functional, technical, and pricing areas should be included in the exhibits at the end of the template. That makes it easier to tailor the RFP for each deal, since you and your team can quickly identify specific areas that need modification. Grouping the exhibits together also makes it convenient for both your team to review, and the vendors to respond.

    You can use this sample RFP as the basis for your template RFP, taking it all as is or picking and choosing the sections that best meet the mission and objectives of the RFP and your organization.

    Source: Info-Tech’s The Art of Creating a Quality RFP

    Short-Form RFP Template

    Configure Info-Tech’s Short-Form RFP Template for minor or smaller initiatives

    The image contains a screenshot of the Short-Form RFP Template.

    This example is for a less complex RFP that has relatively basic requirements and perhaps a small window in which the vendors can respond. As with the long-form RFP, exhibits are placed at the end of the RFP, an arrangement that saves time for both your team and the vendors. Of course, the short-form RFP contains fewer specific instructions, guidelines, and rules for vendors’ proposal submissions.

    We find that short-form RFPs are a good choice when you need to use something more than a request for quote (RFQ) but less than an RFP running 20 or more pages. It’s ideal, for example, when you want to send an RFP to only one vendor or to acquire items such as office supplies, contingent labor, or commodity items that require significant vendor's risk assessment.

    Source: The Art of Creating a Quality RFP

    3.1.1 Select your RFx template

    1-3 hours

    1. As a group, download the RFx templates from the previous three slides.
    2. Review your RFx process as a group. Be sure to include the vendor management team.
    3. Be sure to consider organization-specific procurement guidelines. These can be included. The objective here is to find the template that is the best fit. We will finalize the template in the next activity.
    4. Determine the best template for this project.
    Input Output
    • RFx templates
    • The RFx template that will be used for this project
    Materials Participants
    • Info-Tech’s Enhanced RFI Template, Long-Form RFP Template, and Short-Form RFP Template
    • Vendor management team
    • Project team
    • Project manager

    Finalize your RFx

    Key insights

    Leverage the power of the RFP

    • Too often RFPs fail to achieve their intended purposes, and your organization feels the effects of a poorly created RFP for many years.
    • If you are faced with a single source vendor, you can perform an RFP to one to create the competitive leverage.

    Make the response and evaluation process easier

    • Being strategic in your wording and formatting makes it easier on both parties – easier for the vendors to submit meaningful proposals, and easier for customer teams to evaluate.
    • Create a level playing field to encourage competition. Without multiple proposals, your options are limited and your chances for a successful project plummet.

    Maximize the competition

    • Leverage a pre-proposal conference to resolve vendor questions and to ensure all vendors receive the same answers to all questions. No vendor should have an information advantage.

    Do’s

    • Leverage your team’s knowledge.
    • Document and explain your RFP process to stakeholders and vendors.
    • Include contract terms in your RFP.
    • Measure and manage performance after contract award.
    • Seek feedback from the RFP team on your process and improve it as necessary.

    Don'ts

    • Reveal your budget.
    • Do an RFP in a vacuum.
    • Send an RFP to a vendor your team is not willing to award the business to.
    • Hold separate conversations with candidate vendors during your RFP process.
    • Skimp on the requirements definition to speed the process.
    • Tell the vendor they are selected before negotiating.

    3.1.2 Finalize your RFx

    1-3 hours

    1. As a group, review the selected RFI or RFP template.
    2. This is YOUR document. Modify it to suit the needs of the organization and even add sections from the other RFP templates that are relevant to your project.
    3. Use the Supplementary RFx Material as a guide.
    4. Add the content created in Steps 1 and 2.
    5. Add any organization-specific clauses or requirements.
    6. Have the project team review and comment on the RFP.
    7. Optional: Use Info-Tech’s RFP Review Concierge Service.

    Download the RFx Vendor Evaluation Tool

    Download the Supplementary RFx Material

    InputOutput
    • RFx template
    • Organizational specific guidelines
    • Materials from Steps 1 and 2
    • Supplementary RFx Material
    • Finalized RFx
    MaterialsParticipants
    • Electronic RFP document for editing
    • Vendor management team
    • Project team
    • Project manager

    3.1.2 Bring it all together

    Supplementary RFx Material

    The image contains a screenshot of Supplementary RFx Material.

    Review the sample content to get a feel for how to incorporate the results of the activities you have worked through into the RFx template.

    RFx Templates

    Use one of our templates to build a ready-for-distribution implementation partner RFx tailored to the unique success factors of your implementation.

    Exercises in Steps 1 and 2

    The image contains a screenshot of Exercises in Steps 1 and 2

    Use the material gathered during each activity to inform and populate the implementation partner requirements that are specific for your organization and project.

    The image contains a screenshot of the Long Form RFx template.The image contains a screenshot of the Short Form RFx template.

    3.1.3 Weight each evaluation criteria

    1-3 hours

    1. As a group, review the selected RFI or RFP template.
    2. This is your document. Modify it to suit the needs of the organization and even add sections from the other RFP templates that are relevant to your project.
    3. Use the Supplementary RFx Material as a guide.
    4. Utilize the content defined in Steps 1 and 2.
    5. Add any organization-specific clauses or requirements.
    6. Have the project team review and comment on the RFP.
    7. Optional: Use Info-Tech’s RFP Review Concierge Service.

    Download the Supplementary RFx Material

    InputOutput

    RFx Vendor Evaluation Tool

    Exercises from Steps 1 and 2

    • Weighted scoring tool to evaluate responses
    MaterialsParticipants
    • RFx Vendor Evaluation Tool
    • Supplementary RFx Material
    • Vendor management team
    • Project team
    • Project manager

    3.1.3 Apply weight to each evaluation criteria

    Use this tool to weight each critical success factor based on results of the activities within the vendor selection workbook for later scoring results.

    The image contains a screenshot of the RFx Vendor Evaluation Tool.

    Download the RFx Vendor Evaluation Tool

    Step 3.2

    Identify target vendors

    Activities

    3.2.1 Identify target vendors

    3.2.2 Define your RFx timeline

    This step involves the following participants:

    • Project team
    • Vendor management team

    Outcomes of this step

    • Targeted vendor list
    • Initial RFx timeline

    3.2.1 Identify target vendors

    1-3 hours

    1. Based on the profile defined in Step 2.3, research potential partners that fit the profile, starting with those you may have used in the past. From this, build your initial list of vendors to target with your RFx.
    2. Break into smaller groups (or continue as a single group if it is already small) and review each shortlisted vendor to see if they will likely respond to the RFx.
    Input Output
    • Websites
    • Peers
    • Advisory groups
    • A shortlist of vendors to target with your RFx
    Materials Participants
    • RFx Vendor Evaluation Tool
    • CIO
    • Vendor management team
    • Project team
    • Evaluation team

    Download the RFx Vendor Evaluation Tool

    Define your RFx timeline

    Provider RFx timelines need to be clearly defined to keep the project and participants on track. These projects and processes can be long. Set yourself up for success by identifying the time frames clearly and communicating them to participants.

    1. Current
    • Concurrent ERP product selection
    • RFx preparation
    • Release of RFX
  • Near-term
    • Responses received
    • Scoring responses
    • Shortlisting providers
    • Provider interviews
    • Provider selection
    • Provider contract negotiations
    • Contract with provider
  • Future
    • Initiation of knowledge transfer
    • Joint development period
    • Cutover to provider team

    89% of roadmap views have at least some representation of time. (Roadmunk, n.d.)

    Info-Tech Insight

    The true value of time horizons is in dividing your timeline and applying different standards and rules, which allows you to speak to different audiences and achieve different communication objectives.

    3.2.2 Define your RFx timeline

    1-3 hours

    1. As a group identify an appropriate timeline for your RFP process. Info-Tech recommends no less than three months from RFx release to contract signing.

      Keep in mind that you need to allow for time to engage the team and perform some level of knowledge transfer, and to seed the team with internal resources for the initial period.
    2. Leave enough time for vendor responses, interviews, and reference checks.
    3. Once the timeline is finalized, document it and communicate it to the organization.

    Download the RFx Vendor Evaluation Tool

    Input Output
    • RFx template
    • Provider RFx timeline
    Materials Participants
    • RFx Vendor Evaluation Tool
    • Vendor management team
    • Project team
    • Project manager

    Define your RFx timeline

    The image contains a screenshot of an example of an RFx timeline.

    Step 3.3

    Evaluate vendor responses

    Activities

    3.3.1 Evaluate responses

    This step involves the following participants:

    • Evaluation team

    Outcomes of this step

    • Vendor submission scores

    3.3.1 Evaluate responses

    1-3 hours

    1. Use the RFx Vendor Evaluation Tool to collect and record the evaluation team's scores for each vendor's response to your RFx.
    2. Then record and compare each team member's scores to rank the vendors' responses.
    3. The higher the score, the closer the fit.

    Download the RFx Vendor Evaluation Tool

    InputOutput
    • Vendor responses
    • Vendor presentations
    • Vendor scores
    MaterialsParticipants
    • RFx Vendor Evaluation Tool
    • Evaluation team

    3.3.1 Score vendor results

    Use the RFx Vendor Evaluation Tool to score the vendors' responses to your RFx using the weighted scale from Activity 3.1.3.

    The image contains a screenshot of the RFx Vendor Evaluation Tool.

    Download the RFx Vendor Evaluation Tool

    Phase 4

    Measuring the new relationship

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will allow you to define the relationship with your newly chosen partner, including choosing the right contract mechanism, defining shared goals for the relationship, and selecting the metrics and processes to measure performance.

    This phase involves the following participants:

    IT leadership

    Procurement team

    Product owners

    Project managers

    Implementing the Partner

    Implementing the new partner is an exercise in collaboration

    • Successfully implementing your new partner is an exercise in working together
    1. Define a contract mechanism that is appropriate for the relationship, but is not meant as punitive, contract-based management – this sets you up for failure.
    2. Engage with your team and your partner as one team to build shared, measurable goals
    3. Work with the team to define the metrics and processes by which progress against these goals will be measured
  • Goals, metrics and process should be transparent to the team so all can see how their performance ties to success
  • Make sure to take time to celebrate successes with the whole team as one
  • Info-Tech Insight

    Implement the relationship the same way you want it to work: as one team. Work together on contract mechanism, shared goals, metrics, and performance measurement. This transparency and collaboration will build a one team view, leading to long-term success.

    Step 4.1

    Engage partner to choose contract mechanism

    Activities

    4.1.1 Confirm your contract mechanism

    This step involves the following participants:

    IT leadership

    Procurement team

    Vendor team

    Outcomes of this step

    Contract between the vendor and the firm for the services

    Negotiate agreement

    Evaluate your RFP responses to see if they are complete and if the vendor followed your instructions.

    Then:

    Plan negotiation(s) with one or more vendors based on your questions and opportunities identified during evaluation.

    Select finalist(s).

    Apply selection criteria.

    Resolve vendors' exceptions.

    Negotiate before you select your vendor:

    Negotiating with two or more vendors will maintain your competitive leverage while decreasing the time it takes to negotiate the deal.

    Perform legal reviews as necessary.

    Use sound competitive negotiations principles.

    Info-Tech Insight

    Be certain to include any commitments made in the RFP, presentations, and proposals in the agreement, as the standard for an underperforming vendor.

    Info-Tech Insight

    Providing contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation.

    Leverage ITRG's negotiation process research for additional information

    For more details on this process please see our research Drive Successful Sourcing Outcomes with a Robust RFP Process

    4.1.1 Confirm your contract mechanism

    30 min

    1. Does the firm have prior experience with this type of sourcing arrangement?
    2. Does the firm have an existing services agreement with the selected partner?
    3. What contract mechanisms have been used in the past for these types of arrangements?
    4. What mechanism was proposed by the partner in their RFP response?

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Past sourcing agreements from Procurement
    • Proposed agreement from partner
    • Agreed upon contract mechanism
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Vendor management group
    • Partner leaders

    Choose the appropriate contract method

    Work being sourced

    Partner proposal

    Agreed-upon mechanism

    Work being sourced

    Vendor management experience with type

    Partner proposed contract method

    Agreed-upon contract method

    Java development team to build new product

    Similar work done with fixed price with another vendor

    Time and materials per scrum team

    Time and materials per scrum team to avoid vendor conflicts inherent in fixed price which limit innovation

    Step 4.2

    Engage partner team to define shared goals

    Activities

    4.2.1 Define your shared goals

    This step involves the following participants:

    IT leadership

    Vendor leadership

    Outcomes of this step

    Shared goals for the team

    Define success and shared goals

    Work together to define how you will measure yourselves.

    One team

    • Treating the new center and the existing team as one team is critical to long-term success.
    • Having a plan that allows for teams to meet frequently face-to-face "get to know you" and "stay connected" sessions will help the team gel.

    Shared goals

    • New group must share common goals and measurements.

    Common understanding

    • New team must have a common understanding and culture on key facets such as:
      • Measurement of quality
      • Openness to feedback and knowledge sharing
      • Culture of collaboration
      • Issue and Risk Management

    4.2.1 Define your shared goals

    30 min

    1. List each item in the scope of work for the sourcing arrangement – e.g. development of product XXX.
    2. For each scope item, detail the benefit expected by the firm – e.g. development cost expected to drop by 10% per year, or customer satisfaction improvement.
    3. For each benefit define how you will measure success – e.g. track cost of development for the development team assigned, or track Customer Satisfaction Survey results.
    4. For each measure, define a target for this year – e.g. 10% decrease over last year's cost, or customer satisfaction improvement from 6 to 7.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Services being procured from RFx
    • Benefits expected from the sourcing strategy
    • Baseline scores for measurements
    • Shared goals agreed upon between team and partner
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Partner leaders

    Define goals collaboratively

    Role and benefit

    Goals and objectives

    Role / work being sourced

    Benefit expected

    Measure of success

    Year over year targets

    Java development team to build new product

    New product to replace aging legacy

    Launch of new product

    Agree on launch schedule and MVP for each release / roadmap

    Step 4.3

    Choose your success metrics

    Activities

    4,3.1 Define metrics and process to monitor

    This step involves the following participants:

    IT leadership

    Product owners

    Project managers

    Vendor leaders

    Outcomes of this step

    Metrics and process to measure performance

    4.3.1 Define metrics and process to monitor

    30 min

    1. For each goal defined and measure of success, break down the measure into quantifiable, measurable factors – e.g. Development cost is defined as all the costs tracked to the project including development, deployment, project management, etc.
    2. For each factor choose the metric that can be reported on – e.g. project actuals.
    3. For each metric define the report and reporting frequency – e.g. monthly project actuals from project manager.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT Security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Agreed-upon metrics

    Goal

    Metrics and process

    Agreed-upon goal

    Year 1 target

    Metric to measure success

    Measurement mechanism

    Deliver roadmap of releases

    3 releases – MVP in roadmap

    Features and stories delivered

    Measure delivery of stories from Jira

    Research Contributor

    The image contains a picture of Alaisdar Graham.

    Alaisdar Graham

    Executive Counsellor

    Info-Tech Research Group

    During Alaisdar’s 35-year career in information and operational technology, Alaisdar has been CIO for public sector organizations and private sector companies. He has been an entrepreneur with his own consultancy and a founder or business advisor with four cyber-security start-ups, Alaisdar has developed experience across a broad range of industries within a number of different countries and become known for his ability to drive business benefits and improvements through the use of technology.

    Alaisdar has worked with CXO-level executives across different businesses. Whether undertaking a digital transformation, building and improving IT functions across your span of control, or helping you create and execute an integrated technology strategy, Alaisdar can provide insight while introducing you to Info-Tech Research Group’s experts. Alaisdar’s experience with organizational turn- around, governance, project, program and portfolio management, change management, risk and security will support your organization’s success.

    Research Contributor

    The image contains a picture of Richard Nachazel.

    Richard Nachazel

    Executive Counsellor

    Info-Tech Research Group

    • Richard has more than 40 years working in various Fortune 500 organizations. His specialties are collaborating with business and IT executives and senior stakeholders to define strategic goals and transform operational protocols, standards, and methodologies. He has established a reputation at multiple large companies for taking charge of critical, high-profile enterprise projects in jeopardy of failure and turning them around. Colleagues and peers recognize his ability to organize enterprise efforts, build, develop, and motivate teams, and deliver outstanding outcomes.
    • Richard has worked as a Global CISO & Head of IT Governance for a Swiss Insurance company, Richard developed and led a comprehensive Cyber-Security Framework that provided leadership and oversight of the cyber-security program. Additionally, he was responsible for their IT Governance Risk & Compliance Operation and the information data security compliance in a complex global environment. Richard’s experience with organizational turn around, governance, risk, and controls, and security supports technology delivery integration with business success. Richard’s ability to engage executive and senior management decision makers and champion vision will prove beneficial to your organization.

    Research Contributor

    The image contains a picture of Craig Broussard.

    Craig Broussard

    Executive Counsellor

    Info-Tech Research Group

    • Craig has over 35 years of IT experience including software development, enterprise system management, infrastructure, and cyber security operations. Over the last 20 years, his focus has been on infrastructure and security along with IT service management. He’s been an accomplished speaker and panelist at industry trade events over the past decade.
    • Craig has served as Global Infrastructure Director for NCH Corporation, VP of Information Technology at ATOS, and earlier in his career as the Global Head of Data Center Services at Nokia Siemens Networks. Craig also worked for MicroSolutions (a Mark Cuban Company). Additionally, Craig received formal consulting training while working for IBM Global Services.
    • Craig’s deep experience across many aspects of IT from Governance through Delivery makes him an ideal partner for Info-Tech members.

    Bibliography

    Offshore, Onshore or Hybrid–Choosing the Best IT Outsourcing Model. (n.d.).
    Offshore Dedicated Development Team – A Compelling Hiring Guide. (n.d.).
    The Three Non-Negotiables Of IT Offshoring. (n.d.). Forbes.
    Top Ten Countries For Offshoring. Forbes, 2004.
    Nearshoring in Europe: Choose the Best Country for IT Outsourcing - The World Financial Review. (n.d.).
    Select an Offshore Jurisdiction. The Best Countries for Business in 2021-2022! | InternationalWealth.info. (n.d.).
    How to Find the Best Country to Set Up an Offshore Company. (n.d.). biz30.
    Akbar, M. A., Alsanad, A., Mahmood, S., & Alothaim, A. (2021). Prioritization-based taxonomy of global software development challenges: A FAHP based analysis. IEEE Access, 9, 37961–37974
    Ali, S. (2018). Practices in Software Outsourcing Partnership: Systematic Literature Review Protocol with Analysis. Journal of Computers, (February), 839–861
    Baird Georgia, A. (2007). MISQ Research Curation on Health Information Technology 2. Progression of Health IT Research in MIS Quarterly. MIS Quarterly, 2007(June), 1–14.
    Akbar, M. A., Alsanad, A., Mahmood, S., & Alothaim, A. (2021). Prioritization-based taxonomy of global software development challenges: A FAHP based analysis. IEEE Access, 9, 37961–37974
    Ali, S. (2018). Practices in Software Outsourcing Partnership: Systematic Literature Review Protocol with Analysis. Journal of Computers, (February), 839–861
    Baird Georgia, A. (2007). MISQ Research Curation on Health Information Technology 2. Progression of Health IT Research in MIS Quarterly. MIS Quarterly, 2007(June), 1–14.
    Carmel, E., & Abbott, P. (2006). Configurations of global software development: offshore versus nearshore. … on Global Software Development for the Practitioner, 3–7.
    Hanafizadeh, P., & Zare Ravasan, A. (2018). A model for selecting IT outsourcing strategy: the case of e-banking channels. Journal of Global Information Technology Management, 21(2), 111–138.
    Ishizaka, A., Bhattacharya, A., Gunasekaran, A., Dekkers, R., & Pereira, V. (2019). Outsourcing and offshoring decision making. International Journal of Production Research, 57(13), 4187–4193.
    Jeong, J. J. (2021). Success in IT offshoring: Does it depend on the location or the company? Arxiv.
    Joanna Minkiewicz, J. E. (2009). Deakin Research Online Online. 2007, Interrelationships between Innovation and Market Orientation in SMEs, Management Research News, Vol. 30, No. 12, Pp. 878-891., 30(12), 878–891.

    Bibliography

    King, W. R., & Torkzadeh, G. (2016). Special Issue Information Systems Offshoring : Research Status and Issues. MIS Quarterly, 32(2), 205–225.
    Kotlarsky, J., & Oshri, I. (2008). Country attractiveness for offshoring and offshore outsourcing: Additional considerations. Journal of Information Technology, 23(4), 228–231.
    Lehdonvirta, V., Kässi, O., Hjorth, I., Barnard, H., & Graham, M. (2019). The Global Platform Economy: A New Offshoring Institution Enabling Emerging-Economy Microproviders. Journal of Management, 45(2), 567–599.
    Mahajan, A. (2018). Risks and Benefits of Using Single Supplier in Software Development. Oulu University of Applied Sciences. Retrieved from
    Murberg, D. (2019). IT Offshore Outsourcing: Best Practices for U.S.-Based Companies. University of Oregon Applied Information Management, 1277(800), 824–2714.
    Nassimbeni, G., Sartor, M., & Dus, D. (2012). Security risks in service offshoring and outsourcing. Industrial Management and Data Systems, 112(3), 405–440.
    Olson, G. M., & Olson, J. S. (2000). Distance matters. Human-Computer Interaction, 15(2–3), 139–178.
    Pilkova, A., & Holienka, M. (2018). Home-Based Business in Visegrad Countries: Gem Perspective. Innovation Management, Entrepreneurship and Sustainability 2018 Proceedings of the 6th International Conference.
    Rahman, H. U., Raza, M., Afsar, P., Alharbi, A., Ahmad, S., & Alyami, H. (2021). Multi-criteria decision making model for application maintenance offshoring using analytic hierarchy process. Applied Sciences (Switzerland), 11(18).
    Rahman, H. U., Raza, M., Afsar, P., Khan, H. U., & Nazir, S. (2020). Analyzing factors that influence offshore outsourcing decision of application maintenance. IEEE Access, 8, 183913–183926.
    Roadmunk. What is a product roadmap? Roadmunk, n.d. Accessed 12 Oct. 2021.
    Rottman, J. W., & Lacity, M. C. (2006). Proven practices for effectively offshoring IT work. MIT Sloan Management Review.
    Smite, D., Moe, N. B., Krekling, T., & Stray, V. (2019). Offshore Outsourcing Costs: Known or Still Hidden? Proceedings - 2019 ACM/IEEE 14th International Conference on Global Software Engineering, ICGSE 2019, 40–47.
    Welsum, D. Van, & Reif, X. (2005). Potential Offshoring: Evidence from Selected OECD Countries. Brookings Trade Forum, 2005(1), 165–194.
    Zhang, Y., Liu, S., Tan, J., Jiang, G., & Zhu, Q. (2018). Effects of risks on the performance of business process outsourcing projects: The moderating roles of knowledge management capabilities. International Journal of Project Management, 36(4), 627–639.

    Document and Maintain Your Disaster Recovery Plan

    • Buy Link or Shortcode: {j2store}417|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $52,224 Average $ Saved
    • member rating average days saved: 38 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Disaster recovery plan (DRP) documentation is often driven by audit or compliance requirements rather than aimed at the team that would need to execute recovery.
    • Between day-to-day IT projects and the difficulty of maintaining 300+ page manuals, DRP documentation is not updated and quickly becomes unreliable.
    • Inefficient publishing strategies result in your DRP not being accessible during disaster or key staff not knowing where to find the latest version.

    Our Advice

    Critical Insight

    • DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
    • Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
    • Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    Impact and Result

    • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans. Don’t mix the two in an all-in-one plan that is not effective for either audience.
    • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
    • Incorporate DRP maintenance into change management procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Document and Maintain Your Disaster Recovery Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt a visual-based DRP, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Streamline DRP documentation

    Start by documenting your recovery workflow. Create supporting documentation in the form of checklists, flowcharts, topology diagrams, and contact lists. Finally, summarize your DR capabilities in a DRP Summary Document for stakeholders and auditors.

    • Document and Maintain Your Disaster Recovery Plan – Phase 1: Streamline DRP Documentation

    2. Select the optimal DRP publishing strategy

    Select criteria for assessing DRP tools, and evaluate whether a business continuity management tool, document management solution, wiki site, or manually distributing documentation is best for your DR team.

    • Document and Maintain Your Disaster Recovery Plan – Phase 2: Select the Optimal DRP Publishing Strategy
    • DRP Publishing and Document Management Solution Evaluation Tool
    • BCM Tool – RFP Selection Criteria

    3. Keep your DRP relevant through maintenance best practices

    Learn how to integrate DRP maintenance into core IT processes, and learn what to look for during testing and during annual reviews of your DRP.

    • Document and Maintain Your Disaster Recovery Plan – Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices
    • Sample Project Intake Form Addendum for Disaster Recovery
    • Sample Change Management Checklist for Disaster Recovery
    • DRP Review Checklist
    • DRP-BCP Review Workflow (Visio)
    • DRP-BCP Review Workflow (PDF)

    4. Appendix: XMPL Case Study

    Model your DRP after the XMPL case study disaster recovery plan documentation.

    • Document and Maintain Your Disaster Recovery Plan – Appendix: XMPL Case Study
    • XMPL DRP Summary Document
    • XMPL Notification, Assessment, and Declaration Plan
    • XMPL Systems Recovery Playbook
    • XMPL Recovery Workflows (Visio)
    • XMPL Recovery Workflows (PDF)
    • XMPL Data Center and Network Diagrams (Visio)
    • XMPL Data Center and Network Diagrams (PDF)
    • XMPL DRP Business Impact Analysis Tool
    • XMPL DRP Workbook
    [infographic]

    Workshop: Document and Maintain Your Disaster Recovery Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Streamline DRP Documentation

    The Purpose

    Teach your team how to create visual-based documentation.

    Key Benefits Achieved

    Learn how to create visual-based DR documentation.

    Activities

    1.1 Conduct a table-top planning exercise.

    1.2 Document your high-level incident response plan.

    1.3 Identify documentation to include in your playbook.

    1.4 Create an initial collection of supplementary documentation.

    1.5 Discuss what further documentation is necessary for recovering from a disaster.

    1.6 Summarize your DR capabilities for stakeholders.

    Outputs

    Documented high-level incident response plan

    List of documentation action items

    Collection of 1-3 draft checklists, flowcharts, topology diagrams, and contact lists

    Action items for ensuring that the DRP is executable for both primary and backup DR personnel

    DRP Summary Document

    2 Select the Optimal DRP Publishing Strategy

    The Purpose

    Learn the considerations for publishing your DRP.

    Key Benefits Achieved

    Identify the best strategy for publishing your DRP.

    Activities

    2.1 Select criteria for assessing DRP tools.

    2.2 Evaluate categories for DRP tools.

    Outputs

    Strategy for publishing DRP

    3 Learn How to Keep Your DRP Relevant Through Maintenance Best Practices

    The Purpose

    Address the common pain point of unmaintained DRPs.

    Key Benefits Achieved

    Create an approach for maintaining your DRP.

    Activities

    3.1 Alter your project intake considerations.

    3.2 Integrate DR considerations into change management.

    3.3 Integrate documentation into performance measurement and performance management.

    3.4 Learn best practices for maintaining your DRP.

    Outputs

    Project Intake Form Addendum Template

    Change Management DRP Checklist Template

    Further reading

    Document and Maintain Your Disaster Recovery Plan

    Put your DRP on a diet – keep it fit, trim, and ready for action.

    ANALYST PERSPECTIVE

    The traditional disaster recovery plan (DRP) “red binder” is dead. It takes too long to create, it’s too hard to maintain, and it’s not usable in a crisis.

    “This blueprint outlines the following key tactics to streamline your documentation effort and produce a better result:

    • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.
    • Use flowcharts, checklists, and diagrams over traditional manuals. This drives documentation that is more concise, easier to maintain, and effective in a crisis.
    • Create your DRP in layers to get tangible results faster, starting with a recovery workflow that outlines your DR strategy, and then build out the specific documentation needed to support recovery.”
    (Frank Trovato, Research Director, Infrastructure, Info-Tech Research Group)

    This project is about DRP documentation after you have clarified your DR strategy; create these necessary inputs first

    These artifacts are the cornerstone for any disaster recovery plan.

