Business Intelligence and Reporting

  • Buy Link or Shortcode: {j2store}6|cart{/j2store}
  • Related Products: {j2store}6|crosssells{/j2store}
  • member rating overall impact: 8.9/10
  • member rating average dollars saved: $45,792
  • member rating average days saved: 29
  • Parent Category Name: Data and Business Intelligence
  • Parent Category Link: /improve-your-core-processes/data-and-business-intelligence

The challenge

  • Your business partners need an environment that facilitates flexible data delivery.
  • Your data and BI strategy must continuously adapt to new business realities and data sources to stay relevant.
  • The pressure to go directly to the solution design is high.  

Our advice

Insight

  • A BI initiative is not static. It must be treated as a living platform to adhere to changing business goals and objectives. Only then will it support effective decision-making.
  • Hear the voice of the business; that is the "B" in BI.
  • Boys and their toys... The solution to better intelligence often lies not in the tool but the BI practices.
  • Build a roadmap that starts with quick-wins to establish base support for your initiative.

Impact and results 

  • Use the business goals and objectives to drive your BI initiatives.
  • Focus first on what you already have in your company's business intelligence landscape before investing in a new tool that will only complicate things.
  • Understand the core of what your users need by leveraging different approaches to pinpointing BI capabilities.
  • Create a roadmap that details the iterative deliveries of your business intelligence initiative. Show both the short and long term.

The roadmap

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

Get started

Our concise executive brief shows why you should create or refresh your business intelligence (BI) strategy. We'll show you our methodology and the ways we can help you in handling this.

Upon ordering you receive the complete guide with all files zipped.

Understand your business context and BI landscape

Understand critical business information and analyze your current business intelligence landscape.

  • Build a Next-Generation BI with a Game-Changing BI Strategy – Phase 1: Understand the Business Context and BI Landscape (ppt)
  • BI Strategy and Roadmap Template (doc)
  • BI End-User Satisfaction Survey Framework (ppt)

Evaluate your current business intelligence practices

Assess your current maturity level and define the future state.

  • Build a Next-Generation BI with a Game-Changing BI Strategy – Phase 2: Evaluate the Current BI Practice (ppt)
  • BI Practice Assessment Tool – Example 1 (xls)
  • BI Practice Assessment Tool – Example 2 (xls)

Create your BI roadmap

Create business intelligence focused initiatives for continuous improvement.

  • Build a Next-Generation BI with a Game-Changing BI Strategy – Phase 3: Create a BI Roadmap for Continuous Improvement (ppt)
  • BI Initiatives and Roadmap Tool (xls)
  • BI Strategy and Roadmap Executive Presentation Template (ppt)

 

Excel Through COVID-19 With a Focused Business Architecture

  • Buy Link or Shortcode: {j2store}604|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
  • member rating average days saved: Read what our members are saying
  • Parent Category Name: Strategy & Operating Model
  • Parent Category Link: /strategy-and-operating-model
  • Business architecture, including value stream and business capability models, is the tool you need to reposition your organization for post-COVID-19 success.
  • Your business architecture model represents your strategic business components. It guides the development of all other architectures to enable new and improved business function.
  • Evaluating your current business architecture, or indeed rebuilding it, creates a foundation for facilitated discussions and target state alignment between IT and the senior C-suite.
  • New projects and initiatives during COVID-19 must evolve business architecture so that your front-line workers and your customers are supported through the resolution of the pandemic. Specifically, your projects and initiatives must be directly traced to evolving your architecture.
  • Business architecture anchors downstream architectural iterations and initiatives. Measure business capability enablement results directly from projects and initiatives using a business architecture model.

Our Advice

Critical Insight

  • Focus on your most disruptive, game-changing innovations that have been on the backburner for some time. Here you will find the ingredients for post-pandemic success.

Impact and Result

  • Craft your business architecture model, aligned to the current climate, to refocus on your highest priority goals and increase your chances of post-COVID-19 excellence.

Excel Through COVID-19 With a Focused Business Architecture Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Create minimum viable business architecture

Create your minimum viable business architecture.

  • Excel Through COVID-19 With a Focused Business Architecture Storyboard
  • Excel Through COVID-19 With a Focused Business Architecture – Healthcare
  • Excel Through COVID-19 With a Focused Business Architecture – Higher Education
  • Excel Through COVID-19 With a Focused Business Architecture – Manufacturing
  • Business Capability Modeling

2. Identify COVID-19 critical capabilities for your industry

If there are a handful of capabilities that your business needs to focus on right now, what are they?

3. Brainstorm COVID-19 business opportunities

Identify business opportunities.

4. Enrich capability model with COVID-19 opportunities

Enrich your capability model.

[infographic]

Knowledge Management

  • Buy Link or Shortcode: {j2store}33|cart{/j2store}
  • Related Products: {j2store}33|crosssells{/j2store}
  • member rating overall impact: 9.0/10
  • member rating average dollars saved: $10,000
  • member rating average days saved: 2
  • Parent Category Name: People and Resources
  • Parent Category Link: /people-and-resources
Mitigate Key IT Employee Knowledge Loss

Optimize the Current Testing Process for Enterprise Mobile Applications

  • Buy Link or Shortcode: {j2store}404|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Testing, Deployment & QA
  • Parent Category Link: /testing-deployment-and-qa
  • Your team has little or no experience in mobile testing.
  • You need to optimize current testing processes to include mobile.
  • You need to conduct an RFP for mobile testing tools.

Our Advice

Critical Insight

  • One-size-fits-all testing won’t work for mobile. The testing tools are fragmented.
  • Mobile offers many new test cases, so organizations can expect to spend more time testing.

Impact and Result

  • Identify and address gaps between your current testing process and a target state that includes mobile testing.
  • Establish project value metrics to ensure business and technical requirements are met.

Optimize the Current Testing Process for Enterprise Mobile Applications Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Assess the current testing state

Determine a starting point for architecture and discuss pain points that will drive reusability.

  • Storyboard: Optimize the Current Testing Process for Enterprise Mobile Applications
  • Mobile Testing Project Charter Template
  • Visual SOP Template for Application Testing

2. Determine the target state testing framework

Document a preliminary list of test requirements and create vendor RFP and scoring.

  • Test Requirements Tool
  • Request for Proposal (RFP) Template

3. Implement testing tools to support the testing SOP

Create an implementation rollout plan.

  • Project Planning and Monitoring Tool

Infographic

Workshop: Optimize the Current Testing Process for Enterprise Mobile Applications

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Assess the Fit for Test Process Optimization

The Purpose

Understand mobile testing pain points.

Evaluate current statistics and challenges around mobile testing and compare with your organization.

Realize the benefits of mobile testing.

Understand the differences of mobile testing.

Assess your readiness for optimizing testing to include mobile.

Key Benefits Achieved

Preliminary understanding of how mobile testing is different from conventional approaches to testing apps.

Understanding of how mobile testing can optimize your current testing process.

Activities

1.1 Understand the pain points experienced with mobile testing

1.2 Evaluate current statistics and challenges of mobile testing and compare your organization

1.3 Realize the benefits that come from mobile testing

1.4 Understand the differences between mobile app testing and conventional app testing

1.5 Assess your readiness for optimizing the testing process to include mobile

Outputs

Organizational state assessment for mobile testing

2 Structure & Launch the Project

The Purpose

Identify stakeholders for testing requirements gathering.

Create a project charter to obtain project approval.

Present and obtain project charter sign-off.

Key Benefits Achieved

Well documented project charter.

Approval to launch the project.

Activities

2.1 Identify stakeholders for testing requirements gathering

2.2 Create a project charter to obtain project approval

2.3 Present & obtain project charter sign-off

Outputs

Project objectives and scope

Project roles and responsibilities

3 Assess Current Testing State

The Purpose

Document your current non-mobile testing processes.

Create a current testing visual SOP.

Determine current testing pain points.

Key Benefits Achieved

Thorough understanding of current testing processes and pain points.

Activities

3.1 Document your current non-mobile testing processes

3.2 Create a current state visual SOP

3.3 Determine current testing pain points

Outputs

Documented current testing processes in the form of a visual SOP

List of current testing pain points

4 Determine Target State Testing Framework

The Purpose

Determine your target state for mobile testing.

Choose vendors for the RFP process.

Evaluate selected vendor(s) against testing requirements.

Design mobile testing visual SOP(s).

Key Benefits Achieved

Prioritized list of testing requirements for mobile.

Vendor selection for mobile testing solutions through an RFP process.

New SOP designed to include both current testing and mobile testing processes.

Activities

4.1 Determine your target state for mobile testing by following Info-Tech’s framework as a starting point

4.2 Design new SOP to include testing for mobile apps

4.3 Translate all considered visual SOP mobile injections into requirements

4.4 Document the preliminary list of test requirements in the RFP

4.5 Determine which vendors to include for the RFP process

4.6 Reach out to vendors for a request for proposal

4.7 Objectively evaluate vendors against testing requirements

4.8 Identify and assess the expected costs and impacts from determining your target state

Outputs

List of testing requirements for mobile

Request for Proposal

5 Implement Testing Tools to Support Your Testing SOP

The Purpose

Develop an implementation roadmap to integrate new testing initiatives.

Anticipate potential roadblocks during implementation rollout.

Operationalize mobile testing and ensure a smooth hand-off to IT operations.

Key Benefits Achieved

Creation of implementation project plan.

List of approaches to mitigate potential implementation roadblocks.

Achieving clean hand-off to IT ops team.

Activities

5.1 Develop a project plan to codify your current understanding of the scope of work

5.2 Anticipate potential roadblocks during your tool’s implementation

5.3 Operationalize your testing tools and ensure a smooth hand-off from the project team

Outputs

Mobile testing metrics implementation plan

6 Conduct Your Retrospectives

The Purpose

Conduct regular retrospectives to consider areas for improvement.

Adjust your processes, systems, and testing tools to improve performance and usability.

Revisit implementation metrics to communicate project benefits.

Leverage the lessons learned and apply them to other projects.

Key Benefits Achieved

Project specific metrics.

Discovery of areas to improve.

Activities

6.1 Conduct regular retrospectives to consider areas for improvement

6.2 Revisit your implementation metrics to communicate project benefits to business stakeholders

6.3 Adjust your processes, systems, and testing tools to improve performance and usability

6.4 Leverage the lessons learned and apply them to other IT projects

Outputs

Steps to improve your mobile testing

Take Control of Infrastructure and Operations Metrics

  • Buy Link or Shortcode: {j2store}460|cart{/j2store}
  • member rating overall impact: 8.5/10 Overall Impact
  • member rating average dollars saved: $7,199 Average $ Saved
  • member rating average days saved: 11 Average Days Saved
  • Parent Category Name: Operations Management
  • Parent Category Link: /i-and-o-process-management
  • Measuring the business value provided by IT is very challenging.
  • You have a number of metrics, but they may not be truly meaningful, contextual, or actionable.
  • You know you need more than a single metric to tell the whole story. You also suspect that metrics from different systems combined will tell an even fuller story.
  • You are being asked to provide information from different levels of management, for different audiences, conveying different information.

Our Advice

Critical Insight

  • Many organizations collect metrics to validate they are keeping the lights on. But the Infrastructure and Operations managers who are benefitting the most are taking steps to ensure they are getting the right metrics to help them make decisions, manage costs, and plan for change.
  • Complaints about metrics are often rooted in managers wading through too many individual metrics, wrong metrics, or data that they simply can’t trust.
  • Info-Tech surveyed and interviewed a number of Infrastructure managers, CIOs, and IT leaders to understand how they are leveraging metrics. Successful organizations are using metrics for everything from capacity planning to solving customer service issues to troubleshooting system failures.

Impact and Result

  • Manage metrics so they don’t become time wasters and instead provide real value.
  • Identify the types of metrics you need to focus on.
  • Build a metrics process to ensure you are collecting the right metrics and getting data you can use to save time and make better decisions.

Take Control of Infrastructure and Operations Metrics Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should implement a metrics program in your Infrastructure and Operations practice, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Gap analysis

This phase will help you identify challenges that you want to avoid by implementing a metrics program, discover the main IT goals, and determine your core metrics.

  • Take Control of Infrastructure and Operations Metrics – Phase 1: Gap Analysis
  • Infra & Ops Metrics Executive Presentation

2. Build strategy

This phase will help you make an actionable plan to implement your metrics program, define roles and responsibilities, and communicate your metrics project across your organization and with the business division.

  • Take Control of Infrastructure and Operations Metrics – Phase 2: Build Strategy
  • Infra & Ops Metrics Definition Template
  • Infra & Ops Metrics Tracking and Reporting Tool
  • Infra & Ops Metrics Program Roles & Responsibilities Guide
  • Weekly Metrics Review With Your Staff
  • Quarterly Metrics Review With the CIO
[infographic]

Run Better Meetings

  • Buy Link or Shortcode: {j2store}287|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Voice & Video Management
  • Parent Category Link: /voice-video-management

Your newly hybrid workplace will include virtual, hybrid, and physical meetings, presenting several challenges:

  • The experience for onsite and remote attendees is not equal.
  • Employees are experiencing meeting and video fatigue.
  • Meeting rooms are not optimized for hybrid meetings.
  • The fact is that many people have not successfully run hybrid meetings before.

Our Advice

Critical Insight

  • Successful hybrid workplace plans must include planning around hybrid meetings. Seamless hybrid meetings are the result of thoughtful planning and documented best practices.

Impact and Result

  • Identify your current state and the root cause of unsatisfactory meetings.
  • Review and identify meetings best practices around meeting roles, delivery models, and training.
  • Improve the technology that supports meetings.
  • Use Info-Tech’s quick checklists and decision flowchart to accelerate meeting planning and cover your bases.

Run Better Meetings Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should run better meetings, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Identify the current state of meetings

Understand the problem before you try to fix it. Before you can improve meetings, you need to understand what your norms and challenges currently are.

  • Checklist: Run a Virtual or Hybrid Meeting

2. Publish best practices for how meetings should run

Document meeting roles, expectations, and how meetings should run. Decide what kind of meeting delivery model to use and develop a training program.

  • Meeting Challenges and Best Practices
  • Meeting Type Decision Flowchart (Visio)
  • Meeting Type Decision Flowchart (PDF)

3. Improve meeting technology

Always be consulting with users: early in the process to set a benchmark, during and after every meeting to address immediate concerns, and quarterly to identify trends and deeper issues.

  • Team Charter
  • Communications Guide Poster Template
[infographic]

Workshop: Run Better Meetings

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Identify Current State of Meetings

The Purpose

Understand the current state of meetings in your organization.

Key Benefits Achieved

What you need to keep doing and what you need to change

Activities

1.1 Brainstorm meeting types.

1.2 Document meeting norms.

1.3 Document and categorize meeting challenges.

Outputs

Documented challenges with meetings

Meeting norms

Desired changes to meeting norms

2 Review and Identify Best Practices

The Purpose

Review and implement meeting best practices.

Key Benefits Achieved

Defined meeting best practices for your organization

Activities

2.1 Document meeting roles and expectations.

2.2 Review common meeting challenges and identify best practices.

2.3 Document when to use a hybrid meeting, virtual meeting, or an in-person meeting.

2.4 Develop a training program.

Outputs

Meeting roles and expectations

List of meeting best practices

Guidelines to help workers choose between a hybrid, virtual, or in-person meeting

Training plan for meetings

3 Improve Meeting Technology

The Purpose

Identify opportunities to improve meeting technology.

Key Benefits Achieved

A strategy for improving the underlying technologies and meeting spaces

Activities

3.1 Empower virtual meeting attendees.

3.2 Optimize spaces for hybrid meetings.

3.3 Build a team of meeting champions.

3.4 Iterate to build and improve meeting technology.

3.5 Guide users toward each technology.

Outputs

Desired improvements to meeting rooms and meeting technology

Charter for the team of meeting champions

Communications Guide Poster

Demystify Blockchain: How Can It Bring Value to Your Organization?

  • Buy Link or Shortcode: {j2store}96|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Innovation
  • Parent Category Link: /innovation
  • Most leaders have an ambiguous understanding of blockchain and its benefits, let alone how it impacts their organization.
  • At the same time, with bitcoin drawing most of the media attention, organizations are finding it difficult to translate cryptocurrency usage to business case.

Our Advice

Critical Insight

  • Cut through the hype associated with blockchain by focusing on what is relevant to your organization. You have been hearing about blockchain for some time now and want to better understand it. While it is complex, you can beat the learning curve by analyzing its key benefits and purpose. Features such as transparency, efficiency, and security differentiate blockchain from existing technologies and help explain why it has transformative potential.
  • Ensure your use case is actually useful by first determining whether blockchain aligns with your organization. CIOs must take a practical approach to blockchain in order to avoid wasting resources (both time and money) and hurting IT’s image in the eyes of the business. While is easy to get excited and invest in a new technology to help maintain your image as a thought leader, you must ensure that your use case is fully developed prior to doing so.

Impact and Result

  • Follow Info-Tech’s methodology for simplifying an otherwise complex concept. By focusing on its benefits and how they directly relate to a use case, blockchain technology is made easy to understand for business and IT professionals.
  • Our program will help you understand if blockchain is the optimal solution for your organization by mapping its key benefits (i.e. transparency, integrity, efficiency, and security) to your needs and capabilities.
  • Leverage a repeatable framework for brainstorming blockchain use case ideas and communicate your findings to business stakeholders who may otherwise be confused about the transformative potential of blockchain.

Demystify Blockchain: How Can It Bring Value to Your Organization? Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why your organization should care about determining whether blockchain aligns with your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. What exactly is blockchain?

Understand blockchain’s unique feature, benefits, and business use cases.

  • Demystify Blockchain – Phase 1: What Is Blockchain?
  • Blockchain Glossary

2. What can blockchain do for your organization?

Envision blockchain’s transformative potential for your organization by brainstorming and validating a use case.

  • Demystify Blockchain – Phase 2: What Can Blockchain Do for Your Organization?
  • Blockchain Alignment Tool
  • Blockchain Alignment Presentation
[infographic]

Tech Trend Update: If Contact Tracing Then Distributed Trust

  • Buy Link or Shortcode: {j2store}424|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: DR and Business Continuity
  • Parent Category Link: /business-continuity

With COVID-19's rapid spread through populations, governments are looking for technology tools that can augment the efforts of manual contact tracing processes. How the system is designed is crucial to a positive outcome.

  • CIOs must understand how distributed trust principles achieve embedded privacy and help encourage user adoption.
  • CEOs must consider how society's waning trust in institutions affects the way they engage their customers.

Our Advice

Critical Insight

Mobile contact tracing apps that use a decentralized design approach will be the most likely to be adopted by a wide swath of the population.

Impact and Result

There are some key considerations to realize from the way different governments are approaching contact tracing:

  1. If centralized, then seek to ensure privacy protections.
  2. If decentralized, then seek to enable collaboration.
  3. In either case, put in place data governance to create trust.

Tech Trend Update: If Contact Tracing Then Distributed Trust Research & Tools

Learn why distributed trust is becoming critical to technology systems design

Understand the differences between mobile app architectures available to developers and how to achieve success in implementation based on your goals.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • Tech Trend Update: If Contact Tracing Then Distributed Trust Storyboard
[infographic]

2024 Tech Trends

  • Buy Link or Shortcode: {j2store}289|cart{/j2store}
  • member rating overall impact: 10
  • Parent Category Name: Innovation
  • Parent Category Link: /improve-your-core-processes/strategy-and-governance/innovation

AI has revolutionized the landscape, placing the spotlight firmly on the generative enterprise.

The far-reaching impact of generative AI across various sectors presents fresh prospects for organizations to capitalize on and novel challenges to address as they chart their path for the future. AI is more than just a fancy auto-complete. At this point it may look like that, but do not underestimate the evolutive power.

In this year's Tech Trends report, we explore three key developments to capitalize on these opportunities and three strategies to minimize potential risks.

Generative AI will take the lead.

As AI transforms industries and business processes, IT and business leaders must adopt a deliberate and strategic approach across six key domains to ensure their success.

Seize Opportunities:

  • Business models driven by AI
  • Automation of back-office functions
  • Advancements in spatial computing

Mitigate Risks:

  • Ethical and responsible AI practices
  • Incorporating security from the outset
  • Ensuring digital sovereignty

Accelerate Your Automation Processes

  • Buy Link or Shortcode: {j2store}485|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Service Desk
  • Parent Category Link: /service-desk

Your organization needs to:

  • Define an automation suite for the business.
  • Specify the business goals for your automation suite.
  • Roadmap your automation modules to continually grow your automation platform.
  • Identify how an automation suite can help the organization improve.

Our Advice

Critical Insight

Start small and do it right:

  • Assess if a particular solution works for your organization and continually invest in it if it does before moving onto the next solution.
  • Overwhelming your organization with a plethora of automation solutions can lead to a lack of management for each solution and decrease your overall return on investment.

Impact and Result

  • Define your automation suite in terms of your business goals.
  • Take stock of what you have now: RPA, AIOps, chatbots.
  • Think about how to integrate and optimize what you have now, as well as roadmap your continual improvement.

Accelerate Your Automation Processes Research & Tools

Start here – read the Executive Brief

Read this Executive Brief to find out why your organization should accelerate your automation processes, review Info-Tech’s methodology, and understand the ways Info-Tech can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Discover automation suite possibilities

Take hold of your current state and assess where you would like to improve. See if adding a new automation module or investing in your current modules is the right decision.

  • Automation Suite Maturity Assessment Tool

2. Chart your automation suite roadmap

Build a high-level roadmap of where you want to bring your organization's automation suite in the future.

  • Automation Suite Roadmap Tool
[infographic]

Define Service Desk Metrics That Matter

  • Buy Link or Shortcode: {j2store}491|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Service Desk
  • Parent Category Link: /service-desk
  • Consolidate your metrics and assign context and actions to ones currently tracked.
  • Establish tension metrics to see and tell the whole story.
  • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard.

Our Advice

Critical Insight

  • Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

Impact and Result

  • Tracking goal- and action-based metrics allows you to make meaningful, data-driven decisions for your service desk. You can establish internal benchmarks to set your own baselines.
  • Predefining the audience and cadence of each metric allows you to construct targeted dashboards to aid your metrics analysis.

Define Service Desk Metrics That Matter Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Define Service Desk Metrics That Matter Storyboard – A deck that shows you how to look beyond benchmarks and rely on internal metrics to drive success.

Deciding which service desk metrics to track and how to analyze them can be daunting. Use this deck to narrow down your goal-oriented metrics as a starting point and set your own benchmarks.

  • Define Service Desk Metrics That Matter Storyboard

2. Service Desk Metrics Workbook – A tool to organize your service desk metrics.

For each metric, consider adding the relevant overall goal, audience, cadence, and action. Use the audience and cadence of the metric to split your tracked metrics into various dashboards. Your final list of metrics and reports can be added to your service desk SOP.

  • Service Desk Metrics Workbook
[infographic]

Further reading

Define Service Desk Metrics That Matter

Look beyond benchmarks and rely on internal metrics to drive success.

Analyst Perspective

Don’t get paralyzed by benchmarks when establishing metrics

When establishing a suite of metrics to track, it’s tempting to start with the metrics measured by other organizations. Naturally, benchmarking will enter the conversation. While benchmarking is useful, measuring you organization against others with a lack of context will only highlight your failures. Furthermore, benchmarks will highlight the norm or common practice. It does not necessarily highlight best practice.

Keeping the limitations of benchmarking in mind, establish your own metrics suite with action-based metrics. Define the audience, cadence, and actions for each metric you track and pair them with business goals. Measure only what you need to.

Slowly improve your metrics process over time and analyze your environment using your own data as your benchmark.

Benedict Chang

Research Analyst, Infrastructure & Operations

Info-Tech Research Group

Executive Summary

Your Challenge

  • Measure the business value provided by the service desk.
  • Consolidate your metrics and assign context and actions to ones currently tracked.
  • Establish tension metrics to see and tell the whole story.
  • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard or effective dashboards.

Common Obstacles

  • Becoming too focused on benchmarks or unidimensional metrics (e.g. cost, first-contact resolution, time to resolve) can lead to misinterpretation of the data and poorly informed actions.
  • Sifting through the many sources of data post hoc can lead to stalling in data analysis or slow reaction times to poor metrics.
  • Dashboards can quickly become cluttered with uninformative metrics, thus reducing the signal-to-noise ratio of meaningful data.

Info-Tech's Approach

  • Use metrics that drive productive change and improvement. Track only what you need to report on.
  • Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.
  • Establish internal benchmarks by analyzing the trends from your own data to set baselines.
  • Act on the results of your metrics by adjusting targets and measuring success.

Info-Tech Insight

Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.

Improve your metrics to align IT with strategic business goals

The right metrics can tell the business how hard IT works and how well they perform.

  • Only 19% of CXOs feel that their organization is effective at measuring the success of IT projects with their current metrics.
  • Implementing the proper metrics can facilitate communication between the business division and IT practice.
  • The proper metrics can help IT know what issues the business has and how the CEO and CIO should tackle them.
  • If the goals above resonate with your organization, our blueprint Take Control of Infrastructure and Operations Metrics will take you through the right steps.

Current Metrics Suite

19% Effective

36% Some Improvement Necessary

45% Significant Improvement Necessary

Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

CXOs stress that value is the most critical area for IT to improve in reporting

  • You most likely have to improve your metrics suite by addressing business value.
  • Over 80% of organizations say they need improvement to their business value metrics, with 32% of organizations reporting that significant improvement is needed.
  • Of course, measuring metrics for service desk operations is important, but don’t forget business-oriented metrics such as measuring knowledgebase articles written for shift-left enablement, cost (time and money) of service desk tickets, and overall end-user satisfaction.

The image shows a bar graph with percentages on the Y-Acis, and the following categories on the X-Axis: Business value metrics; Stakeholder satisfaction reporting; Risk metrics; Technology performance & operating metrics; Cost & Salary metrics; and Ad hoc feedback from executives and staff. Each bar is split into two sections, with the blue section marked a Significant Improvement Necessary, and the purple section labelled Some Improvement necessary. Two sections are highlighted with red circles: Business Value metrics--32% blue; 52% purple; and Technology performance & operating metrics--23% blue and 51% purple.

Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622

Benchmarking used in isolation will not tell the whole story

Benchmarks can be used as a step in the metrics process

They can be the first step to reach an end goal, but if benchmarks are observed in isolation, it will only highlight your failures.

Benchmarking relies on standardized models

This does not account for all the unique variables that make up an IT organization.

For example, benchmarks that include cost and revenue may include organizations that prioritize first-call resolution (FCR), but the variables that make up this benchmark model will be quite different within your own organization.

Info-Tech Insight

Benchmarks reflect the norm and common practice, not best practice.

Benchmarks are open to interpretation

Taking the time to establish proper metrics is often more valuable time spent than going down the benchmark rabbit hole.

Being above or below the norm is neither a good nor a bad thing.

Determining what the results mean for you depends on what’s being measured and the unique factors, characteristics, and priorities in your organization.

If benchmark data is a priority within your IT organization, you may look up organizations like MetricNet, but keep the following in mind:

Review the collected benchmark data

See where IT organizations in your industry typically stand in relation to the overall benchmark.