    • Business Impact Analysis
    • DR Roles and Responsibilities
    • Recovery Workflow

    Missing a component? Start here. ➔ Create a Right-Sized Disaster Recovery Plan

    This blueprint walks you through building these inputs.
    Our approach saves clients on average US$16,825.22. (Clients self-reported an average saving of US$16,869.21 while completing the Create a Right-Sized Disaster Recovery Plan blueprint through advisory calls, guided implementations, or workshops (Info-Tech Research Group, 2017, N=129).)

    How this blueprint will help you document your DRP

    This Research is Designed For:

    • IT managers in charge of disaster recovery planning (DRP) and execution.
    • Organizations seeking to optimize their DRP using best-practice methodology.
    • Business continuity professionals that are involved with disaster recovery.

    This Research Will Help You:

    • Divide the process of creating DR documentation into manageable chunks, providing a defined scope for you to work in.
    • Identify an appropriate DRP document management and distribution strategy.
    • Ensure that DR documentation is up to date and accessible.

    This Research Will Also Assist:

    • IT managers preparing for a DR audit.
    • IT managers looking to incorporate components of DR into an IT operations document.

    This Research Will Help Them:

    • Follow a structured approach in building DR documentation using best practices.
    • Integrate DR into day-to-day IT operations.

    Executive summary

    Situation

    • DR documentation is often driven by audit or compliance requirements, rather than aimed at the team that would need to execute recovery.
    • Traditional DRPs are text-heavy, 300+ page manuals that are simply not usable in a crisis.
    • Compounding the problem, DR documentation is rarely updated, so it’s just shelf-ware.

    Complication

    • DRP is often given lower priority as day-to-day IT projects displace DR documentation efforts.
    • Inefficient publishing strategies result in your DRP not being accessible during disasters or key staff not knowing where to find the latest version.
    • Organizations that create traditional DRPs end up with massive manuals that are difficult to maintain, so they quickly become unreliable.

    Resolution

    • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans – don’t mix the two into an all-in-one plan that is not effective for either audience.
    • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
    • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Info-Tech Insight

    1. DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
    2. Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
    3. Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    An effective DRP that mitigates a wide range of potential outages is critical to minimizing the impact of downtime

    The criticality of having an effective DRP is underestimated.

    Cost of Downtime for the Fortune 1000
    • Cost of unplanned apps downtime per year: $1.25B to $2.5B
    • Cost of critical apps failure per hour: $500,000 to $1M
    • Cost of infrastructure failure per hour: $100,000
    • 35% reported to have recovered within 12 hours.
    • 17% of infrastructure failures took more than 24 hours to recover.
    • 13% of application failures took more than 24 hours to recover.
    Size of Impact Increasing Across Industries
    • The cost of downtime is rising across the board and not just for organizations that traditionally depend on IT (e.g. e-commerce).
    • Downtime cost increase since 2010:
      • Hospitality: 129% increase
      • Transportation: 108% increase
      • Media organizations: 104% increase
    Potential Lost Revenue
    A line graph of Potential Lost Revenue with vertical axis 'LOSS ($)' and horizontal axis 'TIME'. The line starts with low losses near the origin where 'Incident Occurs', gradually accelerates to higher losses as time passes, then decelerates before 'All Revenue Lost'. Note: 'Delay in recovery causes exponential revenue loss'.
    (Adapted from: Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan (2007 Edition).)

    The impact of downtime increases significantly over time, not just in terms of lost revenue (as illustrated here) but also goodwill/reputation and health/safety. An effective DR solution and overall resiliency that mitigate a wide range of potential outages are critical to minimizing the impact of downtime.

    Without an effective DRP, your organization is gambling on being able to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks – and substantial impact.

    Only 38% of those with a full or mostly complete DRP believe their DRPs would be effective in a real crisis

    Organizations continue to struggle with creating DRPs, let alone making them actionable.

    Why are so many living with either an incomplete or ineffective DRP? For the same reasons that IT documentation in general continues to be a pain point:

    • It is an outdated model of what documentation should be – the traditional manual with detailed (lengthy) descriptions and procedures.
    • Despite the importance of DR, low priority is placed on creating a DRP and the day-to-day SOPs required to support a recovery.
    • There is a lack of effective processes for ensuring documentation stays up to date.
    A bar graph documenting percentages of survey responses about the completeness of their DRP. 'Only 20% of survey respondents indicated they have a complete DRP'. 13% said 'No DRP'. 33% said 'Partial DRP'. 34% said 'Mostly Completed'. 20% said 'Full DRP'.
    (Source: Info-Tech Research Group, N=165)
    A bar graph documenting percentages of survey responses about the level of confidence in their DRP. 'Only 38% of those who have a mostly completed or full DRP actually feel it would be effective in a crisis'. 4% said 'Low'. 58% said 'Unsure'. 38% said 'Confident'.
    (Source: Info-Tech Research Group, N=69 (includes only those who indicated DRP is mostly completed or completed))

    Improve usability and effectiveness with visual-based and more-concise documentation

    Choose flowcharts over process guides, checklists over lengthy procedures, and diagrams over descriptions.

    If you need a three-inch binder to hold your DRP, imagine having to flip through it to determine next steps during a crisis.

    DR documentation needs to be concise, scannable, and quickly understood to be effective. Visual-based documentation meets these requirements, so it’s no surprise that it also leads to higher DR success.

    DR success scores are based on:

    • Meeting recovery time objectives (RTOs).
    • Meeting recovery point objectives (RPOs).
    • IT staff’s confidence in their ability to meet RTOs/RPOs.
    A line graph of DR documentation types and their effectiveness. The vertical axis is 'DR Success', from Low to High. The horizontal axis is Documentation Type, from 'Traditional Manual' to 'Primarily flowcharts, checklists, and diagrams'. The line trends up to higher success with visual-based and more-concise documentation.(Source: Info-Tech Research Group, N=95)

    “Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow.” (Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management)

    Maintainability is another argument for visual-based, concise documentation

    There are two end goals for your DR documentation: effectiveness and maintainability. Without either, you will not have success during a disaster.

    Organizations using a visual-based approach were 30% more likely to find that DR documentation is easy to maintain. “Easy to maintain” leads to a 46% higher rate of DR success.
    Two bar graphs documenting survey responses regarding maintenance ease of DR documentation types. The first graph compares Traditional Manual vs Visual-based. For 'Traditional Manual' 72% responded they were Difficult to maintain while 28% responded they were Easy to maintain; for 'Visual-based' 42% responded they were Difficult to maintain while 58% responded they were Easy to maintain. Visual-based DR documentation received 30% more votes for Easy to Maintain. The second graph compares success rates of 'Difficult to Maintain' vs 'Easy to Maintain' DR documentation with Difficult being 31% and Easy being 77%, a 46% difference. 'Source: Info-Tech Research Group, N=96'.

    Not only are visual-based disaster recovery plans more effective, but they are also easier to maintain.

    Overcome documentation inertia with a tiered model that allows you to eat the elephant one bite at a time

    Start with a recovery workflow to at least ensure a coordinated response. Then use that workflow to determine required supporting documentation.

    Recovery Workflow: Starting the project with overly detailed documentation can slow down the entire process. Overcome planning inertia by starting with high-level incident response plans in a flowchart format. For examples and additional information, see XMPL Medical’s Recovery Workflows.

    Recovery Procedures (Systems Recovery Playbook): For each step in the high-level flowchart, create recovery procedures where necessary using additional flowcharts, checklists, and diagrams as appropriate. Leverage Info-Tech’s Systems Recovery Playbook example as a starting point.

    Additional Reference Documentation: Reference existing IT documentation, such as network diagrams and configuration documents, as well as more detailed step-by-step procedures where necessary (e.g. vendor documentation), particularly where needed to support alternate recovery staff who may not be as well versed as the primary system owners.

    Info-Tech Insight

    Organizations that use flowcharts, checklist, and diagrams over traditional, dense DRP manuals are far more likely to meet their RTOs/RPOs because their documentation is more usable and easier to maintain.

    Use a DRP summary document to satisfy executives, auditors, and clients

    Stakeholders don’t have time to sift through a pile of paper. Summarize your overall continuity capabilities in one, easy-to-read place.

    DRP Summary Document

    • Summarize BIA results
    • Summarize DR strategy (including DR sites)
    • Summarize backup strategy
    • Summarize testing and maintenance plans

    Follow Info-Tech’s methodology to make DRP documentation efficient and effective

    Phases

    Phase 1: Streamline DRP documentation Phase 2: Select the optimal DRP publishing strategy Phase 3: Keep your DRP relevant through maintenance best practices

    Phases

    1.1

    Start with a recovery workflow

    2.1

    Decide on a publishing strategy

    3.1

    Incorporate DRP maintenance into core IT processes

    1.2

    Create supporting DRP documentation

    3.2

    Conduct an annual focused review

    1.3

    Write the DRP Summary

    Tools and Templates

    End-to-End Sample DRP DRP Publishing Evaluation Tool Project In-take/Request Form

    Change Management Checklist

    Follow XMPL Medical’s journey through DR documentation

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

    Outline of the Disaster Recovery Plan

    XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

    Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

    Resulting Disaster Recovery Plan

    XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

    Disaster Recovery Plan
    • Recovery Workflow
    • Business Impact Analysis
    • DRP Summary
    • System Recovery Checklists
    • Communication, Assessment, and Disaster Declaration Plan

    Info-Tech Best Practice

    XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

    Model your disaster recovery documentation off of our example

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Recovery Workflow:

    • Recovery Workflows (PDF, VSDX)

    Recovery Procedures (Systems Recovery Playbook):

    • DR Notification, Assessment, and Disaster Declaration Plan
    • Systems Recovery Playbook
    • Network Topology Diagrams

    Additional Reference Documentation:

    • DRP Workbook
    • Business Impact Analysis
    • DRP Summary Document

    Use Info-Tech’s DRP Maturity Scorecard to evaluate your progress

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Document and Maintain Your Disaster Recovery Plan – Project Overview

    1. Streamline DRP Documentation 2. Select the Optimal DRP Publishing Strategy 3. Keep Your DRP Relevant
    Supporting Tool icon
    Best-Practice Toolkit

    1.1 Start with a recovery workflow

    1.2 Create supporting DRP documentation

    1.3 Write the DRP summary

    2.1 Create Committee Profiles

    3.1 Build Governance Structure Map

    3.2 Create Committee Profiles

    Guided Implementations
    • Review Info-Tech’s approach to DRP documentation.
    • Create a high-level recovery workflow.
    • Create supporting DRP documentation.
    • Write the DRP summary.
    • Identify criteria for selecting a DRP publishing strategy.
    • Select a DRP publishing strategy.
    • Optional: Select requirements for a BCM tool and issue an RFP.
    • Optional: Review responses to RFP.
    • Learn best practices for integrating DRP maintenance into day-to-day IT processes.
    • Learn best practices for DRP-focused reviews.
    Associated Activity icon
    Onsite Workshop
    Module 1:
    Streamline DRP documentation
    Module 2:
    Select the optimal DRP publishing strategy
    Module 3:
    Learn best practices for keeping your DRP relevant
    Phase 1 Outcome:
    • A complete end-to-end DRP
    Phase 2 Outcome:
    • Selection of a publishing and management tool for your DRP documentation
    Phase 3 Outcome:
    • Strategy for maintaining your DRP documentation

    Workshop Overview Associated Activity icon

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Info-Tech Analysts Finalize Deliverables
    Activities
    Assess DRP Maturity and Review Current Capabilities

    0.1 Assess current DRP maturity through Info-Tech’s Maturity Scorecard.

    0.2 Identify the IT systems that support mission-critical business activities, and select 2 or 3 key applications to be the focus of the workshop.

    0.3 Identify current recovery strategies for selected applications.

    0.4 Identify current DR challenges for selected applications.

    Document Your Recovery Workflow

    1.1 Create a recovery workflow: review tabletop planning, walk through DR scenarios, identify DR gaps, and determine how to fill them.

    Create Supporting Documentation

    1.2 Create supporting DRP documentation.

    1.3 Write the DRP summary.

    Establish a DRP Publishing, Management, and Maintenance Strategy

    2.1 Decide on a publishing strategy.

    3.1 Incorporate DRP maintenance into core IT.

    3.2 Considerations for reviewing your DRP regularly.

    Deliverables
    1. Baseline DRP metric (based on DRP Maturity Scorecard)
    1. High-level DRP workflow
    2. DRP gaps and risks identified
    1. Recovery workflow and/or checklist for sample of IT systems
    2. Customized DRP Summary Template
    1. Strategy for selecting a DRP publishing tool
    2. DRP management and maintenance strategy
    3. Workshop summary presentation deck

    Workshop Goal: Learn how to document and maintain your DRP.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.


    Phase 1: Streamline DRP Documentation

    Step 1.1: Start with a recovery workflow

    PHASE 1
    PHASE 2
    PHASE 3
    1.1 1.2 1.3 2.1 3.1 3.2
    Start with a Recovery Workflow Create Supporting Documentation Write the DRP Summary Select DRP Publishing Strategy Integrate into Core IT Processes Conduct an Annual Focused Review

    This step will walk you through the following activities:

    • Review a model DRP.
    • Review your recovery workflow.
    • Identify documentation required to support the recovery workflow.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Alternate DR Personnel

    Outcomes of this step

    • Understanding the visual-based, concise approach to DR documentation.
    • Creating a recovery workflow that provides a roadmap for coordinating incident response and identifying required supporting documentation.

    Info-Tech Insights

    A DRP is a collection of procedures and supporting documents that allow an organization to recover its IT services to minimize system downtime for the business.

    1.1 — Start with a recovery workflow to ensure a coordinated response and identify required supporting documentation

    The recovery workflow clarifies your DR strategy and ensures the DR team is on the same page.

    Recovery Workflow

    The recovery workflow maps out the incident response plan from event detection, assessment, and declaration to systems recovery and validation.

    This documentation includes:

    • Clarifying initial incident response steps.
    • Clarifying the order of systems recovery and which recovery actions can occur concurrently.
    • Estimating actual recovery timeline through each stage of recovery.
    Recovery Procedures (Playbook)
    Additional Reference Documentation

    “We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management.” (Assistant Director-IT Operations, Healthcare Industry)

    Review business impact analysis (BIA) results to plan your recovery workflow

    The BIA defines system criticality from the business’s perspective. Use it to guide system recovery order.

    Specifically, review the following from your BIA:

    • The list of tier 1, 2, and 3 applications. This will dictate the recovery order in your recovery workflow.
    • Application dependencies. This will outline what needs to be included as part of an application recovery workflow.
    • The recovery time objective (RTO) and recovery point objective (RPO) for each application. This will also guide the recovery, and enable you to identify gaps where the recovery workflow does not meet RTOs and RPOs.

    CASE STUDY: The XMPL DRP documentation is based on this Business Impact Analysis Tool.

    Haven’t conducted a BIA? Use Info-Tech’s streamlined approach.

    Info-Tech’s publication Create a Right-Sized Disaster Recovery Plan takes a very practical approach to BIA work. Our process gives IT leaders a mechanism to quickly get agreement on system recovery order and DR investment priorities.

    Conduct a tabletop planning exercise to determine your recovery workflow

    Associated Activity icon 1.1.1 Tabletop Planning Exercise

    1. Define a scenario to drive the tabletop planning exercise:
      • Use a scenario that forces a full failover to your DR environment, so you can capture an end-to-end recovery workflow.
      • Avoid scenarios that impact health and safety such as tornados or a fire. You want to focus on IT recovery.
      • Example scenarios: Burst water pipe that causes data-center-wide damage or a gas leak that forces evacuation and power to be shut down for at least two days.

    Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

    Info-Tech Insight

    Use scenarios to provide context for DR planning, and to test your plans, but don’t create a separate plan for every possibility.

    The high-level recovery plan will be the same whether the incident is a fire, flood, or tornado. While there might be some variances and outliers, these scenarios can be addressed by adding decision points and/or separate, supplementary instructions.

    Walk through the scenario and capture the recovery workflow

    Associated Activity icon 1.1.2 Tabletop Planning Exercise
    1. Capture the following information for tier 1, tier 2, and tier 3 systems:
      1. On white cue cards, record the steps and track start and end times for each step (where 00:00 is when the incident occurred).
      2. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
      3. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

    Note:

    • Ensure the language is sufficiently genericized (e.g. refer to events, not specifically a burst water pipe).
    • Review isolated failures (e.g. hardware, software). Typically, the recovery procedure documented for individual systems covers the essence of the recovery workflow whether it’s just the one system that failed or it’s part of a site-wide recovery.

    Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

    Document your current-state recovery workflow based on the results of the tabletop planning

    Supporting Tool icon 1.1.2 Incident Response Plan Flowcharts, Tabs 2 and 3

    After you finish the tabletop planning exercise, the steps on the set of cue cards define your recovery workflow. Capture this in a flowchart format.

    Use the sample DRP to guide your own flowchart. Some notes on the example are:

    • XMPL’s Incident Management to DR flowchart shows the connection between its standard Service Desk processes and DR processes.
    • XMPL’s high-level workflows outline its recovery of tier 1, 2, and 3 systems.
    • Where more detail is required, include links to supporting documentation. In this example, XMPL Medical includes links to its Systems Recovery Playbook.
    Preview of an Info-Tech Template depicting a sample flowchart.

    This sample flowchart is included in XMPL Recovery Workflows.

    Step 1.2: Create Supporting DRP Documentation

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Create checklists for your playbook.
    • Document more complex procedures with flowcharts.
    • Gather and/or write network topology diagrams.
    • Compile a contact list.
    • Ensure there is enough material for backup personnel.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Backup DR Personnel

    Outcomes of this step

    • Actionable supporting documentation for your disaster recovery plan.
    • Contact list for IT personnel, business personnel, and vendor support.

    1.2 — Create supporting documentation for your disaster recovery plan

    Now that you have a high-level incident response plan, collect the information you need for executing that plan.

    Recovery Workflow

    Write your recovery procedures playbook to be effective and usable. Your playbook documentation should include:

    • Supplementary flowcharts
    • Checklists
    • Topology diagrams
    • Contact lists
    • DRP summary

    Reference vendors’ technical information in your flowcharts and checklists where appropriate.

    Recovery Procedures (Playbook)

    Additional Reference Documentation

    Info-Tech Insight

    Write for your audience. The playbook is for IT; include only the information they need to execute the plan. DRP summaries are for executives and auditors; do not include information intended for IT. Similarly, your disaster recovery plan is not for business units; keep BCP content out of your DRP.

    Use checklists to streamline step-by-step procedures

    Supporting Tool icon 1.2.1 XMPL Medical’s System Recovery Checklists

    Checklists are ideal when staff just need a reminder of what to do, not how to do it.

    XMPL Medical used its high-level flowcharts as a roadmap for creating its Systems Recovery Playbook.

    • Since its Playbook is intended for experienced IT staff, the writing style in the checklists is concise. XMPL includes links to reference material to support recovery, especially for alternate staff who might need additional instruction.
    • XMPL includes key parameters (e.g. IP addresses) rather than assume those details would be memorized, especially in a stressful DR scenario.
    • Similarly, include links to other useful resources such as VM templates.
    Preview of the Info-Tech Template 'Systems Recovery Playbook'.

    Included in the XMPL Systems Recovery Playbook are checklists for recovering XMPL’s virtual desktop infrastructure, mission-critical applications, and core infrastructure components.

    Use flowcharts to document processes with concurrent tasks not easily captured in a checklist

    Supporting Tool icon 1.2.2 XMPL Medical’s Phone Services Recovery Flowchart

    Recovery procedures can consist of flowcharts, checklists, or both, as well as diagrams. The main goal is to be clear and concise.

    • XMPL Medical created a flowchart to capture its phone services recovery procedure to capture concurrent tasks.
    • Additional instructions, where required, could still be captured in a Playbook checklist or other supporting documentation.
    • The flowchart could have also included key settings or other details as appropriate, particularly if the DR team chose to maintain this recovery procedure just in a flowchart format.
    Preview of the Info-Tech Template 'Recovery Workflows'.

    Included in the XMPL DR documentation is an example flowchart for recovering phone systems. This flowchart is in Recovery Workflows.

    Reference this blueprint for more SOP flowchart examples: Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Use topology diagrams to capture network layout, integrations, and system information

    Supporting Tool icon 1.2.4 XMPL Medical’s Data Center and Network Diagrams

    Topology diagrams, key checklists, and configuration settings are often enough for experienced networking staff to carry out their DR tasks.

    • XMPL Medical includes these diagrams with its DRP. Instead of recreating these diagrams, the XMPL Medical DR Manager asked their network team for these diagrams:
      • Primary data center diagram
      • DR site diagram
      • High-level network diagrams
    • Often, organizations already have network topology diagrams for reference purposes.

    “Our network engineers came to me and said our standard SOP template didn't work for them. They're now using a lot of diagrams and flowcharts, and that has worked out better for them.” (Assistant Director-IT Operations, Healthcare Industry)

    Preview of the Info-Tech Template 'Systems Recovery Playbook'.

    You can download a PDF and a VSD version of these Data Center and Network Diagrams from Info-Tech’s website.

    Create a list of organizational, IT, and vendor contacts that may be required to assist with recovery

    If there is something strange happening to your IT infrastructure, who you gonna call?

    Many DR managers have their team on speed dial. However, having the contact info of alternate staff, BCP leads, and vendors can be very helpful during a disaster. XMPL Medical lists the following information in its DRP Workbook:

    • The DR Teams, SMEs critical to disaster recovery, their backups, and key contacts (e.g. BC Management team leads, vendor contacts) that would be involved in:
      • Declaring a disaster.
      • Coordinating a response at an organizational level.
      • Executing recovery.
    • The people that have authority to declare a disaster.
    • Each person’s spending authority.
    • The rules for delegating authority.
    • Primary and alternate staff for each role.
    Example list of alternate staff, BCP leads, and vendors.

    Confirm with your DR team that you have all of the documentation that you need to recover during a disaster

    Associated Activity icon 1.2.7 Group Discussion

    DISCUSS: Is there enough information in your DRP for both primary and backup DR personnel?

    • Is it clear who is responsible for each DR task, including notification steps?
    • Have alternate staff for each role been identified?
    • Does the recovery workflow capture all of the high-level steps?
    • Is there enough documentation for alternate staff (e.g. network specs)?

    Step 1.3: Write the DRP Summary

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Write a DRP summary document.

    This step involves the following participants:

    • DRP Owner

    Outcomes of this step

    • High-level outline of your DRP capabilities for stakeholders such as executives, auditors, and clients.

    Summarize your DR capabilities using a DRP summary document

    Supporting Tool icon 1.3.1 DRP Summary Document

    The sample included on Info-Tech’s website is customized for the XMPL Medical Case Study – use the download as a starting point for your own summary document.

    DRP Summary Document

    XMPL’s DRP Summary is organized into the following categories:

    • DR requirements: This includes a summary of scope, business impact analysis (BIA), risk assessment, and high-level RTOs and achievable RTOs.
    • DR strategy: This includes a summary of XMPL’s recovery procedures, DR site, and backup strategy.
    • Testing and maintenance: This includes a summary of XMPL’s DRP testing and maintenance strategy.

    Be transparent about existing business risks in your DRP summary

    The DRP summary document is business facing. Include information of which business leaders (and other stakeholders) need to be aware.

    • Discrepancies between desired and achievable RTOs? Organizational leadership needs to know this information. Only then can they assign the resources and budget that IT needs to achieve the desired DR capabilities.
    • What is the DRP’s scope? XMPL Medical lists the IT components that will be recovered during a disaster, and components which will not. For instance, XMPL’s DRP does not recover medical equipment, and XMPL has separate plans for business continuity and emergency response coordination.
    Application tier Desired RTO (hh:mm) Desired RPO (hh:mm) Achievable RTO (hh:mm) Achievable RPO (hh:mm)
    Tier 1 4:00 1:00 *90:00 1:00
    Tier 2 8:00 1:00 *40:00 1:00
    Tier 3 48:00 24:00 *96:00 24:00

    The above table to is a snippet from the XMPL DR Summary Document (section 2.1.3.2).

    In the example, the DR team is unable to recover tier 1, 2, and 3 systems within the desired RTO. As such, they clearly communicate this information in the DRP summary, and include action items to address these gaps.

    Phase 2: Select the Optimal DRP Publishing Strategy

    Step 2.1: Select a DRP Publishing Strategy

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Select criteria for assessing DRP tools.
    • Evaluate categories for DRP tools.
    • Optional: Write an RFP for a BCM tool.

    This step involves the following participants:

    • DRP Owner

    Outcomes of this step

    • Identified strategies for publishing your DRP (i.e. making it available to your DR team).

    Info-Tech Insights

    Diversify your publishing strategy to ensure you can access your DRP in a disaster. For example, if you are using a BCM tool or SharePoint Online as your primary documentation repository, also push the DRP to your DR team’s smartphones as a backup in case the disaster affects internet access.

    2.1 — Select a DR publishing and document management strategy that fits your organization

    Publishing and document management considerations:

    Portability/External Access: Assume your primary site is down and inaccessible. Can you still access your documentation? As shown in this chart, traditional strategies of either keeping a copy at another location (e.g. at the failover site) or with staff (e.g. on a USB drive) still dominate, but these aren’t necessarily the best options.
    A bar chart titled 'Portability Strategy Popularity'. 'External Website (wiki site, cloud-based DRP tool, etc.)' scored 16%. 'Failover Site (network drive or redundant SharePoint, etc.)' scored 53%. 'Distribute to Staff (use USB drive, personal email, etc.)' scored 50%. 'Not Accessible Offsite' scored 7%.
    Note: Percentages total more than 100% due to respondents using more than one portability strategy.
    (Source: Info-Tech Research Group, N=118)
    Maintainability/Usability: How easy is it to create, update, and use the documentation? Is it easy to link to other documents as shown in the flowchart and checklist examples? Is there version control? Lack of version control can create a maintenance nightmare as well as issues in a crisis if staff are questioning whether they have the right version.
    Cost/Effort: Is the cost and effort appropriate? For example, a large enterprise may need a formal solution (e.g. DRP tools or SharePoint), but the cost might be hard to justify for a smaller company.

    Pros and cons of potential strategies

    This section will review the following strategies, their pros and cons, and how they meet publishing and document management requirements:

    • DRP tools (e.g. eBRP, Recovery Planner, LDRPS)
    • In-house solutions combining SharePoint and MS Office (or equivalent)
    • Wiki site
    • “Manual” approaches such as storing documents on a USB drive

    Avoid 42 hours of downtime due to a non-diversified publishing strategy

    CASE STUDY

    Industry Municipality
    Source Interview

    Situation

    • A municipal government has recently completed an end-to-end disaster recovery plan.
    • The team is feeling good about the fact that they were able to identify:
      • Relative criticality of applications.
      • Dependencies for each application.
      • Incident response plans for the current state and desired state.
      • System recovery procedures.

    Challenge

    • While the DR plan itself was comprehensive, the team only published the DR onto the government’s network drives.
    • A power generation issue caused power to be shut down, which in turn cascaded into downtime for the network.
    • Once the network was down, their DRP was inaccessible.

    Insights

    • Each piece of documentation that was created could have contributed to recovery efforts. However, because they were inaccessible, there was a delayed response to the incident. The result was 42 hours of downtime for end users.
    • Having redundant publishing strategies is just like having redundant IT infrastructure. In the event of downtime, not only do you need to have DR documentation, but you also need to make sure that it is accessible.

    Decide on a DR publishing strategy by looking at portability, maintainability, cost, and required effort

    Supporting Tool icon 2.1.1 DRP Publishing and Management Evaluation Tool

    Use the information included in Step 2.1 to guide your analysis of DRP publishing solutions.

    The tool enables you to compare two possible solutions based on these key considerations discussed in this section:

    • Portability/external access
    • Maintainability/usability
    • Cost
    • Effort

    The right choice will depend on factors such as current in-house tools, maturity around document management, the size of your IT department, and so on.

    For example, a small shop may do very well with the USB drive strategy, whereas a multi-national company will need a more formal strategy to manage consistent DRP distribution.

    Preview of Info-Tech's 'DRP Publishing and Management Solution Evaluation Tool'.

    The DRP Publishing and Management Solution Evaluation Tool helps you to evaluate the tools included in this section.

    Don’t think of a business continuity management (BCM) tool as a silver bullet; know what you’re getting out of it

    Portability/External Access:
    • Pros: Typically a SaaS option provides built-in external access with appropriate security and user administration to vary access rights.
    • Cons: Degree of external access is often dependent on the vendor.
    Maintainability/Usability:
    • Pros: Built-in templates encourage consistency and guide initial content development by indicating what details need to be captured.
    • Pros: Built-in document management (e.g. version control, metadata support), centralized access/navigation to required documents, and some automation (e.g. update contacts throughout the system).
    • Cons: Not a silver bullet. You still have to do the work to define and capture your processes.
    • Cons: Requires end-user and administrator training.
    Cost/Effort:
    • Pros: For large enterprises, the convenience of built-in document management and templates can outweigh the cost.
    • Cons: Expect leading DRP tools to cost $20K or more per year.

    About this approach:
    BCM tools are solutions that provide templates, tools, and document management to create BC and DR documentation.

    Info-Tech Insight

    The business case for a BCM tool is built by answering the following questions:

    • Will the BCM tool solve an unmet need?
    • Will the tool be more effective and efficient than an in-house solution?
    • Will the solution provide enhanced capabilities that an in-house solution cannot provide?

    If you cannot get a satisfactory answer to each of these questions, then opt for an in-house solution.

    “We explored a DRP tool, and it was something we might have used, but it was tens of thousands of pounds per year, so it didn’t stack up financially for us at all.” (Rik Toms, Head of Strategy – IP and IT, Cable and Wireless Communications)

    For in-house solutions, leverage tools such as SharePoint to provide document management capabilities

    Portability/External Access:
    • Pros: SharePoint is commonly web-enabled and supports external access with appropriate security and user administration.
    • Cons: Must be installed at redundant sites or be cloud-based to be effective in a crisis that takes down your primary data center.
    Maintainability/Usability:
    • Pros: Built-in document management (e.g. version control, metadata support) as well as centralized access/navigation to required documents.
    • Pros: No tool learning curve – SharePoint and MS Office would be existing solutions already used on a daily basis.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Using existing tools, so this is a sunk cost in terms of capex.
    • Cons: Additional effort required to create templates and manage the documentation library.

    About this approach:
    DRPs and SOPs most often start as MS Office documents, even if there is a DRP tool available. For organizations that elect to bypass a formal DRP tool, and most do, the biggest gap they have to overcome is document management.

    Many organizations are turning to SharePoint to meet this need. For those that already have SharePoint in place, it makes sense to further leverage SharePoint for DR documentation and day-to-day SOPs.

    For SharePoint to be a practical solution, the documentation must still be accessible if the primary data center is down, e.g. by having redundant SharePoint instances at multiple in-house locations, or using a cloud-based SharePoint solution.

    “Just about everything that a DR planning tool does, you can do yourself using homegrown solutions or tools that you're already familiar with such as Word, Excel, and SharePoint.” (Allen Zuk, President and CEO, Sierra Management Consulting)

    A healthcare company uses SharePoint as its DRP and SOP documentation management solution

    CASE STUDY Healthcare

    • This organization is responsible for 50 medical facilities across three states.
    • It explored DRP tools, but didn’t find the right fit, so it has developed an in-house solution based in SharePoint. While DRP tools have improved, the organization no longer needs that type of solution. Its in-house solution is meeting its needs.
    • It has SharePoint instances at multiple locations to ensure availability if one site is down.

    Documentation Strategy

    • Created an IT operations library in SharePoint for DR and SOPs, from basic support to bare-metal restore procedures.
    • SOPs are linked from SharePoint to the virtual help desk for greater accessibility.
    • Where practical, diagrams and flowcharts are used, e.g. DR process flowcharts and network services SOPs dominated by diagrams and flowcharts.

    Management Strategy

    • Directors and the CIO have made finishing off SOPs their performance improvement objective for the year. The result is staff have made time to get this work done.
    • Status updates are posted monthly, and documentation is a regular agenda item in leadership meetings.
    • Regular tabletop testing validates documentation and ensures familiarity with procedures, including where to find required information.

    Results

    • Dependency on a few key individuals has been reduced. All relevant staff know what they need to do and where to access required documentation.
    • SOPs are enabling DR training as well as day-to-day operations training for new staff.
    • The organization has a high confidence in its ability to recovery from a disaster within established timelines.

    Explore using a wiki site as an inexpensive alternative to SharePoint and other content management solutions

    Portability/External Access:
    • Pros: Wiki sites can support external access as with any web solution.
    • Cons: Must be installed at redundant sites, hosted, or cloud-based to be effective in a crisis that takes down your primary data center.
    Maintainability/Usability:
    • Pros: Built-in document management (version control, metadata support, etc.) as well as centralized access/navigation to required information.
    • Pros: Authorized users can make updates dynamically, depending on how much restriction you have on the site.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: An inexpensive option compared to traditional content management solutions such as SharePoint.
    • Cons: Learning curve if wikis are new to your organization.

    About this approach:
    Wiki sites are websites where users collaborate to create and edit the content. Wikipedia is an example.

    While wiki sites are typically used for collaboration and dynamic content development, the traditional collaborative authoring model can be restricted to provide structure and an approval process.

    Several tools are available to create and manage wiki sites (and other collaboration solutions), as outlined in the following research:

    Info-Tech Insight

    If your organization is not already using wiki sites, this technology can introduce a culture shock. Start slow by using a wiki site within a specific department or for a particular project. Then evaluate how well your staff adapt to this technology as well as its potential effectiveness in your organization. Refer to our collaboration strategy research for additional guidance.

    For small IT shops, distributing documentation to key staff (e.g. via a USB drive) can still be effective

    Portability/External Access:
    • Pros: Appropriate staff have the documentation with them; there is no need to log into a remote site or access a tool to get at the information.
    • Cons: Relies on staff to be diligent about ensuring they have the latest documentation and keep it with them (not leave it in their desk drawer).
    Maintainability/Usability:
    • Pros: With this strategy, MS Office (or equivalent) is used to create and maintain the documentation, so there is no learning curve.
    • Pros: Simple, straightforward methodology – keep the master on a network drive, and download a copy to your USB drive.
    • Cons: No built-in automation (e.g. automated updates to contact information) or document management (e.g. version control).
    • Cons: Consistency depends on creating templates and implementing rigid processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Little to no cost and no tool management required.
    • Cons: “Manual” document management requires strict attention to process for version control, updates, approvals, and distribution.

    About this approach:
    With this strategy, your ERT and key IT staff keep a copy of your DRP and relevant documentation with them (e.g. on a USB drive). If the primary site experiences a major event, they have ready access to the documentation.

    Fifty percent of respondents in our recent survey use this strategy. A common scenario is to use a shared network drive or a solution such as SharePoint as the master centralized repository, but distribute a copy to key staff.

    Info-Tech Insight

    This approach can have similar disadvantages as using hard copies. Ensuring the USB drives are up to date, and that all staff who might need access have a copy, can become a burdensome process. More often, USB drives are updated periodically, so there is the risk that the information will be out of date or incomplete.

    Avoid extensive use of paper copies of DR documentation

    DR documents need to be easy to update, accessible from anywhere, and searchable. Paper doesn’t meet these needs.

    Portability/External Access:
    • Pros: Does not rely on technology or power.
    • Cons: Requires all staff who might be involved in a DR to have a copy, and to have it with them at all times, to truly have access at any time from anywhere.
    Maintainability/Usability:
    • Pros: In terms of usability, again there is no dependence on technology.
    • Cons: Updates need to be printed and distributed to all relevant staff every time there is a change to ensure staff have access to the latest, most accurate documentation if a disaster occurred. You can’t schedule disasters, so information needs to be current all the time.
    • Cons: Navigation to other information is manual – flipping through pages, etc. No searching or hyperlinks.
    Cost/Effort:
    • Pros: No technology system to maintain, aside from what you use for printing.
    • Cons: Printing expenses are actually among the highest incurred by organizations, and this adds to it.
    • Cons: Labor intensive due to need to print and physically distribute documentation updates.

    About this approach:
    Traditionally DRPs are printed and distributed to managers and/or kept in a central location at both the primary site and a secondary site. In addition, wallet cards are distributed that contain key information such as contact numbers.

    A wallet card or even a few printed copies of your high-level DRP for general reference can be helpful, but paper is not a practical solution for your overall DR documentation library, particularly when you include SOPs for recovery procedures.

    One argument in favor of paper is there is no dependency on power during a crisis. However, in a power outage, staff can use smartphones and potentially laptops (with battery power) to access electronically stored documentation to get through first response steps. In addition, your DR site should have backup power to be an appropriate recovery site.

    Optional: Partial list of BCM tool vendors

    A partial list of BCM tool vendors, including: Business Protector, catalyst, clearview, ContinuityLogic. Fusion, Logic Manager, Quantivate, RecoveryPlanner.com, MetricStream, SimpleRisk, riskonnect, Strategic BCP - ResilienceONE, RSA, and Sungard Availability Services.

    The list is only a partial list of BCM tool vendors. The order in which vendors are presented, and inclusion in this list, does not represent an endorsement.

    Optional: Use our list of requirements as a foundation for selecting and reviewing BCM tools

    Supporting Tool icon 2.1.2 BCM Tool – RFP Selection Criteria

    If a BCM tool is the best option for your environment, expedite the evaluation process with our BCM Tool – RFP Selection Criteria.

    Through advisory services, workshops, and consulting engagements, we have created this BCM Tool Requirements List. The featured requirements includes the following categories:

    1. Integrations
    2. Planning and Monitoring
    3. Administration
    4. Architecture
    5. Security
    6. Support and Training
    Preview of the Info-Tech template 'BCM Tool – RFP Selection Criteria'.

    This BCM Tool – RFP Selection Criteria can be appended to an RFP. You can leverage Info-Tech’s RFP Template if your organization does not have one.

    Info-Tech can write full RFPs

    As part of a consulting engagement, Info-Tech can write RFPs for BCM tools and provide a customized scoring tool based on your environment’s unique requirements.

    Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices

    Step 3.1: Integrate DRP maintenance into core IT processes

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Integrate DRP maintenance with Project Management.
    • Integrate DRP considerations into Change Management.
    • Integrate with Performance Management.

    This step involves the following participants:

    • DRP Owner
    • Head of Project Management Office
    • Head of Change Advisory Board
    • CIO

    Outcomes of this step

    • Updated project intake form.
    • Updated change management practice.
    • Updated performance appraisals.

    3.1 — Incorporate DRP maintenance into core IT processes

    Focusing on these three processes will help ensure that your plan stays current, accurate, and usable.

    The Info-Tech / COBIT5 'IT Management and Governance Framework' with three processes highlighted: 'MEA01 Performance Measurement', 'BAI06 Change Management', and 'BAI01 Project Management'.

    Info-Tech Best Practice

    Prioritize quick wins that will have large benefits. The advice presented in this section offers easy ways to help keep your DRP up to date. These simple solutions can save a lot of time and effort for your DRP team as opposed to more intricate changes to the processes above.

    Assess how new projects impact service criticality and DR requirements upfront during project intake

    Icon for process 'BAI01 Project Management'.
    Supporting Tool icon 3.1.1 Sample Project Intake Form Addendum

    Understand the RTO/RPO requirements and IT impacts for new or enhanced services to ensure appropriate provisioning and overall DRP updates.

    • Have submitters include service continuity requirements. This information can be inserted into your business impact analysis. Use similar language that you use in your own BIA.
      • The submitter should know how critical the resulting project will be. Any items that the submitter doesn’t know, the Project Steering Committee should investigate.
    • Have IT assess the impact on the DRP. The submitter will not know how the DRP will be impacted directly. Ask the project committee to consider how DRP documentation and the DR environment will need to be changed due to the project under consideration.

    Note: The goal is not to make DR a roadblock, but rather to ensure project requirements will be met – including availability and DR requirements.

    Preview of the Info-Tech template 'Project Intake Form'.

    This Project Intake Form asks the submitter to fill out the availability and criticality requirements for the project.

    Leverage your change management process to identify required DRP updates as they occur

    Icon for process 'BAI06 Change Management'.

    Avoid the year-end rush to update your DRP. Keeping it up to date as changes occur saves time in the long run and ensures your plan is accurate when you need it.

    • As part of your change management process, identify potential updates to:
      • System documentation (e.g. configuration settings).
      • Recovery procedures (e.g. if a system has been virtualized, that changes the recovery procedure).
      • Your DR environment (e.g. system configuration updates for standby systems).
    • Keep track of how often a system has changed. Relevant DRP documentation might be due for a deeper review:
      • After a system has been changed ten times (even from routine changes), notify your DRP Manager to flag the relevant DRP documentation for review.
      • As part of formal DRP reviews, pay closer attention to DRP documentation for the flagged systems.
    Preview of the Info-Tech template 'Disaster Recovery Change Management'.

    This template asks the submitter to fill out the availability and criticality requirements for the project.

    For change management best practices beyond DRP considerations, please see Optimize Change Management.

    Integrate documentation into performance measurement and performance management

    Icon for process 'MEA01 Performance Measurement'.

    Documentation is a necessary evil – few like to create it and more immediate tasks take priority. If it isn’t scheduled and prioritized, it won’t happen.

    Why documentation is such a challenge

    How management can address these challenges

    We all know that IT staff typically do not like to write documentation. That’s not why they were hired, and good documentation is not what gets them promoted. Include documentation deliverables in your IT staff’s performance appraisal to stress the importance of ensuring documentation is up to date, especially where it might impact DR success.
    Similarly, documentation is secondary to more urgent tasks. Time to write documentation is often not allocated by project managers. Schedule time for developing documentation, just like any other project, or it won’t happen.
    Writing manuals is typically a time-intensive task. Focus on what is necessary for another experienced IT professional to execute the recovery. As discussed earlier, often a diagram or checklist is good enough and actually far more usable in a crisis.

    “Our directors and our CIO have tied SOP work to performance evaluations, and SOP status is reviewed during management meetings. People have now found time to get this work done.” (Assistant Director – IT Operations, Healthcare Industry)

    Step 3.2: Conduct an Annual Focused Review

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    1. Identify components of your DRP to refresh.
    2. Identify organizational changes requiring further focus.
    3. Test your DRP and identify problems.
    4. Correct problems identified with DRP.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Backup DR Personnel

    Outcomes of this step

    • An actionable, up-to-date DRP.

    Info-Tech Insight

    Testing is a waste of time and resources if you do not fix what’s broken. Tabletop testing is effective at uncovering gaps in your DR processes, but if you don’t address those gaps, then your DRP will still be unusable in a disaster.

    Set up a safety net to capture changes that slipped through the cracks with a focused review process

    Evaluate documentation supporting high-priority systems, as well as documentation supporting IT systems that have been significantly changed.

    • Ideally you’re maintaining documentation as you go along. But you need to have an annual review to catch items that may have slipped through.
    • Don’t review everything. Instead, review:
      • IT systems that have had 10+ changes: small changes and updates can add up over time. Ensure:
        • The plans for these systems are updated for changes (e.g. configuration changes).
        • SMEs and backup personnel are familiar with the changes.
      • Tier 1 / Gold Systems: Ensure that you can still recover tier 1 systems with your existing DRP documentation.
    • Track documentation issues that you discovered with your ticketing system or service desk tool to ensure necessary documentation changes are made.
    1. Annual Focused Review
    2. Tier 1 Systems
    3. Significantly Changed Systems
    4. Organizational Changes

    Identify larger changes, both organizational and within IT, that necessitate DRP updates

    During your focused review, consider how organizational changes have impacted your DRP.

    The COBIT 5 Enablers provide a foundation for this analysis. Consider:

    • Changes in regulatory requirements: Are there new requirements for IT that are not reflected in your DRP? Is the organization required to comply with any additional regulations?
    • Changes to organizational structures, business processes, and how employees work: Can employees still be productive once tier 1 services are restored or have RTOs changed? Has organizational turnover impacted your DRP?
    • SMEs leaving or changing roles: Can IT still execute your DRP? Are there still people for all the key roles?
    • Changes to IT infrastructure and applications: Can the business still access the information they need during a disaster? Is your BIA still accurate? Do new services need to be considered tier 1?

    Info-Tech Best Practice

    COBIT 5 Enablers
    What changes need to be reflected in your DRP?

    A cycle visualization titled 'Disaster Recovery Plan'. Starting at 'Changes in Regulatory Requirements', it proceeds clockwise to 'Organizational Structure', 'Changes in Business Processes', and 'How Employees Work', before it returns to DRP. Then 'Changes to Applications', 'Changes to Infrastructure', 'SMEs Leaving or Changing Roles', and then back to the DRP.

    Create a plan during your annual focused review to test your DRP throughout the year

    Regardless of your documentation approach, training and familiarity with relevant procedures is critical.

    • Start with tabletop exercises and progress to technology-based testing (simulation, parallel, and full-scale testing).
    • Ask staff to reference documentation while testing, even if they do not need to. This practice helps to confirm documentation accuracy and accessibility.
    • Incorporate cross-training in DR testing. This gives important experience to backup personnel and will further validate that documents are complete and accurate.
    • Track any discovered documentation issues with your ticketing system or project tracking tools to ensure necessary documentation changes are made.

    Example Test Schedule:

    1. Q1: Tabletop testing shadowed by backup personnel
    2. Q2: Tabletop testing led by backup personnel
    3. Q3: Technology-based testing
    4. Annual Focused Review: Review Results

    Reference this blueprint for guidance on DRP testing plans: Reduce Costly Downtime Through DR Testing

    Appendix A: XMPL Case Study

    Follow XMPL Medical’s journey through DR documentation

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

    Outline of the Disaster Recovery Plan

    XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

    Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

    Resulting Disaster Recovery Plan

    XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

    Disaster Recovery Plan
    • Recovery Workflow
    • Business Impact Analysis
    • DRP Summary
    • System Recovery Checklists
    • Communication, Assessment, and Disaster Declaration Plan

    Info-Tech Best Practice

    XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

    Model your disaster recovery documentation off of our example

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Recovery Workflow:

    • Recovery Workflows (PDF, VSDX)

    Recovery Procedures (Systems Recovery Playbook):

    • DR Notification, Assessment, and Disaster Declaration Plan
    • Systems Recovery Playbook
    • Network Topology Diagrams

    Additional Reference Documentation:

    • DRP Workbook
    • Business Impact Analysis
    • DRP Summary Document

    Use our structure to create your practical disaster recovery plan.

    Appendix B: Summary, Next Steps, and Bibliography

    Insight breakdown

    Use visual-based documentation instead of a traditional DRP manual.

    • Flowcharts, checklists, and diagrams are more concise, easier to maintain, and more effective in a crisis.
    • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.

    Create your DRP in layers to keep the work manageable.

    • Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    Prioritize quick wins to make DRP maintenance easier and more likely to happen.

    • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Summary of accomplishment

    Knowledge Gained

    • How to create visual-based DRP documentation
    • How to integrate DRP maintenance into core IT processes

    Processes Optimized

    • DRP documentation creation
    • DRP publishing tool selection
    • DRP documentation maintenance

    Deliverables Completed

    • DRP documentation
    • Strategy for publishing your DRP
    • Modified project-intake form
    • Change management checklist for DR considerations

    Project step summary

    Client Project: Document and Maintain Your Disaster Recovery Plan

    • Create a recovery workflow.
    • Create supporting DRP documentation.
    • Write a summary for your DRP.
    • Decide on a publishing strategy.
    • Incorporate DRP maintenance into core IT processes.
    • Conduct an annual focused review.

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    Related Info-Tech research

    Create a Right-Sized Disaster Recovery Plan
    Close the gap between your DR capabilities and service continuity requirements.

    Reduce Costly Downtime Through DR Testing
    Improve the accuracy of your DRP and your team’s ability to efficiently execute recovery procedures through regular DR testing.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
    Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.

    Prepare for a DRP Audit
    Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.

    Bibliography

    A Structured Approach to Enterprise Risk Management (ERM) and the Requirements of ISO 31000. The Association of Insurance and Risk Managers, Alarm: The Public Risk Management Association, and The Institute of Risk Management, 2010.

    “APO012: Manage Risk.” COBIT 5: Enabling Processes. ISACA, 2012.

    Bird, Lyndon, Ian Charters, Mel Gosling, Tim Janes, James McAlister, and Charlie Maclean-Bristol. Good Practice Guidelines: A Guide to Global Good Practice in Business Continuity. Global ed. Business Continuity Institute, 2013.

    COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. ISACA, 2012.

    “EDM03: Ensure Risk Optimisation.” COBIT 5: Enabling Processes. ISACA, 2012.

    Risk Management. ISO 31000:2009.

    Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan. Rothstein Associates: 1 Oct. 2007.

    Societal Security – Business continuity management systems – Guidance. ISO 22313:2012.

    Societal Security – Business continuity management systems – Requirements. ISO 22301:2012.

    Understanding and Articulating Risk Appetite. KPMG, 2008.

    Implement a Transformative IVR Experience That Empowers Your Customers

    • Buy Link or Shortcode: {j2store}68|cart{/j2store}
    • member rating overall impact: 8.5/10 Overall Impact
    • member rating average dollars saved: $6,499 Average $ Saved
    • member rating average days saved: 15 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Today’s customers expect a top-tier experience when interacting with businesses.
    • The advancements in IVR technology mean that IT departments are managing added complexity in drafting a strategy for a top-tier IVR approach.
    • Implementing best practices and the right enabling technology stack is critical to supporting world-class customer experience through IVR.

    Our Advice

    Critical Insight

    • Don’t assume that contact centers and IVR systems are relics of the past. Customers still look to phone calls as being the most effective way to get a fast answer.
    • Tailor your IVR system for your customers. There is no “one-size-fits-all” approach – understand your key customer demographics and support their experience by implementing the most effective strategies for them.
    • Don’t buy best of breed, buy best for you. Base your enabling technology selection on your requirements and use cases, not on the latest industry trends and developments.

    Impact and Result

    • Before selecting and deploying technology solutions, create a database of common customer pain points and FAQs to act as an outline for the call flow tree.
    • Understand and apply operational best practices, such as ensuring proper call menu organization and using self-service applications, to improve IVR metrics and, ultimately, the customer experience.
    • Understand emerging technologies and evolving trends in the IVR space, including natural language processing and integrating your IVR with other essential enterprise applications (e.g. customer relationship management platforms).

    Implement a Transformative IVR Experience That Empowers Your Customers Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Transformative IVR Experience Deck – A deck outlining the best strategies and enabling technologies to implement in your IVR approach to improve your customer experience.

    This storyboard offers insight into impactful strategies and beneficial enabling technologies to implement in your IVR approach to improve your customers’ experience and to reduce the load on your support staff. This deck outlines IT’s role in the IVR development process, offering insight into how to develop an effective IVR call flow and providing details on relevant enabling technologies to consider implementing to further improve your offering.

    • Implement a Transformative IVR Experience That Empowers Your Customers – Phases 1-4

    2. IVR Call Flow Template – A template designed to help you build an effective call flow tree by providing further insight into how to better understand your customers.

    This template demonstrates an ideal IVR approach, outlining a sample call flow for a telecommunications company designed to meet the needs of a curated customer persona. Use this template to gain a better understanding of your own key customers and to construct your own call flow tree.

    • Create an IVR Call Flow That Empowers Your Customers
    [infographic]

    Further reading

    Implement a Transformative IVR Experience That Empowers Your Customers

    Learn the strategies that will allow you to develop an effective interactive voice response (IVR) framework that supports self-service and improves customer experience.

    Stop! Are you ready for this project?

    This Research Is Designed For:

    • Business analysts, application directors/managers, and customer service leaders tasked with developing and executing a technology enablement strategy for optimizing their contact center approach.
    • Any organization aiming to improve its customer experience by implementing a customer-centric approach to over-the-phone service via an IVR system.

    This Research Will Help You:

    • Adopt the best strategies for outlining an effective IVR approach and for transforming an existing IVR system.
    • Improve customer experience and ultimately customer satisfaction by enabling you to create a more efficient IVR call flow tree.
    • Select the proper IVR strategies to focus on based on the maturity level of your organization's call center.
    • Review the "art of the possible" and learn of the latest developments in successful IVR execution.
    • Learn IT's role in developing a successful IVR system and in developing a technology strategy that optimizes your IVR approach.

    Executive Summary

    Your Challenge

    • Today's customers expect a top-tier experience when interacting with businesses.
    • The advancements in IVR technology mean that IT departments are managing added complexity in drafting a strategy for a top-tier IVR approach.
    • Implementing best practices and the right enabling technology stack is critical to supporting world-class customer experience through IVR.

    Common Obstacles

    • Many organizations do not have a clear understanding of customers' drivers for contacting their IVR.
    • As many contact centers look to improve the customer experience, the need for an impactful IVR system has markedly increased. The proliferation of recommendations for IVR best practices and related technologies has made it difficult to identify and implement the right approach.
    • With a growing number of IVR-related requests, IT must be prepared to speak intelligently about requirements and the "art of the possible."

    Info-Tech's Approach

    • Before selecting and deploying technology solutions, create a database of common customer call drivers to act as an outline for the call flow tree.
    • Understand and apply operational best practices, such as ensuring proper call menu organization and using self-service applications, to improve IVR metrics and, ultimately, the customer experience.
    • Understand evolving trends and emerging technologies in the IVR space, including offering personalized service and using natural language processing/conversational AI.

    Info-Tech Insight

    Tailor your IVR system specifically for your customers. There is no one-size-fits-all approach. Understand your key customers and support their experience by implementing the most effective strategies for them.

    Voice is still the dominant way in which customers choose to receive support

    Despite the contrary beliefs that the preference for phone support and IVR systems is declining, studies have consistently shown that consumers still prefer receiving customer service over the phone.

    76%

    of customers prefer the "traditional" medium of phone calls to reach customer support agents.

    50%

    of customers across all age groups generally use the phone to contact customer support, making it the most-used customer service channel.

    Your IVR approach can make or break your customers' experience

    The feelings that customers are left with after interacting with contact centers and support lines has a major impact on their future purchase decisions

    Effective IVR systems provide customers with positive experiences, keeping them happy and satisfied. Poorly executed IVR systems leave customers feeling frustrated and contribute to an overall negative experience. Negative experiences with your IVR system could lead to your customers taking their business elsewhere.

    In fact, research by Haptik shows that an average of $262 per customer is lost each year due to poor IVR experiences ("7 Conversational IVR Trends for 2021 and Beyond," Haptik, 2021).

    50%

    of customers have abandoned their business transactions while dealing with an IVR system.

    Source: Vonage, 2020

    45%

    of customers will abandon a business altogether due to a poor IVR experience.

    Source: "7 Remarkable IVR Trends For the Year 2022 And Beyond," Haptik, 2021

    IVR systems only improve your customers' experience when done properly

    There are many common mistakes that organizations make when implementing their own IVR strategies:

    1. Offering too many menu options. IVR systems are supposed to allow customers to resolve their inquiries quickly, so it is integral that you organize your menu effectively. Less is more when it comes to your IVR call flow tree.
    2. A lack of self-service capabilities. IVR systems are meant to maximize customer service and improve the customer experience by offering self-service functionality. If resolutions for common issues can't be found through IVR, your return on investment (ROI) is limited.
    3. Having callers get stuck in an "IVR loop." Customers caught hearing the same information repeatedly will often abandon their call. Don't allow customers to get "tangled" in your call flow tree; always make human contact an option.
    4. Not offering personalized service. The inability to identify customers by their number or other identifying features leads to poor personalization and time wasted repeating information, contributing to an overall negative experience.
    5. Not updating the IVR system. By not taking advantage of new developments in IVR technology and by not using customer and employee feedback to upgrade your offering, you are missing out on the potential to improve your customers' experience. Complacency kills, and your organization will be at a competitive disadvantage because of it.