Assess the gaps

Large gaps between yourself and the overall benchmark could indicate areas for improvement or celebration. Use the data to focus your analysis, develop deeper self-awareness, and prioritize areas for potential concern.

Benchmarks are only guidelines

The benchmark source data may not come from true peers in every sense. Each organization is different, so always explore your unique context when interpreting any findings.

Rely on internal metrics to measure and improve performance

Measure internal metrics over time to define goals and drive real improvement

  • Internally measured metrics are more reliable because they provide information about your actual performance over time. This allows for targeted improvements and objective measurements of your milestones.
  • Whether a given metric is the right one for your service desk will depend on several different factors, including:
    • The maturity and capability of your service desk processes
    • The volume of service requests and incidents
    • The complexity of your environment when resolving tickets
    • The degree to which your end users are comfortable with self-service

Take Info-Tech’s approach to metrics management

Use metrics that drive productive change and improvement. Track only what you need to report on.

Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.

Establish internal benchmarks by analyzing the trends from your own data to set baselines.

Act on the results of your metrics by adjusting targets and measuring success.

Define action-based metrics to cut down on analysis paralysis

Every metric needs to be backed with the following criteria:

  • Defining audience, cadence, goal, and action for each metric allows you to keep your tracked metrics to a minimum while maximizing the value.
  • The audience and cadence of each metric may allow you to define targeted dashboards.

Audience - Who is this metric tracked for?

Goal - Why are you tracking this metric? This can be defined along with the CSFs and KPIs.

Cadence - How often are you going to view, analyze, and action this metric?

Action - What will you do if this metric spikes, dips, trends up, or trends down?

Activity 1. Define your critical success factors and key performance indicators

Critical success factors (CSFs) are high-level goals that help you define the direction of your service desk. Key performance indicators (KPIs) can be treated as the trend of metrics that will indicate that you are moving in the direction of your CSFs. These will help narrow the data you have to track and action (metrics).

CSFs, or your overall goals, typically revolve around three aspects of the service desk: time spent on tickets, resources spent on tickets, and the quality of service provided.

  1. As a group, brainstorm the CSFs and the KPIs that will help narrow your metrics. Use the Service Desk Metrics Workbook to record the results.
  2. Look at the example to the right as a starting point.

Example metrics:

Critical success factor Key performance indicator
High End-User Satisfaction Increasing CSAT score on transactional surveys
High end-user satisfaction score
Proper resolution of tickets
Low time to resolve
Low Cost per Ticket Decreasing cost per ticket (due to efficient resolution, FCR, automation, self-service, etc.)
Improve Access to Self-Service (tangential to improve customer service) High utilization of knowledgebase
High utilization of portal

Download the Service Desk Metrics Workbook

Activity 2. Define action-based metrics that align with your KPIs and CSFs

  1. Now that you have defined your goals, continue to fill the workbook by choosing metrics that align with those goals.
  2. Use the chart below as a guide. For every metric, define the cadence of measurement, audience of the metric, and action associated with the metric. There may be multiple metrics for each KPI.
  3. If you find you are unable to define the cadence, audience, or action associated with a metric, you may not need to track the metric in the first place. Alternatively, if you find that you may action a metric in the future, you can decide to start gathering data now.

Example metrics:

Critical success factor Key performance indicator Metric Cadence Audience Action
High End-User Satisfaction Increasing CSAT score on transactional surveys Monthly average of ticket satisfaction scores Monthly Management Action low scores immediately, view long-term trends
High end-user satisfaction score Average end-user satisfaction score from annual survey Annually IT Leadership View IT satisfaction trends to align IT with business direction
Proper resolution of tickets Number of tickets reopened Weekly Service Desk Technicians Action reopened tickets, look for training opportunities
SLA breach rate Daily Service Desk Technicians Action reopened tickets, look for training opportunities
Low time to resolve Average TTR (incidents) Weekly Management Look for trends to monitor resources
Average TTR by priority Weekly Management Look for TTR solve rates to align with SLA
Average TTR by tier Weekly Management Look for improperly escalated tickets or shift-left opportunities

Download the Service Desk Metrics Workbook

Activity 3. Define the data ownership, metric viability, and dashboards

  1. For each metric, define where the data is housed. Ideally, the data is directly in the ticketing tool or ITSM tool. This will make it easy to pull and analyze.
  2. Determine how difficult the metric will be to pull or track. If the effort is high, decide if the value of tracking the metric is worth the hassle of gathering it.
  3. Lastly, for each metric, use the cadence and audience to place the metric in a reporting dashboard. This will help divide your metrics and make them easier to report and action.
  4. You may use the output of this exercise to add your tracked metrics to your service desk SOP.
  5. A full suite of metrics can be found in our Infrastructure & Operations Metrics Library in the Take Control of Infrastructure Metrics Storyboard. The metrics have been categorized by low, medium, and advanced capabilities for you.

Example metrics:

Metric Who Owns the Data? Efforts to Track? Dashboards
Monthly average of ticket satisfaction scores Service Desk Low Monthly Management Meeting
Average end-user satisfaction score Service Desk Low Leadership Meeting
Number of tickets reopened Service Desk Low Weekly Technician Standup
SLA breach rate Service Desk Low Daily Technician Standup
Average TTR (incidents) Service Desk Low Weekly Technician Standup
Average TTR by priority Service Desk Low Weekly Technician Standup
Average TTR by tier Service Desk Low Weekly Technician Standup
Average TTR (SRs) Service Desk Low Weekly Technician Standup
Number of tickets reopened Service Desk Low Daily Technician Standup

Download the Service Desk Metrics Workbook

Keep the following considerations in mind when defining which metrics matter

Keep the customer in mind

Metrics are typically focused on transactional efficiency and process effectiveness and not what was achieved against the customers’ need and satisfaction.

Understand the relationships between performance and metrics management to provide the end-to-end service delivery picture you are aiming to achieve.

Don’t settle for tool defaults

ITSM solutions offer an abundance of metrics to choose from. The most common ones are typically built into the reporting modules of the tool suite.

Do not start tracking everything. Choose metrics that are specifically aligned to your organization’s desired business outcomes.

Establish tension metrics to achieve balance

Don’t ignore the correlation and context between the suites of metrics chosen and how one interacts and affects the other.

Measuring metrics in isolation may lead to an incomplete picture or undesired technician behavior. Tension metrics help complete the picture and lead to proper actions.

Adjust those targets

An arbitrary target on a metric that is consistently met month over month is useless. Each metric should inform the overall performance by combining capable service level management and customer experience programs to prove the value IT is providing to the organization.

Related Info-Tech Research

Standardize the Service Desk

This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management, to create a sustainable service desk.

Take Control of Infrastructure and Operations Metrics

Make faster decisions and improve service delivery by using the right metrics for the job.

Analyze Your Service Desk Ticket Data

Take a data-driven approach to service desk optimization.

IT Diagnostics: Build a Data-Driven IT Strategy

Our data-driven programs ask business and IT stakeholders the right questions to ensure you have the inputs necessary to build an effective IT strategy.

Measure IT Project Value

  • Buy Link or Shortcode: {j2store}431|cart{/j2store}
  • member rating overall impact: 9.5/10 Overall Impact
  • member rating average dollars saved: $5,549 Average $ Saved
  • member rating average days saved: 6 Average Days Saved
  • Parent Category Name: Portfolio Management
  • Parent Category Link: /portfolio-management
  • People treat benefits as a box to tick on the business case, deflating or inflating them to facilitate project approval.
  • Even if benefits are properly defined, they are usually forgotten once the project is underway.
  • Subsequent changes to project scope may impact the viability of the project’s business benefits, resulting in solutions that do not deliver expected value.

Our Advice

Critical Insight

  • It is rare for project teams or sponsors to be held accountable for managing and/or measuring benefits. The assumption is often that no one will ask if benefits have been realized after the project is closed.
  • The focus is largely on the project’s schedule, budget, and scope, with little attention paid to the value that the project is meant to deliver to the organization.
  • Without an objective stakeholder to hold people accountable for defining benefits and demonstrating their delivery, benefits will continue to be treated as red tape.
  • Sponsors will not take the time to define benefits properly, if at all. The project team will not take the time to ensure they are still achievable as the project progresses. When the project is complete, no one will investigate actual project success.

Impact and Result

  • The project sponsor and business unit leaders must own project benefits; IT is only accountable for delivering the solution.
  • IT can play a key role in this process by establishing and supporting a benefits realization process. They can help business unit leaders and sponsors define benefits properly, identify meaningful metrics, and report on benefits realization effectively.
  • The project management office is ideally suited to facilitate this process by providing tools and templates, and a consistent and comparable view across projects.
  • Project managers are accountable for delivering the project, not for delivering the benefits of the project itself. However, they must ensure that changes to project scope are assessed for impact on benefits viability.

Measure IT Project Value Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should establish a benefits legitimacy practice, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Establish benefits legitimacy during portfolio Intake

This phase will help you define a benefits management process to help support effective benefits definition during portfolio intake.

  • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 1: Establish Benefits Legitimacy During Portfolio Intake
  • Project Sponsor Role Description Template
  • Benefits Commitment Form Template
  • Right-Sized Business Case Template

2. Maintain benefits legitimacy throughout project planning and execution

This phase will help you define a process for effective benefits management during project planning and the execution intake phase.

  • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 2: Maintain Benefits Legitimacy Throughout Project Planning and Execution
  • Project Benefits Documentation Workbook
  • Benefits Legitimacy Workflow Template (PDF)
  • Benefits Legitimacy Workflow Template (Visio)

3. Close the deal on project benefits

This phase will help you define a process for effectively tracking and reporting on benefits realization post-project.

  • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 3: Close the Deal on Project Benefits
  • Portfolio Benefits Tracking Tool
  • Benefits Lag Report Template
  • Benefits Legitimacy Handbook Template
[infographic]

Workshop: Measure IT Project Value

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Analyze the Current State of Benefits Management

The Purpose

Assess the current state of benefits management at your organization and establish a realistic target state.

Establish project and portfolio baselines for benefits management.

Key Benefits Achieved

Set achievable workshop goals and align stakeholder expectations.

Establish a solid foundation for benefits management success.

Activities

1.1 Introductions and overview.

1.2 Discuss attendee expectations and goals.

1.3 Complete Info-Tech’s PPM Current State Scorecard.

1.4 Perform right-wrong-confusing-missing analysis.

1.5 Define target state for benefits management.

1.6 Refine project levels.

Outputs

Info-Tech’s PPM Current State Scorecard report

Right-wrong-confusing-missing analysis

Stakeholder alignment around workshop goals and target state

Info-Tech’s Project Intake Classification Matrix

2 Establish Benefits Legitimacy During Portfolio Intake

The Purpose

Establish organizationally specific benefit metrics and KPIs.

Develop clear roles and accountabilities for benefits management.

Key Benefits Achieved

An articulation of project benefits and measurements.

Clear checkpoints for benefits communication during the project are defined.

Activities

2.1 Map the current portfolio intake process.

2.2 Establish project sponsor responsibilities and accountabilities for benefits management.

2.3 Develop organizationally specific benefit metrics and KPIs.

2.4 Integrate intake legitimacy into portfolio intake processes.

Outputs

Info-Tech’s Project Sponsor Role Description Template

Info-Tech’s Benefits Commitment Form Template

Intake legitimacy process flow and RASCI chart

Intake legitimacy SOP

3 Maintain Benefits Legitimacy Throughout Project Planning and Execution

The Purpose

Develop a customized SOP for benefits management during project planning and execution.

Key Benefits Achieved

Ensure that all changes to the project have been recorded and benefits have been updated in preparation for deployment.

Updated benefits expectations are included in the final sign-off package.

Activities

3.1 Map current project management process and audit project management documentation.

3.2 Identify appropriate benefits control points.

3.3 Customize project management documentation to integrate benefits.

3.4 Develop a deployment legitimacy process flow.

Outputs

Customized project management toolkit

Info-Tech’s Project Benefits Documentation Workbook

Deployment of legitimacy process flow and RASCI chart

Deployment of legitimacy SOP

4 Close the Deal on Project Benefits

The Purpose

Develop a post-project benefits realization process.

Key Benefits Achieved

Clear project sponsorship accountabilities for post-project benefits tracking and reporting.

A portfolio level benefits tracking tool for reporting on benefits attainment.

Activities

4.1 Identify appropriate benefits control points in the post-project process.

4.2 Configure Info-Tech’s Portfolio Benefits Tracking Tool.

4.3 Define a post-project benefits reporting process.

4.4 Formalize protocol for reporting on, and course correcting, benefit lags.

4.5 Develop a post-project legitimacy process flow.

Outputs

Info-Tech’s Portfolio Benefits Tracking Tool

Post-Project legitimacy process flow and RASCI chart

Post-Project Legitimacy SOP

Info-Tech’s Benefits Legitimacy Handbook

Info-Tech’s Benefits Legitimacy Workflow Template

Enterprise Network Design Considerations

  • Buy Link or Shortcode: {j2store}502|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Network Management
  • Parent Category Link: /network-management

Security, risk, and trust models play into how networks are designed and deployed. If these models are not considered during network design, band-aids and workarounds will be deployed to achieve the needed goals, potentially bypassing network controls.

Our Advice

Critical Insight

The cloud “gold rush” has made it attractive for many enterprises to migrate services off the traditional network and into the cloud. These services are now outside of the traditional network and associated controls. This shifts the split of east-west vs. north-south traffic patterns, as well as extending the network to encompass services outside of enterprise IT’s locus of control.

Impact and Result

Where users access enterprise data or services and from which devices dictate the connectivity needed. With the increasing shift of work that the business is completing remotely, not all devices and data paths will be under the control of IT. This shift does not allow IT to abdicate from the responsibility to provide a secure network.

Enterprise Network Design Considerations Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Enterprise Network Design Considerations Deck – A brief deck that outlines key trusts and archetypes when considering enterprise network designs.

This blueprint will help you:

  • Enterprise Network Design Considerations Storyboard

2. Enterprise Network Roadmap Technology Assessment Tool – Build an infrastructure assessment in an hour.

Dispense with detailed analysis and customizations to present a quick snapshot of the road ahead.

  • Enterprise Network Roadmap Technology Assessment Tool
[infographic]

Further reading

Enterprise Network Design Considerations

It is not just about connectivity.

Executive Summary

Info-Tech Insight

Connectivity and security are tightly coupled

Security, risk, and trust models play into how networks are designed and deployed. If these models are not considered during network design, band-aids and workarounds will be deployed to achieve the needed goals, potentially bypassing network controls.

Many services are no longer within the network

The cloud “gold rush” has made it attractive for many enterprises to migrate services off the traditional network and into the cloud. These services are now outside of the traditional network and associated controls. This shifts the split of east-west vs. north-south traffic patterns, as well as extending the network to encompass services outside of enterprise IT’s locus of control.

Users are demanding an anywhere, any device access model

Where users access enterprise data or services and from which devices dictate the connectivity needed. With the increasing shift of work that the business is completing remotely, not all devices and data paths will be under the control of IT. This shift does not allow IT to abdicate from the responsibility to provide a secure network.

Enterprise networks are changing

The new network reality

The enterprise network of 2020 and beyond is changing:

  • Services are becoming more distributed.
  • The number of services provided “off network” is growing.
  • Users are more often remote.
  • Security threats are rapidly escalating.

The above statements are all accurate for enterprise networks, though each potentially to differing levels depending on the business being supported by the network. Depending on how affected the network in question currently is and will be in the near future, there are different common network archetypes that are best able to address these concerns while delivering business value at an appropriate price point.

High-Level Design Considerations

  1. Understand Business Needs
  2. Understand what the business needs are and where users and resources are located.

  3. Define Your Trust Model
  4. Trust is a spectrum and tied tightly to security.

  5. Align With an Archetype
  6. How will the network be deployed?

  7. Understand Available Tooling
  8. What tools are in the market to help achieve design principles?

Understand business needs

Mission

Never ignore the basics. Start with revisiting the mission and vision of the business to address relevant needs.

Users

Identify where users will be accessing services from. Remote vs. “on net” is a design consideration now more than ever.

Resources

Identify required resources and their locations, on net vs. cloud.

Controls

Identify required controls in order to define control points and solutions.

Define a trust model

Trust is a spectrum

  • There is a spectrum of trust, from fully trusted to not trusted at all. Each organization must decide for their network (or each area thereof) the appropriate level of trust to assign.
  • The ease of network design and deployment is directly proportional to the trust spectrum.
  • When resources and users are outside of direct IT control, the level of appropriate trust should be examined closely.

Implicit

Trust everything within the network. Security is perimeter based and designed to stop external actors from entering the large trusted zone.

Controlled

Multiple zones of trust within the network. Segmentation is a standard practice to separate areas of higher and lower trust.

Zero

Verify trust. The network is set up to recognize and support the principle of least privilege where only required access is supported.

Align with an archetype

Archetypes are a good guide

  • Using a defined archetype as a guiding principle in network design can help clarify appropriate tools or network structures.
  • Different aspects of a network can have different archetypes where appropriate (e.g. IT vs. OT [operational technology] networks).

Traditional

Services are provided from within the traditional network boundaries and security is provided at the network edge.

Hybrid

Services are provided both externally and from within the traditional network boundaries, and security is primarily at the network edge.

Inverted

Services are provided primarily externally, and security is cloud centric.

Traditional networks

Resources within network boundaries

Moat and castle security perimeter

Abstract

A traditional network is one in which there are clear boundaries defined by a security perimeter. Trust can be applied within the network boundaries as appropriate, and traffic is generally routed through internally deployed control points that may be centralized. Traditional networks commonly include large firewalls and other “big iron” security and control devices.

Network Design Tenets

  • The full network path from resource to user is designed, deployed, and controlled by IT.
  • Users external to the network must first connect to the network to gain access to resources.
  • Security, risk, and trust controls will be implemented by internal enterprise hardware/software devices.

Control

In the traditional network, it is assumed that all required control points can be adequately deployed across hardware/software that is “on prem” and under the control of central IT.

Info-Tech Insight

With increased cloud services provided to end users, this network is now more commonly used in data centers or OT networks.

Traditional networks

The image contains an example of what traditional networks look like, as described in the text below.

Defining Characteristics

  • Traffic flows in a defined path under the control of IT to and from central IT resources.
  • Due to visibility into, and the control of, the traffic between the end user and resources, IT can relatively simply implement the required security controls on owned hardware.

Common Components

  • Traditional offices
  • Remote users/road warriors
  • Private data center/colocation space

Hybrid networks

Resources internal and external to network

Network security perimeter combined with cloud protection

Abstract

A hybrid network is one that combines elements of a traditional network with cloud resources. As some of these resources are not fully under the control of IT and may be completely “offnet” or loosely coupled to the on-premises network, the security boundaries and control points are less likely to be centralized. Hybrid networks allow the flexibility and speed of cloud deployment without leaving behind traditional network constructs. This generally makes them expensive to secure and maintain.

Network Design Tenets

  • The network path from resource to user may not be in IT’s locus of control.
  • Users external to the network must first connect to the network to gain access to internal resources but may directly access publicly hosted ones.
  • Security, risk, and trust controls may potentially be implemented by a mixture of internal enterprise hardware/software devices and external control points.

Control

The hallmark of a hybrid network is the blending of public and private resources. This blending tends to necessitate both public and private points of control that may not be homogenous.

Info-Tech Insight

With multiple control points to address, take care in simplifying designs while addressing all concerns to ease operational load.

Hybrid networks

The image contains an example of what hybrid networks look like, as described in the text below.

Defining Characteristics

  • Traffic flows to central resources across a defined path under the control of IT.
  • Traffic to cloud assets may be partially under the control of IT.
  • For central resources, the traffic to and from the end user can have the required security controls relatively simply implemented on owned hardware.
  • For public cloud assets, IT may or may not have some control over part of the path.

Common Components

  • Traditional offices
  • Remote users/road warriors
  • Private data center/colocation space
  • Public cloud assets (IaaS/PaaS/SaaS)

Inverted perimeter

Resources primarily external to the network

Security control points are cloud centric

Abstract

An inverted perimeter network is one in which security and control points cover the entire workflow, on or off net, from the consumer of services through to the services themselves with zero trust. Since the control plane is designed to encompass the workflow in a secure manner, much of the underlying connectivity can be abstracted. In an extreme version of this deployment, IT would abstract end-user access, and any cloud-based or on-premises resources would be securely published through the control plane with context-aware precision access.

Network Design Tenets

  • The network path from resource to user is abstracted and controlled by IT through services like secure access service edge (SASE).
  • Users only need internet access and appropriate credentials to gain access to resources.
  • Security, risk, and trust controls will be implemented through external cloud based services.

Control

An inverted network abstracts the lower-layer connectivity away and focuses on implementing a cloud-based zero trust control plane.

Info-Tech Insight

This model is extremely attractive for organizations that consume primarily cloud services and have a large remote work force.

Inverted networks

The image contains an example of what inverted networks look like, as described in the text below.

Defining Characteristics

  • The end user does not have to be in a defined location.
  • All central resources that are to be accessed are hosted on cloud resources.
  • IT has little to no control of the path between the end user and central resources.

Common Components

  • Traditional offices
  • Regent offices/shared workspaces
  • Remote users/road warriors
  • Public cloud assets (IaaS/PaaS/SaaS)

Understand available tooling

Don’t buy a hammer and go looking for nails

  • A network archetype must be defined in order to understand what tools (hardware or software) are appropriate for consideration in a network build or refresh.
  • Tools are purpose built and generally designed to solve specific problems if implemented and operated correctly. Choose the tools to align with the challenges that you are solving as opposed to choosing tools and then trying to use those purchases to overcome challenges.
  • The purchase of a tool does not allow for abdication of proper design. Tools must be chosen appropriately and integrated properly to orchestrate the best solutions. Purchasing a tool and expecting the tool to solve all your issues rarely succeeds.

“It is essential to have good tools, but it is also essential that the tools should be used in the right way.” — Wallace D. Wattles

Software-defined WAN (SD-WAN)

Simplified branch office connectivity

Archetype Value: Traditional Networks

What It Is Not

SD-WAN is generally not a way to slash spending by lowering WAN circuit costs. Though it is traditionally deployed across lower cost access, to minimize risk and realize the most benefits from the platform many organizations install multiple circuits with greater bandwidths at each endpoint when replacing the more costly traditional circuits. Though this maximizes the value of the technology investment, it will result in the end cost being similar to the traditional cost plus or minus a small percentage.

What It Is

SD-WAN is a subset of software-defined networking (SDN) designed specifically to deploy a secure, centrally managed, connectivity agnostic, overlay network connecting multiple office locations. This technology can be used to replace, work in concert with, or augment more traditional costly connectivity such as MPLS or private point to point (PtP) circuits. In addition to the secure overlay, SD-WAN usually also enables policy-based, intelligent controls, based on traffic and circuit intelligence.

Why Use It

You have multiple endpoint locations connected by expensive lower bandwidth traditional circuits. Your target is to increase visibility and control while controlling costs if and where possible. Ease of centralized management and the ability to more rapidly turn up new locations are attractive.

Cloud access security broker (CASB)

Inline policy enforcement placed between users and cloud services

Archetype Value: Hybrid Networks

What It Is Not

CASBs do not provide network protection; they are designed to provide compliance and enforcement of rules. Though CASBs are designed to give visibility and control into cloud traffic, they have limits to the data that they generally ingest and utilize. A CASB does not gather or report on cloud usage details, licencing information, financial costing, or whether the cloud resource usage is aligned with the deployment purpose.

What It Is

A CASB is designed to establish security controls beyond a company’s environment. It is commonly deployed to augment traditional solutions to extend visibility and control into the cloud. To protect assets in the cloud, CASBs are designed to provide central policy control and apply services primarily in the areas of visibility, data security, threat protection, and compliance.

Why Use It

You a mixture of on-premises and cloud assets. In moving assets out to the cloud, you have lost the traditional controls that were implemented in the data center. You now need to have visibility and apply controls to the usage of these cloud assets.

Secure access service edge (SASE)

Convergence of security and service access in the cloud

Archetype Value: Inverted Networks

What It Is Not

Though the service will consist of many service offerings, SASE is not multiple services strung together. To present the value proposed by this platform, all functionality proposed must be provided by a single platform under a “single pane of glass.” SASE is not a mature and well-established service. The market is still solidifying, and the full-service definition remains somewhat fluid.

What It Is

SASE exists at the intersection of network-as-a-service and network-security-as-a-service. It is a superset of many network and security cloud offerings such as CASB, secure web gateway, SD-WAN, and WAN optimization. Any services offered by a SASE provider will be cloud hosted, presented in a single stack, and controlled through a single pane of glass.

Why Use It

Your network is inverting, and services are provided primarily as cloud assets. In a full realization of this deployment’s value, you would abstract how and where users gain initial network access yet remain in control of the communications and data flow.

Activity

Understand your enterprise network options

Activity: Network assessment in an hour

  • Learn about the Enterprise Network Roadmap Technology Assessment Tool
  • Complete the Enterprise Network Roadmap Technology Assessment Tool

This activity involves the following participants:

  • IT strategic direction decision makers.
  • IT managers responsible for network.
  • Organizations evaluating platforms for mission critical applications.

Outcomes of this step:

  • Completed Enterprise Network Roadmap Technology Assessment Tool

Info-Tech Insight

Review your design options with security and compliance in mind. Infrastructure is no longer a standalone entity and now tightly integrates with software-defined networks and security solutions.

Build an assessment in an hour

Learn about the Enterprise Network Roadmap Technology Assessment Tool.

This workbook provides a high-level analysis of a technology’s readiness for adoption based on your organization’s needs.

  • The workbook then places the technology on a graph that measures both the readiness and fit for your organization. In addition, it provides warnings for specific issues and lets you know if you have considerable uncertainty in your answers.
  • At a glance you can now communicate what you are doing to help the company:
    • Grow
    • Save money
    • Reduce risk
  • Regardless of your specific audience, these are important stories to be able to tell.
The image contains three screenshots from the Enterprise Network Roadmap Technology Assessment Tool.

Build an assessment in an hour

Complete the Enterprise Network Roadmap Technology Assessment Tool.

Dispense with detailed analysis and customizations to present a quick snapshot of the road ahead.

  1. Weightings: Adjust the Weighting tab to meet organizational needs. The provided weightings for the overall solution areas are based on a generic firm; individual firms will have different needs.
  2. Data Entry: For each category, answer the questions for the technology you are considering. When you have completed the questionnaire, go to the next tab for the results.
  3. Results: The Enterprise Network Roadmap Technology Assessment Tool provides a value versus readiness assessment of your chosen technology customized to your organization.

The image contains three screenshots from the Enterprise Network Roadmap Technology Assessment Tool. It has a screenshot for each step as described in the text above.

Related Info-Tech Research

Effectively Acquire Infrastructure Services

Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery

There are very few IT infrastructure components you should be housing internally – outsource everything else.

Build Your Infrastructure Roadmap

Move beyond alignment: Put yourself in the driver’s seat for true business value.

Drive Successful Sourcing Outcomes With a Robust RFP Process

Leverage your vendor sourcing process to get better results.