    Implement a transformative IVR approach that empowers your customers

    Call flow trees don't grow overnight; they require commitment, nurturing, and care

    1. Focus on the Roots of Your Call Flow Tree
      • Your call flow tree will only grow as strong as the roots allow it; begin beneath the surface by understanding the needs of your customers and the goals of your organization first, before building your initial IVR menu.
    2. Allow Customers the Opportunity to Branch Out
      • Empower your customers by directing your call flow tree to self-service applications where possible and to live agents when necessary.
    3. Let Your Call Flow Tree Flourish
      • Integrate your IVR with other relevant business applications and apply technological developments that align with the needs of your customers and the goals of your organization.
    4. Keep Watering Your Call Flow Tree
      • Don't let your call flow tree die! Elicit feedback from relevant stakeholders and develop an iterative review cycle to identify and implement necessary changes to your call flow tree, ensuring continued growth.

    IT plays an integral role in supporting the IVR approach

    IT is responsible for providing technology enablement of the IVR strategy

    While IT may not be involved in organizing the call flow tree itself, their impact on an organization's IVR approach is undeniable. Not only will IT assist with the implementation and integration of your IVR system, they will also be responsible for maintaining the technology on an ongoing basis. As such, IT should be a part of your organization's software selection team, following Info-Tech's methodology for optimizing your software selection process.

    • With an understanding of the organization's customer experience management strategy and business goals, IT should be looked toward to:
    • Provide insight into the "art of the possible" with IVR systems.
    • Recommend enabling technologies relative to your call center's maturity (e.g. agent assist and natural language processing).
    • Outline integration capabilities with your existing application portfolio.
    • Highlight any security concerns.
    • Assist with vendor engagement.
    • Take part in stakeholder feedback groups, consulting with agents about their pain points and attempting to solve their problems.

    Guided Implementation

    What does a typical GI on this topic look like?

    Focus on the Roots of Your Call Flow Tree

    Allow Customers the Opportunity to Branch Out Let Your IVR Call Flow Tree Flourish Keep Watering Your Call Flow Tree

    Call #1: Introduce the project, scoping customer call drivers and defining metrics of success.

    Call #3: Discuss the importance of promoting self-service and how to improve call routing processes, assessing the final tiers of the IVR.

    Call #4: Discuss the benefits of integrating your IVR within your existing business architecture and using relevant enabling technologies.

    Call #5: Discuss how to elicit feedback from relevant stakeholders and develop an iterative IVR review cycle, wrapping up the project.

    Call #2: Begin assessing initial IVR structure.

    A Guided Implementation (GI) is a series

    of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 5 to 7 calls over the course of 4 to 6 months.

    Phase 1

    Focus on the Roots of Your Call Flow Tree

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Understand your customers

    1.2 Develop goals for your IVR

    1.3 Align goals with KPIs

    1.4 Build your initial IVR menu

    2.1 Build the second tier of your IVR menu

    2.2 Build the third tier of your IVR menu

    3.1 Learn the benefits of a personalized IVR

    3.2 Review new technology to apply to your IVR

    4.1 Gather insights on your IVR's performance

    4.2 Create an agile review method

    This phase will walk you through the following activities:

    • Building a database of your customers' call drivers
    • Developing IVR-related goals and connecting them with your key performance indicators (KPIs)
    • Developing the first tier of your IVR menu

    This phase involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Implement a Transformative IVR Approach That Empowers Your Customers

    Step 1.1

    Understand Your Customers

    This step will walk you through the following activity:

    1.1.1 Build a database of the reasons why your customers call your contact center

    Focus on the Roots of Your Call Flow Tree

    This step involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Outcomes of this step

    • List of your customers' call drivers

    Help your customers get to where they need to go

    Understand which questions customers need answered the most and organize your IVR menu accordingly

    • With any IVR system, your primary focus should be creating a simple, easily navigated call flow. You not only want your customers to be able to find the solutions that they are looking for, but you want them to be able to do so easily and quickly.
    • In order to direct customers more efficiently, you need to understand why they're motivated to call your contact center. This will be different for every organization, so it requires a deeper understanding of your customers.
    • After understanding the motivators behind your customers' reasons for calling, you'll be able to organize your call flow tree effectively.
    • Assign the most popular reasons that customers call first in your IVR call flow. Organizing your call flow in such a way will ensure a quicker turn around time for customer inquiries, providing callers with the immediate resolution that they are seeking.

    "Call flows are the structure of a call center's interactive voice response (IVR). They define the path a caller takes to reach a resolution. The more efficient the flow, the quicker a resolution can be – thereby delivering a better caller experience."

    Thomas Randall, Ph.D.
    Senior Research Analyst
    Info-Tech Research Group

    1.1.1 Activity: Build a list of the most common reasons that your key customers call your contact center

    30 minutes

    1. As a group, review the reasons that customers call your contact center. This includes reviewing which questions are asked most frequently, what services are most often inquired about, and what pain points and complaints live agents hear most regularly.
    2. Organize each call driver from most to least popular based on how often they are heard.
    3. Record your findings.
    Input Output
    • List of common customer questions
    • List of common customer pain points/complaints
    • Database of customer call drivers
    Materials Participants
    • Whiteboard
    • Markers
    • Project team
    • Customer service leaders/live agents

    Info-Tech Insight

    To understand why your customers are calling, first you need to know who your customers are. Improve your caller understanding by creating customer personas.

    1.1.1 Activity: Build a list of the most common reasons that your key customers call your contact center

    Example

    Customer Call Drivers
    Need to pay a bill
    Complaints about an outage to their service
    Inquiry about new plans
    Need to update account information
    Complaints about their last bill

    Step 1.2

    Develop Goals for Your IVR

    This step will walk you through the following activity:

    1.2.1 Outline IVR-related goals relevant to your organization.

    Focus on the Roots of Your Call Flow Tree

    This step involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Outcomes of this step

    • Goals for your organizational IVR

    Create IVR-related goals you wish for your organization to achieve

    Organizations across different industries will measure success in a multitude of ways; develop goals that are relevant to your needs and desires

    Based on your customer experience strategy and what industry you're in, the goals that you aim to accomplish will look different. A doctor's office will be more concerned with an accurate diagnosis and high first call resolution rate than low average talk time!

    Setting business goals relevant to your organization is only half of the battle; it's just as important to hold your organization accountable to those goals and measure your continued progress toward meeting them.

    1.2.1 Activity: Brainstorm a list of goals that you would like your organization to achieve when optimizing your IVR approach

    30 minutes

    1. In two to three groups, brainstorm goals related to your IVR that are relevant to your organization.
    2. Classify these goals as being either quick wins or part of a longer-term engagement based on the time they would take to accomplish.
    3. Introduce your goals to the entire group, coming to an agreement on the top goals that the organization should aim to achieve through implementing a new/transformed IVR approach.
    InputOutput
    • Customer experience strategy
    • Desired IVR-related achievements
    • Organizational IVR goals
    MaterialsParticipants
    • Whiteboard
    • Markers
    • Project team

    1.2.1 Activity: Brainstorm a list of goals that you would like your organization to achieve when optimizing your IVR approach

    Example

    Goal Designation
    Lower the average queue time Quick win
    Lower call abandonment rate Quick win
    Lower customer attrition Long-term
    Lower employee attrition Long-term
    Increase average speed of answer Quick win

    Step 1.3

    Align Your Goals With Your KPIs

    This step will walk you through the following activity:

    1.3.1 Review your organizational IVR goals and connect them with your key performance indicators (KPIs)

    Focus on the Roots of Your Call Flow Tree

    This step involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Outcomes of this step

    • Metrics used to measure organizational success related to your IVR

    Ensure you are using the proper metrics for measuring the success of your call flow tree

    You won't know if your IVR is operating successfully if you don't know what success looks like for you. It is important to align your contact center KPIs with your business goals so you can hold your IVR system accountable.

    Example

    Metric Description Current Score Target Score [Date/Year]
    First call resolution
    Average abandonment rate
    Customer attrition
    Employee attrition
    Average queue time
    Service level
    Average speed of answer
    Average handle time
    Average call transfer rate
    Average talk time
    Customer self-service resolution
    Agent satisfaction
    Customer satisfaction

    1.3.1 Activity: Develop KPIs for your contact center and connect them to your organization's business goals

    30 minutes

    1. As a group, establish the metrics or KPIs that will be used to measure your progress against the organizational IVR goals created in Activity 1.2.1.
    2. Take note of your current score for each of your organizational goals and determine your target score.
    3. Attach a deadline or target date by which you would like to reach your target score. Target dates can vary based on whether your goal is classified as a quick win or part of a longer-term engagement.
    InputOutput
    • Organizational IVR goals
    • KPIs
    MaterialsParticipants
    • Whiteboard
    • Markers
    • Project team

    Step 1.4

    Build Your Initial IVR Menu

    This step will walk you through the following activity:

    1.4.1 Develop the first tier of your IVR menu, determining the initial selections that customers will have to choose from

    Focus on the Roots of Your Call Flow Tree

    This step involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Outcomes of this step

    • Tier one of your IVR call flow tree

    Keep your IVR concise – minimize the length of your voice prompts and limit the depth of your menus

    You don't want to overload your customers with information. Providing your callers with overly detailed prompts and too many menu options will only lead to frustration, ultimately diminishing both the efficiency and the effectiveness of your IVR. Limiting the length of your voice prompts and the depth of your menus will lay out a clear path for your callers, increasing the likelihood that they are able to navigate your IVR accurately.

    Each of your IVR menus should provide your customers with no more than five selections.

    Your IVR should offer a maximum of three menu tiers.

    Each of your selection "descriptions" or voice prompts should be no longer than four seconds in length.

    Info-Tech Insight

    According to a study by Telzio (2020), introductory IVR messages that greet your customers and identify your company should be under 7.9 seconds in length. Longer introductions will only bore, frustrate, and overload the customer before the call really even begins.

    When developing your voice prompts, it is integral to speak clearly using simple and easily understood language

    • Speak clearly and stay away from industry-specific jargon to ensure that your voice prompts are widely understood by your customer base. This will allow callers to digest the information relayed through your IVR more accurately.
    • Part of increasing the retention of information communicated through your IVR is also ensuring that sufficient pauses are taken between each of your voice prompts. Just as you want to avoid overloading your customers with voice prompts that are too long and too detailed, you also want to give your callers adequate time to process the information that is being relayed to them.
    • Improving the ease of listening to your IVR will reduce the risk of overwhelming your callers and will increase the likelihood that they are able to follow along appropriately, directing themselves down the proper call flow.

    Info-Tech Insight

    Securing voice talent and be expensive and cumbersome. Consider using an automated voice through a text-to-speech solution for your prompts. This will ensure that all your prompts are consistent throughout your menus, and it also makes it significantly easier to provide crucial updates within your IVR system.

    When sufficient pauses are taken between menu options, input errors can be reduced by over…

    Source: Ansafone Contact Centers, 2019

    1.4.1 Activity: Begin building your call flow tree by developing the initial selections that customers will choose from when dialing into your IVR

    30 minutes

    1. Review the database of customer call drivers completed in Activity 1.1.1 to create the opening menu of your IVR call flow tree.
    2. Limit your selections/prompts to a maximum of five by grouping related questions, services, and complaints/pain points into broad categories.
    3. Organize your selections/prompts according to how often customers call in relating to that topic.

    Info-Tech Insight

    Remember: You don't need five selections! That is the maximum recommended number of prompts to use and will most likely be reserved for more complex call flows. More isn't always better. If you can limit your initial menu to fewer selections, then do so.

    InputOutput
    • Database of customer call drivers
    • Initial IVR menu
    MaterialsParticipants
    • Whiteboard
    • Markers
    • Project team

    1.4.1 Activity: Begin building your call flow tree by developing the initial selections that customers will choose from when dialing into your IVR

    Example

    IVR Initial Greeting

    1. For Billing and Payments

    2. To Report an Outage

    3. To Make Changes to Your Plan or Account

    Phase 2

    Allow Customers the Opportunity to Branch Out

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Understand your customers

    1.2 Develop goals for your IVR

    1.3 Align goals with KPIs

    1.4 Build your initial IVR menu

    2.1 Build the second tier of your IVR menu

    2.2 Build the third tier of your IVR menu

    3.1 Learn the benefits of a personalized IVR

    3.2 Review new technology to apply to your IVR

    4.1 Gather insights on your IVR's performance

    4.2 Create an agile review method

    This phase will walk you through the following activities:

    • Completing the second tier of your call flow tree
    • Completing the third and final tier of your call flow tree

    This phase involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Implement a Transformative IVR Approach That Empowers Your Customers

    Step 2.1

    Build the Second Tier of Your IVR Menu

    This step will walk you through the following activity:

    • 2.1.1 Complete the second tier of your call flow tree, branching out from your initial menu

    Allow Customers the Opportunity to Branch Out

    This step involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Outcomes of this step

    • Tier 2 of your IVR call flow tree

    An IVR system should empower your customers to solve problems on their own

    Integrate business applications into your IVR menus to enable self-service capabilities and automate processes where possible

    • An IVR system should assist your customer service team while also empowering your customers. This can be accomplished through offering self-service and using automated messaging via a broadcast messaging system.
    • Some common self-service practices include providing callers with the ability to check credit card statements, pay bills, and track shipments.
    • Automated messaging can be used to address common customer questions. For instance, if a company-wide issue exists, an automated message can outline the issue and highlight the approximate time for resolution, providing customers with the answer they were seeking while eliminating the need to speak to a live agent. This technique is commonly practiced by internet providers during outages.
    • Providing callers with the opportunity to find a resolution for themselves through self-service and automated messaging not only improves the customer experience but also frees up your customer service team for more pressing matters.

    73%

    of customers want to be provided with the ability to solve issues on their own.

    67%

    of customers prefer to use self-service options over speaking with a customer service representative.

    Source: Raffle, 2020

    2.1.1 Activity: Grow your call flow tree! Begin branching out from your initial menu options and develop the second tier of your IVR system

    30 minutes

    1. Branch out from your initial IVR menu created in Activity 1.4.1. Get more specific in your prompts, branching out from the general groupings you have created.
    2. Consult with your database of customer call drivers created in Activity 1.1.1 to organize your subgroupings, again prioritizing the services most sought and the questions, complaints, and pain points most frequently heard.
    3. Limit each subsection to a maximum of five prompts.

    Info-Tech Insight

    Always provide your callers with the option to go back to a previous menu or to have menu options repeated.

    InputOutput
    • Database of customer call drivers
    • Initial IVR menu
    • Second IVR menu
    MaterialsParticipants
    • Whiteboard
    • Markers
    • Project team

    2.1.1 Activity: Grow your call flow tree! Begin branching out from your initial menu options and develop the second tier of your IVR system

    Example

    This is an image of the sample flow tree from Activity 2.1.1


    Step 2.2

    Build the Third Tier of Your IVR Menu

    This step will walk you through the following activity:

    2.2.1 Complete your call flow tree by branching out your third and final tier of menu options.

    Allow Customers the Opportunity to Branch Out

    This step involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Outcomes of this step

    • Third and final tier of your IVR call flow tree

    Provide your callers with the option to speak to a live agent – but not too soon

    While promoting self-service and automating certain processes will improve the functionality of your IVR, it is also important to realize that some issues will ultimately require human intervention. An effective IVR system harmonizes these concepts by making human contact an option, but not too early in the process. You need to find the right balance!

    When organizing your IVR call flow tree, you need to be conscious of sending clients in an endless "IVR loop." You should never have your IVR continually repeat its menu options. Customers will abandon an IVR if they are stuck in an IVR loop, being forced to listen to the same information repeatedly without having a way to reach an agent.

    If a problem cannot be solved within three steps or by the third tier of your IVR menus, callers should be provided with the option to speak to a live agent, if not automatically routed to one. By providing your callers with the option to speak to a live agent on the third tier of your IVR, you are still offering ample time for customers to discover an avenue to solve their issue on their own through self-service, without frustrating them by losing them in an endless loop of IVR options.

    30%

    of customers say that not being able to reach a human agent is the most frustrating aspect of a poor customer service experience.

    Source: ProProfs Chat, 2022

    Info-Tech Insight

    Consider routing callers to a live agent not only on the third tier of your IVR menus but also after three input errors. Multiple input errors can show an eagerness to speak to a representative or a strong misunderstanding of the IVR offering.

    How you direct a customer to a live agent can make all the difference

    Don't think that just offering your customers the option to speak to a live agent is enough. When aiming to significantly improve your customers' experience, how you direct calls to your live agents plays a major role. When a call is being directed to a live agent, be sure to:

    • Optimize your call routing and minimize call transfers. Use skills-based routing to direct your incoming client calls to the most suitable agent to resolve their issue. Inaccurately routing callers through your IVR leads to having to transfer the customer to another agent, which is a major contributor to a negative customer experience.
    • Include wait-time expectations and call-back functionality. There is no denying it: Waiting on hold can be a real pain. If a customer needs to go on hold, inform them of where they are in the queue and what the approximate wait time is. A little transparency can go a long way. You should also provide customers with the option to have a representative call them back. This greatly improves the customer experience, particularly when wait times are long.
    • Play useful on-hold messages. If a customer does decide to wait on the line to speak to a representative, ensure your on-hold messaging doesn't negatively impact their experience. Always have multiple songs and messages available to cycle through to limit customer annoyance. For on-hold messages, consider mentioning self-service capabilities available on other channels or providing company news and information on special promotions. Know your key customer demographics and plan your on-hold messaging accordingly.

    72%

    of customers view having to talk to multiple agents as poor customer service.

    Source: ProProfs Chat, 2022

    33%

    of customers highlight waiting on hold as being their biggest frustration.

    Source: EmailAnalytics, 2022

    2.2.1 Activity: Complete your call flow tree!

    30 minutes

    1. Branch out from the second tier of your IVR call flow tree created in Activity 2.1.1, connecting relevant prompts with self-service applications and automated responses. Keep in mind, most of your frequently asked questions can and should be directed toward an automated response.
    2. Direct all remaining prompts to a live agent, ensuring each selection from your second-tier menu is capped off appropriately.

    Info-Tech Insight

    Remember: Your IVR system doesn't live in isolation. The information offered by your IVR, particularly from automated messages, should be consistent with information found within other resources (e.g. online knowledge bases).

    InputOutput
    • Tier 1 and 2 of your IVR menus
    • Completed IVR call flow
    MaterialsParticipants
    • Whiteboard
    • Markers
    • Project team

    2.2.1 Activity: Complete your call flow tree!

    Example

    This is an image of the sample flow tree from Activity 2.2.1

    Phase 3

    Let Your IVR Call Flow Tree Flourish

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Understand your customers

    1.2 Develop goals for your IVR

    1.3 Align goals with KPIs

    1.4 Build your initial IVR menu

    2.1 Build the second tier of your IVR menu

    2.2 Build the third tier of your IVR menu

    3.1 Learn the benefits of a personalized IVR

    3.2 Review new technology to apply to your IVR

    4.1 Gather insights on your IVR's performance

    4.2 Create an agile review method

    This phase will walk you through the following activities:

    • Reviewing the benefits of offering personalized service
    • Reviewing new technologies offered in the IVR space

    This phase involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Implement a Transformative IVR Approach That Empowers Your Customers

    Step 3.1

    Learn the Benefits of a Personalized IVR

    This step will walk you through the following activity:

    3.1.1 Review the benefits of offering personalized service, namely by connecting your IVR system with your customer knowledge base

    Let Your IVR Call Flow Tree Flourish

    This step involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Outcomes of this step

    • Understanding the importance of offering personalized service

    Personalizing service is integral for improving your customer experience

    Integrate your IVR system with your customer relationship management (CRM) system or customer knowledge base of choice to provide support to your customers on a personal level.

    The integration of your IVR system with your CRM or other applicable knowledge base allows for customer data (e.g. customer history and previous interactions) to be accessible to your staff during calls. Access to this data allows for a deeper understanding of your customers and for personalization of service. This provides immediate benefits to your contact center that will improve your customer experience.

    When you inevitably do need to transfer a customer to another agent, they won't have to repeat their issue to a new representative, as all their information will now be easily accessible. Being forced to repeat themselves to multiple agents is a major cause of frustration for customers. This integration would also allow you to route callers to the previous agent that they dealt with whenever possible for the purpose of continuity, and it would enable you to implement other beneficial technologies as well.

    One such example is "agent assist." Agent assist is an AI bot that listens in on calls, learning customer context and automatically searching knowledge bases to help resolve queries without the agent having to put the caller on hold to manually perform that work themselves. Not only does agent assist improve customer resolution times, but it also ramps up onboarding time, allowing for new agents to enter the workforce and perform with confidence earlier.

    76%

    of consumers expect personalized experiences.

    71%

    of customers expect internal collaboration so that they don't have to repeat themselves.

    Source: Zendesk, 2019

    Personalization can empower your IVR in many ways

    Personalizing your IVR does much more than just provide your customer service representatives with conversational context. Personalization enables your IVR to recognize callers by their phone number, or even by voice via biometric authentication technologies.

    This advanced level of recognition allows your IVR to greet your callers by name, speak to them in their preferred language, send follow-up correspondence to their preferred method of communication (i.e. email or SMS), and even provide them with contact numbers and addresses for your organization's physical locations that are closest to them.

    An example of a more advanced functionality is having your IVR call flow personalized for each customer based on their call history. As customers call in, their data is collected, ultimately improving your IVR's ability to predict and understand caller intent. This makes personalized call flows possible. If customers typically call in to make payments, your IVR can logically deduce that their next call will be for the same reason, and it will alter the call menu to direct them to that functionality more efficiently.

    Step 3.2

    Review New Technology to Apply to Your IVR

    This step will walk you through the following activity:

    3.2.1 Review new technologies offered in the IVR space and understand their impact

    Let Your IVR Call Flow Tree Flourish

    This step involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Outcomes of this step

    • Understanding of key technologies

    Let your customers tell you exactly what they need

    Use natural language processing and conversational AI to further advance your IVR offering

    Instead of making your customers work their way through your call flow tree to find out what they need, why not just ask them? Conversational IVR, also known as an "intuitive IVR system," makes this possible.

    Think Google Assistant, Siri, and Alexa. Your customers can simply tell you what they need and your conversational IVR, using the advancements in natural language processing and conversational AI, will take it from there, directing callers to the resources needed to resolve their issues.

    Powerful enough to understand full sentences and not just select words or phrases, the increased intelligence of a conversational IVR system allows it to handle complex customer inquiries. Leveraging machine learning capabilities, the system will only continue to improve its ability to understand caller intent, ultimately leading to increased call routing accuracy as it fields more and more calls.

    Info-Tech Insight

    Remember: Your customers want fast and easy, not overwhelming and confusing. Some customers who are greeted with an open-ended question from a conversational IVR may not be sure how to respond.

    Understand your key customer demographics and act accordingly. It may be beneficial to provide your callers with guidelines of what to say. Outlining appropriate responses that will guide your customers to their desired department quicker will boost their experience with your conversational IVR.

    There are a lot of benefits to implementing a conversational IVR

    • Putting your callers in control and offering a more humanized approach, conversational IVRs are the preferred first point of contact for customers.
    • Conversational IVRs reduce the time required to reach resolution and can handle more calls than a standard IVR.
    • Conversational IVRs allow for the collection of more relevant data. By not limiting callers to predetermined menu options, you can track the reasons behind customers' calls with more accuracy, using this data to drive future IVR developments.
    • Conversational IVRs are more cost-effective than standard IVRs. According to a report by IBM, companies world-wide spend over $1.3 trillion to address 256 billion customer calls annually. This means that each call a live agent addresses costs an average of $30 (Cognigy, 2020). With a conversational IVR, that cost can be reduced to one-eighth (ETCIO.com, 2020).
    • Conversational IVRs can be handle calls in multiple languages, offering improved scalability for companies operating multi-nationally.

    60%

    of callers will bypass the pre-recorded messages in a standard IVR to reach a human voice.

    Source: Cognigy, 2020

    66%

    of requests can be resolved faster by a conversational IVR than by a live agent.

    Source: Cognigy, 2020

    Despite this, only...

    28%

    of IVR systems contacted use voice response as their primary input method.

    Source: Telzio, 2020

    How do you know if a conversational IVR is right for your organization?

    Large, enterprise-level organizations that field a high volume of customer calls are more likely to receive the benefits and higher ROI from implementing a conversational IVR

    Instead of updating the entire IVR system and implementing a conversational IVR, smaller and mid-level organizations should consider attaching a natural language processing front-end to their existing IVR. Through this, you will be able to reap a lot of the same benefits you would if you were to upgrade to a conversational IVR.

    You can attach a natural language processing front-end to your existing IVR in two ways.

    1. Use an API to recognize your customer's voice prompts. Greet your customers with a question, such as "what is your reason for calling," as your initial IVR menu, and when your customer answers, their response will be sent to your selected API (Amazon Lex, IBM Watson, Google Dialogflow, etc.). The API will then process the customer's input and direct the caller to the appropriate branch of your call flow tree.
    2. Use a conversational AI platform to field your calls. Implement a conversational AI platform to be the first point of contact for your customers. After receiving and analyzing the input from your customers, the platform would then route your callers to your current IVR system and to the appropriate menu, whether that be to an automated message, a self-service application, or a live agent.

    Phase 4

    Keep Watering Your IVR Call Flow Tree

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    1.1 Understand your customers

    1.2 Develop goals for your IVR

    1.3 Align goals with KPIs

    1.4 Build your initial IVR menu

    2.1 Build the second tier of your IVR menu

    2.2 Build the third tier of your IVR menu

    3.1 Learn the benefits of a personalized IVR

    3.2 Review new technology to apply to your IVR

    4.1 Gather insights on your IVR's performance

    4.2 Create an agile review method

    This phase will walk you through the following activities:

    • Understanding the importance of receiving feedback from relevant stakeholders and the best practices for obtaining feedback
    • Understanding the best practices for developing an ongoing review cycle

    This phase involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Implement a Transformative IVR Approach That Empowers Your Customers

    Step 4.1

    Gather Insights on Your IVR's Performance

    This step will walk you through the following activity:

    4.1.1 Understand the importance of receiving feedback and review the best methods for obtaining it from your clients.

    Keep Watering Your IVR Call Flow Tree

    This step involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Outcomes of this step

    • Understanding of the importance of receiving feedback and how to obtain it from customers

    Elicit feedback from your employees and from your customers

    Your live agents are on the proverbial front lines, fielding calls from customers daily. As such, they are the prime stakeholders for knowing what kinds of calls the organization receives and how often. Their input on the most frequent reasons that customers call, whether it be to address common pain points or to have FAQs answered, is invaluable. Ask them regularly for their feedback on how the IVR system is performing and which updates should be implemented.

    While improving the agent experience is a driver behind adopting an IVR system, the focus should always be improving your customer experience. So why wouldn't you ask your customers for their feedback on your IVR offering? Most customers don't only want to be asked to provide feedback, they expect to be asked. Have your agents ask your customers directly about their experience with your IVR or use the functions of your IVR to offer automated end-of-call surveys.

    Info-Tech Insight

    Many IVR systems are capable of recording calls. Listening back on previous calls is another great way to further understand how your IVR is performing, and it also can provide a glimpse into your customers' experience.

    Surveys provide great insight into your customers' level of satisfaction – not only with your IVR but also with your live agents

    Customer satisfaction score (CSAT) is a great way to determine how happy callers are with their experiences with your organization. CSAT surveys ask your clients outright how satisfied they are with their recent interaction and have them rate your service on a scale. While straightforward, the feedback received from CSAT surveys is more general and can lack depth.

    For more detailed responses, consider asking your clients an open-ended question as opposed to using a rating scale. This will provide you with a more specific understanding of your customers' experience. For this, an IVR system that supports voice transcription is best. Automated speech-to-text functionality will ensure rapid results.

    Another option is to offer a survey that includes skip logic. These multi-tiered surveys, much like an IVR call flow tree, direct your callers to different follow-up questions based on their previous answers. While capable of providing more insight into the customer experience, these surveys are only recommended for more complex service offerings.