Research Authors

The image contains a photo of Scott Young.

Scott Young, Principal Research Advisor, Info-Tech Research Group

Scott Young is a Director of Infrastructure Research at Info-Tech Research Group. Scott has worked in the technology field for over 17 years, with a strong focus on telecommunications and enterprise infrastructure architecture. He brings extensive practical experience in these areas of specialization, including IP networks, server hardware and OS, storage, and virtualization.

The image contains a photo of Troy Cheeseman.

Troy Cheeseman, Practice Lead, Info-Tech Research Group

Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

Bibliography

Ahlgren, Bengt. “Design considerations for a network of information.” ACM Digital Library, 21 Dec. 2008.

Cox Business. “Digital transformation is here. Is your business ready to upgrade your mobile work equation?” BizJournals, 1 April 2022. Accessed April 2022.

Elmore, Ed. “Benefits of integrating security and networking with SASE.” Tech Radar, 1 April 2022. Web.

Greenfield, Dave. “From SD-WAN to SASE: How the WAN Evolution is Progressing.” Cato Networks, 19 May 2020. Web

Korolov, Maria. “What is SASE? A cloud service that marries SD-WAN with security.” Network World, 7 Sept. 2020. Web.

Korzeniowski, Paul, “CASB tools evolve to meet broader set of cloud security needs.” TechTarget, 26 July 2019. Accessed March 2022.

Debunk Machine Learning Endpoint Security Solutions

  • Buy Link or Shortcode: {j2store}168|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Endpoint Security
  • Parent Category Link: /endpoint-security
  • Threat actors are more innovative than ever before and developing sophisticated methods of endpoints attacks capable of avoiding detection with traditional legacy anti-virus software.
  • Legacy anti-virus solutions rely on signatures and hence fail at detecting memory objects, and new and mutating malware.
  • Combined with the cybersecurity talent gap and the sheer volume of endpoint attacks, organizations need endpoint security solutions capable of efficiently and accurately blocking never-before-seen malware types and variants.

Our Advice

Critical Insight

  • Don’t make machine learning a goal in itself. Think of how machine learning can help you achieve your goals.
  • Determine your endpoint security requirements and goals prior to shopping around for a vendor. Vendors can easily suck you into a vortex of marketing jargon and sell you tools that your organization does not need.
  • Machine learning alone is not a solution to catching malware. It is a computational method that can generalize and analyze large datasets, and output insights quicker than a human security analyst.

Impact and Result

  • Consider deploying an endpoint protection technology that leverages machine learning into your existing endpoint security strategy to counteract against the unknown and to quickly sift through the large volumes of data.
  • Understand how machine learning methods can help drive your organization’s security goals.
  • Identify vendors that utilize machine learning in their endpoint security products.
  • Understand use cases of where machine learning in endpoint security has been successful.

Debunk Machine Learning Endpoint Security Solutions Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should consider machine learning in endpoint security solutions, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Demystify machine learning concepts

Understand basic machine learning concepts used in endpoint security.

  • Debunk Machine Learning Endpoint Security Solutions – Phase 1: Demystify Machine Learning Concepts

2. Evaluate vendors that leverage machine learning

Determine feature requirements to evaluate vendors.

  • Debunk Machine Learning Endpoint Security Solutions – Phase 2: Evaluate Vendors That Leverage Machine Learning
  • Endpoint Protection Request for Proposal
[infographic]

Define and Deploy an Enterprise PMO

  • Buy Link or Shortcode: {j2store}189|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: $471,249 Average $ Saved
  • member rating average days saved: 53 Average Days Saved
  • Parent Category Name: Project Management Office
  • Parent Category Link: /project-management-office
  • As an enterprise PMO leader, you need to evolve your PMO framework beyond an IT-centric model of project portfolio management (PPM) to optimize communication and coordination on enterprise-wide initiatives.
  • While senior leaders are demanding greater uniformity in strategic project execution, individual departments currently operate—to the detriment of the organization—as sovereign silos.
  • You know that the answer is a more strategically aligned enterprise PMO framework, but you’re unsure of how to start building the case for one, especially when the majority of upper management view PMOs as support entities rather than strategic partners.

Our Advice

Critical Insight

  • An EPMO can’t simply be imposed on an organization. If it is not backed by an executive sponsor, then there needs to be an identifiable business value in implementing one, and you need to communicate this value to stakeholders throughout the enterprise.
  • EPMOs add value not by enforcing project or program governance, but by helping organizations achieve strategic goals and manage change.
  • EPMOs enable organizations to succeed on enterprise-wide initiatives by connecting the individual parts to the whole. They should serve as the coordinating mechanism that ensures the flow of information and resources across departments and programs.

Impact and Result

  • Find the right balance between a command and control approach that dictates governance standards versus an approach that gives business units flexibility to manage projects, programs, and portfolios the way they see fit, as long as they meet certain reporting, process, and record keeping requirements.
  • Effectively define the EPMO’s role, reach, and authority in terms of Portfolio Governance, Project Leadership, and PPM Administration. An organizationally appropriate mix of these three practices will not only ensure stakeholder buy-in, but it will help foster the right conditions for EPMO success.
  • Build strong cross-departmental relationships upon soft or informal grounds by positioning your EPMO as your organization’s portfolio network, i.e. an enterprise hub that facilitates the flow of reliable information and enables timely responsiveness to change.

Define and Deploy an Enterprise PMO Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out how implementing an EPMO could help your organization achieve business goals, review Info-Tech’s methodology, and discover the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Gather requirements

Evaluate executive stakeholder needs and assess your current capabilities to ensure your implementation strategy sets realistic expectations.

  • Define and Deploy an Enterprise PMO – Phase 1: Gather Requirements
  • EPMO Capabilities Survey

2. Define the plan

Define an organizationally appropriate scope and mandate for your EPMO to ensure that your processes serve the needs of the whole.

  • Define and Deploy an Enterprise PMO – Phase 2: Define the Plan
  • EPMO Charter Template
  • EPMO Communication Planning Template

3. Implement the plan

Establish clearly defined and easy-to-follow EPMO processes that minimize project complexity and improve enterprise project results.

  • Define and Deploy an Enterprise PMO – Phase 3: Implement the Plan
  • EPMO Process Guide and SOP Template
  • EPMO Communications Template
[infographic]

Workshop: Define and Deploy an Enterprise PMO

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Gather Requirements

The Purpose

Identify breakdowns in the flow of portfolio data across the enterprise to pinpoint where and how an EPMO can best intervene.

Assess areas of strength and opportunity in your PPM capabilities to help structure and drive the EPMO.

Define stakeholder needs and expectations for the EPMO in order to cultivate capabilities and services that help drive informed and engaged project decisions at the executive level.

Key Benefits Achieved

A current state picture of the triggers that are driving the need for an EPMO at your organization.

A current state understanding of the strengths you bring to the table in constructing an EPMO as well as the areas you need to focus on in building up your capabilities.

A target state set by stakeholder requirements and expectations, which will enable you to build out an implementation strategy that is aligned with the needs of the executive layer.

Activities

1.1 Map current enterprise PPM workflows.

1.2 Conduct a SWOT analysis.

1.3 Identify resourcing considerations and other implementation factors.

1.4 Survey stakeholders to establish the right mix of EPMO capabilities.

Outputs

An overview of the flow of portfolio data and information across the organization

An overview of current strengths, weaknesses, opportunities, and threats

A preliminary assessment of internal and external factors that could impact the success of this implementation

The ability to construct a project plan that is aligned with stakeholder needs and expectations

2 Define the Plan

The Purpose

Define an appropriate scope for the EPMO and the deployment it services.

Devise a plan for engaging and including the appropriate stakeholders during the implementation phase.

Key Benefits Achieved

A clear purview for the EPMO in relation to the wider enterprise in order to establish appropriate expectations for the EPMO’s services throughout the organization.

Engaged stakeholders who understand that they have a stake in the successful implementation of the EPMO.

Activities

2.1 Prepare your EPMO value proposition.

2.2 Define the role and organizational reach of your EPPM capabilities.

2.3 Establish a communication plan to create stakeholder awareness.

Outputs

A clear statement of purpose and benefit that can be used to help build the case for an EPMO with stakeholders

A functional charter defining the scope of the EPMO and providing a statement of the services the EPMO will provide once established

An engaged executive layer that understands the value of the EPMO and helps drive its success

3 Implement the Plan

The Purpose

Establish clearly defined and easy-to-follow EPMO processes that minimize project complexity.

Develop portfolio and project governance structures that feed the EPMO with the data decision makers require without overloading enterprise project teams with processes they can’t support.

Devise a communications strategy that helps achieve organizational buy-in.

Key Benefits Achieved

The reduction of project chaos and confusion throughout the organization.

Processes and governance requirements that work for both decision makers and project teams.

Organizational understanding of the universal benefit of the EPMO’s processes to stakeholders throughout the enterprise. 

Activities

3.1 Establish EPMO roles and responsibilities.

3.2 Document standard procedures around enterprise portfolio reporting, PPM administration, and project leadership.

3.3 Review enterprise PPM solutions.

3.4 Develop a stakeholder engagement and resistance plan.

Outputs

Clear lines of portfolio accountability

A fully actionable EPMO Standard Operating Procedure document that will enable process clarity

An informed understanding of the right PPM solution for your enterprise processes

A communications strategy document to help communicate the organizational benefits of the EPMO

Cybersecurity in Healthcare 2024

Healthcare cybersecurity is a major concern for healthcare organizations and patients alike. In 2024, the healthcare industry faces several cybersecurity challenges, including the growing threat of ransomware, the increasing use of mobile devices in healthcare, and the need to comply with new regulations.

Continue reading

Vendor Management

  • Buy Link or Shortcode: {j2store}15|cart{/j2store}
  • Related Products: {j2store}15|crosssells{/j2store}
  • member rating overall impact: 9.3/10
  • member rating average dollars saved: $9,627
  • member rating average days saved: 10
  • Parent Category Name: Financial Management
  • Parent Category Link: /financial-management
That does not mean strong-arming. It means maximizing the vendor relationship value.

Develop APIs That Work Properly for the Organization

  • Buy Link or Shortcode: {j2store}525|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: $1,133,999 Average $ Saved
  • member rating average days saved: 23 Average Days Saved
  • Parent Category Name: Requirements & Design
  • Parent Category Link: /requirements-and-design
  • CIOs have trouble integrating new technologies (e.g. mobile, cloud solutions) with legacy applications, and lack standards for using APIs across the organization.
  • Organizations produce APIs that are error-prone, not consistently configured, and not maintained effectively.
  • Organizations are looking for ways to increase application quality and code reusability to improve development throughput using web APIs.
  • Organizations are looking for opportunities to create an application ecosystem which can expose internal services across the organization and/or to external third parties and business partners.

Our Advice

Critical Insight

  • Organizations are looking to go beyond current development practices to provide scalable and reusable web services.
  • Web API development is a tactical competency that is important to enabling speed of development, quality of applications, reusability, innovation, and business alignment.
  • Design your web API as a product that promotes speed of development and service reuse.
  • Optimize the design, development, testing, and monitoring of your APIs incrementally and iteratively to cover all use cases in the long term.

Impact and Result

  • Create a repeatable process to improve the quality, reusability, and governance of your web APIs.
  • Define the purpose of your API and the common uses cases that it will service.
  • Understand what development techniques are required to develop an effective web API based on Info-Tech’s web API framework.
  • Continuously reiterate your web API to demonstrate to business stakeholders the value your web API provides.

Develop APIs That Work Properly for the Organization Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop APIs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Examine the opportunities web APIs can enable

Assess the opportunities of web APIs.

  • Develop APIs That Work Properly for the Organization – Phase 1: Examine the Opportunities Web APIs Can Enable

2. Design and develop a web API

Design and develop web APIs that support business processes and enable reusability.

  • Develop APIs That Work Properly for the Organization – Phase 2: Design and Develop a Web API
  • Web APIs High-Level Design Requirements Template
  • Web API Design Document Template

3. Test the web API

Accommodate web API testing best practices in application test plans.

  • Develop APIs That Work Properly for the Organization – Phase 3: Test the Web API
  • Web API Test Plan Template

4. Monitor and continuously optimize the web API

Monitor the usage and value of web APIs and plan for future optimizations and maintenance.

  • Develop APIs That Work Properly for the Organization – Phase 4: Monitor and Continuously Optimize the Web API
  • Web API Process Governance Template
[infographic]

Workshop: Develop APIs That Work Properly for the Organization

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Examine the Opportunities Web APIs Can Enable

The Purpose

Gauge the importance of web APIs for achieving your organizational needs.

Understand how web APIs can be used to achieve below-the-line and above-the-line benefits.

Be aware of web API development pitfalls. 

Key Benefits Achieved

Understanding the revenue generation and process optimization opportunities web APIs can bring to your organization.

Knowledge of the current web API landscape. 

Activities

1.1 Examine the opportunities web APIs can enable.

Outputs

2 Design & Develop Your Web API

The Purpose

Establish a web API design and development process.

Design scalable web APIs around defined business process flows and rules.

Define the web service objects that the web APIs will expose. 

Key Benefits Achieved

Reusable web API designs.

Identification of data sets that will be available through web services.

Implement web API development best practices. 

Activities

2.1 Define high-level design details based on web API requirements.

2.2 Define your process workflows and business rules.

2.3 Map the relationships among data tables through ERDs.

2.4 Define your data model by mapping the relationships among data tables through data flow diagrams.

2.5 Define your web service objects by effectively referencing your data model.

Outputs

High-level web API design.

Business process flow.

Entity relationship diagrams.

Data flow diagrams.

Identification of web service objects.

3 Test Your Web API

The Purpose

Incorporate APIs into your existing testing practices.

Emphasize security testing with web APIs.

Learn of the web API testing and monitoring tool landscape.

Key Benefits Achieved

Creation of a web API test plan.

Activities

3.1 Create a test plan for your web API.

Outputs

Web API Test Plan.

4 Monitor and Continuously Optimize Your Web API

The Purpose

Plan for iterative development and maintenance of web APIs.

Manage web APIs for versioning and reuse.

Establish a governance structure to manage changes to web APIs. 

Key Benefits Achieved

Implement web API monitoring and maintenance best practices.

Establishment of a process to manage future development and maintenance of web APIs. 

Activities

4.1 Identify roles for your API development projects.

4.2 Develop governance for web API development.

Outputs

RACI table that accommodates API development.

Web API operations governance structure.

Reimagine Learning in the Face of Crisis

  • Buy Link or Shortcode: {j2store}601|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Train & Develop
  • Parent Category Link: /train-and-develop
  • As organizations re-evaluate their priorities and shift to new ways of working, leaders and employees are challenged to navigate unchartered territory and to adjust quickly to ever-evolving priorities.
  • Learning how to perform effectively through the crisis and deliver on new priorities is crucial to the success of all employees and the organization.

Our Advice

Critical Insight

The most successful organizations recognize that learning is critical to adjusting quickly and effectively to their new reality. This requires L&D to reimagine their approach to deliver learning that enables the organization’s immediate and evolving priorities.

Impact and Result

  • L&D teams should focus on how to support employees and managers to develop the critical competencies they need to successfully perform through the crisis, enabling organizations to survive and thrive during and beyond the crisis.
  • Ensure learning needs align closely with evolving organizational priorities, collaborate cross-functionally, and curate content to provide the learning employees and leaders need most, when they need it.

Reimagine Learning in the Face of Crisis Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Prioritize

Involve key stakeholders, identify immediate priorities, and conduct high-level triage of L&D.

  • Reimagine Learning in the Face of Crisis Storyboard
  • Reimagine Learning in the Face of Crisis Workbook

2. Reimagine

Determine learning needs and ability to realistically deliver learning. Leverage existing or curate learning content that can support learning needs.

3. Transform

Identify technical requirements for the chosen delivery method and draft a four- to six-week action plan.

  • How to Curate Guide
  • Tips for Building an Online Learning Community
  • Ten Tips for Adapting In-Person Training During a Crisis
  • Tips for Remote Learning in the Face of Crisis
[infographic]

Identify Opportunities to Mature the Security Architecture

  • Buy Link or Shortcode: {j2store}385|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Secure Cloud & Network Architecture
  • Parent Category Link: /secure-cloud-network-architecture
  • Organizations do not have a solid grasp on the complexity of their infrastructure and are unaware of the overall risk to their infrastructure posed by inadequate security.
  • Organizations do not understand how to properly create and deliver value propositions of technical security solutions.

Our Advice

Critical Insight

  • The security architecture is a living, breathing thing based on the risk profile of your organization.
  • Compliance and risk mitigation create an intertwined relationship between the business and your security architecture. The security architecture roadmap must be regularly assessed and continuously maintained to ensure security controls align with organizational objectives.

Impact and Result

  • A right-sized security architecture can be created by assessing the complexity of the IT department, the operations currently underway for security, and the perceived value of a security architecture within the organization. This will bring about a deeper understanding of the organizational infrastructure.
  • Developing a security architecture should also result in a list of opportunities (i.e. initiatives) that an organization can integrate into a roadmap. These initiatives will seek to improve security operations and strengthen the IT department’s understanding of security’s role within the organization.
  • A better understanding of the infrastructure will help to save time on determining the correct technologies required from vendors and therefore cut down on the amount of vendor noise.
  • Creating a defensible roadmap will assist with justifying future security spend.

Identify Opportunities to Mature the Security Architecture Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop a right-sized security architecture, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Identify the organization’s ideal security architecture

Complete three unique assessments to define the ideal security architecture maturity for your organization.

  • Identify Opportunities to Mature the Security Architecture – Phase 1: Identify the Organization's Ideal Security Architecture
  • Security Architecture Recommendation Tool
  • None

2. Create a security program roadmap

Use the results of the assessments from Phase 1 of this research to create a roadmap for improving the security program.

  • Identify Opportunities to Mature the Security Architecture – Phase 2: Create a Security Program Roadmap
[infographic]

Data Architecture

  • Buy Link or Shortcode: {j2store}17|cart{/j2store}
  • Related Products: {j2store}17|crosssells{/j2store}
  • member rating overall impact: 9.5/10
  • member rating average dollars saved: $30,159
  • member rating average days saved: 5
  • Parent Category Name: Data and Business Intelligence
  • Parent Category Link: /data-and-business-intelligence
Enable the business to achieve operational excellence, client intimacy, and product leadership with an innovative, agile, and fit-for-purpose data architecture practice

Customer Value Contribution

I'm proud to announce our new Customer Value Contribution Calculator©, or CVCC© in short.

It enhances and possibly replaces the BIA (Business Impact Analysis) process with a much simpler way.

More info to follow shortly.

Organizational Change Management

  • Buy Link or Shortcode: {j2store}35|cart{/j2store}
  • Related Products: {j2store}35|crosssells{/j2store}
  • member rating overall impact: 9.6/10
  • member rating average dollars saved: $19,055
  • member rating average days saved: 24
  • Parent Category Name: Project Portfolio Management and Projects
  • Parent Category Link: /ppm-and-projects
If you don't know who is responsible for organizational change, it's you.

Develop a Targeted Flexible Work Program for IT

  • Buy Link or Shortcode: {j2store}542|cart{/j2store}
  • member rating overall impact: 9.0/10 Overall Impact
  • member rating average dollars saved: $18,909 Average $ Saved
  • member rating average days saved: 13 Average Days Saved
  • Parent Category Name: Attract & Select
  • Parent Category Link: /attract-and-select
  • Workplace flexibility continues to be top priority for IT employees. Organizations who fail to offer flexibility will have a difficult time attracting, recruiting, and retaining talent.
  • When the benefits of remote work are not available to everyone, this raises fairness and equity concerns.

Our Advice

Critical Insight

IT excels at hybrid location work and is more effective as a business function when location flexibility is an option for its employees. But hybrid work is just a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent.

Impact and Result

  • Uncover the needs of unique employee segments to shortlist flexible work options that employees want and will use.
  • Assess the feasibility of various flexible work options and select ones that meet employee needs and are feasible for the organization.
  • Equip leaders with the information and tools needed to implement and sustain a flexible work program.

Develop a Targeted Flexible Work Program for IT Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Assess employee and organizational flexibility needs

Identify prioritized employee segments, flexibility challenges, and the desired state to inform program goals.

  • Develop a Targeted Flexible Work Program for IT – Phases 1-3
  • Talent Metrics Library
  • Targeted Flexible Work Program Workbook
  • Fast-Track Hybrid Work Program Workbook

2. Identify potential flex options and assess feasibility

Review, shortlist, and assess the feasibility of common types of flexible work. Identify implementation issues and cultural barriers.

  • Flexible Work Focus Group Guide
  • Flexible Work Options Catalog

3. Implement selected option(s)

Equip managers and employees to adopt flexible work options while addressing implementation issues and cultural barriers and aligning HR programs.

  • Guide to Flexible Work for Managers and Employees
  • Flexible Work Time Policy
  • Flexible Work Time Off Policy
  • Flexible Work Location Policy

Infographic

Workshop: Develop a Targeted Flexible Work Program for IT

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Prepare to Assess Flex Work Feasibility

The Purpose

Gather information on organizational and employee flexibility needs.

Key Benefits Achieved

Understand the flexibility needs of the organization and its employees to inform a targeted flex work program.

Activities

1.1 Identify employee and organizational needs.

1.2 Identify employee segments.

1.3 Establish program goals and metrics.

1.4 Shortlist flexible work options.

Outputs

Organizational context summary

List of shortlisted flex work options

2 Assess Flex Work Feasibility

The Purpose

Perform a data-driven feasibility analysis on shortlisted work options.

Key Benefits Achieved

A data-driven feasibility analysis ensures your flex work program meets its goals.

Activities

2.1 Conduct employee/manager focus groups to assess feasibility of flex work options.

Outputs

Summary of flex work options feasibility per employee segment

3 Finalize Flex Work Options

The Purpose

Select the most impactful flex work options and create a plan for addressing implementation challenge

Key Benefits Achieved

A data-driven selection process ensures decisions and exceptions can be communicated with full transparency.

Activities

3.1 Finalize list of approved flex work options.

3.2 Brainstorm solutions to implementation issues.

3.3 Identify how to overcome cultural barriers.

Outputs

Final list of flex work options

Implementation barriers and solutions summary

4 Prepare for Implementation

The Purpose

Create supporting materials to ensure program implementation proceeds smoothly.

Key Benefits Achieved

Employee- and manager-facing guides and policies ensure the program is clearly documented and communicated.

Activities

4.1 Design employee and manager guide prototype.

4.2 Align HR programs and policies to support flexible work.

4.3 Create a communication plan.

Outputs

Employee and manager guide to flexible work

Flex work roadmap and communication plan

5 Next Steps and Wrap-Up

The Purpose

Put everything together and prepare to implement.

Key Benefits Achieved

Our analysts will support you in synthesizing the workshop’s efforts into a cohesive implementation strategy.

Activities

5.1 Complete in-progress deliverables from previous four days.

5.2 Set up review time for workshop deliverables and to discuss next steps.

Outputs

Completed flexible work feasibility workbook

Flexible work communication plan

Further reading

Develop a Targeted Flexible Work Program for IT

Select flexible work options that balance organizational and employee needs to drive engagement and improve attraction and retention.

Executive Summary

Your Challenge

  • IT leaders continue to struggle with workplace flexibility, and it is a top priority for IT employees; as a result, organizations who fail to offer flexibility will have a difficult time attracting, recruiting, and retaining talent.
  • The benefits of remote work are not available to everyone, raising fairness and equity concerns for employees.

Common Obstacles

  • A one-size-fits-all approach to selecting and implementing flexible work options fails to consider unique employee needs and will not reap the benefits of offering a flexible work program (e.g. higher engagement or enhanced employer brand).
  • Improper structure and implementation of flexible work programs exacerbates existing challenges (e.g. high turnover) or creates new ones.

Info-Tech's Approach

  • Uncover the needs of unique employee segments to shortlist flexible work options that employees want and will use.
  • Assess the feasibility of various flexible work options and select ones that meet employee needs and are feasible for the organization.
  • Equip leaders with the information and tools needed to implement and sustain a flexible work program.

Info-Tech Insight

IT excels at hybrid location work and is more effective as a business function when location flexibility is an option for its employees. But hybrid work is just a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent.

Flexible work arrangements are a requirement in today's world of work

Flexible work continues to gain momentum…

A 2022 LinkedIn report found that the following occurred between 2019 and 2021:

+362%

Increase in LinkedIn members sharing content with the term "flexible work."

+83%

Increase in job postings that mention "flexibility."
(LinkedIn, 2022)

In 2022, Into-Tech found that hybrid was the most commonly used location work model for IT across all industries.

("State of Hybrid Work in IT," Info-Tech Research Group, 2022)

…and employees are demanding more flexibility

90%

of employees said they want schedule and location flexibility ("Global Employee Survey," EY, 2021).

17%

of resigning IT employees cited lack of flexible work options as a reason ("IT Talent Trends 2022," Info-Tech Research Group, 2022).

71%

of executives said they felt "pressure to change working models and adapt workplace policies to allow for greater flexibility" (LinkedIn, 2021).

Therefore, organizations who fail to offer flexibility will be left behind

Difficulty attracting and retaining talent

98% of IT employees say flexible work options are important in choosing an employer ("IT Talent Trends 2022," Info-Tech Research Group, 2022).

Worsening employee wellbeing and burnout

Knowledge workers with minimal to no schedule flexibility are 2.2x more likely to experience work-related stress and are 1.4x more likely to suffer from burnout (Slack, 2022; N=10,818).

Offering workplace flexibility benefits organizations and employees

Higher performance

IT departments that offer some degree of location flexibility are more effective at supporting the organization than those who do not.

35% of service desk functions report improved service since implementing location flexibility.
("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

Enhanced employer brand

Employees are 2.1x more likely to recommend their employer to others when they are satisfied with their organization's flexible work arrangements (LinkedIn, 2021).

Improved attraction

41% of IT departments cite an expanded hiring pool as a key benefit of hybrid work.

Organizations that mention "flexibility" in their job postings have 35% more engagement with their posts (LinkedIn, 2022).

Increased job satisfaction

IT employees who have more control over their working arrangement experience a greater sense of contribution and trust in leadership ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

Better work-life balance

81% of employees say flexible work will positively impact their work-life balance (FlexJobs, 2021).

Boosted inclusivity

  • Caregivers regardless of gender, supporting them in balancing responsibilities
  • Individuals with disabilities, enabling them to work from the comfort of their homes
  • Women who may have increased responsibilities
  • Women of color to mitigate the emotional tax experienced at work

Info-Tech Insight

Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.

Despite the popularity of flexible work options, not all employees can participate

IT organizations differ on how much flexibility different roles can have.

IT employees were asked what percentage of IT roles were currently in a hybrid or remote work arrangement ("State of Hybrid Work in IT," Info-Tech Research Group, 2023).

However, the benefits of remote work are not available to all, which raises fairness and equity concerns between remote and onsite employees.

45%

of employers said, "one of the biggest risks will be their ability to establish fairness and equity among employees when some jobs require a fixed schedule or location, creating a 'have and have not' dynamic based on roles" ("Businesses Suffering," EY, 2021).

Offering schedule flexibility to employees who need to be fully onsite can be used to close the fairness and equity gap.

When offered the choice, 54% of employees said they would choose schedule flexibility over location flexibility ("Global Employee Survey," EY, 2021).

When employees were asked "What choice would you want your employer to provide related to when you have to work?" The top three choices were:

68%

Flexibility on when to start and finish work

38%

Compressed or four-day work weeks

33%

Fixed hours (e.g. 9am to 5pm)

Disclaimer: "Percentages do not sum to 100%, as each respondent could choose up to three of the [five options provided]" ("Global Employee Survey," EY, 2021).

Beware of the "all or nothing" approach

There is no one-size-fits-all approach to workplace flexibility.

Understanding the needs of various employee segments in the organization is critical to the success of a flexible work program.

Working parents want more flexibility

82%

of working mothers desire flexibility in where they work.

48%

of working fathers "want to work remotely 3 to 5 days a week."

Historically underrepresented groups value more flexibility

38%

"Thirty-eight percent of Black male employees and 33% of Black female employees would prefer a fully flexible schedule, compared to 25% of white female employees and 26% of white male employees."
(Slack, 2022; N=10,818)

33%

Workplace flexibility must be customized to the organization to avoid longer working hours and heavy workloads that impact employee wellbeing

84%

of remote workers and 61% of onsite workers reported working longer hours post pandemic. Longer working hours were attributed to reasons such as pressure from management and checking emails after working hours (Indeed, 2021).

2.6x

Respondents who either agreed or strongly agreed with the statement "Generally, I find my workload reasonable" were 2.6x more likely to be engaged compared to those who stated they disagreed or strongly disagreed (McLean & Company Engagement Survey Database;2022; N=5,615 responses).

Longer hours and unsustainable workloads can contribute to stress and burnout, which is a threat to employee engagement and retention. With careful management (e.g. setting clear expectations and establishing manageable workloads), flexible work arrangement benefits can be preserved.

Info-Tech Insight

Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.

Develop a flexible work program that meets employee and organizational needs

This is an image of a sample flexible work program which meets employee and organizational needs.

Insight summary

Overarching insight: IT excels at hybrid location work and is more effective as a business function when location, time, and time-off flexibility are an option for its employees.

Introduction

Step 1 insight

Step 2 insight

Step 3 insight

  • Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.
  • Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.
  • Flexible work benefits everyone. IT employees experience greater engagement, motivation, and company loyalty. IT organizations realize benefits such as better service coverage, reduced facilities costs, and increased productivity.
  • Hybrid work is a start. A comprehensive flex work program extends beyond flexible location to flexible time and time off. Organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.
  • No two employee segments are the same. To be effective, flexible work options must align with the expectations and working processes of each segment.
  • Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future proofing your organization.
  • Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization, or if the cost of the option is too high, it will not support the long-term success of the organization.
  • Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.
  • Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.
  • Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.
  • A set of formal guidelines for IT ensures flexible work is:
    1. Administered fairly across all IT employees.
    2. Defensible and clear.
    3. Scalable to the rest of the organization.

Case Study

Expanding hybrid work at Info-Tech

Challenge

In 2020, Info-Tech implemented emergency work-from-home for its IT department, along with the rest of the organization. Now in 2023, hybrid work is firmly embedded in Info-Tech's culture, with plans to continue location flexibility for the foreseeable future.

Adjusting to the change came with lessons learned and future-looking questions.

Lessons Learned

Moving into remote work was made easier by certain enablers that had already been put in place. These included issuing laptops instead of desktops to the user base and using an existing cloud-based infrastructure. Much support was already being done remotely, making the transition for the support teams virtually seamless.

Continuing hybrid work has brought benefits such as reduced commuting costs for employees, higher engagement, and satisfaction among staff that their preferences were heard.

Looking Forward

Every flexible work implementation is a work in progress and must be continually revisited to ensure it continues to meet organizational and employee needs. Current questions being explored at Info-Tech are:

  • The concept of the "office as a tool" – how does use of the office change when it is used for specific collaboration-related tasks, rather than everything? How should the physical space change to support this?
  • What does a viable replacement for quick hallway meetings look like in a remote world where communication is much more deliberate? How can managers adjust their practices to ensure the benefits of informal encounters aren't lost?

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

Preparation

Step 1

Step 2

Step 3

Follow-up

Call #1: Scope requirements, objectives, and your specific challenges.

Call #2: Assess employee and organizational needs.

Call #3: Shortlist flex work options and assess feasibility.

Call #4: Finalize flex work options and create rollout plan.

Call #5: (Optional) Review rollout progress or evaluate pilot success.

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 3 to 5 calls over the course of 4 to 6 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Day 1

Day 2

Day 3

Day 4

Day 5

Activities

Prepare to assess flex work feasibility

Assess flex work feasibility

Finalize flex work options

Prepare for implementation

Next Steps and Wrap-Up (offsite)

1.1 Identify employee and organizational needs.

1.2 Identify employee segments.

1.3 Establish program goals and metrics.

1.4 Shortlist flex work options.

2.1 Conduct employee/manager focus groups to assess feasibility of flex work options.

3.1 Finalize list of approved flex work options.

3.2 Brainstorm solutions to implementation issues.

3.2 Identify how to overcome cultural barriers.

4.1 Design employee and manager guide prototype.

4.2 Align HR programs and policies to support flexible work.

4.3 Create a communication plan.

5.1 Complete in-progress deliverables from previous four days.

5.2 Set up review time for workshop deliverables and to discuss next steps.

Deliverables

  1. Organizational context summary
  2. List of shortlisted flex work options
  1. Summary of flex work options' feasibility per employee segment
  1. 1.Final list of flex work options
  2. 2.Implementation barriers and solutions summary
  1. Employee and manager guide to flexible work
  2. Flex work roadmap and communication plan
  1. Completed flexible work feasibility workbook
  2. Flexible work communication plan

Step 1

Assess employee and organizational needs

1. Assess employee and organizational flexibility needs
2. Identify potential flex options and assess feasibility
3. Implement selected option(s)

After completing this step you will have:

  • Identified key stakeholders and their responsibilities
  • Uncovered the current and desired state of the organization
  • Analyzed feedback to identify flexibility challenges
  • Identified and prioritized employee segments
  • Determined the program goals
  • Identified the degree of flexibility for work location, timing, and deliverables

Identify key stakeholders

Organizational flexibility requires collaborative and cross-functional involvement to determine which flexible options will meet the needs of a diverse workforce. HR leads the project to explore flexible work options, while other stakeholders provide feedback during the identification and implementation processes.

HR

  • Assist with the design, implementation, and maintenance of the program.
  • Provide managers and employees with guidance to establish successful flexible work arrangements.
  • Help develop communications to launch and maintain the program.

Senior Leaders

  • Champion the project by modeling and promoting flexible work options
  • Help develop and deliver communications; set the tone for flexible work at the organization.
  • Provide input into determining program goals.

Managers

  • Model flexible work options and encourage direct reports to request and discuss options.
  • Use flexible work program guidelines to work with direct reports to select suitable flexible work options.
  • Develop performance metrics and encourage communication between flexible and non-flexible workers.

Flexible Workers

  • Indicate preferences of flexible work options to the manager.
  • Identify ways to maintain operational continuity and communication while working flexibly.
  • Flag issues and suggest improvements to the manager.
  • Develop creative ways to work with colleagues who don't work flexibly.

Non-Flexible Workers

  • Share feedback on issues with flexible arrangements and their impact on operational continuity.

Info-Tech Insight

Flexible work is a holistic team effort. Leaders, flexible workers, teammates, and HR must clearly understand their roles to ensure that teams are set up for success.

Uncover the current and desired state of flexibility in the organization

Current State

Target State

Review:

  • Existing policies related to flexibility (e.g. vacation, work from anywhere)
  • Existing flexibility programs (e.g. seasonal hours) and their uptake
  • Productivity of employees
  • Current culture at the organization. Look for:
    • Employee autonomy
    • Reporting structure and performance management processes
    • Trust and psychological safety of employees
    • Leadership behavior (e.g. do leaders model work-life balance, or does the organization have a work 24/7 mentality?)

Identify what is driving the need for flexible work options. Ask:

  • Why does the organization need flexible options?
    • For example, the introduction of flexibility for some employees has created a "have and have not" dynamic between roles that must be addressed.
  • What does the organization hope to gain from implementing flexible options? For example:
    • Improved retention
    • Increased attraction, remaining competitive for talent
    • Increased work-life balance for employees
    • Reduced burnout
  • What does the organization aspire to be?
    • For example, an organization that creates an environment that values output, not face time.

These drivers identify goals for the organization to achieve through targeted flexible work options.

Info-Tech Insight

Hybrid work is a start. A comprehensive flex work program extends beyond flexible location, so organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.

Identify employee segments

Using the data, feedback, and challenges analyzed and uncovered so far, assess the organization and identify employee segments.

Identify employee segments with common characteristics to assess if they require unique flexible work options. Assess the feasibility options for the segments separately in Step 2.

  • Segments' unique characteristics include:
    • Role responsibilities (e.g. interacting with users, creating reports, development and testing)
    • Work location/schedule (e.g. geographic, remote vs. onsite, 9 to 5)
    • Work processes (e.g. server maintenance, phone support)
    • Group characteristics (e.g. specific teams, new hires)

Identify employee segments and sort them into groups based on the characteristics above.

Examples of segments:

  • Functional area (e.g. Service Desk, Security)
  • Job roles (e.g. desktop support, server maintenance)
  • Onsite, remote, or hybrid
  • Full-time or part-time
  • Job level (e.g. managers vs. independent contributors)
  • Employees with dependents

Prioritize employee segments

Determine whether the organization needs flexible work options for the entire organization or specific employee segments.
For specific employee segments:

  • Answer the questions on the right to identify whether an employee segment is high, medium, or low priority. Complete slides 23 to 25 for each high-priority segment, repeating the process for medium-priority segments when resources allow.

For the entire organization:

  • When identifying an option for the entire organization, consider all segments. The approach must create consistency and inclusion; keep this top of mind when identifying flexibility on slides 23 to 25. For example, the work location flexibility would be low in an organization where some segments can work remotely and others must be onsite due to machinery requirements.

High priority: The employee segment has the lowest engagement scores or highest turnover within the organization. Segment sentiment is that current flexibility is nonexistent or not sufficiently meeting needs.
Medium priority: The employee segment has low engagement or high turnover. Segment sentiment is that currently available flexibility is minimal or not sufficiently meeting needs.
Low priority: The segment does not have the lowest engagement or the highest turnover rate. Segment sentiment is that currently available flexibility is sufficiently meeting needs.

  1. What is the impact on the organization if this segment's challenges aren't addressed (e.g. if low engagement and high turnover are not addressed)?
  2. How critical is flexibility to the segment's needs/engagement?
  3. How time sensitive is it to introduce flexibility to this segment (e.g. is the organization losing employees in this segment at a high rate)?
  4. Will providing flexibility to this segment increase organizational productivity or output

Identify challenges to address with flexibility

Uncover the lived experiences and expectations of employees to inform selection of segments and flexible options.

  1. Collect data from existing sources, such as:
    • Engagement surveys
    • New hire/exit surveys
    • Employee experience monitor surveys
    • Employee retention pulse surveys
    • Burnout surveys
    • DEI pulse surveys
  2. Analyze employee feedback on experiences with:
    • Work duties
    • Workload
    • Work-life balance
    • Operating processes and procedures
    • Achieving operational outcomes
    • Collaboration and communication
    • Individual experience and engagement
  3. Evaluate the data and identify challenges

Example challenges:

  • Engagement: Low average score on work-life balance question; flexible work suggested in open-ended responses.
  • Retention: Exit survey indicating that lack of work-life balance is consistently a reason employees leave. Include the cost of turnover (e.g. recruitment, training, severance).
  • Burnout: Feedback from employees through surveys or HR business partner anecdotes indicating high burnout; high usage of wellness services or employee assistance programs.
  • Absenteeism: High average number of days employees were absent in the past year. Include the cost of lost productivity.
  • Operational continuity: Provide examples of when flexible work would have enabled operational continuity in the case of disaster or extended customer service coverage.
  • Program uptake: If the organization already has a flexible work program, provide data on the low proportion of eligible employees using available options.

1.1 Prepare to evaluate flexible work options

1-3 hours

Follow the guidance on preceding slides to complete the following activities.
Note: If you are only considering remote or hybrid work, use the Fast-Track Hybrid Work Program Workbook. Otherwise, proceed with the Targeted Flexible Work Program Workbook.

  1. Identify key stakeholders. Be sure to record the level of involvement and responsibility expected from each stakeholder. Use the "Stakeholders" tab of the workbook.
  2. Uncover current and desired state. Review and record your current state with respect to culture, productivity, and current flexible work options, if any. Next, record your desired future state, including reasons for implementing flexible work, and goals for the program. Record this in the "Current and Desired State" tab of the workbook.
  3. Identify and prioritize employee segments. Identify and record employee segments. Depending on the size of your department, you may identify a few or many. Be as granular as necessary to fully separate employee groups with different needs. If your resources or needs prevent you from rolling out flexible work to the entire department, record the priority level of each segment so you can focus on the highest priority first.
  4. Identify challenges with flexibility. With each employee segment in mind, analyze your available data to identify and record each segment's main challenges regarding flexible work. These will inform your program goals and metrics.

Download the Targeted Flexible Work Program Workbook

Download the Fast-Track Hybrid Work Program Workbook

Input

  • List of departmental roles
  • Data on employee engagement, productivity, sentiment regarding flexible work, etc.

Output

  • List of stakeholders and responsibilities
  • Flexible work challenges and aims
  • Prioritized list of employee segments

Materials

  • Targeted Flexible Work Program Workbook
    Or
  • Fast-Track Hybrid Work Program Workbook

Participants

  • IT department head
  • HR business partner
  • Flexible work program committee

Determine goals and metrics for the flexible work program

Sample program goals

Sample metrics

Increase productivity

  • Employee, team, and department key performance indicators (KPIs) before and after flexible work implementation
  • Absenteeism rate (% of lost working days due to all types of absence)

Improve business satisfaction and perception of IT value

Increase retention

  • % of exiting employees who cite lack of flexible work options or poor work-life balance as a reason they left
  • Turnover and retention rates

Improve the employee value proposition (EVP) and talent attraction

  • # of responses on the new hire survey where flexible work options or work-life balance are cited as a reason for accepting an employment offer
  • # of views of career webpage that mentions flexible work program
  • Time-to-fill rates

Improve engagement and work-life balance

  • Overall engagement score – deploy Info-Tech's Employee Engagement Diagnostics
  • Score for questions about work-life balance on employee engagement or pulse survey, including:
    • "I am able to maintain a balance between my work and personal life."
    • "I find my stress levels at work manageable."

Info-Tech Insight

Implementing flex work without solid performance metrics means you won't have a way of determining whether the program is enabling or hampering your business practices.

1.2 Determine goals and metrics

30 minutes

Use the examples on the preceding slide to identify program goals and metrics:

  1. Brainstorm program goals. Be sure to consider both the business benefits (e.g. productivity, retention) and the employee benefits (work-life balance, engagement). A successful flexible work program benefits both the organization and its employees.
  2. Brainstorm metrics for each goal. Identify metrics that are easy to track accurately. Use Info-Tech's IT and HR metrics libraries for reference. Ideally, the metrics you choose should already exist in your organization so no extra effort will be necessary to implement them. It is also important to have a baseline measure of each one before flexible work is rolled out.
  3. Record your outputs on the "Goals and Metrics" tab of the workbook.

Download the Targeted Flexible Work Program Workbook

Download the IT Metrics Library

Download the HR Metrics Library

Input

  • Organizational and departmental strategy

Output

  • List of program goals and metrics

Materials

  • Targeted Flexible Work Program Workbook
    Or
  • Fast-Track Hybrid Work Program Workbook

Participants

  • Flexible work program committee

Determine work location flexibility for priority segments

Work location looks at where a segment can complete all or some of their tasks (e.g. onsite vs. remote). For each prioritized employee segment, evaluate the amount of location flexibility available.

Work Duties

Processes

Operational Outcomes

High degree of flexibility

  • Low dependence on onsite equipment
  • Work easily shifts to online platforms
  • Low dependence on onsite external interactions (e.g. clients, customers, vendors)
  • Low interdependence of work duties internally (most work is independent)
  • Work processes and expectations are or can be formally documented
  • Remote work processes are sustainable long term

Most or all operational outcomes can be achieved offsite (e.g. products/service delivery not impacted by WFH)

  • Some dependence on onsite equipment
  • Some work can shift to online platforms
  • Some dependence on onsite external interactions
  • Some interdependence of work duties internally (collaboration is critical)
  • Most work processes and expectations have been or can be formally documented
  • Remote work processes are sustainable (e.g. workarounds can be supported and didn't add work)

Some operational outcomes can be achieved offsite (e.g. some impact of WFH on product/service delivery)

Low degree of flexibility

  • High dependence on onsite equipment
  • Work cannot shift to online platforms
  • High dependence on onsite external interactions
  • High interdependence of work duties internally (e.g. line work)
  • Few work processes and expectations can be formally documented
  • Work processes cannot be done remotely, and workarounds for remote work are not sustainable long term

Operational outcomes cannot be achieved offsite (e.g. significant impairment to product/service delivery)

Note

If roles within the segment have differing levels of location flexibility, use the lowest results (e.g. if role A in the segment has a high degree of flexibility for work duties and role B has a low degree of flexibility, use the results for role B).

Identify work timing for priority segments

Work timing looks at when work can or needs to be completed (e.g. Monday to Friday, 9am to 5pm).

Work Duties

Processes

Operational Outcomes

High degree of flexibility

  • No need to be available to internal and/or external customers during standard work hours
  • Equipment is available at any time
  • Does not rely on synchronous (occurring at the same time) work duties internally
  • Work processes and expectations are or can be formally documented
  • Low reliance on collaboration
  • Work is largely asynchronous (does not occur at the same time)

Most or all operational outcomes are not time sensitive

  • Must be available to internal and/or external customers during some standard work hours
  • Some reliance on synchronous work duties internally (collaboration is critical)
  • Most work processes and expectations have been or can be formally documented
  • Moderate reliance on collaboration
  • Some work is synchronous

Some operational outcomes are time sensitive and must be conducted within set date or time windows

Low degree of flexibility

  • Must be available to internal and/or external customers during all standard work hours (e.g. Monday to Friday 9 to 5)
  • High reliance on synchronous work duties internally (e.g. line work)
  • Few work processes and expectations can be formally documented
  • High reliance on collaboration
  • Most work is synchronous

Most or all operational outcomes are time sensitive and must be conducted within set date or time windows

Note

With additional coordination, flex time or flex time off options are still possible for employee segments with a low degree of flexibility. For example, with a four-day work week, the segment can be split into two teams – one that works Monday to Thursday and one that works Tuesday to Friday – so that employees are still available for clients five days a week.

Examine work deliverables for priority segments

Work deliverables look at the employee's ability to deliver on their role expectations (e.g. quota or targets) and whether reducing the time spent working would, in all situations, impact the work deliverables (e.g. constrained vs. unconstrained).

Work Duties

Operational Outcomes

High degree of flexibility

  • Few or no work duties rely on equipment or processes that put constraints on output (unconstrained output)
  • Employees have autonomy over which work duties they focus on each day
  • Most or all operational outcomes are unconstrained (e.g. a marketing analyst who builds reports and strategies for clients can produce more reports, produce better reports, or identify new strategies)
  • Work quota or targets are achievable even if working fewer hours
  • Some work duties rely on equipment or processes that put constraints on output
  • Employees have some ability to decide which work duties they focus on each day
  • Some operational outcomes are constrained or moderately unconstrained (e.g. an analyst build reports based on client data; while it's possible to find efficiencies and build reports faster, it's not possible to attain the client data any faster)
  • Work quota or targets may be achievable if working fewer hours

Low degree of flexibility

  • Most or all work duties rely on equipment or processes that put constraints on output (constrained output)
  • Daily work duties are prescribed (e.g. a telemarketer is expected to call a set number of people per day using a set list of contacts and a defined script)
  • Most or all operational outcomes are constrained (e.g. a machine operator works on a machine that produces 100 parts an hour; neither the machine nor the worker can produce more parts)
  • Work quota or targets cannot be achieved if fewer hours are worked

Note

For segments with a low degree of work deliverable flexibility (e.g. very constrained output), flexibility is still an option, but maintaining output would require additional headcount.

1.3 Determine flexibility needs and constraints

1-2 hours

Use the guidelines on the preceding slides to document the parameters of each work segment.

  1. Determine work location flexibility. Work location looks at where a segment can complete all or some of their tasks (e.g. onsite vs. remote). For each prioritized employee segment, evaluate the amount of location flexibility available.
  2. Identify work timing. Work timing looks at when work can or needs to be completed (e.g. Monday to Friday, 9am to 5pm).
  3. Examine work deliverables. Work deliverables look at the employee's ability to deliver on their role expectations (e.g. quota or targets) and whether reducing the time spent working would, in all situations, impact the work deliverables (e.g. constrained vs. unconstrained).
  4. Record your outputs on the "Current and Desired State" tab of the workbook.

Download the Targeted Flexible Work Program Workbook

Input

  • List of employee segments

Output

  • Summary of flexibility needs and constraints for each employee segment

Materials

  • Targeted Flexible Work Program Workbook
    Or
  • Fast-Track Hybrid Work Program Workbook

Participants

  • Flexible work program committee
  • Employee segment managers

Step 2

Identify potential flex options and assess feasibility

1. Assess employee and organizational flexibility needs
2. Identify potential flex options and assess feasibility
3. Implement selected option(s)

After completing this step you will have:

  • Created a shortlist of potential options for each prioritized employee segment
  • Evaluated the feasibility of each potential option
  • Determined the cost and benefit of each potential option
  • Gathered employee sentiment on potential options
  • Finalized options with senior leadership

Prepare to identify and assess the feasibility of potential flexible work options

First, review the Flexible Work Solutions Catalog

Before proceeding to the next slide, review the Flexible Work Options Catalog to identify and shortlist five to seven flexible work options that are best suited to address the challenges faced for each of the priority employee segments identified in Step 1.

Then, assess the feasibility of implementing selected options using slides 29 to 32

Assess the feasibility of implementing the shortlisted solutions for the prioritized employee segments against the feasibility factors in this step. Repeat for each employee segment. Use the following slides to consult with and include leaders when appropriate.

  • Document your analysis in tabs 6 to 8 of the Targeted Flexible Work Program Workbook.
  • Note implementation issues throughout the assessment and record them in the tool. They will be addressed in Step 3: Implement Selected Program(s). Don't rule out an option simply because it presents some challenges; careful implementation can overcome many challenges.
  • At the end of this step, determine the final list of flexible work options and gain approval from senior leaders for implementation.

Evaluate feasibility by reviewing the option's impact on continued operations and job performance

Operational coverage

Synchronous communication

Time zones

Face-to-face

communication

To what extent are employees needed to deliver products or services?

  • If constant customer service is required, stagger employees' schedules (e.g. one team works Monday-Thursday while another works Tuesday-Friday).

To what extent do employees need to communicate with each other synchronously?

  • Break the workflow down and identify times when employees do and do not have to work at the same time to communicate with each other.

To what extent do employees need to coordinate work across time zones?

  • If the organization already operates in different time zones, ensure that the option does not impact operations requiring continuous coverage.
  • When employees are located in different time zones, coordinate schedules based on the other operational factors.

When do employees need to interact with each other or clients in person?

  • Examine the workflow closely to identify times when face-to-face communication is not required. Schedule "office days" for employees to work together when in-person interaction is needed.
  • When the interaction is only required with clients, determine whether employees are able to meet clients offsite.

Info-Tech Insight

Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future-proof your organization.

Assess the option's alignment with organizational culture

Symbols

Values

Behaviors

How supportive of flexible work are the visible aspects of the organization's culture?

  • For example, the mission statement, newsletters, or office layout.
  • Note: Visible elements will need to be adapted to ensure they reinforce the value of the flexible work option.

How supportive are both the stated and lived values of the organization?

  • When the flexible work option includes less direct supervision, assess how empowered employees feel to make decisions.
  • Assess whether all types of employees (e.g. virtual) are included, valued, and supported.

How supportive are the attitudes and behaviors, especially of leaders?

  • Leaders set the expectations for acceptable behaviors in the organization. Determine how supportive leaders are toward flexible workers by examining their attitudes and perceptions.
  • Identify if employees are open to different ways of doing work.

Determine the resources required for the option

People

Process

Technology

Do employees have the knowledge, skills, and abilities to adopt this option?

  • Identify any areas (e.g. process, technology) employees will need to be trained on and assess the associated costs.
  • Determine whether the option will require additional headcount to ensure operational continuity (e.g. two part-time employees in a job-sharing arrangement) and calculate associated costs (e.g. recruitment, training, benefits).

How much will work processes need to change?

  • Interview organizational leaders with knowledge of the employee segment's core work processes. Determine whether a significant change will be required.
  • If a significant change is required, evaluate whether the benefits of the option outweigh the costs of the process and behavioral change (see the "net benefit" factor on slide 33).

What new technologies will be required?

  • Identify the technology (e.g. that supports communication, work processes) required to enable the flexible work option.
  • Note whether existing technology can be used or additional technology will be required, and further investigate the viability and costs of these options.

Examine the option's risks

Data

Health & Safety

Legal

How will data be kept secure?

  • Determine whether the organization's data policy and technology covers employees working remotely or other flexible work options.
  • If the employee segment handles sensitive data (e.g. personal employee information), consult relevant stakeholders to determine how data can be kept secure and assess any associated costs.

How will employees' health and safety be impacted?

  • Consult your organization's legal counsel to determine whether the organization will be liable for the employees' health and safety while working from home or other locations.
  • Determine whether the organization's policies and processes will need to be modified.

What legal risks might be involved?

  • Identify any policies in place or jurisdictional requirements to avoid any legal risks. Consult your organization's legal counsel about the situations below.
    • If the option causes significant changes to the nature of jobs, creating the risk of constructive dismissal.
    • If there are any risks to providing less supervision (e.g. higher chance of harassment).
    • When only some employee segments are eligible for the option, determine whether there is a risk of inequitable access.
    • If the option impacts any unionized employees or collective agreements.

Determine whether the benefits of the option outweigh the costs

Include senior leadership in the net benefit process to ensure any unfeasible options are removed from consideration before presenting to employees.

  1. Document the employee and employer benefits of the option from the previous feasibility factors on slides 29 to 32.
  • Include the benefits of reaching program goals identified in Step 1.
  • Quantify the benefits in dollar value where possible.
  • Document the costs and risks of the option, referring to the costs noted from previous feasibility factors.
    • Quantify the costs in dollar value where possible.
  • Compare the benefits and costs.
    • Add an option to your final list if the benefits are greater than the costs.
  • This is an image of a table with the main heading being Net Benefit, with the following subheadings: Benefits to organization; Benefits to employees; Costs.

    Info-Tech Insight

    Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization as a whole, or if the cost of the option is too high, it will not support the long-term success of the organization.