    Customer feedback is vitally important

    Asking for feedback makes your callers feel valued, and it also provides your organization with extremely useful information – including an understanding of what you may need to change within your IVR

    90%

    of consumers believe that organizations should provide them with the opportunity to give customer feedback.

    Source: SmallBizGenius, 2022

    41%

    of customer support professionals say that CSAT is their team's most important KPI.

    Source: Hiver, 2022

    Step 4.2

    Create an Agile Review Method

    This step will walk you through the following activity:

    4.2.1 Understand the best practices for developing an ongoing review cycle for your IVR approach

    Keep Watering Your IVR Call Flow Tree

    This step involves the following participants:

    • Business stakeholders (business analysts, application director/manager, customer service leaders)
    • IT project team

    Outcomes of this step

    • Understanding of the importance of IVR maintenance and of the development of an iterative review cycle

    Create an agile review method to continually enhance your call flows

    • Track items
      • Elicit feedback from your key stakeholders (i.e. live agents) as part of a regular review – every month, two months, six months, or year – of your call flow tree's efficiency. Delve into the feedback elicited from your customers at the same intervals. Look for patterns and trends and record items accordingly.
    • Manage backlog
      • Store and organize your recorded items into a backlog, prioritizing items to implement in order of importance. This could be structured by way of identifying which items are a quick win vs. which items are part of a more strategic and long-term implementation.
    • Perform iteration
      • Record key metric scores and communicate the changes you have planned to stakeholders before you implement items. Then, make the change.
    • Be retrospective
      • Examine the success of the implementation by comparing your metric scores from before and after the change. Record instances where performing similar changes could be carried out better in future iterations.

    Summary of Accomplishment

    • Knowledge Gained
      • Benefits of enabling personalized service
      • IVR-enabling technologies
      • Methods of eliciting feedback
    • Processes Optimized
      • IVR voice prompt creation
      • IVR voice prompt organization
      • IVR review cycles
    • Deliverables Completed
      • Database of customer call drivers
      • Organizational IVR goals and KPIs
      • IVR call flow tree

    Related Info-Tech Research

    This is a picture of a hand holding a cellular phone

    Choose a Right-Sized Contact Center Solution

    • IT needs a method to pinpoint which contact center solution best aligns with business objectives, adapting to a post-COVID-19 world of remote work, flexibility, and scalability.
    This image contains a screenshot from Info-tech's Build a Strong Technology Foundation for Customer Experience Management.

    Build a Strong Technology Foundation for Customer Experience Management

    • Customer expectations around personalization, channel preferences, and speed-to-resolution are at an all-time high. Your customers are willing to pay more for high-value experiences, and having a strong customer experience management (CXM) strategy is a proven path to creating sustainable value for the organization.
    This image contains a screenshot from Info-tech's IT Strategy Research Center

    IT Strategy Research Center

    • Create an IT strategy based on business needs, not just intuition.
    This image contains a screenshot from Info-tech's SoftwareReviews blueprint.

    SoftwareReviews

    • Accelerate and improve your software selection process with enterprise software reviews. Focus on available resources for communications platform as a service providers and conversational intelligence software.

    Bibliography

    "7 Conversational IVR Trends for 2021 and Beyond." Haptik, 25 March 2021. Accessed 16 June 2022.
    "7 Remarkable IVR Trends For the Year 2022 And Beyond." Haptik, 30 Dec. 2021. Accessed 27 April 2022.
    "8 IVR Strategies that Keep Customers Happy." Ansafone Contact Centers, 31 May 2019. Accessed 25 April 2022.
    "Agent Assist." Speakeasy AI, 19 April 2022. Accessed 27 April 2022.
    "AI chatbot that's easy to use." IBM, n.d. Accessed 21 June 2022.
    "IVR Trends to Watch in 2020 and Beyond: Inside CX." Intrado, 1 May 2020. Accessed 27 April 2022.
    "RIP IVR: 1980-2020." Vonage, 2 June 2020. Accessed 16 June 2022.
    Andrea. "What do Customers Want? – 37 Customer Service Statistics." SmallBizGenius, 17 March 2022. Accessed 24 May 2022.
    Anthony, James. "106 Customer Service Statistics You Must See: 2021/2022 Data & Analysis." FinancesOnline, 14 Jan. 2022. Accessed 27 April 2022.
    Brown, James. "14 stats that prove the importance of self-service in customer service." raffle, 13 Oct. 2020. Accessed 17 June 2022.
    Buesing, Eric, et al. "Getting the best customer service from your IVR: Fresh eyes on an old problem." McKinsey & Company, 1 Feb. 2019. Accessed 25 April 2022.
    Callari, Ron. "IVR Menus and Best Practices." Telzio, 4 Sep. 2020. Accessed 27 April 2022.
    Cornell, Jared. "104 Customer Service Statistics & Facts of 2022." ProProfs Chat, 6 April 2022. Accessed 16 June 2022.
    DeCarlo, Matthew. "18 Common IVR Mistakes & How To Configure Effective IVR." GetVoIP, 13 June 2019. Accessed 27 April 2022.
    DeMers, Jayson. "77 Customer Service Statistics to Know." EmailAnalytics, 23 March 2022. Accessed 27 April 2022.
    Frants, Valeriy. Interview. Conducted by Austin Wagar, 22 June 2022.
    Grieve, Patrick. "Personalized customer service: what it is and how to provide it." Zendesk, 28 June 2019. Accessed 27 April 2022.
    "How Natural Language Processing Can Help Your Interactive Voice Response System Meet Best Practice." Hostcomm, 15 July 2019. Accessed 25 April 2022.
    "IVR and customer experience: get the best UX for your clients." Kaleyra, 14 Dec. 2020. Accessed 25 April 2022.
    Irvine, Bill. "Selecting an IVR System for Customer Satisfaction Surveys." IVR Technology Group, 14 April 2020. Accessed 22 June 2022.
    Kulbyte, Toma. "Key Customer Experience Statistics to Know." SuperOffice, 24 June 2021. Accessed 24 May 2022.
    Leite, Thiago. "What's the Difference Between Standard & Conversational IVR?" Cognigy, 27 Oct. 2020. Accessed 24 May 2022.
    Maza, Cristina. "What is IVR? The ultimate guide." Zendesk, 30 Sep. 2020. Accessed 25 April 2022.
    McCraw, Corey. "What is IVR Call Flow? Benefits, Features, Metrics & More." GetVoIP, 30 April 2020. Accessed 25 April 2022.
    Mircevski, Bruno. "Smart IVR Introduction – What Is It and Why You Should Use It." Ideta, 7 March 2022. Accessed 28 April 2022.
    Oriel, Astha. "Artificial Intelligence in IVR: A Step Towards Faster Customer Services." Analytics Insight, 19 Aug. 2020. Accessed 24 May 2022.
    Perzynska, Kasia. "What is CSAT & How to Measure Customer Satisfaction?" Survicate, 9 March 2022. Accessed 22 June 2022.
    Pratt, Mary K. "How to set business goals, step by step." TechTarget, 27 April 2022. Accessed 21 June 2022.
    Robinson, Kerry. "Insight of the Week: Make Your IVR More Like Alexa." Waterfield Tech, 20 April 2022. Accessed 25 April 2022.
    Sehgal, Karishma. "Exclusive Research – 76% of customer service teams offer support outside of business hours." Hiver, 4 May 2022. Accessed 22 June 2022.
    Smith, Mercer. "111 Customer Service Statistics and Facts You Shouldn't Ignore." Help Scout, 23 May 2022. Accessed 24 June 2022.
    Thompson, Adrian. "A Guide to Conversational IVR." The Bot Forge, 27 Jan. 2021. Accessed 21 June 2022.
    Tolksdorf, Juergen. " 5 Ways to Leverage AI and Agent-Assist to Improve Customer Experience." Genesys, 19 May 2020. Accessed 27 April 2022.
    Vaish, Aakrit. "5 ways conversational IVR is helping businesses revolutionize customer service." ETCIO.com, 20 March 2020. Web.
    Westfall, Leah. "Improving customer experience with the right IVR strategy." RingCentral, 23 July 2021. Accessed 25 April 2022.

    Take Advantage of Big Tech Layoffs

    • Buy Link or Shortcode: {j2store}573|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select

    Tech layoffs have been making the news over the past year, with thousands of Big Tech employees having been laid off. After years of record low unemployment in IT, many leaders are looking to take advantage of these layoffs to fill their talent gaps.

    However, IT leaders need to determine their response – wait and see the impact of the recession on budgets and candidate expectations, or dive in and secure great talent to execute today on strategic needs. This research is designed to help those IT leaders who are looking to take advantage employee effective talents to secure talent.

    • With the impact of the economic slowdown still unknown, the first question IT leaders need to ask is whether now is the time to act.
    • Even with these layoffs, IT unemployment rates are at record lows, with many organizations continuing to struggle to attract talent. While these layoffs have opened a window, IT leaders need to act quickly to secure great talent.

    Our Advice

    Critical Insight

    The “where has the talent gone?” puzzle has been solved. Many tech firms over-hired and were able to outcompete everyone, but it wasn’t sustainable. This correction won’t impact unemployment numbers in the short term – the job force is just in flux right now.

    Impact and Result

    This research is designed to help IT leaders understand the talent market and to provide winning tactics to those looking to take advantage of the layoffs to fill their hiring needs.

    Take Advantage of Big Tech Layoffs Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take Advantage of Big Tech Layoffs Storyboard – A snapshot of the current talent market in IT and quick tactics IT leaders can employ to improve their hiring process to find and attract tech talent.

    Straightforward tactics you can execute to successfully recruit IT staff impacted by layoffs.

    • Take Advantage of Big Tech Layoffs Storyboard

    2. IT Talent Acquisition Optimization Tool – Use this tool to document the current and future talent acquisition process.

    To hire efficiently, create a clear, consistent talent acquisition process. The IT Talent Acquisition Process Optimization Tool will help to:

  • Map out the current talent acquisition workflow
  • Identify areas of opportunity and potential gaps in the current process
    • IT Talent Acquisition Optimization Tool
    [infographic]

    Further reading

    Take Advantage of Big Tech Layoffs

    Simple tactics to secure the right talent in times of economic uncertainty.

    Why are the layoffs making the news?

    After three years of record low unemployment rates in IT and organizations struggling to hire IT talent into their organization, the window appears to be opening with tens of thousands layoffs from Big Tech employers.

    Big brand organizations such as Microsoft, Alphabet, Amazon, Twitter, Netflix, and Meta have been hitting major newswires, but these layoffs aren't exclusive to the big names. We've also seen smaller high-growth tech organizations following suit. In fact, in 2022, it's estimated that there were more than 160,997 layoffs across over 1,045 tech organizations. This trend has continued into 2023. By mid-February 2023, there were already 108,754 employees laid off at 385 tech companies (Layoffs.fyi).(1)

    While some of these layoffs have been openly connected to economic slowdown, others are pointing to the layoffs being a correction for over-hiring during the pandemic. It is also important to note that many of these workers were not IT employees, as these organizations also saw cuts across other areas of the business such as sales, marketing, recruitment, and operations.

    (1)This global database is constantly being updated, and these numbers are changing on an ongoing basis. For up-to-date statistics, see https://layoffs.fyi

    While tech layoffs have been making the news, so far many of these layoffs have been a correction to over-hiring, with most employees laid off finding work, if they want it, within three months.

    IT leaders need to determine their response – wait and see the impact of the recession on budgets and candidate expectations or dive in and secure great talent to execute today on strategic needs.

    This research is designed to help IT leaders understand the talent market and provide winning strategies to those looking to take advantage of the layoffs to fill their hiring needs.

    Three key drivers for Big Tech layoffs

    Economic uncertainty

    Globally, economists are predicting an economic slowdown, though there is not a consistent prediction on the impact. We have seen an increase in interest rates and inflation, as well as reduced investment budgets.

    Over-hiring during the pandemic

    High growth and demand for digital technologies and services during the early pandemic led to over-hiring in the tech industry. Many organizations overestimated the future demand and had to rebalance staffing as a result.

    New automation investments

    Many tech organizations that have conducted layoffs are still in a growth mindset. This is demonstrated though new tech investments by these companies in products like chatbots and RPA to semi-automate processes to reduce the need for certain roles.

    Despite layoffs, the labor market remains competitive

    There were at least 160,997 layoffs from more than 1,045 tech companies last year (2022). (Layoffs.fyi reported as of Feb 21/2023)

    But just because Big Tech is laying people off doesn't mean the IT job market has cooled.

    Between January and October 2022 technology- focused job postings rose 25% compared to the same period in 2021, and there were more than 375,000 tech jobs posted in October of 2022.
    (Dice: Tech Jobs Report.)

    Info-Tech Insight

    The "where has the talent gone?" puzzle has been solved. Many tech firms over-hired and were able to outcompete everyone, but it wasn't sustainable. This correction won't impact unemployment numbers in the short term – the job force is just in flux right now.

    So far, many of the layoffs have been a market correction

    Tech Layoffs Since COVID-19

    This is an image of a combo line graph plotting the number of tech layoffs from Q1 2020 to Q4 2022.

    Source: Layoffs.fyi - Tech Layoff Tracker and Startup Layoff Lists

    Tech Companies Layoffs vs. Early Pandemic Hiring # of People

    This is an image of a bar graph plotting Tech Companies Layoffs vs. Early Pandemic Hiring # of People

    Source: Yahoo Finance. Q4 '19 to Q3 '22

    Tech Layoffs between 2020 Q3- 2022 Q1 remained very low across the sector. In fact, outside of the initial increase at the start of the pandemic, layoffs have remained at historic low levels of around 1% (HBR, 2023). While the layoffs look significant in isolation, when you compare these numbers to pandemic hiring and growth for these organizations, the figures are relatively small.

    The first question IT leaders need to ask is whether now is the time to act

    The big gamble many CIOs face is whether to strike now to secure talent or to wait to better understand the impact of the recession. While two-thirds of IT professionals are still expecting their budgets to increase in 2023, CIOs must account for the impact of inflation and the recession on their IT budgets and staffing decisions (see Info-Tech's CEO-CIO Alignment Program).

    Ultimately, while unemployment is low today, it's common to see unemployment numbers drop right before a recession. If that is the case, then we will see more talent entering the market, possibly at more competitive salaries. But organizations that wait to hire risk not having the staff they need to execute on their strategy and finding themselves in a hiring freeze. CIOs need to decide on how to approach the economic uncertainty and where to place their bets.

    Looking ahead to 2023, how do you anticipate your IT spending will change compared to spending in 2022?

    This is an image of anticipated changes to IT spending compared to 2022 for the following categories: Decrease of more than 30%; Decrease between 16-30%; Decrease between 6-15%; Decrease between 1-5%; No Change; Increase between 1-5%; Increase between 6-15%; Increase between 16-30%; Increase of more than 30%

    Info-Tech's CEO-CIO Alignment Program

    Organizations ready to take advantage will need to act fast when layoffs happen

    Organizations looking to fill hiring needs or grow their IT/digital organization will need to be strategic and efficient when it comes to recruitment. Regardless of the number of layoffs, it continues to be an employee market when it comes to IT roles.

    While it is likely that the recession will impact unemployment rates, so far, the market remains hot, and the number of open roles continues to grow. This means that organizations that want to take advantage need to act quickly when news hits.

    Leaders not only need to compete with other organizations for talent, but the other challenge hiring organizations will need to compete with is that many in tech received generous severance packages and will be considering taking time off. To take advantage, leaders need to establish a plan and a clear employee value proposition to entice these highly skilled workers to get off the bench.

    Why you need to act fast:

    • Unemployment rates remain low:
      • Tech unemployment's rates in the US dropped to 1.5% in January 2023 (CompTIA), compared to overall unemployment which is at 3.4% in the US as of January 2023 (Yahoo Finance). While the layoffs look significant, we can see that many workers have been rehired into the labor market.
    • Long time-to-hire results in lost candidates:
      • According to Info-Tech's IT Talent Trend Report, 58% of IT leaders report time-to-hire is longer than two months. This timing increases for tech roles which require unique skills or higher seniority. IT leaders who can increase the timeline for their requirement process are much more likely to be able to take advantage of tech layoffs.

    IT must take a leading role in IT recruitment to take advantage of layoffs

    A personal connection is the differentiator when it comes to talent acquisition

    There is a statistically significant relationship between IT leadership involvement in talent acquisition and the effectiveness of this process in the IT department. The more involved they are, the higher the effectiveness.(1)

    More IT leadership involvement

    An image of two upward facing arrows. The left arrow is faded purple, and the right arrow is dark purple.

    Higher recruitment effectiveness

    Involved leaders see shorter times to hire

    There is a statistically significant relationship between IT leadership involvement in the talent acquisition process and time to fill vacant positions. The more involved they are, the shorter the time to hire.(2)

    Involved leaders are an integral part of effective IT departments

    There is a statistically significant relationship between IT leadership involvement in talent acquisition and overall IT department effectiveness. Those that are more involved have higher levels of effectiveness.(3)

    Increased IT Leadership in Recruitment Is Directly Correlated to Recruitment Effectiveness.

    This is an image of a combo bar graph plotting Overall Effectiveness for IT leadership involvement in recruitment.

    Focus your layoff recruitment strategy on critical and strategic roles

    If you are ready to take advantage of tech layoffs, focus hiring on critical and strategic roles, rather than your operational backfills. Roles related to security, cloud migration, data and analytics, and digital transformation are more likely to be shielded from budget cuts and are logical areas to focus on when looking to recruit from Big Tech organizations.

    Additionally, within the IT talent market, scarcity is focused in areas with specialized skill sets, such as security and architecture, which are dynamic and evolving faster than other skill sets. When looking to recruit in these areas, it's critical that you have a targeted recruitment approach; this is why tech layoffs represent a strong opportunity to secure talent in these specialized areas.

    ROLES DIFFICULT TO FILL

    An image of a bar graph plotting roles by difficulty to fill.

    Info-Tech Talent Trends 2022 Survey

    Four quick tactics to take advantage of Big Tech layoffs

    TALENT ACQUISITION PROCESS TO TAKE ADVANTAGE OF LAYOFFS

    This is an image of the talent acquisition process to take advantage of layoffs. It involves the following four steps: 1 Prepare organization and job ads for recruitment.  2 Actively track and scan for layoff activity.  3 Prioritize and screen candidates using salary benchmarks and keywords.  4 Eliminate all unnecessary hiring process steps.

    Guided Implementation

    What does a typical GI on this topic look like?

    Step 1 Step 2 Step 3 Step 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: IT job ad review.

    Call #4: Identify screening and sourcing opportunities.

    Call #5: Review your IT talent acquisition process.

    Call #3: Employee value proposition review.

    Call #7: Refine your talent acquisition process.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Tactics to take advantage of tech layoffs

    Activities

    1.1 Spot check your employee value proposition
    1.2 Update job advertisements
    1.3 Document your talent acquisition process
    1.4 Refine your talent acquisition process

    This step involves the following participants:

    • IT executive leadership
    • IT hiring manager
    • Human resources
    • Marketing/public relations

    Outcomes of this step

    Streamlined talent acquisition process tailored to take advantage of tech layoffs.

    This is an image of the talent acquisition process to take advantage of layoffs. It involves the following fo steps: 1 Prepare organization and job ads for recrtment.  2 Actively track and scan for layoff aivity.  3 Prioritize and screen candidates using salary benchmarks and kwords.  4 Eliminate all unnecessary hiring process steps.

    Requisition: update job ads and secure approval to hire

    Critical steps:

    1. Ensure you have secured budget and hiring approval.
    2. Identify an IT recruitment partner within the IT organization who will be accountable for working with HR throughout the process and who will actively track and scan for recruitment opportunities.
    3. Update your IT job descriptions.
    4. Spot check your employee value proposition (EVP) to appeal to targeted candidates (Exercise 1.1).
    5. Write employee job ads for relevant skills and minimum viable experience (Exercise 1.2).
    6. Work with HR to develop your candidate outreach messages – ensure that your outreach is empathetic, aligns with your EVP, and focuses on welcoming them to apply to a role.

    The approval process to activate a requisition can be one of the longest stages in the talent acquisition process. Ensure all your roles are up to date and approved so you can trigger outreach as soon as news hits; otherwise, you'll be late before you've even begun.

    Your employee value proposition (EVP) is a key tool for attracting and retaining talent

    Any updates to your EVP need to be a genuine reflection of the employee experience at your organization – and should resonate internally and externally.

    Internal (retention) perspective: These characteristics help to retain new and existing talent by ensuring that new hires' expectations are met and that the EVP is experienced throughout the organization.

    External (attraction) perspective: These characteristics help to attract talent and are targeted so the right candidates are motivated to join, while those who aren't a good fit will self-select out.

    McLean & Company's Employee Value Proposition Framework

    This is an image of McLean & Company's Employee Value Proposition Framework.  It is divided into Retain and Attract.  under Retain, are the following three headings: Aligned; Accurate; Aspirational.  Under Attract are: Compelling; Clear; Comprehensive.

    Source: McLean & Company

    1.1 Spot check your EVP

    1-3 hours

    1. Review your existing IT employee value proposition. If you do not have an EVP, see Info-Tech's comprehensive research Improve the IT Recruitment Process to draft a new EVP.
    2. Invite a representative group of employees to participate in a working group to improve your employee value proposition. Ask each participant to brainstorm the top five things they value most about working at the organization.
    3. Consider the following categories: work environment, career advancement, benefits, and ESG and diversity impact. Brainstorm as a group if there is anything unique your organization offers with regard to these categories.
    4. Compare your notes to your existing EVP, identify up to four key statements to focus on for the EVP, ensuring that your EVP speaks to at least one of the categories above. Remove any statements that no longer speak to who you are as an organization or what you offer.

    Input

    • Existing employee value proposition
    • Employee Engagement Surveys (If Available)

    Output

    • Updated employee value proposition

    Materials

    • Whiteboard/flip charts
    • Job ad template

    Participants

    • Representative group of internal employees.
    • HR
    • Marketing/PR (if possible)

    Four critical factors considered by today's job seeker

    1. Be specific about remote work policies: Include verbiage about whether there is an option to work hybrid or remote. 81% of job seekers stated that whether a job is remote, hybrid, or in-person was a top factor in whether they'd accept an offer (Benefits Canada, 2022).
    2. Career advancement and stability: "37% of Gen Z employees and 25% of millennial employees are currently looking for a job that offers career progression transparency — or, in other words, a job with clear opportunities for growth. This is significantly higher than our findings for older generations Gen X (18%) and baby boomers (7%)," (Lattice, 2021).
    3. Unique benefits: Consider your unique benefits – it's not the Big Tech "fun perks" like slides and ping pong that drive interest. Employees are increasingly looking for roles with long-term benefits programs. 90% of job seekers consider higher pension contributions to be a key factor, and 85% are considering bonuses/profit sharing" (Benefits Canada, 2022). Candidates may accept lower total compensation in exchange for flexibility, culture, work/life balance that was lacking in the start-up scene or the mega-vendors' fast-paced world.
    4. ESG and diversity impact: Include details of how the candidate will make a societal impact through their role, and how the company is acting on climate and sustainability. "Nearly two in five [Gen Z's and millennials] say they have rejected a job or assignment because it did not align with their values," (Deloitte Global, 2022).

    Update or establish job ads for candidate outreach

    Take the time up front to update your IT job descriptions and to write effective job advertisements. A job advertisement is an external-facing document that advertises a position with the intent of attracting job applicants. It contains key elements from the job description as well as information on the organization and its EVP. A job description informs a job ad, it doesn't replace it.
    When updating job descriptions and job ads, it's critical that your requirements are an accurate representation of what you need in the position. For the job ads especially, focus on the minimum requirements for the role, highlight your employee value proposition, and ensure that they are using inclusive language.
    Don't be lulled into using a job description as a posting when there's a time crunch to fill a position – use your preparation time to complete this key step.

    Three tips to consider when building a job ad

    Include the minimum desired requirements

    Include the required skills, responsibilities, and certifications required. Instead of looking for a unicorn, look for what you need and a demonstrated ability to learn. 70% of business executives say they are getting creative about sourcing for skills rather than just considering job experience (Deloitte Insights, 2022).

    Strategically include certifications

    When including certifications, ensure you have validated the process to be certified – i.e. if you are hiring for a role with 3-5 years' experience, ensure that the certification does not take 5-10 years of experience be eligible.

    Use inclusive language

    Consider having a review group within your IT organization to ensure the language is inclusive, that the responsibilities don't read as overly complex, and that it is an accurate representation of the organization's culture.

    1.2 Update or build job ads

    1-3 hours

    1. Begin with a copy of the job ad you are looking to fill, if you haven't begun to draft the role, start with Info-Tech's Job Description Library and Info-Tech's Job Ad Template.
    2. Review the job accountabilities, rank each responsibility based on its importance and volume of work. Determine if there are any responsibilities that are uncommon to be executed by the role and remove unnecessary responsibilities.
    3. For each of the job accountabilities, identify if there is a level of experience, knowledge or competency that would be the minimum bar for a candidate. Remove technical skills, specific technologies, and competencies that aren't directly relevant to the role, responsibilities or values.
    4. Review the education and requirements, and ensure that any certification or educational background is truly needed or suggested.
    5. Use the checklist on the following tab to review and update your job ad.

    Input

    • Job description
    • Employee value proposition
    • Job ad template

    Output

    • Completed job ad

    Materials

    • Whiteboard/flip charts
    • Web share

    Participants

    • Representative group of internal employees.
    • HR
    • Marketing/PR (if possible)

    1.2 Job ad checklist:

    A job ad needs to be two things: effective and inclusive.

    Effective

    The job ad does include:

    The organization's logo.
    Description of the organization.
    Information about benefits.
    A link to the organization's website and social media platforms.
    Steps in the application process and what candidates can expect.

    The job ad:

    Paints an accurate picture of key aspects of the role.
    Tells a story to show potential candidates how the role and organization will fit into their career path (outlines potential career paths, growth opportunities, training, etc.).
    Does not contain too many details and tasks that would overwhelm applicants.
    Highlights the employer brand in a manner that conveys the EVP and markets the organization to attract potential applicants.
    Includes creative design or formatting to make the ad stand out.
    The job ad speaks to the audience by using targeted language (e.g. using creative language when recruiting for a creative role).
    The job ad has been reviewed by HR, Marketing, PR.

    Inclusive

    The job ad does NOT include:

    Industry jargon or abbreviations that are not spelled out.
    Personality characteristics and unnecessary adjectives that would deter qualified candidates (e.g. extroverted, aggressive, competitive).
    A list of specific academic disciplines or schools, GPA requirements, or inflated degree requirements.

    The job ad:

    Uses gender-neutral language and does not contain terms that indicate traits that are typically associated with a specific gender.
    Can be viewed and applications can be completed on mobile devices.
    Focuses on results, day-to-day requirements, competencies, and transferrable skills.
    Includes design that is accessible (e.g. alternative text is provided for images, clear posting structure with headings, color is not used to convey information).

    Sourcing: Set up news trackers and review layoff source lists

    • Set up news and social media trackers to track layoff updates, and ensure you have an IT staff member on standby to complete a more detailed opportunity analysis when layoffs happen.
    • Use layoff source lists such as Layoffs.fyi to actively track organizations that have laid people off, noting the industry, location, and numbers in order to identify potential candidates. Limit your future analysis to locations that would be geographically possible to hire from.
    • Review open-source lists of laid-off employees to quickly identify potential candidates for your organization.
    • Many organizations that have completed layoffs have established outplacement programs to help laid-off staff find new roles. Set a plan in motion with HR to reach out to organizations once a layoff has occurred to understand their layoff support program.

    The key to successful sourcing is for IT to take an active role in identifying which organizations impacted by layoffs would be a good fit, and to quickly respond by searching open-source lists and LinkedIn to reach out potential candidates.

    Consider leveraging open-source lists

    Layoffs.fyi has been tracking and reporting on layoffs since the start of COVID-19. While they are not an official source of information, the site has more than a million views per month and is a strong starting point for IT leaders looking to source candidates from tech layoffs beyond the big organizations that are making the news.

    The site offers a view of companies with layoffs by location, industry, and the source of the info. Additionally, it often lists the names and contact information of laid-off employees, which you can leverage to start your deeper LinkedIn outreach or candidate screening.