    2.1a Identify and evaluate flexible work options

    30 minutes per employee segment per work option

    If you are only considering hybrid or remote work, skip to activity 2.1b. Use the guidelines on the preceding slides to conduct feasibility assessments.

    1. Shortlist flexible work options. Review the Flexible Work Options Catalog to identify and shortlist five to seven flexible work options that are best suited to address the challenges faced for each of the priority employee segments. Record these on the "Options Shortlist" tab of the workbook. Even if the decision is simple, ensure you record the rationale to help communicate your decision to employees. Transparent communication is the best way to avoid feelings of unfairness if desired work options are not implemented.
    2. Evaluate option feasibility. For each of the shortlisted options, complete one "Feasibility - Option" tab in the workbook. Make as many copies of this tab as needed.
      • When evaluating each option, consider each employee segment individually as you work through the prompts in the workbook. You may find that segments differ greatly in the feasibility of various types of flexible work. You will use this information to inform your overall policy and any exceptions to it.
      • You may need to involve each segment's management team to get an accurate picture of day-to-day responsibilities and flexible work feasibility.
    3. Weigh benefits and costs. At the end of each flexible work option evaluation, record the anticipated costs and benefits. Discuss whether this balance renders the option viable or rules it out.

    Download the Targeted Flexible Work Program Workbook

    Download the Flexible Work Options Catalog

    Input

    • List of employee segments

    Output

    • Shortlist of flexible work options
    • Feasibility analysis for each work option

    Materials

    • Targeted Flexible Work Program Workbook
    • Flexible Work Options Catalog

    Participants

    • Flexible work program committee
    • Employee segment managers

    2.1b Assess hybrid work feasibility

    30 minutes per employee segment

    Use the guidelines on the preceding slides to conduct a feasibility assessment. This exercise relies on having trialed hybrid or remote work before. If you have never implemented any degree of remote work, consider completing the full feasibility assessment in activity 2.1a.

    1. Evaluate hybrid work feasibility. Review the feasibility prompts on the "Work Unit Remote Work Assessment" tab and record your insight for each employee segment.
      • When evaluating each option, consider each employee segment individually as you work through the prompts in the workbook. You may find that segments differ greatly in their ability to accommodate hybrid work. You will use this information to inform your overall policy and any exceptions to it.
      • You may need to involve each segment's management team to get an accurate picture of day-to-day responsibilities and hybrid work feasibility.

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • List of employee segments

    Output

    • Feasibility analysis for each work option

    Materials

    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Ask employees which options they prefer and gather feedback for implementation

    Deliver a survey and/or conduct focus groups with a selection of employees from all prioritized employee segments.

    Share

    • Present your draft list of options to select employees.
    • Communicate that the organization is in the process of assessing the feasibility of flexible work options and would like employee input to ensure flex work meets needs.
    • Be clear that the list is not final or guaranteed.

    Ask

    • Ask which options are preferred more than others.
    • Ask for feedback on each option – how could it be modified to meet employee needs better? Use this information to inform implementation in Step 3.

    Decide

    • Prioritize an option if many employees indicated an interest in it.
    • If employees indicate no interest in an option, consider eliminating it from the list, unless it will be required. There is no value in providing an option if employees won't use it.

    Survey

    • List the options and ask respondents to rate each on a Likert scale from 1 to 5.
    • Ask some open-ended questions with comment boxes for employee suggestions.

    Focus Group

    • Conduct focus groups to gather deeper feedback.
    • See Appendix I for sample focus group questions.

    Info-Tech Insight

    Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.

    Finalize options list with senior leadership

    1. Select one to three final options and outline the details of each. Include:
      • Scope: To what extent will the option be applied? E.g. work-from-home one or two days a week.
      • Eligibility: Which employee segments are eligible?
      • Cost: What investment will be required?
      • Critical implementation issues: Will any of the implementation issues identified for each feasibility factor impact whether the option will be approved?
      • Resources: What additional resources will be required (e.g. technology)?
    2. Present the options to stakeholders for approval. Include:
      • An outline of the finalized options, including what the option is and the scope, eligibility, and critical implementation issues.
      • The feasibility assessment results, including benefits, costs, and employee preferences. Have more detail from the other factors ready if leaders ask about them.
      • The investment (cost) required to implement the option.
    3. Proceed to Step 3 to implement approved options.

    Running an IT pilot of flex work

    • As a technology department, IT typically doesn't own flexible work implementation for the entire organization. However, it is common to trial flexible work options for IT first, before rolling out to the entire organization.
    • During a flex work pilot, ensure you are working closely with HR partners, especially regarding regulatory and compliance issues.
    • Keep the rest of the organizational stakeholders in the loop, especially regarding their agreement on the metrics by which the pilot's success will be evaluated.

    2.2a Finalize flexible work options

    2-3 hours + time to gather employee feedback

    If you are only considering hybrid or remote work, skip to activity 2.2b. Use the guidelines on the preceding slides to gather final feedback and finalize work option selections.

    1. Gather employee feedback. If employee preferences are already known, skip this step. If they are not, gather feedback to ascertain whether any of the shortlisted options are preferred. Remember that a successful flexible work program balances the needs of employees and the business, so employee preference is a key determinant in flexible work program success. Document this on the "Employee Preferences" tab of the workbook.
    2. Finalize flexible work options. Use your notes on the cost-benefit balance for each option, along with employee preferences, to decide whether the move forward with it. Record this decision on the "Options Final List" tab. Include information about eligible employee segments and any implementation challenges that came up during the feasibility assessments. This is the final decision summary that will inform your flexible program parameters and policies.

    Download the Targeted Flexible Work Program Workbook

    Input

    • Flexible work options shortlist

    Output

    • Final flexible work options list

    Materials

    • Targeted Flexible Work Program Workbook

    Participants

    • Flexible work program committee

    2.2b Finalize hybrid work parameters

    2-3 hours + time to gather employee feedback

    Use the guidelines on the preceding slides to gather final feedback and finalize work option selections.

    1. Summarize feasibility analysis. On the "Program Parameters" tab, record the main insights from your feasibility analysis. Finalize important elements, including eligibility for hybrid/remote work by employee segment. Additionally, record the standard parameters for the program (i.e. those that apply to all employee segments) and variable parameters (i.e. ones that differ by employee segment).

    Download the Fast-Track Hybrid Work Program Workbook

    Input

    • Hybrid work feasibility analysis

    Output

    • Final hybrid work program parameters

    Materials

    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee

    Step 3

    Implement selected option(s)

    1. Assess employee and organizational flexibility needs
    2. Identify potential flex options and assess feasibility
    3. Implement selected option(s)

    After completing this step, you will have:

    • Addressed implementation issues and cultural barriers
    • Equipped the organization to adopt flexible work options successfully
    • Piloted the program and assessed its success
    • Developed a plan for program rollout and communication
    • Established a program evaluation plan
    • Aligned HR programs to support the program

    Solve the implementation issues identified in your feasibility assessment

    1. Identify a solution for each implementation issue documented in the Targeted Flexible Work Program Workbook. Consider the following when identifying solutions:
      • Scope: Determine whether the solution will be applied to one or all employee segments.
      • Stakeholders: Identify stakeholders to consult and develop a solution. If the scope is one employee segment, work with organizational leaders of that segment. When the scope is the entire organization, consult with senior leaders.
      • Implementation: Collaborate with stakeholders to solve implementation issues. Balance the organizational and employee needs, referring to data gathered in Steps 1 and 2.

    Example:

    Issue

    Solution

    Option 1: Hybrid work

    Brainstorming at the beginning of product development benefits from face-to-face collaboration.

    Block off a "brainstorming day" when all team members are required in the office.

    Employee segment: Product innovation team

    One team member needs to meet weekly with the implementation team to conduct product testing.

    Establish a schedule with rotating responsibility for a team member to be at the office for product testing; allow team members to swap days if needed.

    Address cultural barriers by involving leaders

    To shift a culture that is not supportive of flexible work, involve leaders in setting an example for employees to follow.

    Misconceptions

    Tactics to overcome them

    • Flexible workers are less productive.
    • Flexible work disrupts operations.
    • Flexible workers are less committed to the organization.
    • Flexible work only benefits employees, not the organization.
    • Employees are not working if they aren't physically in the office.

    Make the case by highlighting challenges and expected benefits for both the organization and employees (e.g. same or increased productivity). Use data in the introductory section of this blueprint.

    Demonstrate operational feasibility by providing an overview of the feasibility assessment conducted to ensure operational continuity.

    Involve most senior leadership in communication.

    Encourage discovery and exploration by having managers try flexible work options themselves, which will help model it for employees.

    Highlight success stories within the organization or from competitors or similar industries.

    Invite input from managers on how to improve implementation and ownership, which helps to discover hidden options.

    Shift symbols, values, and behaviors

    • Work with senior leaders to identify symbols, values, and behaviors to modify to align with the selected flexible work options.
    • Validate that the final list aligns with your organization's mission, vision, and values.

    Info-Tech Insight

    Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.

    Equip the organization for successful implementation

    Info-Tech recommends providing managers and employees with a guide to flexible work, introducing policies, and providing training for managers.

    Provide managers and employees with a guide to flexible work

    Introduce appropriate organization policies

    Equip managers with the necessary tools and training

    Use the guide to:

    • Familiarize employees and managers with the flexible work program.
    • Gain employee and manager buy-in and support for the program.
    • Explain the process and give guidance on selecting flexible work options and working with their colleagues to make it a success.

    Use Info-Tech's customizable policy templates to set guidelines, outline arrangements, and scope the organization's flexible work policies. This is typically done by, or in collaboration with, the HR department.

    Download the Guide to Flexible Work for Managers and Employees

    Download the Flex Location Policy

    Download the Flex Time-Off Policy

    Download the Flex Time Policy

    3.1 Prepare for implementation

    2-3 hours

    Use the guidelines on the preceding slides to brainstorm solutions to implementation issues and prepare to communicate program rollout to stakeholders.

    1. Solve implementation issues.
      • If you are working with the Targeted Flexible Work Program Workbook: For each implementation challenge identified on the "Final Options List" tab, brainstorm solutions. If you are working with the Fast-Track Hybrid Work Program Workbook: Work through the program enablement prompts on the "Program Enablement" tab.
      • You may need to involve relevant stakeholders to help you come up with appropriate solutions for each employee segment.
      • Ensure that any anticipated cultural barriers have been documented and are addressed during this step. Don't underestimate the importance of a supportive organizational culture to the successful rollout of flexible work.
    2. Prepare the employee guide. Modify the Guide to Flexible Work for Managers and Employees template to reflect your final work options list and the processes and expectations employees will need to follow.
    3. Create a communication plan. Use Info-Tech's Communicate Any IT Initiative blueprint and Appendix II to craft your messaging.

    Download the Guide to Flexible Work for Managers and Employees

    Download the Targeted Flexible Work Program Workbook

    Input

    • Flexible work options final list

    Output

    • Employee guide to flexible work
    • Flexible work rollout communication plan

    Materials

    • Guide to Flexible Work for Managers and Employees
    • Targeted Flexible Work Program Workbook
      Or
    • Fast-Track Hybrid Work Program Workbook

    Participants

    • Flexible work program committee
    • Employee segment managers

    Run an IT pilot for flexible work

    Prepare for pilot

    Launch Pilot

    Identify the flexible work options that will be piloted.

    • Refer to the final list of selected options for each priority segment to determine which options should be piloted.

    Select pilot participants.

    • If not rolling out to the entire IT department, look for the departments and/or team(s) where there is the greatest need and the biggest interest (e.g. team with lowest engagement scores).
    • Include all employees within the department, or team if the department is too large, in the pilot.
    • Start with a group whose managers are best equipped for the new flexibility options.

    Create an approach to collect feedback and measure the success of the pilot.

    • Feedback can be collected using surveys, focus groups, and/or targeted in-person interviews.

    The length of the pilot will greatly vary based on which flexible work options were selected (e.g. seasonal hours will require a shorter pilot period compared to implementing a compressed work week). Use discretion when deciding on pilot length and be open to extending or shortening the pilot length as needed.

    Launch pilot.

    • Launch the program through a town hall meeting or departmental announcement to build excitement and buy-in.
    • Develop separate communications for employee segments where appropriate. See Appendix II for key messaging to include.

    Gather feedback.

    • The feedback will be used to assess the pilot's success and to determine what modifications will be needed later for a full-scale rollout.
    • When gathering feedback, tailor questions based on the employee segment but keep themes similar. For example:
      • Employees: "How did this help your day-to-day work?"
      • Managers: "How did this improve productivity on your team?"

    Track metrics.

    • The success of the pilot is best communicated using your department's unique KPIs.
    • Metrics are critical for:
      • Accurately determining pilot success.
      • Getting buy-in to expand the pilot beyond IT.
      • Justifying to employees any changes made to the flexible work options.

    Assess the pilot's success and determine next steps

    Review the feedback collected on the previous slide and use this decision tree to decide whether to relaunch a pilot or proceed to a full-scale rollout of the program.

    This is an image of the flow chart used to assess the pilot's success and determine the next steps.  It will help you to determine whether you will Proceed to full-scale rollout on next slide, Major modifications to the option/launch (e.g. change operating time) – adjust and relaunch pilot or select a new employee segment and relaunch pilot, Minor modifications to the option/launch (e.g. introduce additional communications) – adjust and proceed to full scale rollout, or Return to shortlist (Step 2) and select a different option or launch pilot with a different employee segment.

    Prepare for full-scale rollout

    If you have run a team pilot prior to rolling out to all of IT, or run an IT pilot before an organizational rollout, use the following steps to transition from pilot to full rollout.

    1. Determine modifications
      • Review the feedback gathered during the pilot and determine what needs to change for a full-scale implementation.
      • Update HR policies and programs to support flexible work. Work closely with your HR business partner and other organizational leaders to ensure every department's needs are understood and compliance issues are addressed.
    2. Roll out and evaluate
      • Roll out the remainder of the program (e.g. to other employee segments or additional flexible work options) once there is significant uptake of the pilot by the target employee group and issues have been addressed.
      • Determine how feedback will be gathered after implementation, such as during engagement surveys, new hire and exit surveys, stay interviews, etc., and assess whether the program continues to meet employee and organizational needs.

    Rolling out beyond IT

    For a rollout beyond IT, HR will likely take over.

    However, this is your chance to remain at the forefront of your organization's flexible work efforts by continuing to track success and gather feedback within IT.

    Align HR programs and organizational policies to support flexible work

    Talent Management

    Learning & Development

    Talent Acquisition

    Reinforce managers' accountability for the success of flexible work in their teams:

    • Include "managing virtual teams" in the people management leadership competency.
    • Recognize managers who are modeling flexible work.

    Support flexible workers' career progression:

    • Monitor the promotion rates of flexible workers vs. non-flexible workers.
    • Make sure flexible workers are discussed during talent calibration meetings and have access to career development opportunities.

    Equip managers and employees with the knowledge and skills to make flexible work successful.

    • Provide guidance on selecting the right options and maintaining workflow.
    • If moving to a virtual environment, train managers on how to make it a success.

    Incorporate the flexible work program into the organization's employee value proposition to attract top talent who value flexible work options.

    • Highlight the program on the organization's career site and in job postings.

    Organizational policies

    Determine which organizational policies will be impacted as a result of the new flexible work options. For example, the introduction of flex time off can result in existing vacation policies needing to be updated.

    Plan to re-evaluate the program and make improvements

    Collect data

    Collect data

    Act on data

    Uptake

    Gather data on the proportion of employees eligible for each option who are using the option.

    If an option is tracking positively:

    • Maintain or expand the program to more of the organization.
    • Conduct a feasibility assessment (Step 2) for new employee segments.

    Satisfaction

    Survey managers and employees about their satisfaction with the options they are eligible for and provide an open box for suggestions on improvements.

    If an option is tracking negatively:

    • Investigate why. Gather additional data, interview organizational leaders, and/or conduct focus groups to gain deeper insight.
    • Re-assess the feasibility of the option (Step 2). If the costs outweigh the benefits based on new data, determine whether to cancel the option.
    • Take appropriate action based on the outcome of the evaluation, such as modifying or cancelling the option or providing employees with more support.
      • Note: Cancelling an option can impact the engagement of employees using the option. Ensure that the data, reasons for cancelling the option, and potential substitute options are communicated to employees in advance.

    Program goal progress

    Monitor progress against the program goals and metrics identified in Step 1 to evaluate the impact on issues that matter to the organization (e.g. retention, productivity, diversity).

    Career progression

    Evaluate flexible workers' promotion rates and development opportunities to determine if they are developing.

    Info-Tech Insight

    Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.

    Insight summary

    Overarching insight: IT excels at hybrid location work and is more effective as a business function when location, time, and time-off flexibility are an option for its employees.

    Introduction

    • Flexible work options are not a concession to lower productivity. Properly implemented, flex work enables employees to be more productive at reaching business goals.
    • Employees' lived experiences and needs determine if people use flexible work programs – a flex program that has limited use or excludes people will not benefit the organization.
    • Flexible work benefits everyone. IT employees experience greater engagement, motivation, and company loyalty. IT organizations realize benefits such as better service coverage, reduced facilities costs, and increased productivity.

    Step 1 insight

    • Hybrid work is a start. A comprehensive flex work program extends beyond flexible location to flexible time and time off. Organizations must understand the needs of unique employee groups to uncover the options that will attract and retain talent. Provide greater inclusivity to employees by broadening the scope to include flex location, flex time, and flex time off.
    • No two employee segments are the same. To be effective, flexible work options must align with the expectations and working processes of each segment.

    Step 2 insight

    • Every role is eligible for hybrid location work. If onsite work duties prevent an employee group from participating, see if processes can be digitized or automated. Flexible work is an opportunity to go beyond current needs to future proofing your organization.
    • Flexible work options must balance organizational and employee needs. If an option is beneficial to employees but there is little or no benefit to the organization, or if the cost of the option is too high, it will not support the long-term success of the organization.
    • Prioritize flexible work options that employees want. Providing too many options often leads to information overload and results in employees not understanding what is available, lowering adoption of the flexible work program.

    Step 3 insight

    • Leaders' collective support of the flexible program determines the program's successful adoption. Don't sweep cultural barriers under the rug; acknowledge and address them to overcome them.
    • Negative performance of a flexible work option does not necessarily mean failure. Take the time to evaluate whether the option simply needs to be tweaked or whether it truly isn't working for the organization.
    • A set of formal guidelines for IT ensures flexible work is:
      1. Administered fairly across all IT employees.
      2. Defensible and clear.
      3. Scalable to the rest of the organization.

    Research Contributors and Experts

    Quinn Ross
    CEO
    The Ross Firm Professional Corporation

    Margaret Yap
    HR Professor
    Ryerson University

    Heather Payne
    CEO
    Juno College

    Lee Nguyen
    HR Specialist
    City of Austin

    Stacey Spruell
    Division HR Director
    Travis County

    Don MacLeod
    Chief Administrative Officer
    Zorra Township

    Stephen Childs
    CHRO
    Panasonic North America

    Shawn Gibson
    Sr. Director
    Info Tech Research Group

    Mari Ryan
    CEO/Founder
    Advancing Wellness

    Sophie Wade
    Founder
    Flexcel Networks

    Kim Velluso
    VP Human Resources
    Siemens Canada

    Lilian De Menezes
    Professor of Decision Sciences
    Cass Business School, University of London

    Judi Casey
    WorkLife Consultant and former Director, Work and Family Researchers Network
    Boston College

    Chris Frame
    Partner – Operations
    LiveCA

    Rose M. Stanley, CCP, CBP, WLCP, CEBS
    People Services Manager
    Sunstate Equipment Co., LLC

    Shari Lava
    Director, Vendor Research
    Info-Tech Research Group

    Carol Cochran
    Director of People & Culture
    FlexJobs

    Kidde Kelly
    OD Practitioner

    Dr. David Chalmers
    Adjunct Professor
    Ted Rogers School of Management, Ryerson University

    Kashmira Nagarwala
    Change Manager
    Siemens Canada

    Dr. Isik U. Zeytinoglu
    Professor of Management and Industrial Relations McMaster University, DeGroote School of Business

    Claire McCartney
    Diversity & Inclusion Advisor
    CIPD

    Teresa Hopke
    SVP of Client Relations
    Life Meets Work – www.lifemeetswork.com

    Mark Tippey
    IT Leader and Experienced Teleworker

    Dr. Kenneth Matos
    Senior Director of Research
    Families and Work Institute

    1 anonymous contributor

    Appendix I: Sample focus group questions

    See Info-Tech's Focus Group Guidefor guidance on setting up and delivering focus groups. Customize the guide with questions specific to flexible work (see sample questions below) to gain deeper insight into employee preferences for the feasibility assessment in Step 2 of this blueprint.

    Document themes in the Targeted Flexible Work Program Workbook.

    • What do you need to balance/integrate your work with your personal life?
    • What challenges do you face in achieving work-life balance/integration?
    • What about your job is preventing you from achieving work-life balance/integration?
    • How would [flexible work option] help you achieve work-life balance/integration?
    • How well would this option work with the workflow of your team or department? What would need to change?
    • What challenges do you see in adopting [flexible work option]?
    • What else would be helpful for you to achieve work-life balance/integration?
    • How could we customize [flexible work option] to ensure it meets your needs?
    • If this program were to fail, what do you think would be the top reasons and why?

    Appendix II: Communication key messaging

    1. Program purpose

    Start with the name and high-level purpose of the program.

    2. Business reasons for the program

    Share data you gathered in Step 1, illustrating challenges causing the need for the program and the benefits.

    3. Options selection process

    Outline the process followed to select options. Remember to share the involvement of stakeholders and the planning around employees' feedback, needs, and lived experiences.

    4. Options and eligibility

    Provide a brief overview of the options and eligibility. Specify that the organization is piloting these options and will modify them based on feedback.

    5. Approval not guaranteed

    Qualify that employees need to be "flexible about flexible work" – the options are not guaranteed and may sometimes be unavailable for business reasons.

    6. Shared responsibility

    Highlight the importance of everyone (managers, flexible workers, the team) working together to make flexible work achievable.

    7. Next steps

    Share any next steps, such as where employees can find the organization's Guide to Flexible Work for Managers and Employees, how to make flexible work a success, or if managers will be providing further detail in a team meeting.

    8. Ongoing communications

    Normalize the program and embed it in organizational culture by continuing communications through various media, such as the organization's newsletter or announcements in town halls.

    Works Cited

    Baziuk, Jennifer, and Duncan Meadows. "Global Employee Survey - Key findings and implications for ICMIF." EY, June 2021. Accessed May 2022.
    "Businesses suffering 'commitment issues' on flexible working," EY, 21 Sep. 2021. Accessed May 2022.
    "IT Talent Trends 2022". Info-Tech Research Group, 2022.
    "Jabra Hybrid Ways of Working: 2021 Global Report." Jabra, Aug. 2021. Accessed May 2022.
    LinkedIn Talent Solutions. "2022 Global Talent Trends." LinkedIn, 2022. Accessed May 2022.
    Lobosco, Mark. "The Future of Work is Flexible: 71% of Leaders Feel Pressure to Change Working Models." LinkedIn, 9 Sep. 2021. Accessed May 2022.
    Ohm, Joy, et al. "Covid-19: Women, Equity, and Inclusion in the Future of Work." Catalyst, 28 May 2020. Accessed May 2022.
    Pelta, Rachel. "Many Workers Have Quit or Plan to After Employers Revoke Remote Work." FlexJobs, 2021. Accessed May 2022.
    Slack Future Forum. "Inflexible return-to-office policies are hammering employee experience scores." Slack, 19 April 2022. Accessed May 2022.
    "State of Hybrid Work in IT: A Trend Report". Info-Tech Research Group, 2023.
    Threlkeld, Kristy. "Employee Burnout Report: COVID-19's Impact and 3 Strategies to Curb It." Indeed, 11 March 2021. Accessed March 2022.

    Select and Prioritize Digital Initiatives

    • Buy Link or Shortcode: {j2store}102|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    • If selection criteria are not identified and well defined, then digital initiatives risk being misprioritized or, worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Our Advice

    Critical Insight

    Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins. CIOs must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.

    Impact and Result

    By using an appropriate selection process, CIOs can prioritize the digital initiatives that will matter most to the organization and drive business value.

    Select and Prioritize Digital Initiatives Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select and Prioritize Digital Initiatives Storyboard – A step-by-step document that walks you through how to prepare an IT department to embrace innovation and support the organization’s digital initiatives.

    Part of Info-Tech’s seven-phase approach for aligning IT with the business’ digital strategy, this deck focuses the core and enabling initiatives that define IT’s innovation goals. By the end of this deck, the IT leader will have a roadmap of prioritized initiatives that enable the organization’s digital business initiatives.

    • Select and Prioritize Digital Initiatives Storyboard
    [infographic]

    Further reading

    Select and Prioritize Digital Initiatives

    Build your digital investment business case.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.
    35,000 members sharing best practices you can leverage. Millions spent annually developing tools and templates. Leverage direct access to over 100 analysts as an extension of your team. Use our massive database of benchmarks and vendor assessments. Get up to speed in a fraction of the time.

    Key Concepts

    Digital initiative

    A project – or a group of interdependent projects – whose primary purpose is to enable digital technologies and/or digital business models. These technologies and models may be net new to the organization, or they may be existing ones that are optimized and improved by the initiative itself.

    The feasibility of any initiative is gauged by answering:

    • What amount of return on investment (ROI) or value does it bring to the organization?
    • What level of complexity does it pose to project execution?
    • To what extent does it solve a problem or leverage an opportunity?
    • To what degree is it aligned with digital business goals?

    Digital strategy

    The plan to deploy existing/emerging technologies to look at developing new products and services, new business models, and operational efficiency to meet or exceed performance targets.

    IT strategy

    The plan for deploying and maintaining applications, hardware, infrastructure, and IT services that support the business goals in a secure/regulatory-compliant manner to ensure reliability.

    Digital transformation

    Digital transformation is an at-scale change program – planned and executed over a finite time period – with the aspiration of creating material and sustainable improvement in the performance of an organization. Techniques include deploying a programmatic approach to innovation along with enabling technologies, capabilities, and practices that drive efficiency and create new products, markets, and business models.

    Your Challenge

    • Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins.
    • The CIO must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.
    • But where to start with prioritization? What should the selection criteria be?
    • To answer these all-important questions, the CIO must identify what success actually looks like.

    Common Obstacles

    • If selection criteria are not identified and well-defined, then digital initiatives risk being neglected or worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Solution

    • Determine and set your selection criteria by leveraging the matrix provided in this deck.
    • Evaluate each proposed initiative against this repeatable process in order to test your assumptions.
    • Develop a business case for each high priority digital initiative that captures its benefits and business value.
    • Assemble your prioritized list of digital initiatives to present to stakeholders.

    Info-Tech Insight

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    Analyst Perspective

    Prioritization follows ideation, and it’s not always easy.

    Ross Armstrong

    Your stakeholders have spent considerable time and effort identifying and articulating a digital business strategy. Now that ideas have turned into opportunities, the CIO must prioritize those opportunities as actual initiatives. Where to begin?