    This is an image of two screenshots of open source lists from Layoffs.fyi

    Screenshots from Layoffs.fyi.

    Screening: Prioritize by considering salary benchmarks and keywords

    • Determine a set of consistent pre-screening questions to leverage while screening candidates, which every candidate must answer, including knockout questions.
    • Prioritize by going for salary ranges you can afford: It is important to be aware of what companies are paying within the tech arena, so you know if your salary bands are within a competitive range.
    • Pre-screen resumes using appropriate keywords that are critical for the role, and widen the terms if you do not have enough candidates. Given the pool you are looking to recruit from, consider removing criteria specifically related to education or certifications; instead, prioritize skills and on-the-job experience.

    Screening is one of the most time-consuming stages of the TA process. For each open position, it can take 23 hours to screen resumes (Toolbox, 2021). In fact, 52% of TA leaders believe that screening candidates from a large pool of applicants is the hardest part of recruitment (Ideal, 2021).

    Compensation comparison reports

    Keep in mind that the market may be shifting rapidly as layoffs proliferate, so what the data shows, particularly on free-to-use sites with little data-checking, may not be current and may be overstated. Info-Tech does not provide salary analysis; however, there are publicly available reports and online websites with self-reported data.

    This list contains several market data sources for the tech industry, which may be a good starting point for comparison. Info-Tech is not affiliated with or endorsing any of these market data sources.

    Aon Global Cyber Security Compensation and Talent Survey
    Aon – Radford Surveys Radford Global Technology Survey
    Culpepper Comprehensive Compensation Survey Solution for Technology-Focused Companies
    Modis 2022 IT Compensation Guide
    Motion Recruitment 2023 Tech Salary Guide
    Mondo 2022 Salary Guide for roles & jobs across the technology, creative & digital marketing industries.
    Willis Towers Watson Willis Towers Watson Data Services - Artificial Intelligence and Digital Talent
    Willis Towers Watson 2022 Artificial Intelligence and Digital Talent Survey Report - Canada
    Willis Towers Watson 2022 Artificial Intelligence and Digital Talent Survey Report - U.S.
    Michael Page Salary Guide 2022 for the Greater Toronto Area Technology Industry
    Willis Towers Watson Willis Towers Watson Data Services - Tech, Media, and Gaming
    Willis Towers Watson 2022 Tech, Media and Gaming Executive Survey Report - Canada
    Willis Towers Watson 2022 Tech, Media and Gaming Middle Management, Professional and Support Survey Report - Canada
    Willis Towers Watson 2022 Tech, Media and Gaming Executive Survey Report - U.S.
    Willis Towers Watson 2022 Tech, Media and Gaming Middle Management, Professional and Support Survey Report - U.S.

    Work with your HR partner to streamline your talent acquisition process

    A slow talent acquisition process presents multiple risks to your ability to recruit. Candidates are likely having multiple hiring conversations, and you could lose a good candidate just by being slower than another organization. Additionally, long hiring processes are also an indicator of a high level of bureaucracy in an organization, which may turn off tech candidates who are used to faster-paced decision making.

    Reducing your time-to-hire needs to be a strategic priority, and companies that manage to do this are reaping the benefits: There is a statistically significant relationship between time to fill vacant positions and overall IT department effectiveness. The shorter the time to fill a position, the higher the effectiveness (Bika, 2019).

    Key Considerations for Optimizing your Talent Acquisition Process

    Key Considerations for Optimizing your Talent Acquisition Process

    Review the end-to-end experience

    50%

    of job seekers surveyed had "declined a job offer due to poor [candidate] experience," (Echevarria, 2020).

    Reduce the time to hire

    55%

    "of candidates believe that it should take one to two weeks from the first interview to being offered the job," (Duszyński, 2021).

    Be clear on Timelines

    83%

    "of candidates say it would greatly improve the overall experience if employers provided a clear timeline of the hiring process," (Miller, n.d.).

    Time to hire: Identify solutions to drive efficient hiring

    1. Document all steps between screening and hiring and remove any unnecessary steps.
    2. Create clearly defined interview guides to ensure consistent questioning by interviewers.
    3. Enable hiring managers to schedule their own interviews.
    4. Determine who needs to approve an offer. Streamline the number of approvals, if possible.
    5. Eliminate unnecessary background checks. Many companies have eliminated reference checks, for example, after determining that it was it was not adding value to their decision.
    6. Identify and track key metrics across your talent acquisition process.

    It is critical to partner with your HR department on optimizing this process, as they are typically the process owners and will have deep knowledge of the rationale for decisions. Together, you can identify some opportunities to streamline the process and improve the time to hire.

    4.1 Document your TA process

    1-3 hours

    1. If you have a documented talent acquisition process, begin with that; if not, open the IT Talent Acquisition Process Optimization Tool and map the stages of the talent acquisition process with your HR leader. Stages are the top level in the process (e.g. requisition, sourcing, screening).
    2. Identify all the stakeholders involved in IT talent acquisition and document these in the tool.
    3. Next, identify the steps required for each stage. These are more detailed actions that together will complete the stage (e.g. enter requisition into ATS, intake meeting). Ask subject matter experts to add steps to their portion of the process and document these in the cells.
    4. For each step in the stage, record the time required and the number of people who are involved.

    Input

    • Existing talent acquisition (TA) process document
    • Any TA process metrics
    • Info-Tech's Talent Acquisition Process Optimization Tool

    Output

    • Documented TA process

    Materials

    • Info-Tech's Talent Acquisition Process Optimization Tool
    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • HR
    • IT leaders
    • Hiring manager

    Download the IT Talent Acquisition Process Optimization Tool

    Example of steps in each stage of the TA process

    Activities

    Requisition

    Source

    Screen

    Interview & Assess

    Offer

    Background Check

    Vacancy identified Posted on website Resumes screened in system Interviews scheduled Offer letter drafted Reference checks conducted
    Requisition submitted Posted on job boards Resume screened by recruited First round interviews Offer letter sent Medical checks conducted
    Requisition approved Identification of layoff sources Resumed reviewed by hiring manager Assessment Negotiations Other background checks conducted
    Job description updated Review layoff source lists Screening calls Second round interview First date confirmed
    Job ad updated Screening questions developed Candidates selected
    Intake meeting

    4.2 Refine your TA process

    1-3 hours

    1. Collectively identify any:
      1. Inconsistent applications: Activities that are done differently by different participants.
      2. Bottlenecks: A place in the process where activity is constrained and holds up next steps.
      3. Errors: When a mistake occurs requiring extra time, resources, or rework.
      4. Lack of value: An activity that adds little to no value (often a legacy activity).
    2. Work with HR to identify any proposed solutions to improve consistency, reduce bottlenecks, errors, or eliminate steps that lack value. Document your proposed solutions in tab 3 of the IT Talent Acquisition Optimization Tool.
    3. Identify any new steps needed that would drive greater efficiency, including the tactics suggested in this research. Document any proposed solutions in tab 3.
    4. For each proposed solution, evaluate the general level of effort and impact required to move forward with that solution and select the appropriate classification from the drop-down.
    5. Determine if you will move forward with the proposed solution at this time. Update the TA workflow with your decisions.

    Input

    • Existing talent acquisition (TA) process document
    • Any TA process metrics
    • Info-Tech's Talent Acquisition Process Optimization Tool

    Output

    • Documented TA process

    Materials

    • Info-Tech's Talent Acquisition Process Optimization Tool
    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • HR
    • IT leaders
    • Hiring manager

    Use Info-Tech's IT Talent Acquisition Optimization Tool to document current challenges & target solutions.

    Map your process and identify opportunities to streamline

    This is an image of the talent aquisitions workflow page from Info-Tech's Map your process and identify opportunities to streamline

    Brainstorm and select solutions to improve your process

    This is an image of the Effort Analysis page from Info-Tech's Brainstorm and select solutions to improve your process

    Key considerations when optimizing your process

    • Put yourself in each stakeholder's shoes (candidate, HR, hiring manager). Think through what they need from the process.
    • Challenge assumptions and norms. It can be tempting to get caught up in "how we do it today." Think beyond how it is today.
    • Question timing of activities and events. Identify if they are occurring when they need to.
    • Rebalance work to align with priorities. Identify if work can be redistributed or condensed to use time more efficiently.
    • Distinguish when consistency will add value and when there should be process flexibility.
    • Question the value. For each activity, ask "What value does this activity add?"

    Select metrics to measure Talent Acquisition process improvement

    METRICS INFORMATION
    Metric Definition Calculation
    Average applicants per posting The average number of applicants received per post. Number of applications / Number of postings
    Average number of interviews for open job positions Average number of interviews for open job positions. Total number of interviews / Total number of open job positions
    Average external time to fill Average number of calendar days from when the requisition is issued to when a candidate accepts the position from outside the organization. External days to fill / External candidates
    Pipeline throughput Percentage of candidates advancing through to the next stage. (Number of candidates in chosen stage / Number of candidates in preceding stage) * 100
    External offer acceptance rate Percentage of job offers extended to external candidates that were accepted. (Number of job offers that are accepted / Number of job offers extended) * 100
    Percentage of target group hired The percentage of a target group that was hired. Number of FTE hired / Target number of FTE to be hired
    Average time to hire Average number of calendar days between first contact with the candidate and when they accept the offer. Sum of number of days between first contact and offer acceptance / External candidates
    Quality of hire Percentage of new hires achieving a satisfactory appraisal at their first assessment. New hires who achieve a satisfactory rating at their first appraisal / Total number of new hires
    Vacancy rate Percentage of positions being actively recruited for at the end of the reporting period. Count of vacant positions / (Headcount + Vacant positions)

    Bibliography

    "81% of Employees Factoring Hybrid Work Into Job Search: Survey." BenefitsCanada.com, 16 June 2022.
    Andre, Louie. "40 Notable Candidate Experience Statistics: 2023 Job Application Trends & Challenges." Financesonline.Com, 15 Mar. 2023.
    Bika, Nikoletta. "Key Hiring Metrics: Useful Benchmarks for Tech Roles." Recruiting Resources: How to Recruit and Hire Better, 10 Jan. 2019.
    "Bureau of Labor Statistics Labor Market Revisions Contribute to Conflicting Signals in Latest Tech Employment Data, CompTIA Analysis Finds." CompTIA, 3 Feb. 2023. Press release.
    Byrnes, Amy. "ICIMS Insights Workforce Report: Time to Press the Reset Button?" ICIMS | The Leading Cloud Recruiting Software, 1 Dec. 2022.
    Cantrell, Sue, et al. "The Skills-Based Organization: A New Operating Model for Work and the Workforce." Deloitte Insights, 8 Sept. 2022.
    deBara, Deanna. "Top Findings from Lattice's Career Progression Survey." Lattice, 13 Sept. 2021. Accessed 16 Feb. 2023.
    Duszyński, Maciej. "Candidate Experience Statistics (Survey of 1,000+ Americans)." Zety, 14 Oct. 2019.
    Duszyński, Maciej. "Candidate Experience Statistics." Zety, 2021.
    Echevarria, Desiree. "2020 Candidate Experience Report." Career Plug, 17 Mar. 2021.
    Ghosh, Prarthana. "Candidate Screening and Selection Process: The Complete Guide for 2021." Spiceworks, 26 Feb. 2021. Accessed 22 Jun. 2021
    "Introduction - Dice Tech Job Report: Tech Hiring Trends by Location, Industry, Role and Skill." Accessed 16 Feb. 2023.
    Lee, Roger. "Tech Layoff Tracker and Startup Layoff Lists." Layoffs.fyi. Accessed 16 Feb. 2023.
    Miller, Kandace. "Candidate Experience And Engagement Metrics You Should Be Tracking." ConveyIQ, n.d. Accessed 16 Feb. 2023.
    Min, Ji-A. "Resume Screening: A How-To Guide for Recruiters." Ideal, 15 Mar. 2021. Web.
    Palmeri, Shelby. "2023 Candidate Experience Research: Strategies for Recruiting." CareerPlug, 6 Feb. 2023.
    Semenova, Alexandra. "Jobs Report: U.S. Economy Adds 517,000 Jobs in January, Unemployment Rate Falls to 3.4% as Labor Market Stuns." Yahoo!Finance, 3 Feb. 2023.
    Sozzi, Brian. "Big Tech Layoffs: What Companies Such as Amazon and Meta Have in Common." Yahoo!News, 6 Feb. 2023.
    Tarki, Atta. "Despite Layoffs, It's Still a Workers' Labor Market." Harvard Business Review, 30 Jan. 2023.
    The Deloitte Global 2022 Gen Z and Millennial Survey. Deloitte Global, 2022. Accessed 16 Feb. 2023.
    "Uncover the Employee Value Proposition." McLean & Company, 21 Jun. 2022. Accessed 22 Feb. 2023.

    Optimize the Service Desk With a Shift-Left Strategy

    • Buy Link or Shortcode: {j2store}478|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $21,171 Average $ Saved
    • member rating average days saved: 11 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Tier 2 and 3 specialists lose time and resources working on tickets instead of more complex projects.
    • The service desk finds themselves resolving the same incidents over and over, wasting manual work on tasks that could be automated.
    • Employees expect modern, consumer-like experiences when they need help; they want to access information and resources from wherever they are and have the tools to solve their problems themselves without waiting for help.

    Our Advice

    Critical Insight

    • It can be difficult to overcome the mindset that difficult functions need to be escalated. Shift left involves a cultural change to the way the service desk works, and overcoming objections and getting buy-in up front is critical.
    • Many organizations have built a great knowledgebase but fail to see the value of it over time as it becomes overburdened with overlapping and out-of-date information. Knowledge capture, updating, and review must be embedded into your processes if you want to keep the knowledgebase useful.
    • Similarly, the self-service portal is often deployed out of the box with little input from end users and fails to deliver its intended benefits. The portal needs to be designed from the end user’s point of view with the goal of self-resolution if it will serve its purpose of deflecting tickets.

    Impact and Result

    • Embrace a shift-left strategy by moving repeatable service desk tasks and requests into lower-cost delivery channels such as self-help tools and automation.
    • Shift work from Tier 2 and 3 support to Tier 1 through good knowledge management practices that empower the first level of support with documented solutions to recurring issues and free up more specialized resources for project work and higher value tasks.
    • Shift knowledge from the service desk to the end user by enabling them to find their own solutions. A well-designed and implemented self-service portal will result in fewer logged tickets to the service desk and empowered, satisfied end users.
    • Shift away manual repetitive work through the use of AI and automation.
    • Successfully shifting this work left can reduce time to resolve, decrease support costs, and increase end-user satisfaction.

    Optimize the Service Desk With a Shift-Left Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand why a shift-left strategy can help to optimize your service desk, review Info-Tech's methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare to shift left

    Assess whether you’re ready to optimize the service desk with a shift-left strategy, get buy-in for the initiative, and define metrics to measure success.

    • Optimize the Service Desk With a Shift-Left Strategy – Phase 1: Prepare to Shift Left
    • Shift-Left Prerequisites Assessment
    • Shift-Left Strategy
    • Shift-Left Stakeholder Buy-In Presentation

    2. Design shift-left model

    Build strategy and identify specific opportunities to shift service support left to Level 1 through knowledge sharing and other methods, to the end-user through self-service, and to automation and AI.

    • Optimize the Service Desk With a Shift-Left Strategy – Phase 2: Design Shift Left Model
    • Shift-Left Action Plan
    • Knowledge Management Workflows (Visio)
    • Knowledge Management Workflows (PDF)
    • Self-Service Portal Checklist
    • Self-Service Resolution Workflow (Visio)
    • Self-Service Resolution Workflow (PDF)

    3. Implement and communicate

    Identify, track, and implement specific shift-left opportunities and document a communications plan to increase adoption.

    • Optimize the Service Desk With a Shift-Left Strategy – Phase 3: Implement & Communicate
    • Incident Management Workflow (Visio)
    • Incident Management Workflow (PDF)
    [infographic]

    Workshop: Optimize the Service Desk With a Shift-Left Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare to Shift Left

    The Purpose

    Define how shift left would apply in your organization, get buy-in for the initiative, and define metrics to measure success.

    Key Benefits Achieved

    Defined scope and objectives for the shift-left initiative

    Buy-in for the program

    Metrics to keep the project on track and evaluate success

    Activities

    1.1 Review current service desk structure

    1.2 Discuss challenges

    1.3 Review shift-left model and discuss how it would apply in your organization

    1.4 Complete the Shift-Left Prerequisites Assessment

    1.5 Complete a RACI chart for the project

    1.6 Define and document objectives

    1.7 Review the stakeholder buy-in presentation

    1.8 Document critical success factors

    1.9 Define KPIs and metrics

    Outputs

    Shift-left scope

    Completed shift-left prerequisites assessment

    RACI chart

    Defined objectives

    Stakeholder buy-in presentation

    Critical success factors

    Metrics to measure success

    2 Plan to Shift to Level 1

    The Purpose

    Build strategy and identify specific opportunities to shift service support left to Level 1 through knowledge sharing and other methods.

    Key Benefits Achieved

    Identified initiatives to shift work to Level 1

    Documented knowledge management process workflows and strategy

    Activities

    2.1 Identify barriers to Level 1 resolution

    2.2 Discuss knowledgebase challenges and areas for improvement

    2.3 Optimize KB input process

    2.4 Optimize KB usage process

    2.5 Optimize KB review process

    2.6 Discuss and document KCS strategy and roles

    2.7 Document knowledge success metrics

    2.8 Brainstorm additional methods of increasing FLR

    Outputs

    KB input workflow

    KB usage workflow

    KB review workflow

    KCS strategy and roles

    Knowledge management metrics

    Identified opportunities to shift to Level 1

    3 Plan to Shift to End User and Automation

    The Purpose

    Build strategy and identify specific opportunities to shift service support left to the end user through self-service and to automation and AI.

    Key Benefits Achieved

    Identified initiatives to shift work to self-service and automation

    Evaluation of self-service portal and identified opportunities for improvement

    Activities

    3.1 Review existing self-service portal and discuss vision

    3.2 Identify opportunities to improve portal accessibility, UI, and features

    3.3 Evaluate the user-facing knowledgebase

    3.4 Optimize the ticket intake form

    3.5 Document plan to improve, communicate, and evaluate portal

    3.6 Map the user experience with a workflow

    3.7 Document your AI strategy

    3.8 Identify candidates for automation

    Outputs

    Identified opportunities to improve portal

    Improvements to knowledgebase

    Improved ticket intake form

    Strategy to communicate and measure success of portal

    Self-service resolution workflow

    Strategy to apply AI and automation

    Identified opportunities to shift tasks to automation

    4 Build Implementation and Communication Plan

    The Purpose

    Build an action plan to implement shift left, including a communications strategy.

    Key Benefits Achieved

    Action plan to track and implement shift-left opportunities

    Communications plan to increase adoption

    Activities

    4.1 Examine process workflows for shift-left opportunities

    4.2 Document shift-left-specific responsibilities for each role

    4.3 Identify and track shift-left opportunities in the action plan

    4.4 Brainstorm objections and responses

    4.5 Document communications plan

    Outputs

    Incident management workflow with shift-left opportunities

    Shift left responsibilities for key roles

    Shift-left action plan

    Objection handling responses

    Communications plan

    Leadership, Culture and Values

    • Buy Link or Shortcode: {j2store}34|cart{/j2store}
    • Related Products: {j2store}34|crosssells{/j2store}
    • member rating overall impact: 9.4/10
    • member rating average dollars saved: $912
    • member rating average days saved: 7
    • Parent Category Name: People and Resources
    • Parent Category Link: /people-and-resources

    The challenge

    • Your talent pool determines IT performance and stakeholder satisfaction. You need to retain talent and continually motivate them to go the extra mile.
    • The market for IT talent is growing, in the sense that talent has many more options these days. Turnover is a serious threat to IT's ability to deliver top-notch service to your company.
    • Engagement is more than HR's responsibility. IT leadership is accountable for the retention of top talent and the overall productivity of IT employees.

    Our advice

    Insight

    • Engagement goes both ways. Your initiatives must address a real need, and employees must actively seek the outcomes. Engagement is not a management edict.
    • Engagement is not about access to the latest perks and gadgets. You must address the right and challenging issues. Use a systematic approach to find what lives among the employees and address these.
    • Your impact on your employees is many times bigger than HR's. Leverage your power to lead your team to success and peak performance.

    Impact and results 

    • Our engagement diagnostic and other tools will help get to the root of disengagement in your team.
    • Our guidance helps you to avoid common errors and engagement program pitfalls. They allow you to take control of your own team's engagement.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why engagement is critical to IT performance in your company. We'll show you our methodology and the ways we can help you in handling this.

    Measure your employee engagement

    You can use our full engagement surveys.

    • Improve Employee Engagement to Drive IT Performance – Phase 1: Measure Employee Engagement (ppt)
    • Engagement Strategy Record (doc)
    • Engagement Communication Template (doc)

    Analyze the results and brainstorm solutions

    Understand your employees' engagement drivers. Involve your team in brainstorming engagement initiatives.

    • Improve Employee Engagement to Drive IT Performance – Phase 2: Analyze Results and Ideate Solutions (ppt)
    • Engagement Survey Results Interpretation Guide (ppt)
    • Full Engagement Survey Focus Group Facilitation Guide (ppt)
    • Pulse Engagement Survey Focus Group Facilitation Guide (ppt)
    • Focus Group Facilitation Guide Driver Definitions (doc)
    • One-on-One Manager Meeting Worksheet (doc)

    Select and implement engagement initiatives

    Choose those initiatives that show the most promise with the most significant impact. Create your action plan and establish transparent and open, and ongoing communication with your team.

    • IT Knowledge Transfer Plan Template (xls)
    • IT Knowledge Identification Interview Guide Template (doc)

    Build your knowledge transfer roadmap

    Knowledge transfer is an ongoing effort. Prioritize and define your initiatives.

    • Improve Employee Engagement to Drive IT Performance – Phase 3: Select and Implement Engagement Initiatives (ppt)
    • Summary of Interdepartmental Engagement Initiatives (doc)
    • Engagement Progress One-Pager (ppt)

     

    Adapt Your Onboarding Process to a Virtual Environment

    • Buy Link or Shortcode: {j2store}577|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • For many, the WFH arrangement will be temporary, however, the uncertainty around the length of the pandemic makes it hard for organizations to plan long term.
    • As onboarding plans traditionally carry a six- to twelve-month outlook, the uncertainty around how long employees will be working remotely makes it challenging to determine how much of the current onboarding program needs to change. In addition, introducing new technologies to a remote workforce and planning training on how to access and effectively use these technologies is difficult.

    Our Advice

    Critical Insight

    • The COVID-19 pandemic has led to a virtual environment many organizations were not prepared for.
    • Focusing on critical parts of the onboarding process and leveraging current technology allows organizations to quickly adapt to the uncertainty and constant change.

    Impact and Result

    • Organizations need to assess their existing onboarding process and identify the parts that are critical.
    • Using the technology currently available, organizations must adapt onboarding to a virtual environment.
    • Develop a plan to re-assess and update the onboarding program according to the duration of the situation.

    Adapt Your Onboarding Process to a Virtual Environment Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess current onboarding processes

    Map the current onboarding process and identify the challenges to a virtual approach.

    • Adapt Your Onboarding Process to a Virtual Environment Storyboard
    • Virtual Onboarding Workbook
    • Process Mapping Guide

    2. Modify onboarding activities

    Determine how existing onboarding activities can be modified for a virtual environment.

    • Virtual Onboarding Ideas Catalog
    • Performance Management for Emergency Work-From-Home

    3. Launch the virtual onboarding process and plan to re-assess

    Finalize the virtual onboarding process and create an action plan. Continue to re-assess and iterate over time.

    • Virtual Onboarding Guide for HR
    • Virtual Onboarding Guide for Managers
    • HR Action and Communication Plan
    • Virtual Onboarding Schedule
    [infographic]

    IT Strategy

    • Buy Link or Shortcode: {j2store}20|cart{/j2store}
    • Related Products: {j2store}20|crosssells{/j2store}
    • Up-Sell: {j2store}20|upsells{/j2store}
    • member rating overall impact: 9.3/10
    • member rating average dollars saved: $105,465
    • member rating average days saved: 35
    • Parent Category Name: Strategy and Governance
    • Parent Category Link: strategy-and-governance
    Success depends on IT initiatives clearly aligned to business goals.

    Design and Implement a Business-Aligned Security Program

    • Buy Link or Shortcode: {j2store}368|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • You need to build a security program that enables business services and secures the technology that makes them possible.
    • Building an effective, business-aligned security program requires that you coordinate many components, including technologies, processes, organizational structures, information flows, and behaviors.
    • The program must prioritize the right capabilities, and support its implementation with clear accountabilities, roles, and responsibilities.

    Our Advice

    Critical Insight

    • Common security frameworks focus on operational controls rather than business value creation, are difficult to convey to stakeholders, and provide little implementation guidance.
    • A security strategy can provide a snapshot of your program, but it won’t help you modernize or transform it, or align it to meet emerging business requirements.
    • There is no unique, one-size-fits-all security program. Each organization has a distinct character and profile and differs from others in several critical respects.

    Impact and Result

    Tailor your security program according to what makes your organization unique.

    • Analyze critical design factors to determine and refine the scope of your security program and prioritize core program capabilities.
    • Identify program accountabilities, roles, and responsibilities.
    • Build an implementation roadmap to ensure its components work together in a systematic way to meet business requirements.

    Design and Implement a Business-Aligned Security Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design and Implement a Business-Aligned Security Strategy – A step-by-step guide on how to understand what makes your organization unique and design a security program with capabilities that create business value.

    This storyboard will help you lay foundations for your security program that will inform future security program decisions and give your leadership team the information they need to support your success. You will evaluate design factors that make your organization unique, prioritize the security capabilities to suit, and assess the maturity of key security program components including security governance, security strategy, security architecture, service design, and service metrics.

    • Design and Implement a Business-Aligned Security Program Storyboard

    2. Security Program Design Tool – Tailor the security program to what makes your organization unique to ensure business-alignment.

    Use this Excel workbook to evaluate your security program against ten key design factors. The tool will produce a goals cascade that shows the relationship between business and security goals, a prioritized list of security capabilities that align to business requirements, and a list of program accountabilities.

    • Security Program Design Tool

    3. Security Program Design and Implementation Plan – Assess the current state of different security program components, plan next steps, and communicate the outcome to stakeholders.

    This second Excel workbook will help you conduct a gap analysis on key security program components and identify improvement initiatives. You can then use the Security Program Design and Implementation Plan to collect results from the design and implementation tools and draft a communication deck.

    • Security Program Implementation Tool
    • Security Program Design and Implementation Plan

    Infographic

    Workshop: Design and Implement a Business-Aligned Security Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Initial Security Program Design

    The Purpose

    Determine the initial design of your security program.

    Key Benefits Achieved

    An initial prioritized list of security capabilities that aligns with enterprise strategy and goals.

    Activities

    1.1 Review Info-Tech diagnostic results.

    1.2 Identify project context.

    1.3 Identify enterprise strategy.

    1.4 Identify enterprise goals.

    1.5 Build a goal cascade.

    1.6 Assess the risk profile.

    1.7 Identify IT-related issues.

    1.8 Evaluate initial program design.

    Outputs

    Stakeholder satisfaction with program

    Situation, challenges, opportunities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    Initial set of prioritized security capabilities

    2 Refine Security Program Capabilities

    The Purpose

    Refine the design of your security program.

    Key Benefits Achieved

    A refined, prioritized list of security capabilities that reflects what makes your organization unique.

    Activities

    2.1 Gauge threat landscape.

    2.2 Identify compliance requirements.

    2.3 Categorize the role of IT.

    2.4 Identify the sourcing model.

    2.5 Identify the IT implementation model.

    2.6 Identify the tech adoption strategy.

    2.7 Refine the scope of the program.

    Outputs

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    Refined set of prioritized security capabilities

    3 Security Program Gap Analysis

    The Purpose

    Finalize security program design.