    Your first task is to identify the criteria that will be used to conduct prioritization activities. These criteria should be immutable and rigorously applied.

    Your second task will be to develop business cases for each opportunity that passes muster. But don’t worry, you won’t need an MBA to get the job done properly.

    Ross Armstrong

    Principal Research Director
    Info-Tech Research Group

    Info-Tech’s digital transformation journey

    Info-Tech’s digital transformation journey: 1 - Visualize the art of the digitally possible, 2 - Evolve your digital business strategy, 3 - Execute with confidence

    Info-Tech's digital transformation journey for industry members. Table shows the stakeholders, advisory support and deliverables for each industry members

    By now, you have established your current strategic context

    You have reviewed trends to reimagine the future of your industry and undertaken a digital maturity assessment to validate your business objectives and innovation goals. Now you need to evolve the current scope of your digital vision and opportunities.

    • Phase 1.1: Industry Trends Report

    • Phase 1.2: Digital Maturity Assessment

    • Phase 2.1: Zero In on Business Objectives

    By this point you have leveraged industry roundtables to better understand the art of the possible – exploring global trends, shifts in market forces or industry, customer needs, emerging technologies, and economic forecasts and creating opportunities out of these disruptions.

    In Phase 2.1, you identified your business and innovation goals and documented your current capabilities, prioritized for transformation.

    Business and innovation goals have been established through stakeholder interviews and business document review.

    Current capabilities have been prioritized for transformation and heat mapped.

    You have also formalized your digital strategy

    Throughout the course of Phase 2.2, you identified new digital opportunities, identified the business capabilities required to capitalize those opportunities, and updated the digital goals of your organization, accordingly.

    An example of a formalized digital strategy from Phase 2.2.

    The end result of this exercise is a new goals cascade that aligns digital goals and capabilities with those of the business. Digital initiatives were also identified but not yet selected or prioritized for execution at the project level.

    Now you will select and prioritize digital initiatives

    The goal of this phase is to ensure that initiatives that are green-lit for execution have been successfully assessed against your chosen criteria and that the business case for each initiative is firmly established and documented.

    Info-Tech’s digital transformation journey for industry members.

    There are three key activities outlined here that describe the actions that can be undertaken by industry members to help select and prioritize digital initiatives for the business.

    1. Identify your selection criteria

    2. Evaluate initiatives against criteria

    3. Determine a prioritized list of initiatives

    Info-Tech’s approach

    1

    Identify your selection criteria

    • Define what viability actually looks like.
    • Conduct an evaluation session to test your assumptions
    2

    Evaluate initiatives against criteria

    • Evaluate and validate an initiative to determine its viability.
    • Map the benefits and value proposition for each initiative.
    • Build a business case and profile for each selected initiative.
    3

    Determine a prioritized list of initiatives

    • Finalize your initiatives list and compile all relevant information.
    • Communicate the list to stakeholders.

    Step 1: Identify Your Selection Criteria

    Understand which conditions must be met in order to turn an opportunity into a digital initiative.

    Step 1: Identify Your Selection Criteria

    Step 1

    Identify Your Selection Criteria

    1.1

    Define what "viable" looks like

    Set criteria types and thresholds.

    It is impossible to gauge whether or not an opportunity is worthwhile if you don’t have a yardstick to measure it by. However, what is viable for one organization in a particular industry may not be viable for a company elsewhere.

    Consider:
    • Use the criteria already set forth in this deck.
    • If for any reason you cannot use these criteria, work with stakeholders to establish viability factors that suit both the business and IT.
    Avoid:
    • Vague language when establishing your own criteria.
    • Ambiguity in both measures and their definitions. Be crystal clear.

    1.2

    Conduct an evaluation session

    Test your assumptions by piloting prioritization.

    Select an initiative from one of the opportunity profiles from Phase 2.2 and run it through the selection criteria. From there, determine if your assumptions are sound. If not, tweak the criteria and test again until all stakeholders have confidence in the process.

    Consider:
    • Most if not all projects must go through the IT project management office (PMO) or project management leader, so why not create a “digital-only” track for digital business initiatives?
    • Which digital initiatives also represent a sound strategic fit to the organization?
    • Have we undertaken previous projects that are similar? Were those successful? Why or why not?
    Avoid:
    • Making too many initiatives high priority. IT resources are limited, so be ruthless.
    • Taking on too many initiatives at once. Most IT organizations can only work on a small number at any given time.

    Use these selection criteria to prioritize initiatives

    Ideas matter, but not all ideas are created equal. Now that you have elicited ideas and identified opportunities, discuss the assumptions, risks, and benefits associated with each proposed digital business initiative.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Prioritize opportunities into initiatives

    Recall that the opportunities identified in Phase 2.2 also became proposed digital initiatives demonstrated in your goals cascade.

    In your discussion, evaluate each opportunity through a matrix to create tension between value and complexity or other dimensions. Capture the information based on measurable business benefits-realization; risks or considerations; assumptions; and competencies, talent, and assets needed to deliver.

    Prioritize opportunities into Initiatives. For example: new digital products and services, intelligent fleet management via automation, ERP automation etc.

    Leverage opportunity profiles from your digital strategy

    To start, take one of the opportunity profiles you created in Phase 2.2, Build Your Digital Vision and Strategy, and use it throughout the following steps. Once done, repeat with the next opportunity profile until all have been vetted against criteria. If you did not use Info-Tech’s approach, simply use whatever list of digital business opportunities provided to you from stakeholders.

    Robotic process automation Template.

    Prioritization Criteria

    Run each initiative through the following evaluation criteria. When finished, any opportunities that appear in the top left quadrant (high value/low complexity) are now your highest priority digital initiatives.

    Instructions:

    Assign each initiative a letter. As you decide on each one, move a copy of the circled letter to its appropriate place on the 2x2 selection matrix.

    List of digital opportunities.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Info-Tech Insight

    Evaluation should be based on the insights from analysis across all criteria. Leverage group discussion to help contextualize and challenge assumptions when validating opportunities.

    Digital initiative ≠ IT project

    Every idea is a good one, unless you need one that works. What “works” as a digital initiative is not the same thing as a straightforward IT project that would be typically managed by a project manager or PMO. These latter projects will be addressed in Phase 3.1 of the digital journey.

    Opportunities and business needs > Business model > Impact > Mandatory > Innovation path forward

    Digital Track

    Focus: Transform the business and operations

    1. Problem may not be well defined.
    2. “Initiative” is not clear.
    3. Based on market research, customer needs, trend analysis, and economic forecast, risk to the business if fit-for-purpose initiative is not identified.
    4. Previous delivery results not as expected, or uncertain how to continue the project.
    5. Highly complex with significant impact to transform the business or operations.
    6. Execution approach is not clear.
    7. Capabilities may not exist within IT.

    IT PMO

    1. Emerging technology trends create opportunities to modernize IT, not transform business.
    2. Problem is well defined and understood.
    3. Initiative is clearly identified.
    4. New IT project.
    5. Can be complex but does not transform the business.
    6. Standard PMP approach is a good fit.
    7. Capabilities exist to execute within IT.
    8. Software vendor or systems integrator is initiative provider.

    Step 2: Evaluate Initiatives Against Criteria

    Ruthlessly prioritize which opportunities will deliver the greatest business value and pose the best chance of success.

    Step 2: Evaluate initiatives against criteria.

    Step 2

    Evaluate Initiatives Against Criteria

    2.1

    Evaluate and validate

    Evaluate and validate (or invalidate) opportunities.

    Now that you have tested and refined the selection criteria, take each opportunity profile from Phase 2.2 and run it through its paces. Once plotted on the 2x2 matrix, you will have a clear and concise view of high priority digital initiatives.

    Consider:
    • What are the timing, relevance, and impact of each initiative being evaluated?
    • What are the merits of each opportunity?
    • What are the extent and reach of their impacts?
    Avoid:
    • Guesswork. Stick with what you know based on the available information and data at hand.

    2.2

    Determine benefits

    Document benefits and value proposition.

    Identify and determine the benefits of each high priority initiative, including the benefit type (e.g. observable, financial, etc.). In addition, discuss and articulate the value proposition for each high priority initiative.

    Consider:
    • Tangible and intangible benefits.
    • Creating a vision statement for each initiative selected as high priority.
    Avoid:
    • Don’t reach too much when identifying benefits. Be realistic.

    2.3

    Make your case

    Build a business case for each initiative.

    Once you have enunciated the value and benefits of each high priority initiative, create a business case and profile for each one that includes known costs, risks, and so on. These materials will be crucial for project execution and IT capability planning in Phase 2.3 of your digital journey.

    Consider:
    • All forms of costs, both in terms of time, labor, and physical assets and resources.
    • Stick with a short-form business case for now to save time. You can always expand it into full-form business case later on, if necessary.
    Avoid:
    • Generalities. Be conservative in your estimates and keep them grounded in what has transpired in past initiatives at the organization.

    Exemplar: Prioritization criteria

    Your prioritization matrix should look something like this. Initiatives B and C will now have short-form business cases developed for them. Initiatives in the “Should Plan” quadrant can be dealt with later.

    List of initiatives for digital opportunities. Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Draw information from the opportunity profiles

    You created opportunity profiles in Phase 2.2 to clarify, validate and evaluate specific ideas for digital initiatives. In these profiles, you considered the timing, relevance, and impact of those opportunities.

    Some prioritized initiatives will have an immediate and significant impact on your business. Some may have a significant impact, but on a longer timeline. Understanding this is important context for your overall digital business strategy.

    Above all, you must be able to communicate to stakeholders how the newly prioritized digital initiatives are relevant to driving the strategic growth of the business.

    Start by elucidating further on initiative benefits and business value as outlined in the opportunity profile. This will become crucial for completing your next step – building a short-form business case for each prioritized initiative.

    Robotics Process Automation Template. Benefits and outcomes as well as incremental value are highlighted. The next slide is a template for the short-form business case, while the slides after that contain instructions on how to fill out each section of the business case.

    Short-Form Business Case Template

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Prepare your business case for each initiative

    Tasks:

    1. On a whiteboard, draw the visual initiative canvas supplied below.
    2. For each prioritized initiative, leverage its opportunity profile (if used) to list the resulting customer or stakeholder products/services and its pain relievers and gain creators in the associated sections of the canvas.
    3. Ensure that the top pains, gains, and jobs are addressed by products/services, pain relievers, and gain creators.
    4. Use this information as a basis for further exercises in this section, such as defining benefits, articulating value proposition and vision, and cost estimates.
    Initiative canvas example.

    Input

    • The initiative’s opportunity profile from Phase 2.2 of the Digital Journey series (if used)

    Output

    • Short-form initiative business case

    Materials

    • Whiteboard and markers

    Participants

    • Opportunity owner
    • Opportunity group/team

    Expand on the key benefits of each initiative

    Business cases are not just a vehicle with which to acquire resources for investments, they are a mechanism that helps ensure the benefits of an investment are realized. To accomplish this, a business case must have a set of clearly defined benefits, combined with an understanding of how they will be measured and an explicitly stated beneficiary who can corroborate that the benefit has been realized.

    What is a benefit?

    Benefits are the advantages, or outcomes, that specific groups or individuals realize as a result of the proposed initiative’s implementation.

    Initiative inputs

    Initiative inputs are the time, resources, and scope dedicated to the endeavor of implementing an initiative.

    Benefits of initiative and initiative inputs diagram.

    Identify how to measure benefit achievement

    Benefits are realized when an organization either starts doing something new, stops doing something, or improves the way something is already being done. The impact of these changes must be measured in order to determine whether the change is positive and if the case warrants more resources in order to scale.

    Types of benefits

    • Observable: These are measured by opinion or judgement.
    • Measurable: These can be identified when there is an existing measure in place for the benefit (or when one can be easily created).
    • Quantifiable: Similar to measurable benefits; however, these benefits additionally feature size or magnitude (if it can be reliably estimated).
    • Financial: These are benefits that can be communicated in monetary terms. A benefit should only be classified as financial when sufficient evidence is available to show that the stated value is likely to be achieved.

    Benefit owners and responsibilities

    1. Each benefit should have assigned to it an explicit owner who gains an advantage as a result of the initiative’s implementation.
    2. For most benefits, the owner will be the primary beneficiary of the initiative.
    3. These individuals are the ones who must corroborate that a benefit has been realized.
    4. Assigning an owner to each benefit will foster a sense of accountability in terms of benefits realization and will also create a traceable path that helps track the success of the initiative.

    Complete the benefits section of the business case

    Tasks:

    1. Use the Short-Form Business Case Template included in this deck.
    2. Arrange a meeting with the key beneficiary or beneficiaries of your initiative. Refer back to the benefits and outcomes section of the initiative’s opportunity profile (if used) as a starting point.
    3. Clearly define what the key benefits of your initiative will be and list them in the Short-Form Business Case Template.
    4. Assign an owner to each benefit – the individual who will corroborate that the benefit has accrued.
    5. Come to a mutual agreement with the beneficiaries as to whether each benefit is:
      • Financial
      • Quantifiable
      • Measurable
      • Observable
    6. Discuss and list the methods that will be used to measure each benefit and list them in the Short-Form Business Case Template.

    Input

    • Key benefits of the initiative, how they will be measured, and who owns the benefits

    Output

    • Completed benefits section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Key beneficiary

    Craft value proposition and vision statements

    The way one articulates the value an initiative provides is just as important as the initiative itself. Use the previous exercises as inputs to craft a statement that reflects the value your initiative will provide, but also describes how the initiative will create value. Specifically, a value proposition should answer the following questions:

    1. Who is the initiative for?
    2. What is the initiative?
    3. What does the initiative do?
    4. How is the initiative different from others?

    Complete value prop and vision statement sections of the business case

    Tasks:

    1. Having already completed the benefits section of the Short-Form Business Case Template, turn your attention to the value proposition section.
    2. Using your problem and initiative canvases, in addition to the benefits section, craft a value proposition statement that answers the following questions in one or two sentences:
      • Who is the initiative for?
      • What is the initiative?
      • What does the initiative do?
      • How is the initiative different?
    3. Input the value proposition statement into the value proposition section of the Short-Form Business Case Template.

    Input

    • Initiative canvas
    • Benefits section of the Short-Form Business Case Template

    Output

    • Completed value proposition section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Identify initiative steps and add to business case

    Tasks:

    Turn your attention to the roadmap section of the Short-Form Business Case Template and fill it in through the following steps:

    1. Select which scope, resource, and/or time reduction tactics to apply given the context of the project.
    2. Use the test, run, gauge, and collect framework supplied, unless you elect to generate your own project phases. If that is the case, ensure that phases are mutually exclusive and completely exhaustive (MECE).
    3. For each phase, supply a brief description of the activities to be undertaken for that phase.
    4. Map the benefits to be accrued within each phase.
    5. For each phase, supply a set of two to three potential factors that create risk toward the benefits listed.
    6. For each risk, supply a mitigation tactic that could be employed to diffuse the risk or to mitigate it completely.

    Input

    • Project benefits
    • Scope, resource, and time reduction tactics

    Output

    • Roadmap section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner

    Fill out the cost section of the business case

    Tasks:

    1. Having already completed the roadmap part of the Short-Form Business Case Template, turn your attention to the cost section.
    2. Use the scope, resource, and time reduction tactics and roadmap to estimate the cost necessary to execute the project. Remember that costs are a factor of the resources required and the cost type.
      • Resources:
        • Hardware
        • Software
        • Human
        • Network and communications
        • Facilities
      • Cost Types:
        • Acquisition
        • Operation
        • Growth and change
    3. Complete the cost section of the Short-Form Business Case Template with the cost estimate for the project.

    Input

    • Roadmap
    • Scope, resource, and time reduction tactics

    Output

    • Cost section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Exemplar: Short-Form Business Case

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Step 3: Determine a Prioritized List of Initiatives

    Green-light opportunities for digital investment and create your list of high-priority digital initiatives.

    Step 3: Determine a prioritized list of initiatives.

    Step 3

    Determine a Prioritized List of Initiatives

    3.1

    Compile information

    Finalize your list of high priority initiatives.

    This list should also include the short-form business cases that you completed in the previous step. This compilation of initiative information will be used in the next phase of your digital journey and is critical for its successful completion.

    Consider:
    • Checking your work. Does it ring true? Does it create excitement? People will be working on these initiatives in the near future, so it’s ideal if they feel good about the outcomes.
    • Integrating with your IT strategy, if you have one. These digital initiatives will figure prominently in the fiscal quarters to come.
    Avoid:
    • Dramatic effect. While you want stakeholders and IT staff to be enthusiastic about the work ahead, don’t dress up the initiatives as something they’re not.

    3.2

    Communicate

    It’s time to communicate with stakeholders.

    By now you should have a relatively short yet potent list of digital business initiatives – plus a business case for each – that has been thoroughly vetted and prioritized. Stakeholders are eager to learn more about these initiatives, though the details that matter most may differ from stakeholder to stakeholder.

    Consider:
    • Socializing the business cases before formally presenting to stakeholders for approval.
    • You will want to first elicit feedback and make any recommended changes to messaging.
    • Tailoring your message depending on stakeholder type, their priorities and concerns, and so on.
    Avoid:
    • Sugar coating. Many, if not all, of these stakeholders have the authority to invalidate or disapprove any business case that fails to pass muster. Give it to them straight.

    Compile your prioritized initiatives

    There are two follow-up actions to do with your newly prioritized list of digital initiative business cases: present them to stakeholders for approval and then add them to your IT strategic roadmap.

    Compile prioritized initiatives. Present to stakeholders and then add them to your IT strategic roadmap.

    Present business cases to stakeholders

    For most high-profile digital business initiatives, the short-form business case will not be the first time stakeholders hear about them. By this point, securing approval should only be a formality if the initiative has been effectively socialized beforehand. If this is not the case, one must build an adequate understanding of the stakeholder landscape and then use this understanding to effectively present business cases for digital initiative and receive approval to proceed with them.

    Gauge the importance of various stakeholders and tailor your message according to their concerns and the requirements of their role. Consider the following important questions about each stakeholder:

    • Authority: How much influence does the stakeholder have? Enough to drive the initiative forward?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the initiative already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the initiative? Neutral? A resistor?

    Develop a stakeholder map

    A stakeholder map helps visualize the importance of various stakeholders and their concerns so you can prioritize your time according to those stakeholders who are most impacted by a digital initiative, as well as those who have the authority to green-light them.

    1. Evaluate each stakeholder in terms of authority, involvement, impact, and support, as discussed in the previous slide.
    2. Map each stakeholder to an area on the right template (slide four) based upon the level of their authority and involvement (high or low).
      • Vary the size of the circle to distinguish stakeholders that are highly impacted by the IT strategy from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
    3. Ask yourself if the stakeholder map looks accurate. Is there someone who has no involvement in digital initiatives, but should?
      • A) For example, if a CFO who has the authority to disapprove project funding is heavily impacted and not involved, the success of the business cases will be put at risk.
    4. Draw a dotted circle to show where that stakeholder needs to be located (increased involvement and support), and an arrow with a dotted line to signify the needed change. Some stakeholders may have influence over others.
      • B) For example, a COO who highly values the opinion of the director of operations would be influenced by that director. Draw an arrow from one stakeholder to another to signify this relationship.

    Focus on key players: Relevant stakeholders who have high power are highly impacted and should have high involvement. Engage the stakeholders that are impacted most and have the authority to influence digital initiatives and approve business cases.

    Stakeholder map. Authority versus involvement of key players.

    Summary of key insights

    By now, you should have a firm understanding of the principles and desired actions, behaviors, and outcomes that have been presented in this methodology. Furthermore:

    1. Prioritization of digital opportunities can be a relatively straightforward task as long as the correct stakeholders are involved and use a common and agreed upon set of criteria.
    2. Developing a business case for a digital initiative in an agile manner need not be a grueling exercise provided that a vetted and repeatable process is used.
    3. Above all, remember that this is a journey. Going from an intangible (macro-trend, problem, or opportunity) to a tangible (actual project or initiative) does not happen all at once.

    Related Info-Tech Research

    Understand Industry Trends

    Assess how the external environment presents opportunities or threats to your organization.

    Build a Business-Aligned IT Strategy

    Align with the business by creating an IT strategy that documents the business context, key initiatives, and a strategic roadmap.

    Define Your Digital Business Strategy

    Design a strategy that applies innovation to your business model, streamlines and transforms processes, and makes use of technologies to enhance interactions with customers and employees.

    Research Contributors and Experts

    Ross Armstrong

    Ross Armstrong

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Ross Armstrong is a Principal Research Director in the CIO Advisory practice at Info-Tech Research Group, covering the areas of IT strategic planning, digital strategy, digital transformation, and IT innovation.

    Ross has worked in a variety of public and private sector industries including automotive, IT, mobile/telecom, and higher education. All of his roles over the years have centered around data-driven market research – in pursuit of insightful and successful product development and product management – at their core.

    In addition to his long tenure as an Info-Tech Research Group analyst, Ross has worked in research and product innovation positions at Autodata initiatives (J.D. Power), BlackBerry, and Ivey Business School (Western University).

    Ross holds a Master of Arts degree in English Language and Literature from Western University (UWO) and has served as an advisory board member for a number of not-for-profit and educational institutions.

    Joanne Lee

    Joanne Lee

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is an executive with over 25 years of experience providing leadership in digital technology and management consulting across both public and private entities from initiative delivery to organizational redesign across BC, Ontario, and Globally.

    A Director within KPMG’s CIO Advisory Management Consulting services and practice lead for Digital Health in BC, Joanne has led various client engagements from ERP Cloud Strategy, IT Operating Models, Data and Analytics maturity, to process redesign. More recently, Joanne was the Chief Program Officer and Executive Director responsible for leading the implementation of a $450M technology and business transformation initiative across 13 hospitals and community services for one of the largest health authorities in BC.

    A former clinician, Joanne has held progressive leadership roles in healthcare with accountabilities across IT operations and service management, data analytics, project management office (PMO), clinical informatics, and privacy and contract management. Joanne is passionate about connecting people, concepts, and capital.

    Bibliography

    “AI: From Data to ROI.” Cognizant, September 2020. Accessed November 2022.

    Bughin, Jacques, et al. “The Case for Digital Reinvention.” McKinsey Quarterly, February 2017. Accessed November 2022.

    “The Business Case for Digital Transformation.” CPA Canada, June 2021. Accessed November 2022.

    “The Case for Digital Transformation.” The National Center for the Middle Market, Ohio State University, 2020. Accessed October 2022.

    “Digital Transformation in Government Case Study.” Ionology, April 2020. Accessed October 2022.

    Louis, Peter, et al. “Internet of Things – From Buzzword to Business Case.” Siemens, 11 January 2021. Accessed December 2022.

    Miesen, Nick. “Case Studies of Digital Transformations in Process and Aerospace Industries.” Jugaad, 2018. Accessed November 2022.

    Proff, Harald, and Claudia Bittrich. “The Digital Business Case - Done Right!” Deloitte, August 2019. Accessed October 2022.

    “Propelling an Aerospace Innovator.” Accenture, 2021. Accessed October 2022.

    Schmidt-Subramanian, Maxie. “The ROI of CX Transformation.” Forrester, 15 August 2019. Accessed November 2022.

    Ward, John, et al. “Building Better Business Cases for IT Investments.” California Management Review, Sept. 2007. Web.

    GDPR, Implemented!

    GDPR, Are You really ready?

    It is now 2020 and the GDPR has been in effect for almost 2 years. Many companies thought: been there, done that. And for a while the regulators let some time go by.

    The first warnings appeared quickly enough. Eg; in September 2018, the French regulator warned a company that they needed to get consent of their customers for getting geolocation based data.

    That same month, an airline was hacked and, on top of the reputational damage and costs to fix the IT systems, it faced the threat of a stiff fine.

    Even though we not have really noticed, fines started being imposed as early as January 2019.

    But these fines, that is when you have material breaches...

    Wrong! The fines are levied in a number of cases. And to make it difficult to estimate, there are guidelines that will shape the decision making process, but no hard and fast rules!

    The GDPR is very complex and consists of both articles and associated recitals that you need to be in compliance with. it is amuch about the letter as it is about the spirit.

    We have a clear view on what most of those cases are.
    And more importantly, when you follow our guidelines, you will be well placed to answer any questions by your clients and cooperate with the regulator in a proactive way.

    They will never come after me. I'm too small.

    And besides, I have my privacy policy and cookie notice in place

    Company size has nothing to do with it.

    While in the beginning, it seemed mostly a game for the big players (for names, you have to contact us) that is just perception.

    As early as March 2018 a €10M revenue company was fined around €120,000. 2 days later another company with operating revenues of  around €6.2M was fined close to €200.000 for failing to abide by the DSRR stipulatons.

    Don't know what these are?
    Fill out the form below and we'll let you in on the good stuff.

     

    Continue reading

    Adopt Design Thinking in Your Organization

    • Buy Link or Shortcode: {j2store}327|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $23,245 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • End users often have a disjointed experience while interacting with your organization in using its products and services.
    • You have been asked by your senior leadership to start a new or revive an existing design or innovation function within your organization. However, your organization has dismissed design thinking as the latest “management fad” and does not buy into the depth and rigor that design thinking brings.
    • The design or innovation function lives on the fringes of your organization due to its apathy towards design thinking or tumultuous internal politics.
    • You, as a CIO, want to improve the user satisfaction with the IT services your team provides to both internal and external users.

    Our Advice

    Critical Insight

    • A user’s perspective while interacting with the products and services is very different from the organization’s internal perspective while implementing and provisioning those. A design-based organization balances the two perspectives to drive user-satisfaction over end-to-end journeys.
    • Top management must have a design thinker – the guardian angel of the balance between exploration (i.e. discovering new business models) and exploitation (i.e. leveraging existing business models).
    • Your approach to adopt design thinking must consider your organization’s specific goals and culture. There’s no one-size-fits-all approach.

    Impact and Result

    • User satisfaction, with the end-to-end journeys orchestrated by your organization, will significantly increase.
    • Design-centric organizations enjoy disproportionate financial rewards.

    Adopt Design Thinking in Your Organization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt design thinking in your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. What is design thinking?

    The focus of this phase is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will formally examine the many definitions of design thinking from experts in this field. At the core of this phase are several case studies that illuminate the various aspects of design thinking.

    • Adopt Design Thinking in Your Organization – Phase 1: What Is Design Thinking?
    • Victor Scheinman's Experiment for Design

    2. How does an organization benefit from design thinking?

    This phase will illustrate the relevance of design in strategy formulation and in service-design. At the core of this phase are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization and establish a baseline of user-experience with the journeys orchestrated by your organization.

    • Adopt Design Thinking in Your Organization – Phase 2: How Does an Organization Benefit From Design Thinking?
    • Trends Matrix (Sample)

    3. How do you build a design organization?

    The focus of this phase is to:

  • Measure the design-centricity of your organization and subsequently, identify the areas for improvement.
  • Define an approach for a design program that suites your organization’s specific goals and culture.
    • Adopt Design Thinking in Your Organization – Phase 3: How Do You Build a Design Organization?
    • Report on How Design-Centric Is Your Organization (Sample)
    • Approach for the Design Program (Sample)
    • Interview With David Dunne on Design Thinking
    • Interview With David Dunne on Design Thinking (mp3)
    [infographic]

    Workshop: Adopt Design Thinking in Your Organization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 What Is Design Thinking?