    Key Benefits Achieved

    Key accountabilities to support the security program

    Gap analysis to produce an improvement plan

    Activities

    3.1 Identify program accountabilities.

    3.2 Conduct program gap analysis.

    3.3 Prioritize initiatives.

    Outputs

    Documented program accountabilities.

    Security program gap analysis

    Security program gap analysis

    4 Roadmap and Implementation Plan

    The Purpose

    Create and communicate an improvement roadmap for the security program.

    Key Benefits Achieved

    Security program design and implementation plan to organize and communicate program improvements.

    Activities

    4.1 Build program roadmap

    4.2 Finalize implementation plan

    4.3 Sponsor check-in

    Outputs

    Roadmap of program improvement initiatives

    Roadmap of program improvement initiatives

    Communication deck for program design and implementation

    Further reading

    Design a Business-Aligned Security Program

    Focus on business value first.

    EXECUTIVE BRIEF

    Analyst Perspective

    Business alignment is no accident.

    Michel Hébert

    Security leaders often tout their choice of technical security framework as the first and most important program decision they make. While the right framework can help you take a snapshot of the maturity of your program and produce a quick strategy and roadmap, it won’t help you align, modernize, or transform your program to meet emerging business requirements.

    Common technical security frameworks focus on operational controls rather than business services and value creation. They are difficult to convey to business stakeholders and provide little program management or implementation guidance.

    Focus on business value first, and the security services that enable it. Your organization has its own distinct character and profile. Understand what makes your organization unique, then design and refine the design of your security program to ensure it supports the right capabilities. Next, collaborate with stakeholders to ensure the right accountabilities, roles, and responsibilities are in place to support the implementation of the security program.

    Michel Hébert
    Research Director, Security & Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • You need to build a security program that enables business services and secures the technology that makes them possible.
    • Building an effective, business-aligned security program requires that you coordinate many components, including technologies, processes, organizational structures, information flows, and behaviors.
    • The program must prioritize the right capabilities, and support its implementation with clear accountabilities, roles, and responsibilities.
    • Common security frameworks focus on operational controls rather than business value creation, are difficult to convey to stakeholders, and provide little implementation guidance.
    • A security strategy can provide a snapshot of your program, but it won’t help you modernize or transform it, or align it to meet emerging business requirements.
    • There is no unique, one-size-fits-all security program. Each organization has a distinct character and profile and differs from others in several critical respects.

    Tailor your security program according to what makes your organization unique.

    • Analyze critical design factors to determine and refine the design of your security program and prioritize core program capabilities.
    • Identify program accountabilities, roles, and responsibilities.
    • Build an implementation roadmap to ensure its components work together in a systematic way to meet business requirements.

    Info-Tech Insight

    You are a business leader who supports business goals and mitigates risk. Focus first on business value and the security services that enable it, not security controls.

    Your challenge

    The need for a solid and responsive security program has never been greater.

    • You need to build a security program that enables business services and secures the technology that makes them possible.
    • Building an effective, business-aligned security program requires that you coordinate many components, including technologies, processes, organizational structures, information flows, and behaviors.
    • The program must prioritize the right capabilities, and support its implementation with clear accountabilities, roles, and responsibilities.
    • You must communicate effectively with stakeholders to describe the risks the organization faces, their likely impact on organizational goals, and how the security program will mitigate those risks and support the creation of business value.
    • Ransomware is a persistent threat to organizations worldwide across all industries.
    • Cybercriminals deploying ransomware are evolving into a growing and sophisticated criminal ecosystem that will continue to adapt to maximize its profits.

    • Critical infrastructure is increasingly at risk.
    • Malicious agents continue to target critical infrastructure to harm industrial processes and the customers they serve State-sponsored actors are expected to continue to target critical infrastructure to collect information through espionage, pre-position in case of future hostilities, and project state power.

    • Disruptive technologies bring new threats.
    • Malicious actors increasingly deceive or exploit cryptocurrencies, machine learning, and artificial intelligence technologies to support their activities.

    Sources: CCCS (2023), CISA (2023), ENISA (2023)

    Your challenge

    Most security programs are not aligned with the overall business strategy.

    50% Only half of leaders are framing the impact of security threats as a business risk.

    49% Less than half of leaders align security program cost and risk reduction targets with the business.

    57% Most leaders still don’t regularly review security program performance of the business.

    Source: Tenable, 2021

    Common obstacles

    Misalignment is hurting your security program and making you less influential.

    Organizations with misaligned security programs have 48% more security incidents...

    …and the cost of their data breaches are 40% higher than those with aligned programs.

    37% of stakeholders still lack confidence in their security program.

    54% of senior leaders still doubt security gets the goals of the organization.

    Source: Frost & Sullivan, 2019
    Source: Ponemon, 2023

    Common obstacles

    Common security frameworks won’t help you align your program.

    • Common security frameworks focus on operational controls rather than business value creation, are difficult to convey to stakeholders, and provide little implementation guidance.
    • A security strategy based on the right framework can provide a snapshot of your program, but it won’t help you modernize, transform, or align your program to meet emerging business requirements.
    • The lack of guidance leads to a lack of structure in the way security services are designed and managed, which reduces service quality, increases security friction, and reduces business satisfaction.

    There is no unique, one-size-fits-all security program.

    • Each organization has a distinct character and profile and differs from others in several critical respects. The security program for a cloud-first, DevOps environment must emphasize different capabilities and accountabilities than one for an on-premise environment and a traditional implementation model.

    Info-Tech’s approach

    You are a business leader who supports business goals and mitigates risk.

    • Understand what makes your organization unique, then design and refine a security program with capabilities that create business value.
    • Next, collaborate with stakeholders to ensure the right accountabilities, roles, and responsibilities are in place, and build an implementation roadmap to ensure its components work together over time.

    Security needs to evolve as a business strategy.

    • Laying the right foundations for your security program will inform future security program decisions and give your leadership team the information they need to support your success. You can do it in two steps:
      • Evaluate the design factors that make your organization unique and prioritize the security capabilities to suit. Info-Tech’s approach is based on the design process embedded in the latest COBIT framework.
      • Review the key components of your security program, including security governance, security strategy, security architecture, service design, and service metrics.

    If you build it, they will come

    “There's so much focus on better risk management that every leadership team in every organization wants to be part of the solution.

    If you can give them good data about what things they really need to do, they will work to understand it and help you solve the problem.”

    Dan Bowden, CISO, Sentara Healthcare (Tenable)

    Design a Business-Aligned Security Program

    The image contains a screenshot of how to Design a business-aligned security program.


    Choose your own adventure

    This blueprint is ideal for new CISOs and for program modernization initiatives.

    1. New CISO

    “I need to understand the business, prioritize core security capabilities, and identify program accountabilities quickly.”

    2. Program Renewal

    “The business is changing, and the threat landscape is shifting. I am concerned the program is getting stale.”

    Use this blueprint to understand what makes your organization unique:

    1. Prioritize security capabilities.
    2. Identify program accountabilities.
    3. Plan program implementation.

    If you need a deep dive into governance, move on to a security governance and management initiative.

    3. Program Update

    “I am happy with the fundamentals of my security program. I need to assess and improve our security posture.”

    Move on to our guidance on how to Build an Information Security Strategy instead.

    Info-Tech’s methodology for security program design

    Define Scope of
    Security Program

    Refine Scope of
    Security Program

    Finalize Security
    Program Design

    Phase steps

    1.1 Identify enterprise strategy

    1.2 Identify enterprise goals

    1.3 Assess the risk profile

    1.4 Identify IT-related issues

    1.5 Define initial program design

    2.1 Gage threats and compliance

    2.2 Assess IT role and sourcing

    2.3 Assess IT implementation model

    2.4 Assess tech adoption strategy

    2.5 Refine program design

    3.1 Identify program accountabilities

    3.2 Define program target state

    3.3 Build program roadmap

    Phase outcomes

    • Initial security program design
    • Refined security program design
    • Prioritized set of security capabilities
    • Program accountabilities
    • Program gap closure initiatives

    Tools

    Insight Map

    You are a business leader first and a security leader second

    Technical security frameworks are static and focused on operational controls and standards. They belong in your program’s solar system but not at its center. Design your security program with business value and the security services that enable it in mind, not security controls.

    There is no one-size-fits-all security program
    Tailor your security program to your organization’s distinct profile to ensure the program generates value.

    Lay the right foundations to increase engagement
    Map out accountabilities, roles, and responsibilities to ensure the components of your security program work together over time to secure and enable business services.

    If you build it, they will come
    Your executive team wants to be part of the solution. If you give them reliable data for the things they really need to do, they will work to understand and help you solve the problem.

    Blueprint deliverables

    Info-Tech supports project and workshop activities with deliverables to help you accomplish your goals and accelerate your success.

    Security Program Design Tool

    Tailor the security program to what makes your organization unique to ensure alignment.

    The image contains a screenshot of the Security Program Design Tool.

    Security Program Implementation Tool

    Assess the current state of different security program components and plan next steps.



    SecurityProgram Design and Implementation Plan

    Communicate capabilities, accountabilities, and implementation initiatives.

    The image contains a screenshot of the Security Program Design and Implementation Plan.

    Key deliverable

    Security Program Design and Implementation Plan

    The design and implementation plan captures the key insights your work will generate, including:

    • A prioritized set of security capabilities aligned to business requirements.
    • Security program accountabilities.
    • Security program implementation initiatives.

    Blueprint benefits

    IT Benefits

    Business Benefits

    • Laying the right foundations for your security program will:
      • Inform the future security governance, security strategy, security architecture, and service design decisions you need to make.
      • Improve security service design and service quality, reduce security friction, and increase business satisfaction with the security program.
      • Help you give your leadership team the information they need to support your success.
      • Improve the standing of the security program with business leaders.
    • Organizations with a well-aligned security program:
      • Improve security risk management, performance measurement, resource management, and value delivery.
      • Lower rates of security incidents and lower-cost security breaches.
      • Align costs, performance, and risk reduction objectives with business needs.
      • Are more satisfied with their security program.

    Measure the value of using Info-Tech’s approach

    Assess the effectiveness of your security program with a risk-based approach.

    Deliverable

    Challenge

    Security Program Design

    • Prioritized set of security capabilities
    • Program accountabilities
    • Devise and deploy an approach to gather business requirements, identify and prioritize relevant security capabilities, and assign program accountabilities.
    • Cost and Effort : 2 FTEs x 90 days x $130,000/year

    Program Assessment and Implementation Plan

    • Security program assessment
    • Roadmap of gap closure initiatives
    • Devise and deploy an approach to assess the current state of your security program, identify gap closure or improvement initiatives, and build a transformation roadmap.
    • Cost and Effort : 2 FTEs x 90 days x $130,000/year

    Measured Value

    • Using Info-Tech’s best practice methodology will cut the cost and effort in half.
    • Savings: 2 FTEs x 45 days x $130,000/year = $65,000

    Measure the impact of your project

    Use Info-Tech diagnostics before and after the engagement to measure your progress.

    • Info-Tech diagnostics are standardized surveys that produce historical and industry trends against which to benchmark your organization.
    • Run the Security Business Satisfaction and Alignment diagnostic now, and again in twelve months to assess business satisfaction with the security program and measure the impact of your program improvements.
    • Reach out to your account manager or follow the link to deploy the diagnostic and measure your success. Diagnostics are included in your membership.

    Inform this step with Info-Tech diagnostic results

    • Info-Tech diagnostics are standardized surveys that accelerate the process of gathering and analyzing pain point data.
    • Diagnostics also produce historical and industry trends against which to benchmark your organization.
    • Reach out to your account manager or follow the links to deploy some or all these diagnostics to validate your assumptions. Diagnostics are included in your membership.

    Governance & Management Maturity Scorecard
    Understand the maturity of your security program across eight domains.
    Audience: Security Manager

    Security Business Satisfaction and Alignment Report
    Assess the organization’s satisfaction with the security program.
    Audience: Business Leaders

    CIO Business Vision
    Assess the organization’s satisfaction with IT services and identify relevant challenges.
    Audience: Business Leaders

    Executive Brief Case Study

    INDUSTRY: Higher Education

    SOURCE: Interview

    Building a business-aligned security program

    Portland Community College (PCC) is the largest post-secondary institution in Oregon and serves more than 50,000 students each year. The college has a well-established information technology program, which supports its education mission in four main campuses and several smaller centers.

    PCC launched a security program modernization effort to deal with the evolving threat landscape in higher education. The CISO studied the enterprise strategy and goals and reviewed the college’s risk profile and compliance requirements. The exercise helped the organization prioritize security capabilities for the renewal effort and informed the careful assessment of technical controls in the current security program.

    Results

    Laying the right foundations for the security program helped the security function understand how to provide the organization with a clear report of its security posture. The CISO now reports directly to the board of directors and works with stakeholders to align cost, performance, and risk reduction objectives with the needs of the college.

    The security program modernization effort prioritized several critical design factors

    • Enterprise Strategy
    • Enterprise Goals
    • IT Risk Profile
    • IT-Related Issues
    • IT Threat Landscape
    • Compliance Requirements

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1:
    Scope requirements, objectives, and specific challenges.

    Call #2:
    Define business context, assess risk profile, and identify existing security issues.

    Define initial design of security program.

    Call #3:
    Evaluate threat landscape and compliance requirements.

    Call #4:
    Analyze the role of IT, the security sourcing model, technology adoption, and implementation models.

    Refine the design of the security program.

    Call #5:
    Identify program accountabilities.

    Call #6:
    Design program target state and draft security program implementation plan.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 4 to 6 calls over the course of 6 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5

    Initial Security
    Program Design

    Refine Security
    Program Design

    Security Program
    Gap Analysis

    Roadmap and Implementation Plan

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1.0 Review Info-Tech diagnostic results

    1.1.1 Identify project context

    1.1.2 Identify enterprise strategy

    1.2.1 Identify enterprise goals

    1.2.2 Build a goals cascade

    1.3 Assess the risk profile

    1.4 Identify IT-related issues

    1.5 Evaluate initial program design

    2.1.1 Gauge threat landscape

    2.1.2 Identify compliance requirements

    2.2.1 Categorize the role of IT

    2.2.2 Identify the sourcing model

    2.3.1 Identify the IT implementation model

    2.4.1 Identify the tech adoption strategy

    2.5.1 Refine the design of the program

    3.1 Identify program accountabilities

    3.2.1 Conduct program gap analysis

    3.2.2 Prioritize initiatives

    3.3.1 Build program roadmap

    3.3.2 Finalize implementation plan

    3.3.3 Sponsor check-in

    4.1 Complete in-progress deliverables from previous four days

    4.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Project context
    2. Stakeholder satisfaction feedback on security program
    3. Initial set of prioritized security capabilities
    1. Refined set of prioritized security capabilities
    1. Documented program accountabilities
    2. Security program gap analysis
    1. Roadmap of initiatives
    2. Communication deck for program design and implementation
    1. Completed security program design
    2. Security program design and implementation plan

    Customize your journey

    The security design blueprint pairs well with security governance and security strategy.

    • The prioritized set of security capabilities you develop during the program design project will inform efforts to develop other parts of your security program, like the security governance and management program and the security strategy.
    • Work with your member services director, executive advisor, or technical counselor to scope the journey you need. They will work with you to align the subject matter experts to support your roadmap and workshops.

    Workshop
    Days 1 and 2

    Workshop
    Days 3 and 4

    Security Program Design Factors

    Security Program Gap Analysis or
    Security Governance and Management

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

    • Buy Link or Shortcode: {j2store}472|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • The organization is planning to move resources to cloud or devise a networking strategy for their existing cloud infrastructure to harness value from cloud.
    • The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies and provide access to shared services on cloud.
    • A perennial challenge for infrastructure on cloud is planning for governance vs flexibility which is often overlooked.

    Our Advice

    Critical Insight

    Don’t wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and the future.

    Impact and Result

    • Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.
    • Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Deck – A document to guide you through designing your network in the cloud.

    What cloud networking topology should you use? How do you provide access to shared resources in the cloud or hybrid infrastructure? What sits in the hub and what sits in the spoke?

    • Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Storyboard
    [infographic]

    Further reading

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

    Don't revolve around a legacy design; choose a network design that evolves with the organization.

    Analyst Perspective

    Cloud adoption among organizations increases gradually across both the number of services used and the amount those services are used. However, network builders tend to overlook the vulnerabilities of network topologies, which leads to complications down the road, especially since the structures of cloud network topologies are not all of the same quality. A network design that suits current needs may not be the best solution for the future state of the organization.

    Even if on-prem network strategies were retained for ease of migration, it is important to evaluate and identify the cloud network topology that can not only elevate the performance of your infrastructure in the cloud, but also that can make it easier to manage and provision resources.

    An "as the need arises" strategy will not work efficiently since changing network designs will change the way data travels within your network, which will then need to be adopted to existing application architectures. This becomes more complicated as the number of services hosted in the cloud grows.

    Keep a network strategy in place early on and start designing your infrastructure accordingly. This gives you more control over your networks and eliminates the need for huge changes to your infrastructure down the road.

    This is a picture of Nitin Mukesh

    Nitin Mukesh
    Senior Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The organization is planning to move resources to the cloud or devise a networking strategy for their existing cloud infrastructure to harness value from the cloud.

    The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies, and provide access to shared services in the cloud.

    A perennial challenge for infrastructure in the cloud is planning for governance vs. flexibility, which is often overlooked.

    Common Obstacles

    The choice of migration method may result in retaining existing networking patterns and only making changes when the need arises.

    Networking in the cloud is still new, and organizations new to the cloud may not be aware of the cloud network designs they can consider for their business needs.

    Info-Tech's Approach

    Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.

    Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

    Insight Summary

    Don't wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and future.

    Your challenge

    Selecting the right topology: Many organizations migrate to the cloud retaining a mesh networking topology from their on-prem design, or they choose to implement the mesh design leveraging peering technologies in the cloud without a strategy in place for when business needs change. While there may be many network topologies for on-prem infrastructure, the network design team may not be aware of the best approach in cloud platforms for their requirements, or a cloud networking strategy may even go overlooked during the migration.

    Finding the right cloud networking infrastructure for:

    • Management efficiencies
    • Network-level isolation of resources
    • Access to shared services

    Deciding between governance and flexibility in networking design: In the hub and spoke model, if a domain is in the hub, the greater the governance over it, and if it sits in the spoke, the higher the flexibility. Having a strategy for the most important domains is key. For example, some security belongs in the hub and some security belongs in the spoke. The tradeoff here is if it sits completely in the spoke, you give it a lot of freedom, but it becomes harder to standardize across the organization.

    Mesh network topology

    A mesh is a design where virtual private clouds (VPCs) are connected to each other individually creating a mesh network. The network traffic is fast and can be redirected since the nodes in the network are interconnected. There is no hierarchical relationship between the networks, and any two networks can connect with each other directly.

    In the cloud, this design can be implemented by setting up peering connections between any two VPCs. These VPCs can also be set up to communicate with each other internally through the cloud service provider's network without having to route the traffic via the internet.

    While this topology offers high redundancy, the number of connections grows tremendously as more networks are added, making it harder to scale a network using a mesh topology.

    Mesh Network on AWS

    This is an image of a Mesh Network on AWS

    Source: AWS, 2018

    Constraints

    The disadvantages of peering VPCs into a mesh quickly arise with:

    • Transitive connections: Transitive connections are not supported in the cloud, unlike with on-prem networking. This means that if there are two networks that need to communicate, a single peering link can be set up between them. However, if there are more than two networks and they all need to communicate, they should all be connected to each other with separate individual connections.
    • Cost of operation: The lack of transitive routing requires many connections to be set up, which adds up to a more expensive topology to operate as the number of networks grows. Cloud providers also usually limit the number of peering networks that can be set up, and this limit can be hit with as few as 100 networks.
    • Management: Mesh tends to be very complicated to set up, owing to the large number of different peering links that need to be established. While this may be manageable for small organizations with small operations, for larger organizations with robust cybersecurity practices that require multiple VPCs to be deployed and interconnected for communications, mesh opens you up to multiple points of failure.
    • Redundancy: With multiple points of failure already being a major drawback of this design, you also cannot have more than one peered connection between any two networks at the same time. This makes designing your networking systems for redundancy that much more challenging.
    Number of virtual networks 10 20 50 100
    Peering links required
    [(n-1)*n]/2
    45 190 1225 4950

    Proportional relationship of virtual networks to required peering links in a mesh topology

    Case study

    INDUSTRY: Blockchain
    SOURCE: Microsoft

    An organization with four members wants to deploy a blockchain in the cloud, with each member running their own virtual network. With only four members on the team, a mesh network can be created in the cloud with each of their networks being connected to each other, adding up to a total of 12 peering connections (four members with three connections each). While the members may all be using different cloud accounts, setting up connections between them will still be possible.

    The organization wants to expand to 15 members within the next year, with each new member being connected with their separate virtual networks. Once grown, the organization will have a total of 210 peering connections since each of the virtual networks will then need 14 peering connections. While this may still be possible to deploy, the number of connections makes it harder to manage and would be that much more difficult to deploy if the organization grows to even 30 or 40 members. The new scale of virtual connections calls for an alternative networking strategy that cloud providers offer – the hub and spoke topology.

    This is an image of the connections involved in a mesh network with four participants.

    Source: Microsoft, 2017

    Hub and spoke network topology

    In hub and spoke network design, each network is connected to a central network that facilitates intercommunication between the networks. The central network, also called the hub, can be used by multiple workloads/servers/services for hosting services and for managing external connectivity. Other networks connected to the hub through network peering are called spokes and host workloads.

    Communications between the workloads/servers/services on spokes pass in or out of the hub where they are inspected and routed. The spokes can also be centrally managed from the hub with IT rules and processes.

    A hub and spoke design enable a larger number of virtual networks to be interconnected as each network only needs one peered connection (to the hub) to be able to communicate with any other network in the system.

    Hub and Spoke Network on AWS

    This is an image of the Hub and Spoke Network on AWS

    What hub and spoke networks do better

    1. Ease of connectivity: Hub and spoke decreases the liabilities of scale that come from a growing business by providing a consistent connection that can be scaled easily. As more networks are added to an organization, each will only need to be connected once – to the hub. The number of connections is considerably lower than in a mesh topology and makes it easier to maintain and manage.
    2. Business agility and scalability: It is easier to increase the number of networks than in mesh, making it easier to grow your business into new channels with less time, investment, and risk.
    3. Data collection: With a hub and spoke design, all data flows through the hub – depending on the design, this includes all ingress and egress to and from the system. This makes it an excellent central network to collect all business data.
    4. Network-level isolation: Hub and spoke enables separation of workloads and tiers into different networks. This is particularly useful to ensure an issue affecting a network or a workload does not affect the rest.
    5. Network changes: Changes to a separated network are much easier to carry out knowing the changes made will not affect all the other connected networks. This reduces work-hours significantly when systems or applications need to be altered.
    6. Compliance: Compliance requirements such as SOC 1 and SOC 2 require separate environments for production, development, and testing, which can be done in a hub and spoke model without having to re-create security controls for all networks.

    Hub and spoke constraints

    While there are plenty of benefits to using this topology, there are still a few notable disadvantages with the design.

    Point-to-point peering

    The total number of total peered connections required might be lower than mesh, but the cost of running independent projects is cheaper on mesh as point-to-point data transfers are cheaper.

    Global access speeds with a monolithic design

    With global organizations, implementing a single monolithic hub network for network ingress and egress will slow down access to cloud services that users will require. A distributed network will ramp up the speeds for its users to access these services.

    Costs for a resilient design

    Connectivity between the spokes can fail if the hub site dies or faces major disruptions. While there are redundancy plans for cloud networks, it will be an additional cost to plan and build an environment for it.

    Leverage the hub and spoke strategy for:

    Providing access to shared services: Hub and spoke can be used to give workloads that are deployed on different networks access to shared services by placing the shared service in the hub. For example, DNS servers can be placed in the hub network, and production or host networks can be connected to the hub to access it, or if the central network is set up to host Active Directory services, then servers in other networks can act as spokes and have full access to the central VPC to send requests. This is also a great way to separate workloads that do not need to communicate with each other but all need access to the same services.

    Adding new locations: An expanding organization that needs to add additional global or domestic locations can leverage hub and spoke to connect new network locations to the main system without the need for multiple connections.

    Cost savings: Apart from having fewer connections than mesh that can save costs in the cloud, hub and spoke can also be used to centralize services such as DNS and NAT to be managed in one location rather than having to individually deploy in each network. This can bring down management efforts and costs considerably.

    Centralized security: Enterprises can deploy a center of excellence on the hub for security, and the spokes connected to it can leverage a higher level of security and increase resilience. It will also be easier to control and manage network policies and networking resources from the hub.

    Network management: Since each spoke is peered only once to the hub, detecting connectivity problems or other network issues is made simpler in hub and spoke than on mesh. A network manager deployed on the cloud can give access to network problems faster than on other topologies.

    Hub and spoke – mesh hybrid

    The advantages of using a hub and spoke model far exceed those of using a mesh topology in the cloud and go to show why most organizations ultimately end up using the hub and spoke as their networking strategy.

    However, organizations, especially large ones, are complex entities, and choosing only one model may not serve all business needs. In such cases, a hybrid approach may be the best strategy. The following slides will demonstrate the advantages and use cases for mesh, however limited they might be.

    Where it can be useful:

    An organization can have multiple network topologies where system X is a mesh and system Y is a hub and spoke. A shared system Z can be a part of both systems depending on the needs.

    An organization can have multiple networks interconnected in a mesh and some of the networks in the mesh can be a hub for a hub-spoke network. For example, a business unit that works on data analysis can deploy their services in a spoke that is connected to a central hub that can host shared services such as Active Directory or NAT. The central hub can then be connected to a regional on-prem network where data and other shared services can be hosted.

    Hub and spoke – mesh hybrid network on AWS

    This is an image of the Hub and spoke – mesh hybrid network on AWS

    Why mesh can still be useful

    Benefits Of Mesh

    Use Cases For Mesh

    Security: Setting up a peering connection between two VPCs comes with the benefit of improving security since the connection can be private between the networks and can isolate public traffic from the internet. The traffic between the networks never has to leave the cloud provider's network, which helps reduce a class of risks.

    Reduced network costs: Since the peered networks communicate internally through the cloud's internal networks, the data transfer costs are typically cheaper than over the public internet.

    Communication speed: Improved network latency is a key benefit from using mesh because the peered traffic does not have to go over the public internet but rather the internal network. The network traffic between the connections can also be quickly redirected as needed.

    Higher flexibility for backend services: Mesh networks can be desirable for back-end services if egress traffic needs to be blocked to the public internet from the deployed services/servers. This also helps avoid having to set up public IP or network address translation (NAT) configurations.

    Connecting two or more networks for full access to resources: For example, consider an organization that has separate networks for each department, which don't all need to communicate with each other. Here, a peering network can be set up only between the networks that need to communicate with full or partial access to each other such as finance to HR or accounting to IT.

    Specific security or compliance need: Mesh or VPC peering can also come in handy to serve specific security needs or logging needs that require using a network to connect to other networks directly and in private. For example, global organizations that face regulatory requirements of storing or transferring data domestically with private connections.

    Systems with very few networks that do not need internet access: Workloads deployed in networks that need to communicate with each other but do not require internet access or network address translation (NAT) can be connected using mesh especially when there are security reasons to keep them from being connected to the main system, e.g. backend services such as testing environments, labs, or sandboxes can leverage this design.

    Designing for governance vs. flexibility in hub and spoke

    Governance and flexibility in managing resources in the cloud are inversely proportional: The higher the governance, the less freedom you have to innovate.

    The complexities of designing an organization's networks grow with the organization as it becomes global and takes on more services and lines of business. Organizations that choose to deploy the hub and spoke model face a dilemma in choosing between governance and flexibility for their networks. Organizations need to find that sweet spot to find the right balance between how much they want to govern their systems, mainly for security- and cost-monitoring, and how much flexibility they want to provide for innovation and other operations, since the two usually tend to have an inverse relationship.

    This decision in hub and spoke usually means that the domains chosen for higher governance must be placed in the hub network, and the domains that need more flexibility in a spoke. The key variables in the following slide will help determine the placement of the domain and will depend entirely on the organization's context.

    The two networking patterns in the cloud have layered complexities that need to be systematically addressed.

    Designing for governance vs. flexibility in hub and spoke

    If a network has more flexibility in all or most of these domains, it may be a good candidate for a spoke-heavy design; otherwise, it may be better designed in a hub-centric pattern.

    • Function: The function the domain network is assigned to and the autonomy the function needs to be successful. For example, software R&D usually requires high flexibility to be successful.
    • Regulations: The extent of independence from both internal and external regulatory constraints the domain has. For example, a treasury reporting domain typically has high internal and external regulations to adhere to.
    • Human resources: The freedom a domain has to hire and manage its resources to perform its function. For example, production facilities in a huge organization have the freedom to manage their own resources.
    • Operations: The freedom a domain has to control its operations and manage its own spending to perform its functions. For example, governments usually have different departments and agencies, each with its own budget to perform its functions.
    • Technology: The independence and the ability a domain has to manage its selection and implementation of technology resources in the cloud. For example, you may not want a software testing team to have complete autonomy to deploy resources.

    Optimal placement of services between the hub and spoke

    Shared services and vendor management

    Resources that are shared between multiple projects or departments or even by the entire organization should be hosted on the hub network to simplify sharing these services. For example, e-learning applications that may be used by multiple business units to train their teams, Active Directory accessed by most teams, or even SAAS platforms such as O365 and Salesforce can leverage buying power and drive down the costs for the organization. Shared services should also be standardized across the organization and for that, it needs to have high governance.

    Services that are an individual need for a network and have no preexisting relationship with other networks or buying power and scale can be hosted in a spoke network. For example, specialized accounting software used exclusively by the accounting team or design software used by a single team. Although the services are still a part of the wider network, it helps separate duties from the shared services network and provides flexibility to the teams to customize and manage their services to suit their individual needs.

    Network egress and interaction

    Network connections, be they in the cloud or hybrid-cloud, are used by everyone to either connect to the internet, access cloud services, or access the organization's data center. Since this is a shared service, a centralized networking account must be placed in the hub for greater governance. Interactions between the spokes in a hub and spoke model happens through the hub, and providing internet access to the spokes through the hub can help leverage cost benefits in the cloud. The network account will perform routing duties between the spokes, on-prem assets, and egress out to the internet.

    For example, NAT gateways in the cloud that are managed services are usually charged by the hour, and deploying NAT on each spoke can be harder to manage and expensive to maintain. A NAT gateway deployed in a central networking hub can be accessed by all spokes, so centralizing it is a great option.

    Note that, in some cases, when using edge locations for data transfers, it may be cost effective to deploy a NAT in the spoke, but such cases usually do not apply to most organizational units.

    A centralized network hub can also be useful to configure network policies and network resources while organizational departments can configure non-network resources, which helps separate responsibilities for all the spokes in the system. For example, subnets and routes can be controlled from the central network hub to ensure standardized network policies across the network.

    Security

    While there needs to be security in the hub and the spokes individually, finding the balance of operation can make the systems more robust. Hub and spoke design can be an effective tool for security when a principal security hub is hosted in the hub network. The central security hub can collect data from the spokes as well as non-spoke sources such as regulatory bodies and threat intelligence providers, and then share the information with the spokes.

    Threat information sharing is a major benefit of using this design, and the hub can take actions to analyze and enrich the data before sharing it with spokes. Shared services such as threat intelligence platforms (TIP) can also benefit from being centralized when stationed in the hub. A collective defense approach between the hub and spoke can be very successful in addressing sophisticated threats.

    Compliance and regulatory requirements such as HIPAA can also be placed in the hub, and the spokes connected to it can make use of it instead of having to deploy it in each spoke individually.

    Cloud metering

    The governance vs. flexibility paradigm usually decides the placement of cloud metering, i.e. if the organization wants higher control over cloud costs, it should be in the central hub, whereas if it prioritizes innovation, the spokes should be allowed to control it. Regardless of the placement of the domain, the costs can be monitored from the central hub using cloud-native monitoring tools such as Azure Monitor or any third-party software deployed in the hub.

    For ease of governance and since resources are usually shared at a project level, most cloud service providers suggest that an individual metering service be placed in the spokes. The centralized billing system of the organization, however, can make use of scale and reserved instances to drive down the costs that the spokes can take advantage of. For example, billing and access control resources are placed in the lower levels in GCP to enable users to set up projects and perform their tasks. These billing systems in the lower levels are then controlled by a centralized billing system to decide who pays for the resources provisioned.

    Don't get stuck with your on-prem network design. Design for the cloud.

    1. Peering VPCs into a mesh design can be an easy way to get onto the cloud, but it should not be your networking strategy for the long run.
    2. Hub and spoke network design offers more benefits than any other network strategy to be adopted only when the need arises. Plan for the design early on and keep a strategy in place to deploy it as early as possible.
    3. Hybrid of mesh and hub and spoke will be very useful in connecting multiple large networks especially when they need to access the same resources without having to route the traffic over the internet.
    4. Governance vs. flexibility should be a key consideration when designing for hub and spoke to leverage the best out of your infrastructure.
    5. Distribute domains across the hub or spokes to leverage costs, security, data collection, and economies of scale, and to foster secure interactions between networks.

    Cloud network design strategy

    This is an image of the framework for developing a Cloud Network Design Strategy.

    Bibliography

    Borschel, Brett. "Azure Hub Spoke Virtual Network Design Best Practices." Acendri Solutions, 13 Jan. 2022. Web.
    Singh, Garvit. "Amazon Virtual Private Cloud Connectivity Options." AWS, January 2018. Web.
    "What Is the Hub and Spoke Information Sharing Model?" Cyware, 16 Aug. 2021. Web.
    Youseff, Lamia. "Mesh and Hub-and-Spoke Networks on Azure." Microsoft, Dec. 2017. Web.

    Build IT Capabilities to Enable Digital Marketing Success

    • Buy Link or Shortcode: {j2store}553|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Misalignment: Even if IT builds the capabilities to pursue digital channels, the channels will underperform in realizing organizational goals if the channels and the goals are misaligned.
    • Ineffective analytics: Failure to integrate and analyze new data will undermine organizational success in influencer and sentiment identification.
    • Missed opportunity: If IT does not develop the capabilities to support these channels, then lead generation, brand promotion, and engagement opportunities will be lost.
    • Lack of control: Marketing is developing and depending on internal power users and agencies. This practice can isolate IT from digital marketing technology decision making.

    Our Advice

    Critical Insight

    • Identify and understand the digital marketing channels that can benefit your organization.
    • Get stakeholder buy-in to facilitate collaboration between IT and product marketing groups to identify necessary IT capabilities.
    • Build IT capability by purchasing software, outsourcing, and training or hiring individuals with necessary skillsets.
    • Become transformational: use IT capabilities to support analytics that identify new customer segments, key influencers, and other invaluable insights.
    • Time is of the essence! It is easier to begin strengthening the relationship between marketing and IT today then it will be at any point in the future.
    • Being transformational means more than just enabling the channels marketing wants to pursue; IT must assist in identifying new segments and digital marketing opportunities, such as enabling influencer management.

    Impact and Result

    • IT is involved in decision making and has a complete understanding of the digital channels the organization is going to migrate to or phase out if unused.
    • IT has the necessary capabilities to support and enable success in all relevant digital channel management technologies.
    • IT is a key player in ensuring that all relevant data from new digital channels is managed and analyzed in order to maintain a 360 degree view of customers and feed real-time campaigns.
    • This enables the organization to not only target existing segments effectively, but also to identify and pursue new opportunities not presented before.
    • These opportunities include: identifying new segments among social networks, identifying key influencers as a new target, identifying proactive service and marketing opportunities from the public social cloud, and conducting new competitive analyses on the public social cloud.

    Build IT Capabilities to Enable Digital Marketing Success Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the case for building IT capabilities

    Identify the symptoms of inadequate IT support of digital marketing to diagnose the problems in your organization.

    • Storyboard: Build IT Capabilities to Enable Digital Marketing Success

    2. Identify digital marketing opportunities to understand the need for action in your organization

    Identify the untapped digital marketing value in your organization to understand where your organization needs to improve.

    • Digital Marketing Capability Builder Tool

    3. Mobilize for action: get stakeholder buy-in

    Develop a plan for communicating with stakeholders to ensure buy-in to the digital marketing capability building project.

    • Digital Marketing Communication Deck

    4. Identify the product/segment-specific digital marketing landscape to identify required IT capabilities

    Assess how well each digital channel reaches target segments. Identify the capabilities that must be built to enable digital channels.

    5. Create a roadmap for building capabilities to enable digital marketing

    Assess the people, processes, and technologies required to build required capabilities and determine the best fit with your organization.

    [infographic]

    Workshop: Build IT Capabilities to Enable Digital Marketing Success

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Digital Marketing Opportunities

    The Purpose

    Determine the fit of each digital channel with your organizational goals.

    Determine the fit of digital channels with your organizational structure and business model.

    Compare the fit of digital channels with your organization’s current levels of use to:Identify missed opportunities your organization should capitalize on.Identify digital channels that your organization is wasting resources on.

    Identify missed opportunities your organization should capitalize on.

    Identify digital channels that your organization is wasting resources on.

    Key Benefits Achieved

    IT department achieves consensus around which opportunities need to be pursued.

    Understanding that continuing to pursue excellent-fit digital channels that your organization is currently active on is a priority.

    Identification of the channels that stopping activity on could free up resources for.

    Activities

    1.1 Define and prioritize organizational goals.

    1.2 Assess digital channel fit with goals and organizational characteristics.

    1.3 Identify missed opportunities and wasted resources in your digital channel mix.

    1.4 Brainstorm creative ways to pursue untapped digital channels.

    Outputs

    Prioritized list of organizational goals.

    Assigned level of fit to digital channels.

    List of digital channels that represent missed opportunities or wasted resources.

    List of brainstormed ideas for pursuing digital channels.

    2 Identify Your Product-Specific Digital Marketing Landscape

    The Purpose

    Identify the digital channels that will be used for specific products and segments.

    Identify the IT capabilities that must be built to enable digital channels.

    Prioritize the list of IT capabilities.

    Key Benefits Achieved

    IT and marketing achieve consensus around which digital channels will be pursued for specific product-segment pairings.

    Identification of the capabilities that IT must build.

    Activities

    2.1 Assess digital channel fit with specific products.

    2.2 Identify the digital usage patterns of target segments.

    2.3 Decide precisely which digital channels you will use to sell specific products to specific segments.

    2.4 Identify and prioritize the IT capabilities that need to be built to succeed on each digital channel.

    Outputs

    Documented channel fit with products.

    Documented channel usage by target segments.

    Listed digital channels that will be used for each product-segment pairing.

    Listed and prioritized capabilities that must be built to enable success on necessary digital channels.

    3 Enable Digital Marketing Capabilities and Leverage Analytics

    The Purpose

    Identification of the best possible way to build IT capabilities for all channels.

    Creation of a plan for leveraging transformational analytics to supercharge your digital marketing strategy.

    Key Benefits Achieved

    IT understanding of the costs and benefits of capability building options (people, process, and technology).

    Information about how specific technology vendors could fit with your organization.

    IT identification of opportunities to leverage transformational analytics in your organization.

    Activities

    3.1 Identify the gaps in your IT capabilities.

    3.2 Evaluate options for building capabilities.

    3.3 Identify opportunities for transformational analytics.

    Outputs

    A list of IT capability gaps.

    An action plan for capability building.

    A plan for leveraging transformational analytics.

    Create an Effective SEO Keyword Strategy

    • Buy Link or Shortcode: {j2store}568|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Digital Marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Our Advice

    Critical Insight

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Impact and Result

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Create an Effective SEO Keyword Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an Effective SEO Keyword Strategy

    Update your on-page SEO strategy with competitively relevant keywords.

    • Create an Effective SEO Keyword Strategy Storyboard
    [infographic]

    Further reading

    Create an Effective SEO Keyword Strategy
    Update your on-page SEO strategy with competitively relevant keywords.

    Analyst Perspective

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Leading search engine optimization methods focus on creating and posting relevant keyword-rich content, not just increasing page rank. Content and keywords should move a buyer along their journey, close a sale, and develop long-term relationships. Unfortunately, many SEO specialists focus on computers, not the buyer. What's even more concerning is that up to 70% of SaaS businesses have already been impacted by outdated and inefficient SEO techniques. Poor strategies often focus on ballooning SEO metrics in the short-term instead of building the company's long-term PageRank.

    Best-in-class digital marketers stop chasing the short-term highs and focus on long-term growth. This starts with developing a competitive keyword strategy and updating website content with the new keywords.

    SEO is a large topic, so we have broken the strategy into small, easy-to-implement steps, taking the guesswork out of how to use the data from SEO tools and giving CMOs a solid path to increase their SEO results.

    This is a picture of Terra Higginson

    Terra Higginson
    Marketing Research Director
    SoftwareReviews

    Executive Summary

    Your Challenge

    Digital marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Search algorithms change all the time, which means that the strategy is often sitting on the sifting sands of technology, making SEO strategies quickly outdated.

    Common Obstacles

    Digital marketers are responsible for developing and implementing a competitive SEO strategy but increasingly encounter the following obstacles:

    • SEO practitioners that focus on gaming the system
    • Ever-changing SEO technology
    • Lack of understanding of the best SEO techniques
    • SEO techniques focus on the needs of computers, not people
    • Lack of continued investment

    SoftwareReviews' Approach

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Our methodology will take a focused step-by-step strategy in a series of phases that will increase PageRank and competitive positioning.

    SoftwareReviews' SEO Methodology

    In this blueprint, we will cover:

    Good SEO vs. Poor SEO Techniques

    The difference between good and bad SEO techniques.

    Common Good
    SEO Techniques

    Common Poor
    SEO Techniques

    • Writing content for people, not machines.
    • Using SEO tools to regularly adjust and update SEO content, keywords, and backlinks.
    • Pillar and content cluster strategy in addition to a basic on- and off-page strategy.
    • Keyword stuffing and content duplication.
    • A strategy that focuses on computers first and people second.
    • Low-quality or purchased backlinks.

    Companies With Great SEO…

    Keyword Strategy

    • Have identified a keyword strategy that carves out targets within the white space available between themselves and the competition.

    Error-Free Site

    • Have error-free sites without duplicate content. Their URLs and redirects are all updated. Their site is responsive, and every page loads in under two seconds.

    Pillar & Content Clusters

    • Employ a pillar and content cluster strategy to help move the buyer through their journey.

    Authentic Off-Page Strategy

    • Build an authentic backlink strategy that incorporates the right information on the right sites to move the buyer through their journey.

    SEO Terms Defined

    A glossary to define common Phase 1 SEO terms.

    Search Volume: this measures the number of times a keyword is searched for in a certain time period. Target keywords with a volume of between 100-100,000. A search volume greater than 100,000 will be increasingly difficult to rank (A Beginner's Guide to Keyword Search Volume, 2022, Semrush).

    Keyword Difficulty: the metric that quantifies how difficult it will be to rank for a certain keyword. The keyword difficulty percentage includes the number of competitors attempting to rank for the same keyword, the quality of their content, the search intent, backlinks, and domain authority (Keyword Difficulty: What Is It and Why Is It Important? 2022, Semrush).

    Intent: this metric focuses on the intent of the user's search. All search intent is categorized into Informational, Commercial, Navigational, and Transactional (What Is Search Intent? A Complete Guide, 2022, Semrush).

    On-Page SEO: refers to the practice of search engine optimizing elements of your site such as title tags, internal links, HTML code, URL optimization, on-page content, images, and user experience.

    Off-Page SEO: refers to the practice of optimizing brand awareness (What Is Off-Page SEO? A Comprehensive Guide, 2022, Semrush).

    H1: HTML code that tells a search engine the title of the page (neilpatel.com).

    SEO Tool: A subscription-based all-in-one search engine optimization MarTech tool.

    Google's mission is to organize the world's information and make it universally accessible and useful… We believe Search should deliver the most relevant and reliable information available.
    – An excerpt from Google's mission statement

    Your Challenge

    Google makes over 4.5k algorithm changes per year1, directly impacting digital marketing search engine optimization efforts.

    Digital marketers with SEO problems will often see the following issues:

    • Keyword ranking – A decline in keyword ranking is alarming and results in decreased PageRank.
    • Bounce rate – Attracting the wrong audience to your site will increase the bounce rate because the H1 doesn't resonate with your audience.
    • Outdated keywords – Many companies are operating on a poor keyword strategy, or even worse, no keyword strategy. In addition, many marketers haven't updated their strategy to include pillar and cluster content.
    • Errors – Neglected sites often have a large number of errors.
    • Bad backlinks – Neglected sites often have a large number of toxic backlinks.

    The best place to hide a dead body is on page two of the search results.
    – Huffington Post

    Common Obstacles

    Digital marketers are responsible for developing and executing a competitive SEO strategy but increasingly encounter the following obstacles:

    • Inefficient and ineffective SEO practitioners.
    • Changing SEO technology and search engine algorithms.
    • Lack of understanding of the best-in-class SEO techniques.
    • Lack of a sustainable plan to manage the strategy and invest in SEO.

    SEO is a helpful activity when it's applied to people-first content. However, content created primarily for search engine traffic is strongly correlated with content that searchers find unsatisfying.
    – Google Search Central Blog

    Benefits of Proper SEO

    A good SEO keyword strategy will create long-term, sustainable SEO growth:

    • Write content for people, not algorithms – Good SEO prioritizes the needs of humans over the needs of computers, being ever thoughtful of the meaning of content and keywords.
    • Content that aligns with intent – Content and keyword intent will align with the buyer journey to help move prospects through the funnel.
    • Competitive keyword strategy – Find keyword white space for your brand. Keywords will be selected to optimize your ranking among competition with reasonable and sustainable targets.
    • Actionable and impactful fixes – By following the SoftwareReviews phases of SEO, you will be able to take a very large task and divide it into conquerable actions. Small improvements everyday lead to very large improvements over time.

    Digital Marketing SEO Stats

    61%
    61% of marketers believe that SEO is the key to online success.
    Source: Safari Digital

    437%
    Updating an existing title tag with an SEO optimised one can increase page clicks by more than 437%.
    Source: Safari Digital

    Good SEO Aligns With Search Intent

    What type of content is the user searching for? Align your keyword to the logical search objective.

    Informational

    This term categorizes search intent for when a user wants to inform or educate themselves on a specific topic.

    Commercial

    This term categorizes search intent for when a user wants to do research before making a purchase.

    Transactional

    This term categorizes search intent for when a user wants to purchase something.

    Navigational

    This term categorizes search intent for when a user wants to find a specific page.

    SoftwareReviews' Methodology toCreate an Effective SEO Strategy

    1. Competitive Analysis & Keyword Discovery 2. On-Page Keyword Optimization
    Phase Steps
    1. Make a list of keywords in your current SEO strategy – including search volume, keyword difficulty percentage, intent.
    2. Research the keywords of top competitors.
    3. Make a list of target keywords you would like to own – including the search volume, keyword difficulty percentage, and intent. Make sure that these keywords align with your buyer persona.
    1. List product and service pages, along with the URL and current ranking(s) for the keyword(s) for that URL.
    2. Create a new individual page strategy for each URL. Record the current keyword, rank, title tag, H1 tag, and meta description. Then, with keyword optimization in mind, develop the new title tag, new H1 tag, and new meta description. Build the target keywords into the pages and tags.
    3. Record the current ranking for the pages' keywords then reassess after three to six months.
    Phase Outcomes
    • Understanding of competitive landscape for SEO
    • A list of target new keywords
    • Keyword optimized product and service pages

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    SoftwareReviews offers various levels of support to best suit your needs

    Included Within an Advisory Membership Optional Add-Ons
    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Insight Summary

    People-First Content

    Best-in-class SEO practitioners focus on people-first content, not computer-first content. Search engine algorithms continue to focus on how to rank better content first, and a strategy that moves your buyers through the funnel in a logical and cohesive way will beat any SEO trick over the long run.

    Find White Space

    A good SEO strategy uses competitive research to carve out white space and give them a competitive edge in an increasingly difficult ranking algorithm. An understanding of the ideal client profile and the needs of their buyer persona(s) sit as a pre-step to any good SEO strategy.

    Optimize On-Page Keywords

    By optimizing the on-page strategy with competitively relevant keywords that target your ideal client profile, marketers are able to take an easy first step at improving the SEO content strategy.

    Understand the Strategy

    If you don't understand the strategy of your SEO practitioner, you are in trouble. Marketers need to work hand in hand with their SEO specialists to quickly uncover gaps, create a strategy that aligns with the buyer persona(s), and execute the changes.

    Quality Trumps Quantity

    The quality of the prospect that your SEO efforts bring to your site is more important than the number of people brought to your site.

    Stop Here and Ask Yourself:

    • Do I have an updated (completed within the last two years) buyer persona and journey?
    • Do I know who the ICP (ideal client profile) is for my product or company?

    If not, stop here, and we can help you define your buyer persona and journey, as well as your ideal client profile before moving forward with SEO Phase 1.

    The Steps to SEO Phase 1

    The Keyword Strategy

    1. Current Keywords
      • Identify the keywords your SEO strategy is currently targeting.
    2. Competitive Analysis
      • Research the keywords of competitor(s). Identify keyword whitespace.
    3. New Target Keywords
      • Identify and rank keywords that will result in more quality leads and less competition.
    4. Product & Service Pages
      • Identify your current product and service pages. These pages represent the easiest content to update on your site.
    5. Individual Page Update
      • Develop an SEO strategy for each of your product and service pages, include primary target keyword, H1, and title tags, as well as keyword-rich description.

    Resources Needed for Search Engine Optimization

    Consider the working skills required for search engine optimization.

    Required Skills/Knowledge

    • SEO
    • Web development
    • Competitive analysis
    • Content creation
    • Understanding of buyer persona and journey
    • Digital marketing

    Suggested Titles

    • SEO Analyst
    • Competitive Intelligence Analyst
    • Content Marketing Manager
    • Website Developer
    • Digital Marketing Manager

    Digital Marketing Software

    • CMS that allows you to easily access and update your content

    SEO Software

    • SEO tool

    Step 1: Current Keywords

    Use this sheet to record your current keyword research.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify current keywords.

    Step 2: Competitive Analysis

    Use this sheet to guide the research on your competitors' keywords.

    Use your SEO tool to find the following:

    1. Top organic keywords
    2. Ranking of keywords
    3. Domain authority and trust
    4. Position changes

    This is a screenshot of the SEO tool SEMRush, which can be used to perform an competitive analysis

    Step 3: New Target Keywords

    Use this sheet to record target keywords that have a good volume but are less competitive. The new target keywords should align with your buyer persona and their journey.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify new target keywords.

    Step 4: Product & Service Pages

    Duplicate this page so that you have a separate page for each URL from Step 4

    Use this sheet to identify your current product and service pages.

    Use your SEO tool to find the following:

    1. Current rank
    2. Current keywords

    This is a screenshot of the SEO tool SEMRush, showing where you can display product and service pages.

    Step 5: Individual Page Strategy

    Develop a keyword strategy for each of your product and service pages. Use a fresh page for each URL.

    Date last optimized:
    mm/dd/yyyy

    This is a screenshot of the SEO tool SEMRush, with an example of how you can use an individual page strategy to develop a keyword strategy.

    Bibliography

    Council, Y. "Council Post: The Rundown On Black Hat SEO Techniques And Why You Should Avoid Them." Forbes, 2022. Accessed September 2022.

    "Our approach – How Google Search works." Google Search. Accessed September 2022.

    "The Best Place to Hide a Dead Body is Page Two of Google." HuffPost, 2022. Accessed September 2022.

    Patel, Neil. "How to Create the Perfect H1 Tag for SEO." neilpatel.com. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Position IT to Support and Be a Leader in Open Data Initiatives

    • Buy Link or Shortcode: {j2store}326|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Open data programs are often seen as unimportant or not worth taking up space in the budget in local government.
    • Open data programs are typically owned by a single open data evangelist who works on it as a side-of-desk project.
    • Having a single resource spend a portion of their time on open data doesn’t allow the open data program to mature to the point that local governments are realizing benefits from it.
    • It is difficult to gain buy-in for open data as it is hard to track the benefits of an open data program.

    Our Advice

    Critical Insight

    • Local government can help push the world towards being more open, unlocking economic benefits for the wider economy.
    • Cities don’t know the solutions to all of their problems often they don’t know all of the problems they have. Release data as a platform to crowdsource solutions and engage your community.
    • Build your open data policies in collaboration with the community. It’s their data, let them shape the way it’s used!

    Impact and Result

    • Level-set expectations for your open data program. Every local government is different in terms of the benefits they can achieve with open data; ensure the business understands what is realistic to achieve.
    • Create a team of open data champions from departments outside of IT. Identify potential champions for the team and use this group to help gain greater business buy-in and gather feedback on the program’s direction.
    • Follow the open data maturity model in order to assess your current state, identify a target state, and assess capability gaps that need to be improved upon.
    • Use industry best practices to develop an open data policy and processes to help improve maturity of the open data program and reach your desired target state.
    • Identify metrics that you can use to track, and communicate the success of, the open data program.

    Position IT to Support and Be a Leader in Open Data Initiatives Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop your open data program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set the foundation for the success of your open data program

    Identify your open data program's current state maturity, and gain buy-in from the business for the program.

    • Position IT to Support and Be a Leader in Open Data Initiatives – Phase 1: Set the Foundation for the Success of Your Open Data Program
    • Open Data Maturity Assessment
    • Open Data Program – IT Stakeholder Powermap Template
    • Open Data in Our City Stakeholder Presentation Template

    2. Grow the maturity of your open data program

    Identify a target state maturity and reach it through building a policy and processes and the use of metrics.

    • Position IT to Support and Be a Leader in Open Data Initiatives – Phase 2: Grow the Maturity of Your Open Data Program
    • Open Data Policy Template
    • Open Data Process Template
    • Open Data Process Descriptions Template
    • Open Data Process Visio Templates (Visio)
    • Open Data Process Visio Templates (PDF)
    • Open Data Metrics Template
    [infographic]

    Workshop: Position IT to Support and Be a Leader in Open Data Initiatives

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Business Drivers for Open Data Program

    The Purpose

    Ensure that the open data program is being driven out from the business in order to gain business support.

    Key Benefits Achieved

    Identify drivers for the open data program that are coming directly from the business.

    Activities

    1.1 Understand constraints for the open data program.

    1.2 Conduct interviews with the business to gain input on business drivers and level-set expectations.

    1.3 Develop list of business drivers for open data.

    Outputs

    Defined list of business drivers for the open data program

    2 Assess Current State and Define Target State of the Open Data Program

    The Purpose

    Understand the gaps between where your program currently is and where you want it to be.

    Key Benefits Achieved

    Identify top processes for improvement in order to bring the open data program to the desired target state maturity.

    Activities

    2.1 Perform current state maturity assessment.

    2.2 Define desired target state with business input.

    2.3 Highlight gaps between current and target state.

    Outputs

    Defined current state maturity

    Identified target state maturity

    List of top processes to improve in order to reach target state maturity

    3 Develop an Open Data Policy

    The Purpose

    Develop a draft open data policy that will give you a starting point when building your policy with the community.

    Key Benefits Achieved

    A draft open data policy will be developed that is based on best-practice standards.

    Activities

    3.1 Define the purpose of the open data policy.

    3.2 Establish principles for the open data program.

    3.3 Develop a rough governance outline.

    3.4 Create a draft open data policy document based on industry best-practice examples.

    Outputs

    Initial draft of open data policy

    4 Develop Open Processes and Identify Metrics

    The Purpose

    Build open data processes and identify metrics for the program in order to track benefits realization.

    Key Benefits Achieved

    Formalize processes to set in place to improve the maturity of the open data program.

    Identify metrics that can track the success of the open data program.

    Activities

    4.1 Develop the roles that will make up the open data program.

    4.2 Create processes for new dataset requests, updates of existing datasets, and the retiring of datasets.

    4.3 Identify metrics that will be used for measuring the success of the open data program.

    Outputs

    Initial draft of open data processes

    Established metrics for the open data program