    The Purpose

    The focus of this module is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will also review the report on the design-centricity of your organization and subsequently, earmark the areas for improvement.

    Key Benefits Achieved

    An intimate understanding of the design thinking

    An assessment of design-centricity of your organization and identification of areas for improvement

    Activities

    1.1 Discuss case studies on how designers think and work

    1.2 Define design thinking

    1.3 Review report from Info-Tech’s diagnostic: How design-centric is your organization?

    1.4 Earmark areas for improvement to raise the design-centricity of your organization

    Outputs

    Report from Info-Tech’s diagnostic: ‘How design-centric is your organization?’ with identified areas for improvement.

    2 How Does an Organization Benefit From Design Thinking?

    The Purpose

    In this module, we will discuss the relevance of design in strategy formulation and service design. At the core of this module are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization. We will establish a baseline of user experience with the journeys orchestrated by your organization.

    Key Benefits Achieved

    An in-depth understanding of the relevance of design in strategy formulation and service design

    An understanding of the trends that impact your organization

    A taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those

    Activities

    2.1 Discuss relevance of design in strategy through case studies

    2.2 Articulate trends that impact your organization

    2.3 Discuss service design through case studies

    2.4 Identify critical customer journeys and baseline customers’ satisfaction with those

    2.5 Run a simulation of design in practice

    Outputs

    Trends that impact your organization.

    Taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those.

    3 How to Build a Design Organization

    The Purpose

    The focus of this module is to define an approach for a design program that suits your organization’s specific goals and culture.

    Key Benefits Achieved

    An approach for the design program in your organization. This includes aspects of the design program such as its objectives and measures, its model (one of the five archetypes or a hybrid one), and its governance.

    Activities

    3.1 Identify objectives and key measures for your design thinking program

    3.2 Structure your program after reviewing five main archetypes of a design program

    3.3 Balance between incremental and disruptive innovation

    3.4 Review best practices of a design organization

    Outputs

    An approach for your design thinking program: objectives and key measures; structure of the program, etc.

    Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan

    • Buy Link or Shortcode: {j2store}378|cart{/j2store}
    • member rating overall impact: 7.3/10 Overall Impact
    • member rating average dollars saved: $10,756 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • The demand for qualified cybersecurity professionals far exceeds supply. As a result, organizations are struggling to protect their data against the evolving threat landscape.
    • It is a constant challenge to know what skills will be needed in the future, and when and how to acquire them.

    Our Advice

    Critical Insight

    • Plan for the inevitable. All industries are expected to be affected by the talent gap in the coming years. Plan ahead to address your organization’s future needs.
    • Base skills acquisition decisions on the five key factors to define skill needs. Create an impact scale for the five key factors (data criticality, durability, availability, urgency, and frequency) that reflects your organizational strategy, initiatives, and pressures.
    • A skills gap will always exist to some degree. The threat landscape is constantly changing, and your workforce’s skill sets must evolve as well.

    Impact and Result

    • Organizations must align their security initiatives to talent requirements such that business objectives are achieved and the business is cyber ready.
    • Identify if there are skill gaps in your current workforce.
    • Decide how you’ll acquire needed skills based on characteristics of need for each skill.

    Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a technical skills acquisition strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify skill needs for target state

    Identify what skills will be needed in your future state.

    • Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan – Phase 1: Identity Skill Needs for Target State
    • Security Initiative Skills Guide
    • Skills Gap Prioritization Tool

    2. Identify technical skill gaps

    Align role requirements with future initiative skill needs.

    • Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan – Phase 2: Identify Technical Skill Gaps
    • Current Workforce Skills Assessment
    • Technical Skills Workbook
    • Information Security Compliance Manager
    • IT Security Analyst
    • Chief Information Security Officer
    • Security Administrator
    • Security Architect

    3. Develop a sourcing plan for future work roles

    Acquire skills based on the impact of the five key factors.

    • Close the InfoSec Skills Gap: Develop a Skills Sourcing Plan for Future Work Roles – Phase 3: Develop a Sourcing Plan for Future Work Roles
    [infographic]

    Workshop: Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Skill Needs for Target State

    The Purpose

    Determine the skills needed in your workforce and align them to your organization’s security roadmap.

    Key Benefits Achieved

    Insight on what skills your organization will need in the future.

    Activities

    1.1 Understand the importance of aligning security initiatives skill needs with workforce requirements.

    1.2 Identify needed skills for future initiatives.

    1.3 Prioritize the initiative skill gaps.

    Outputs

    Security Initiative Skills Guide

    Skills Gap Prioritization Tool

    2 Define Technical Skill Requirements

    The Purpose

    Identify and create technical skill requirements for key work roles that are needed to successfully execute future initiatives.

    Key Benefits Achieved

    Increased understanding of the NICE Cybersecurity Workforce Framework.

    Standardization of technical skill requirements of current and future work roles.

    Activities

    2.1 Assign work roles to the needs of your future environment.

    2.2 Discuss the NICE Cybersecurity Workforce Framework.

    2.3 Develop technical skill requirements for current and future work roles.

    Outputs

    Skills Gap Prioritization Tool

    Technical Skills Workbook

    Current Workforce Skills Assessment

    3 Acquire Technical Skills

    The Purpose

    Assess your current workforce against their role’s skill requirements.

    Discuss five key factors that aid acquiring skills.

    Key Benefits Achieved

    A method to acquire skills in future roles.

    Activities

    3.1 Continue developing technical skill requirements for current and future work roles.

    3.2 Conduct Current Workforce Skills Assessment.

    3.3 Discuss methods of acquiring skills.

    3.4 Develop a plan to acquire skills.

    Outputs

    Technical Skills Workbook

    Current Workforce Skills Assessment

    Current Workforce Skills Assessment

    Technical Skills Workbook

    Current Workforce Skills Assessment

    Technical Skills Workbook

    Current Workforce Skills Assessment

    4 Plan to Execute Action Plan

    The Purpose

    Assist with communicating the state of the skill gap in your organization.

    Key Benefits Achieved

    Strategy on how to acquire skills needs of the organization.

    Activities

    4.1 Review skills acquisition plan.

    4.2 Discuss training and certification opportunities for staff.

    4.3 Discuss next steps for closing the skills gap.

    4.4 Debrief.

    Outputs

    Technical Skills Workbook

    Manage Your Chromebooks and MacBooks

    • Buy Link or Shortcode: {j2store}167|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Devices
    • Parent Category Link: /end-user-computing-devices

    Windows is no longer the only option. MacBooks and Chromebooks are justified, but now you have to manage them.

    • If you have modernized your end-user computing strategy, you may have Windows 10 devices as well as MacBooks.
    • Virtual desktop infrastructure (VDI) and desktop as a service (DaaS) are becoming popular. Chromebooks may be ideal as a low-cost interface into DaaS for your employees.
    • Managing Chromebooks can be particularly challenging as they grow in popularity in the education sector.

    Our Advice

    Critical Insight

    Managing end-user devices may be accomplished with a variety of solutions, but many of those solutions advocate integration with a Microsoft-friendly solution to take advantage of features such as conditional access, security functionality, and data governance.

    Impact and Result

    • Many solutions are available to manage end-user devices, and they come with a long list of options and features. Clarify your needs and define your requirements before you purchase another endpoint management tool. Don’t purchase capabilities that you may never use.
    • Use the associated Endpoint Management Selection Tool spreadsheet to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

    Manage Your Chromebooks and MacBooks Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage Your Chromebooks and MacBooks deck – MacBooks and Chromebooks are growing in popularity in enterprise and education environments, and now you have to manage them.

    Explore options, guidance and some best practices related to the management of Chromebooks and MacBooks in the enterprise environment and educational institutions. Our guidance will help you understand features and options available in a variety of solutions. We also provide guidance on selecting the best endpoint management solution for your own environment.

    • Manage Your Chromebooks and MacBooks Storyboard

    2. Endpoint Management Selection Tool – Select the best endpoint management tool for your environment. Build a table to compare endpoint management offerings in relation to the features and options desired by your organization.

    This tool will help you determine the features and options you want or need in an endpoint management solution.

    • Endpoint Management Selection Tool
    [infographic]

    Further reading

    Manage Your Chromebooks and MacBooks

    Financial constraints, strategy, and your user base dictate the need for Chromebooks and MacBooks – now you have to manage them in your environment.

    Analyst Perspective

    Managing MacBooks and Chromebooks is similar to managing Windows devices in many ways and different in others. The tools have many common features, yet they struggle to achieve the same goals.

    Until recently, Windows devices dominated the workplace globally. Computing devices were also rare in many industries such as education. Administrators and administrative staff may have used Windows-based devices, but Chromebooks were not yet in use. Most universities and colleges were Windows-based in offices with some flavor of Unix in other areas, and Apple devices were gaining some popularity in certain circles.

    That is a stark contrast compared to today, where Chromebooks dominate the classrooms and MacBooks and Chromebooks are making significant inroads into the enterprise environment. MacBooks are also a common sight on many university campuses. There is no doubt that while Windows may still be the dominant player, it is far from the only one in town.

    Now that Chromebooks and MacBooks are a notable, if not significant, part of the education and enterprise environments, they must be afforded the same considerations as Windows devices in those environments when it comes to management. The good news is that there is no lack of available solutions for managing these devices, and the endpoint management landscape is continually evolving and improving.

    This is a picture of P.J. Ryan, Research Director, Infrastructure & Operations, Info-Tech Research Group

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • You modernized your end-user computing strategy and now have Windows 10 devices as well as MacBooks.
    • Virtual desktop infrastructure (VDI) and desktop as a service (DaaS) are becoming popular. Chromebooks would be ideal as a low-cost interface into DaaS for your employees.
    • You are responsible for the management of all the new Chromebooks in your educational district.
    • Windows is no longer the only option. MacBooks and Chromebooks are justified, but now you have to manage them.

    Common Obstacles

    • Endpoint management solutions typically do a great job at managing one category of devices, like Windows or MacBooks, but they struggle to fully manage alternative endpoints.
    • Multiple solutions to manage multiple devices will result in multiple dashboards. A single view would be better.
    • One solution may not fit all, but multiple solutions is not desirable either, especially if you have Windows devices, MacBooks, and Chromebooks.

    Info-Tech's Approach

    • Use the tools at your disposal first – don't needlessly spend money if you don't have to. Many solutions can already manage other types of devices to some degree.
    • Use the integration capabilities of endpoint management tools. Many of them can integrate with each other to give you a single interface to manage multiple types of devices while taking advantage of additional functionality.
    • Don't purchase capabilities you will never use. Using 80% of a less expensive tool is economically smarter than using 10% of a more expensive tool.

    Info-Tech Insight

    Managing end-user devices may be accomplished with a variety of solutions, but many of those solutions advocate integration with a Microsoft-friendly solution to take advantage of features such as conditional access, security functionality, and data governance.

    Insight Summary

    Insight 1

    Google Admin Console is necessary to manage Chromebooks, but it can be paired with other tools. Implementation partnerships provide solutions to track the device lifecycle, track the repair lifecycle, sync with Google Admin Console as well as PowerSchool to provide a more complete picture of the user and device, and facilitate reminders to return the device, pay fees if necessary, pick up a device when a repair is complete, and more.

    Insight 2

    The Google Admin Console allows admins to follow an organizational unit (OU) structure very similar to what they may have used in Microsoft's Active Directory environment. This familiarity makes the task of administering Chromebooks easier for admins.

    Insight 3

    Chromebook management goes beyond securing and manipulating the device. Controls to protect the students while online, such as Safe Search and Safe Browsing, should also be implemented.

    Insight 4

    Most companies choose to use a dedicated MacBook management tool. Many unified endpoint management (UEM) tools can manage MacBooks to some extent, but admins tend to agree that a MacBook-focused endpoint management tool is best for MacBooks while a Windows-based endpoint management tool is best for Windows devices.

    Insight 5

    Some MacBook management solutions advocate integration with Windows UEM solutions to take advantage of Microsoft features such as conditional access, security functionality, and data governance. This approach can also be applied to Chromebooks.

    Chromebooks

    Chromebooks had a respectable share of the education market before 2020, but the COVID-19 pandemic turbocharged the penetration of Chromebooks in the education industry.

    Chromebooks are also catching the attention of some decision makers in the enterprise environment.

    "In 2018, Chromebooks represented an incredible 60 percent of all laptop or tablet devices in K-12 -- up from zero percent when the first Chromebook launched during the summer break in 2011."
    – "Will Chromebooks Rule the Enterprise?" Computerworld

    "Chromebooks were the best performing PC products in Q3 2020, with shipment volume increasing to a record-high 9.4 million units, up a whopping 122% year-on-year."
    – Android Police

    "Until the pandemic, Chrome OS' success was largely limited to U.S. schools. Demand in 2020 appears to have expanded beyond that small but critical part of the U.S. PC market."
    – Geekwire

    "In addition to running a huge number of Chrome Extensions and Apps at once, Chromebooks also run Android, Linux and Windows apps."
    – "Will Chromebooks Rule the Enterprise?" Computerworld

    Managing Chromebooks

    Start with the Google Admin Console (GAC)

    GAC is necessary to initially manage Chrome OS devices.

    GAC gives you a centralized console that will allow you to:

    • Create organizational units
    • Add your Chromebook devices
    • Add users
    • Assign users to devices
    • Create groups
    • Create and assign policies
    • Plus more

    GAC can facilitate device management with features such as:

    • Control admin permissions
    • Encryption and update settings
    • App deployment, screen timeout settings
    • Perform a device wipe if required
    • Audit user activity on a device
    • Plus more

    Device and user addition, group and organizational unit creation and administration, applying policies to devices and users – does all this remind you of your Active Directory environment?

    GAC lets you administer users and devices with a similar approach.

    Managing Chromebooks

    Use Active Directory to manage Chromebooks.

    • Enable Active Directory (AD) management from within GAC and you will be able to integrate your Chromebook devices with your AD environment.
    • Devices will be visible in both the GAC and AD environment.
    • Use Windows Group Policy to manage devices and to push policies to users and devices.
    • Users can use their AD username and password to sign into Chromebook devices.
    • GAC can still be used for devices that are not synced with AD.

    Chromebooks can also be managed through these approved partners:

    • Cisco Meraki
    • Citrix XenMobile
    • IBM MaaS360
    • ManageEngine Mobile Device Manager Plus
    • VMware Workspace ONE

    Source: Google

    You must be running the Chrome Enterprise Upgrade and have any licenses required by the approved partner to take advantage of this management option. The partner admin policies supersede GAC.

    If you stop using the approved partner admin console to manage your devices, the polices and settings in GAC will immediately take over the devices.

    Microsoft still has the market share when it comes to device sales, and many administrators are already familiar with Microsoft's Active Directory. Google took advantage of that familiarity when it designed the Google Admin Console structure for users, groups, and organizational units.

    Chromebook Deployment

    Chromebook deployment becomes a challenge when device quantities grow. The enrollment process can be time consuming, and every device must be enrolled before it can be used by an employee or a student. Many admins enlist their full IT teams to assist in the short term. Some vendor partners may assist with distribution options if staffing levels permit. Recent developments from Google have opened additional options for device enrollment beyond the manual enrollment approach.

    Enrolling Chromebooks comes down to one of two approaches:

    1. Manually enrolling one device at a time
      • Users can assist by entering some identifying details during the enrollment if permitted.
      • Some third-party solutions exist, such as USB drives to reduce repetitive keystrokes or hubs to facilitate manually enrolling multiple Chromebooks simultaneously.
    2. Google's Chrome Enterprise Upgrade or the Chrome Education Upgrade
      • This allows you to let your users enroll devices after they accept the end-user license agreement.
      • You can take advantage of Google's vendor partner program and use a zero-touch deployment method where the Chromebook devices automatically receive the assigned policies, apps, and settings as soon as the device is powered on and an authorized user signs in.
      • The Enterprise Upgrade and the Education Upgrade do come with an annual cost per device, which is currently less than US$50.
      • The Enterprise and Education Upgrades come with other features as well, such as enhanced security.

    Chromebooks are automatically assigned to the top-level organizational unit (OU) when enrolled. Devices can be manually moved to another OU, but admins can also create enrollment policies to place newly enrolled devices in a specific OU or have the device locate itself in the same OU as the user.

    Chromebooks in Education

    GAC is also used with Education-licensed devices

    Most of the settings and features previously mentioned are also available for Education-licensed devices and users. Enterprise-specific features will not be available to Education licenses. (Active Directory integration with Education licenses, for example, is accomplished using a different approach)

    • Groups, policies, administrative controls, app deployment and management, adding devices and users, creating organizational units, and more features are all available to Education Admins to use.

    Education device policies and settings tend to focus more on protecting the students with controls such as:

    • Disable incognito mode
    • Disable location tracking
    • Disable external storage devices
    • Browser based protections such as Safe Search or Safe Browsing
    • URL blocking
    • Video input disable for websites
    • App installation prevention, auto re-install, and app blocking
    • Forced re-enrollment to your domain after a device is wiped
    • Disable Guest Mode
    • Restrict who can sign in
    • Audit user activity on a device

    When a student takes home a Chromebook assigned to them, that Chromebook may be the only computer in the household. Administrative polices and settings must take into account the fact that the device may have multiple users accessing many different sites and applications when the device is outside of the school environment.

    Chromebook Management Extended

    An online search for Chromebook management solutions will reveal several software solutions that augment the capabilities of the Google Admin Console. Many of these solutions are focused on the education sector and classroom and student options, although the features would be beneficial to enterprises and educational organizations alike.

    These solutions assist or augment Chromebook management with features such as:

    • Ability to sync with Google Admin Console
    • Ability to sync with student information systems, such as PowerSchool
    • Financial management, purchase details, and chargeback
    • Asset lifecycle management
    • 1:1 Chromebook distribution management
    • Repair programs and repair process management
    • Check-out/loan program management
    • Device distribution/allocation management, including barcode reader integration
    • Simple learning material distribution to the classroom for teachers
    • Facilitate GAC bulk operations
    • Manage inventory of non-IT assets such as projectors, TVs, and other educational assets
    • Plus more

    "There are many components to managing Chromebooks. Schools need to know which student has which device, which school has which device, and costs relating to repairs. Chromebook Management Software … facilitates these processes."
    – VIZOR

    MacBooks

    • MacBooks are gaining popularity in the Enterprise world.
    • Some admins claim MacBooks are less expensive in the long run over Windows-based PCs.
    • Users claim less issues when using a MacBook, and overall, companies report increased retention rates when users are using MacBooks.

    "Macs now make up 23% of endpoints in enterprises."
    – ComputerWeekly.com

    "When given the choice, no less than 72% of employees choose Macs over PCs."
    – "5 Reasons Mac is a must," Jamf

    "IBM says it is 3X more expensive to manage PCs than Macs."
    – Computerworld

    "74% of those who previously used a PC for work experienced fewer issues now that they use a Mac"
    – "Global Survey: Mac in the Enterprise," Jamf

    "When enterprise moves to Mac, staff retention rates improve by 20%. That's quite a boost! "
    – "5 Reasons Mac is a must," Jamf

    Managing MacBooks

    Can your existing UEM keep up?

    Many Windows unified endpoint management (UEM) tools can manage MacBooks, but most companies choose to use a dedicated MacBook management tool.

    • UEM tools that are primarily Windows focused do not typically go deep enough into the management capabilities of non-Windows devices.
    • Admins have noted limitations when it comes to using Windows UEM tools, and reasons they prefer a dedicated MacBook management solution include:
      • Easier to use
      • Faster response times when deploying settings and policies
      • Better control over notification settings and lock screen settings.
      • Easier Apple Business Manager (ABM) integration and provisioning.
    • Note that not every UEM will have the same limitations or advantages. Functionality is different between vendor products.

    Info-Tech Insight

    Most Windows UEM tools are constantly improving, and it is only a matter of time before they rival many of the dedicated MacBook management tools out there.

    Admins tend to agree that a Windows UEM is best for Windows while an Apple-based UEM is best for Apple devices.

    Managing MacBooks

    The market for "MacBook-first" management solutions includes a variety of players of varying ages such as:

    • Jamf
    • Kandji
    • Mosyle
    • SimpleMDM
    • Others

    MacBook-focused management tools can provide features such as:

    • Encryption and update settings
    • App deployment and lifecycle management
    • Remote device wipe, scan, shutdown, restart, and lock
    • Zero touch deployment and support
    • Location tracking
    • Browser content filtering
    • Enable, hide/block, or disable built-in features
    • Configure Wi-Fi, VPN, and certificate-based settings
    • Centralized dashboard with device and app listings as well as individual details
    • Data restrictions
    • Plus more

    Unified endpoint management (UEM) solutions that can provide MacBook management to some degree include (but are not limited to):

    • Intune
    • Ivanti
    • Endpoint Central
    • WorkspaceOne

    Dedicated solutions advocate integration with UEM solutions to take advantage of conditional access, security functionality, and data governance features.

    Jamf and Microsoft entered into a collaboration several years ago with the intention of making the MacBook management process easier and more secure.

    Microsoft Intune and Jamf Pro: Better together to manage and secure Macs
    Microsoft Conditional Access with Jamf Pro ensures that company data is only accessed by trusted users, on trusted devices, using trusted apps. Jamf extends this Enterprise Mobile + Security (EMS) functionality to Mac, iPhone and iPad.
    – "Microsoft Intune and Jamf Pro," Jamf

    Endpoint Management Selection Tool
    Activity

    There are many solutions available to manage end-user devices, and they come with a long list of options and features. Clarify your needs and define your requirements before you purchase another endpoint management tool. Don't purchase capabilities that you may never use.

    Use the Endpoint Management Selection Tool to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

    1. List out the desired features you want in an endpoint solution for your devices and record those features in the first column. Use the features provided, or add your own and edit or delete the existing ones if necessary.
    2. List your selected endpoint management solution vendors in each of the columns in place of "Vendor 1," "Vendor 2," etc.
    3. Fill out the spreadsheet by changing the corresponding desired feature cell under each vendor to a "yes" or "no" based on your findings while investigating each vendor solution.
    4. When you have finished your investigation, review your spreadsheet to compare the various offerings and pros and cons of each vendor.
    5. Select your endpoint management solution.

    Endpoint Management Selection Tool

    In the first column, list out the desired features you want in an endpoint solution for your devices. Use the features provided if desired, or add your own and edit or delete the existing ones if necessary. As you look into various endpoint management solution vendors, list them in the columns in place of "Vendor 1," "Vendor 2," etc. Use the "Desired Feature" list as a checklist and change the values to "yes" or "no" in the corresponding box under the vendors' names. When complete, you will be able to look at all the features and compare vendors in a single table.

    Desired Feature Vendor 1 Vendor 2 Vendor 3
    Organizational unit creation Yes No Yes
    Group creation Yes Yes Yes
    Ability to assign users to devices No Yes Yes
    Control of administrative permissions Yes Yes Yes
    Conditional access No Yes Yes
    Security policies enforced Yes No Yes
    Asset management No Yes No
    Single sign-on Yes Yes Yes
    Auto-deployment No Yes No
    Repair lifecycle tracking No Yes No
    Application deployment Yes Yes No
    Device tracking Yes Yes Yes
    Ability to enable encryption Yes No Yes
    Device wipe Yes No Yes
    Ability to enable/disable device tracking No No Yes
    User activity audit No No No

    Related Info-Tech Research

    this is a screenshot from Info-Tech's Modernize and Transform Your End-User Computing Strategy.

    Modernize and Transform Your End-User Computing Strategy
    This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?

    Best Unified Endpoint Management (UEM) Software 2022 | SoftwareReviews
    Compare and evaluate unified endpoint management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best unified endpoint management software for your organization.

    Best Enterprise Mobile Management (EMM) Software 2022 | (softwarereviews.com)
    Compare and evaluate enterprise mobile management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best enterprise mobile management software for your organization.

    Bibliography

    Bridge, Tom. "Macs in the enterprise – what you need to know". Computerweekly.com, TechTarget. 27 May 2022. Accessed 12 Aug. 2022.
    Copley-Woods, Haddayr. "5 reasons Mac is a must in the enterprise". Jamf.com, Jamf. 28 June 2022. Accessed 16 Aug. 2022.
    Duke, Kent. "Chromebook sales skyrocketed in Q3 2020 with online education fueling demand." androidpolice.com, Android Police. 16 Nov 2020. Accessed 10 Aug. 2022.
    Elgin, Mike. "Will Chromebooks Rule the Enterprise? (5 Reasons They May)". Computerworld.com, Computerworld. 30 Aug 2019. Accessed 10 Aug. 2022.
    Evans, Jonny. "IBM says it is 3X more expensive to manage PCs than Macs". Computerworld.com, Computerworld. 19 Oct 2016. Accessed 23 Aug. 2022.
    "Global Survey: Mac in the Enterprise". Jamf.com, Jamf. Accessed 16 Aug. 2022.
    "How to Manage Chromebooks Like a Pro." Vizor.cloud, VIZOR. Accessed 10 Aug. 2022.
    "Manage Chrome OS Devices with EMM Console". support.google.com, Google. Accessed 16 Aug. 2022.
    Protalinski, Emil. "Chromebooks outsold Macs worldwide in 2020, cutting into Windows market share". Geekwire.com, Geekwire. 16 Feb 2021. Accessed 22 Aug. 2022.
    Smith, Sean. "Microsoft Intune and Jamf Pro: Better together to manage and secure Macs". Jamf.com, Jamf. 20 April 2022. Accessed 16 Aug. 2022.

    Develop Necessary Documentation for GDPR Compliance

    • Buy Link or Shortcode: {j2store}258|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • It can be an overwhelming challenge to understand what documentation is required under the GDPR.

    Our Advice

    Critical Insight

    • Hiring the right data protection officer (DPO) isn’t always easy. The person you think might be best may result in a conflict of interest. Be aware of all requirements and be objective when hiring for this role.
    • Keep retention to the bare minimum. Limiting the amount of data you are responsible for limits your liability for protecting it.
    • Under the GDPR, cookies constitute personal data. They require a standalone policy, separate from the privacy policy. Ensure pop-up cookie notification banners require active consent and give users the clear opportunity to reject them.

    Impact and Result

    • Save time developing documents by leveraging ready-to-go templates for the DPO job description, retention documents, privacy notice, and cookie policy.
    • Establishing GDPR-compliance documentation will set the foundation for an overall compliant program.

    Develop Necessary Documentation for GDPR Compliance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Hire a data protection officer

    Understand the need for a DPO and what qualities to look for in a strong candidate.

    • Develop Necessary Documentation for GDPR Compliance Storyboard
    • Data Protection Officer Job Description Template

    2. Define retention requirements

    Understand your data retention requirements under the GDPR. Develop the necessary documentation.

    • Data Retention Policy Template
    • Data Retention Schedule Tool – GDPR

    3. Develop privacy and cookie policies

    Understand your website or application’s GDPR requirements to inform users on how you process their personal data and how cookies are used. Develop the necessary documentation.

    • Privacy Notice Template – External Facing
    • Cookie Policy Template – External Facing
    [infographic]

    TY Advisory Services

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    What is our TY advisory service?

    The TY advisory service is tailored to your needs. It combines the best of traditional IT consulting expertise with the analysis and remedial solutions of an expert bureau.

    When you observe specific symptoms, TY analyses the exact areas that contribute to these symptoms.

    TY specializes in IT Operations and goes really deep in that area.  We define IT Operations as the core service you deliver to your clients:

    When you see your operation running smoothly, it looks obvious and simple, but it is not. IT Operations is a concerto, under the leadership of a competent IT Ops Conductor-Manager. IT Ops keeps the lights on and ensures your reputation with your clients and the market as a whole as a predictable and dependable business partner. And we help you achieve this, based on more than 30 years of IT Ops experience.

    As most companies' business services are linked at the hip with IT, your IT Operations, in other words, are your key to a successful business.

    Value Consulting

    That is why we work via a simple value-based proposition. We discuss your wants and together discover your needs. Once we all agree, only then do we make our proposal. Anything you learned on the way, is yours to keep and use. 

    This means a fixed agreement to deliver the value we promise. No time and material, no extensions, no unforeseen charges.

    How can we deliver this?

    Gert has advised clients on what to do before issues happen. We have also worked to bring companies back from the brink after serious events. TY has brought services back after big incidents.

    You need to get it done, not in theory, but via actionable advice and if required, via our actions and implementation prowess. It's really elementary. Anyone can create a spreadsheet with to-do lists and talk about how resilience laws like DORA and NIS2 need to be implemented.

    It's not the talk that counts, it's the walk. Service delivery is in our DNA. Resilience is our life.

    Efficient policies, procedures and guidelines

    Good governance directly ensures happy clients because staff knows what to do when and allows them leeway in improving the service. And this governance will satisfy auditors.

    • Incident management

      Incidents erode client confidence in your service and company. You must get them fixed in accordance with their importance,  

    • Problem management

      You don't want repeat incidents! Tackle the root causes and fix issues permanently. Save money by doing this right. 

    • Change management

      You must update your services to stay the best in your field. Do it in a controlled yet efficient way. Lose overhead where you can, add the right controls where you must.

    • Configuration management

      The base for most of your processes. You gotta know what you have and how it works together to provide the services to your clients.

    • Monitoring

      IT monitoring delivers business value by catching issues before they become problems. With real-time insights into system performance and security, you can minimize downtime, improve efficiency, and make better decisions that keep your operations strong and your customers happy.

    • Service management

      Bring all the IT Operations services together and measure how they perform versus set business relevant KPI's 

    • Disaster Recovery

      Disaster recovery is your company's safety net for getting critical systems and data back up and running after a major disruption, focusing on fast IT recovery and minimizing financial and operational losses, whereas business continuity ensures the entire business keeps functioning during and after the crisis.

    • Business Continuity

      Business continuity is keeping your company running smoothly during disruptions by having the right plans, processes, and backups in place to minimize downtime and protect your operations, customers, and reputation. We go beyond disaster recovery and make sure your critical processes can continue to function. 

    • Exit Plans

      Hope for the best, but plan for the worst. When you embark on a new venture, know how to get out of it. Planning to exit is best done in the very beginning, but better late than when it is too late.

      Get up to speed

    Your biggest asset, the people who execute your business services

    We base our analysis on over 30 years experience in corporate and large volume dynamic services.  Unique to our service is that we take your company culture into account, while we adjust the mindset of the experts working in these areas.

    Your people are what will make these processes work efficiently. We take their ideas, hard capabilities and leadership capabilities into account and improve upon where needed. That helps your company and the people themselves. 

    We look at the existing governance and analyse where they are best in class or how we can make them more efficient. We identify the gaps and propose remedial updates. Our updates are verified through earlier work, vetted by first and second line and sometimes even regulators 

    Next we decide with you on how to implement the updates to the areas that need them. 

    How does the TY advisory service work?

    • 1. Contact TY

      Please schedule your complimentary 30-minute discovery call below.

    • 2. Discovery call

      There is no financial commitment required from you. During this meeting we discus further in detail the issue at hand and the direction of the ideal solution and the way of working.

    • 3. TY consolidates and prepares roadmap

      We take in the information of our talks and prepare the the roadmap to the individualized solution for you.

    • 4. Second meeting to finalize roadmap

      By now, TY has a good idea of how we can help you, and we have prepared a roadmap to solving the issue. In this meeting we present the way forward our way of working and what it will require from you.

      If you decide this is not what you expected, you are free to take the information provided so far and work with it yourself. 

    • 5. We get to work

      After the previous meeting and agreement in principle, you will have by now received our offer.

      When you decide to work together, we start our partnership and solve the issue. We work to ensure you are fully satisfied with the result.

    Let's get started

    Continue reading

    IT Organizational Design

    • Buy Link or Shortcode: {j2store}32|cart{/j2store}
    • Related Products: {j2store}32|crosssells{/j2store}
    • member rating overall impact: 9.1/10
    • member rating average dollars saved: $83,392
    • member rating average days saved: 21
    • Parent Category Name: People and Resources
    • Parent Category Link: /people-and-resources

    The challenge

    • IT can ensure full business alignment through an organizational redesign.
    • Finding the best approach for your company is difficult due to many frameworks and competing priorities.
    • External competitive influences and technological trends exacerbate this.

    Our advice

    Insight

    • Your structure is the critical enabler of your strategic direction. Structure dictates how people work together and how they can fill in their roles to create the desired business value. 
    • Constant change is killing for an organization. You need to adapt, but you need a stable baseline and make sure the change is in line with the overall strategy and company context.
    • A redesign is only successful if it really happens. Shifting people into new positions is not enough to implement a redesign. 

    Impact and results 

    • Define your redesign principles. They will act as a manifesto to your change. It also provides for a checklist, ensuring that the structure does not deviate from the business strategy.
    • Visualize the new design with a customized operating model for your company. It must demonstrate how IT creates value and supports the business value creation chains.
    • Define the future-state roles, functions, and responsibilities to enable your IT department to support the business effectively.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief explains to you the challenges associated with the organizational redesign. We'll show you our methodology and the ways we can help you in completing this.

    Define your organizational design principles and select your operating model

    The design principles will govern your organizational redesign; Align the principles with your business strategy.

    • Redesign Your IT Organizational Structure – Phase 1: Craft Organizational Design Principles and Select an IT Operating Model (ppt)
    • Organizational Design Communications Deck (ppt)

    Customize the selected IT operating model to your company

    Your operating model must account for the company's nuances and culture.

    • Redesign Your IT Organizational Structure – Phase 2: Customize the IT Operating Model (ppt)
    • Operating Models and Capability Definition List (ppt)

    Design the target-state of your IT organizational structure

    Go from an operating model to the structure fit for your company.

    • Redesign Your IT Organizational Structure – Phase 3: Architect the Target-State IT Organizational Structure (ppt)
    • Organizational Design Capability RACI Chart (xls)
    • Work Unit Reference Structures (Visio)
    • Work Unit Reference Structures (pdf)

    Communicate the benefits of the new structure

    Change does not come easy. People will be anxious. Craft your communications to address critical concerns and obtain buy-in from the organization. If the reorganization will be painful, be up-front on that, and limit the time in which people are uncertain.

    • Redesign Your IT Organizational Structure – Phase 4: Communicate the Benefits of the New Organizational Structure (ppt)

     

    Build a Zero Trust Roadmap

    • Buy Link or Shortcode: {j2store}253|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $48,932 Average $ Saved
    • member rating average days saved: 42 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Many IT and security leaders struggle to understand zero trust and how best to deploy it with their existing IT resources.
    • The need to move from a perimeter-based approach to security toward an “Always Verify” approach is clear. The path to getting there is complex and expensive.
    • Zero trust as a principle is a moving target due to competing definitions and standards. A strategy that adapts evolving best practices must be supported by business stakeholders.
    • Full zero trust includes many components. Performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.

    Our Advice

    Critical Insight

    Apply zero trust to key protect surfaces. A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Impact and Result

    Every organization should have a zero trust strategy and the roadmap to deploy it must always be tested and refined. Our unique approach:

    • Assess resources and determine zero trust readiness.
    • Prioritize initiatives and build out roadmap.
    • Deploy zero trust and monitor with zero trust progress metrics.

    Build a Zero Trust Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a Zero Trust Roadmap Deck – The purpose of the storyboard is to provide a detailed description of the steps involving in building a roadmap for implementing zero trust.

    The storyboard contains five easy-to-follow steps on building a roadmap for implementing zero trust, from aligning initiatives to business goals to establishing metrics for measuring the progress and effectiveness of a zero trust implementation.

    • Build a Zero Trust Roadmap – Phases 1-5

    2. Zero Trust Protect Surface Mapping Tool – A tool to identify key protect surfaces and map them to business goals.

    Use this tool to develop your zero trust strategy by having it focus on key protect surfaces that are aligned to the goals of the business.

    • Zero Trust Protect Surface Mapping Tool

    3. Zero Trust Program Gap Analysis Tool – A tool to perform a gap analysis between the organization's current implementation of zero trust controls and its desired target state and to build a roadmap to achieve the target state.

    Use this tool to develop your zero trust strategy by creating a roadmap that is aligned with the current state of the organization when it comes to zero trust and its desired target state.

    • Zero Trust Program Gap Analysis Tool

    4. Zero Trust Candidate Solutions Selection Tool – A tool to identify and evaluate solutions for identified zero trust initiatives.

    Use this tool to develop your zero trust strategy by identifying the best solutions for zero trust initiatives.

    • Zero Trust Candidate Solutions Selection Tool

    5. Zero Trust Progress Monitoring Tool – A tool to identify metrics to measure the progress and efficiency of the zero trust implementation.

    Use this tool to develop your zero trust strategy by identifying metrics that will allow the organization to monitor how the zero trust implementation is progressing, and whether it is proving to be effective.

    • Zero Trust Progress Monitoring Tool

    6. Zero Trust Communication Deck – A template to present the zero trust template to key stakeholders.

    Use this template to present the zero trust strategy and roadmap to ensure all key elements are captured.

    • Zero Trust Communication Deck

    Infographic

    Workshop: Build a Zero Trust Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Business Goals and Protect Surfaces

    The Purpose

    Align business goals to protect surfaces.

    Key Benefits Achieved

    A better understanding of how business goals can map to key protect surfaces and their associated DAAS elements.

    Activities

    1.1 Understand business and IT strategy and plans.

    1.2 Define business goals.

    1.3 Identify five critical protect surfaces and their associated DAAS elements.

    1.4 Map business goals and protect surfaces.

    Outputs

    Mapping of business goals to key protect surfaces and their associated DAAS elements.

    2 Begin Gap Analysis

    The Purpose

    Identify and define zero trust initiatives.

    Key Benefits Achieved

    A list of zero trust initiatives to be prioritized and set into a roadmap.

    Activities

    2.1 Assess current security capabilities and define the zero trust target state for a set of controls.

    2.2 Identify tasks to close maturity gaps.

    2.3 Assign tasks to zero trust initiatives.

    Outputs

    Security capabilities current state assessment

    Zero trust target state

    Tasks to address maturity gaps

    3 Complete Gap Analysis

    The Purpose

    Complete the zero trust gap analysis and prioritize zero trust initiatives.

    Key Benefits Achieved

    A prioritized list of zero trust initiatives aligned to business goals and key protect surfaces.

    Activities

    3.1 Align initiatives to business goals and key protect surfaces.

    3.2 Conduct cost/benefit analysis on zero trust initiatives.

    3.3 Prioritize initiatives.

    Outputs

    Zero trust initiative list mapped to business goals and key protect surfaces

    Prioritization of zero trust initiatives

    4 Finalize Roadmap and Formulate Policies

    The Purpose

    Finalize the zero trust roadmap and begin to formulate zero trust policies for roadmap initiatives.

    Key Benefits Achieved

    A zero trust roadmap of prioritized initiatives.

    Activities

    4.1 Define solution criteria.

    4.2 Identify candidate solutions.

    4.3 Evaluate candidate solutions.

    4.4 Finalize roadmap.

    4.5 Formulate policies for critical DAAS elements.

    4.6 Establish metrics for high-priority initiatives.

    Outputs

    Zero trust roadmap

    Zero trust policies for critical protect surfaces

    Method for defining zero trust policies for candidate solutions

    Metrics for high-priority initiatives

    Further reading

    Build a Zero Trust Roadmap

    Leverage an iterative and repeatable process to apply zero trust to your organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Internet is the new corporate network.

    For the longest time we have focused on reducing the attack surface to deter malicious actors from attacking organizations, but I dare say that has made these actors scream “challenge accepted.” With sophisticated tools, time, and money in their hands, they have embarrassed even the finest of organizations. A popular hybrid workforce and rapid cloud adoption have introduced more challenges for organizations, as the security and network perimeter have shifted and the internet is now the corporate network. Suffice it to say that a new mindset needs to be adopted to stay on top of the game.

    The success of most attacks is tied to denial of service, data exfiltration, and ransom. A shift from focusing on the attack surface to the protect surface will help organizations implement an inside-out architecture that protects critical infrastructure, prevents the success of any attack, makes it difficult to gain access, and links directly to business goals.

    Zero trust principles aid that shift across several pillars (Identity, Device, Application, Network, and Data) that make up a typical infrastructure; hence, the need for a zero trust roadmap to accomplish that which we desire for our organization.

    Victor Okorie
    Senior Research Analyst, Security and Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Many IT and security leaders struggle to understand zero trust and how best to deploy it with their existing IT resources.
    • The need to move from a perimeter-based approach to security toward an “Always Verify” approach is clear. The path to getting there is complex and expensive.

    Common Obstacles

    • Zero trust as a principle is a moving target due to competing definitions and standards. A strategy that adapts evolving best practices must be supported by business stakeholders.
    • Full zero trust includes many components. Performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.

    Info-Tech’s Approach

    • Every organization should have a zero trust strategy and the roadmap to deploy it must always be tested and refined.
    • Our unique approach:
      • Assess resources and determine zero trust readiness.
      • Address barriers and identify enablers.
      • Prioritize initiatives and build out roadmap.
      • Identify most appropriate vendors via vendor selection framework.
      • Deploy zero trust and monitor with zero trust progress metrics.

    Info-Tech Insight

    A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Your challenge

    This research is designed to help organizations:

    • Understand what zero trust is and decide how best to deploy it with their existing IT resources. Zero trust is a set of principles that defaults to the highest level of security; a failed implementation can easily disrupt the business. A pragmatic zero trust implementation must be flexible and adaptable yet maintain a consistent level of protection.
    • Move from a perimeter-based approach to security toward an “Always Verify” approach. The path to getting there is complex without a clear understanding of desired outcomes. Focusing efforts on key protection gaps and leveraging capable controls in existing architecture allows for a repeatable process that carries IT, security, and the business along on the journey.

    On this zero trust journey, identify your valuable assets and zero trust controls to protect them.

    Top three reasons for building a zero trust strategy

    44%

    Reduce attacker’s ability to move laterally

    44%

    Enforce least privilege access to critical resources

    41%

    Reduce enterprise attack surface

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Due to zero trust’s many components, performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.
      • To feel ready to implement and to understand the benefits of zero trust, IT must first understand what zero trust means to the organization.
    • Zero trust as a set of principles is a moving target, with many developing standards and competing technology definitions. A strategy built around evolving best practices must be supported by related business stakeholders.
      • To ensure support, IT must be able to “sell” zero trust to business stakeholders by illustrating the value zero trust can bring to business objectives.

    43%

    Organizations with a full implementation of zero trust saved 43% on the costs of data breaches.
    (Source: Teramind, 2021)

    96%

    Zero trust is considered key to the success of 96% of organizations in a survey conducted by Microsoft.
    (Source: Microsoft, 2021)

    What is zero trust?

    It depends on who you ask…

    • Vendors use zero trust as a marketing buzzword.
    • Organizations try to comprehend zero trust in their own limited views.
    • Zero trust regulations/standards are still developing.

    “A cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.”

    Source: NIST, SP 800-207: Zero Trust Architecture, 2020

    “An evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.”

    Source: DOD, Zero Trust Reference Architecture, 2021

    “A security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries.”

    Source: NSA, Embracing a Zero Trust Security Model, 2021

    “Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”

    Source: CISA, Zero Trust Maturity Model, 2021

    “The foundational tenet of the zero trust model is that no actor, system, network, or service operating outside or within the security perimeter is trusted.”

    Source: OMB, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles, 2022

    What is zero trust?

    From Theoretical to Practical

    Zero trust is an ideal in the literal sense of the word, because it is a standard defined by its perfection. Just as nothing in life is perfect, there is no measure that determines an organization is absolutely zero trust. The best organizations can do is improve their security iteratively and get as close to ideal as possible.

    In the most current application of zero trust in the enterprise, a zero trust strategy applies a set of principles, including least-privilege access and per-request access enforcement, to minimize compromise to critical assets. A zero trust roadmap is a plan that leverages zero trust concepts, considers relationships between technical elements as well as security solutions, and applies consistent access policies to minimize areas of exposure.

    Zero Trust; Identity; Workloads & Applications; Network; Devices; Data

    Info-Tech Insight

    Solutions offering zero trust often align with one of five pillars. A successful zero trust implementation may involve a combination of solutions, each protecting the various data, application, assets, and/or services elements in the protect surface.

    Zero trust business benefits

    Reduce business and organizational risk

    Reduced business risks as continuous verification of identity, devices, network, applications, and data is embedded in the organizations practice.

    36% of data breaches involved internal actors.
    Source: Verizon, 2021

    Reduce CapEx and OpEx

    Reduced CapEx and OpEx due to the scalability, low staffing requirement, and improved time-to-respond to threats.
    Source: SecurityBrief - Australia, 2020.

    Reduce scope and cost of compliance

    Helps achieve compliance with several privacy standards and regulations, improves maturity for cyber insurance premium, and fewer gaps during audits.

    Scope of compliance reduced due to segmentation.

    Reduce risk of data breach

    Reduced risk of data breach in any instance of a malicious attack as there’s no lateral movement, secure segment, and improved visibility.

    10% Increase in data breach costs; costs went from $3.86 million to $4.24 million.
    Source: IBM, 2021

    This is an image of a thought map detailing Info-Tech's Build A Zero Trust Roadmap.  The main headings are: Define; Design; Develop; Monitor

    Info-Tech’s methodology for Building a Zero Trust Roadmap

    1. Define Business Goals and Protect Surfaces

    2. Assess Key Capabilities and Identify Zero Trust Initiatives

    3. Evaluate Candidate Solutions and Finalize Roadmap

    4. Formulate Policies for Roadmap Initiatives

    5. Monitor the Zero Trust Roadmap Deployment

    Phase Steps

    Define business goals

    Identify critical DAAS elements

    Map business goals to critical DAAS elements

    1. Review the Info-Tech framework
    2. Assess current capabilities and define the zero trust target state
    3. Identify tasks to close gaps
    4. Define tasks and initiatives
    5. Align initiatives to business goals and protect surfaces
    1. Define solution criteria
    2. Identify candidate solutions
    3. Evaluate candidate solutions
    4. Perform cost/benefit analysis
    5. Prioritize initiatives
    6. Finalize roadmap
    1. Formulate policies for critical DAAS elements
    2. Formulate policies to secure a path to access critical DAAS elements
    1. Establish metrics for roadmap tasks
    2. Track and report metrics
    3. Build a communication deck

    Phase Outcomes

    Mapping of business goals to protect surfaces

    Gap analysis of security capabilities

    Evaluation of candidate solutions and a roadmap to close gaps

    Method for defining zero trust policies for candidate solutions

    Metrics for measuring the progress and efficiency of the zero trust implementation

    Protect what is relevant

    Apply zero trust to key protect surfaces

    A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Align protect surfaces to business objectives

    Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.

    Identify zero trust capabilities

    Deriving protect surface elements from business goals reframes how security controls are applied. Assess control effectiveness in this context and identify zero trust capabilities to close any gaps.

    Roadmap first, not solution first

    Don’t let your solution dictate your roadmap. Define your zero trust solution criteria before engaging in vendor selection.

    Create enforceable policies

    The success of a zero trust implementation relies on consistent enforcement. Applying the Kipling methodology to each protect surface is the best way to design zero trust policies.

    Success should benefit the organization

    To measure the efficacy of a zero trust implementation, ensure you know what a successful zero trust implementation means for your organization, and define metrics that demonstrate whether that success is being realized.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Zero Trust Communication Deck

    Present your zero trust strategy in a prepopulated document that summarizes the work you have completed as a part of this blueprint.

    Zero Trust Protect Surface Mapping Tool

    Identify critical and vulnerable DAAS elements to protect and align them to business goals.

    Zero Trust Program Gap Analysis Tool

    Perform a gap analysis between current and target states to build a zero trust roadmap.

    Zero Trust Candidate Solutions Selection Tool

    Determine and evaluate candidate solutions based on defined criteria.

    Zero Trust Progress Monitoring Tool

    Develop metrics to track the progress and efficiency of the organization’s zero trust implementation.

    Blueprint benefits

    IT Benefits

    • A mapped transaction flow of critical and vulnerable assets and visibility of where to implement security controls that aligns with the principle of zero trust.
    • Improved security posture across the digital attack surface while focusing on the protect surface.
    • An inside-out architecture that leverages current existing architecture to tighten security controls, is automated, and gives granular visibility.

    Business Benefits

    • Reduced business risks as continuous verification of identity, devices, network, applications, and data is embedded in the organization’s practice.
    • Reduced CapEx and OpEx due to the scalability, low staffing requirement, and improved time-to-respond to threats.
    • Helps achieve compliance with several privacy standards and regulations, improves maturity for cyber insurance premium, and fewer gaps during audits.
    • Reduced risk of data breach in any instance of a malicious attack.

    Measure the value of this blueprint

    Save an average of $1.76 million dollars in the event of a data breach

    • This research set seeks to help organizations develop a mature zero trust implementation which, according to IBM’s “Cost of a Data Breach 2021 Report,” saves organizations an average of $1.76 million in the event of a data breach.
    • Leverage phase 5 of this research to develop metrics to track the implementation progress and efficacy of zero trust tasks.

    43%

    Organizations with a mature implementation of zero trust saved 43%, or $1.76 million, on the costs of data breaches.
    Source: IBM, 2021

    In phase 2 of this blueprint, we will help you establish zero trust implementation tasks for your organization.

    In phase 3, we will help you develop a game plan and a roadmap for implementing those tasks.

    This image contains a screenshot info-tech's methodology for building a zero-trust roadmap, discussed earlier in this blueprint

    Executive Brief Case Study

    National Aeronautics and Space Administration (NASA)

    INDUSTRY: Government

    SOURCE: Zero Trust Architecture Technical Exchange Meeting

    NASA recognized the potential benefits of both adopting a zero trust architecture (including aligning with OMB FISMA and DHS CDM DEFEND) and improving NASA systems, especially those related to user experience with dynamic access, application security with sole access from proxy, and risk-based asset management with trust score. The trust score is continually evaluated from a combination of static factors, such as credential and biometrics, and dynamic factors, such as location and behavior analytics, to determine the level of access. The enhanced access mechanism is projected on use-case flows of users and external partners to analyze the required initiatives.

    The lessons learned in adapting zero trust were:

    • Focus on access to data, assets, applications, and services; and don’t select solutions or vendors too early.
    • Provide support for mobile and external partners.
    • Complete zero trust infrastructure and services design with holistic risk-based management, including network access control with software-defined networking and an identity management program.
    • Develop a zero trust strategy that aligns with mission objectives.

    Results

    NASA implemented zero trust architecture by leveraging the agency existing components on a roadmap with phases related to maturity. The initial development includes privileged access management, security user behavior analytics, and a proof-of-concept lab for evaluating the technologies.
    Case Study Source: NASA, “Planning for a Zero Trust Architecture Target State,” 2019

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5
    Call #1:
    Scope requirements, objectives, and your specific challenges.

    Call #3:
    Define current security capabilities and zero trust target state.

    Call #5:

    Identify and evaluate solution criteria.

    Call #7:
    Create a process for formulating zero trust policies.

    Call #8:
    Establish metrics for assessing the implementation and effectiveness of zero trust.

    Call #2:
    Identify business goals and protect surfaces.

    Call #4:
    Identify gap-closing tasks and assign to zero trust initiatives.

    Call #6:
    Prioritize zero trust initiatives.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
    A typical GI is between 8 to 12 calls over the course of 2 to 4 months.

    Workshop Overview

    Contact your account representative for more information.workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5

    Define Business Goals and Protect Surfaces

    Begin Gap Analysis

    Complete Gap Analysis

    Finalize Roadmap and Formulate Policies

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1 Understand business and IT strategy and plans.

    1.2 Define business goals.

    1.3 Identify five critical protect surfaces and their associated DAAS elements.

    1.4 Map business goals and protect surfaces.

    2.1 Assess current security capabilities and define the zero Trust target state for a set of controls.

    2.2 Identify tasks to close maturity gaps.

    2.3 Assign tasks to zero trust initiatives.

    3.1 Align initiatives to business goals and key protect surfaces.

    3.2 Conduct cost/benefit analysis on zero trust initiatives.

    3.3 Prioritize initiatives.

    4.1 Define solution criteria.

    4.2 Identify candidate solutions.

    4.3 Evaluate candidate solutions.

    4.4 Finalize roadmap.

    4.5 Formulate policies for critical DAAS elements.

    4.6 Establish metrics for high-priority initiatives.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. 1.Mapping of business goals to key protect surfaces and their associated DAAS elements
    1. Security capabilities current state assessment
    2. Zero trust target state
    3. Tasks to address maturity gaps
    1. Zero trust initiative list mapped to business goals and key protect surfaces
    2. Prioritization of zero trust initiatives
    1. Zero trust roadmap
    2. Zero trust policies for critical protect surfaces
    3. Method for defining zero trust policies for candidate solutions
    4. Metrics for high-priority initiatives
    1. Zero trust roadmap documentation
    2. Mapping of Info-Tech resources against individual initiatives

    Phase 1

    Define Business Objectives and Protect Surfaces

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Identify and define the business goals.
    • Identify the critical DAAS elements and protect surface.
    • Align the business goals to the protect surface and critical DAAS elements.

    This phase involves the following participants:

    • Security Team
    • Business Executives
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management

    Analyze your business goals

    Identifying business goals is the first step in aligning your zero trust roadmap with your business’ vision.

    • Security leaders need to understand the direction the business is headed in.
    • Wise security investments depend on aligning your security initiatives to business objectives.
    • Zero trust, and information security at large, should contribute to your organization’s business objectives by supporting operational performance, ensuring brand protection and shareholder value.
      • For example, if the organization is working on a new business initiative that requires the handling of credit card payments, the security organization needs to know as soon as possible to ensure the zero trust architecture will be extended to protect the PCI data and enable the organization to be PCI compliant.

      Info-Tech Insight

      Security and the business need to be in alignment when implementing zero trust. Defining the business goal helps rationalize the need for a zero trust implementation.

    1.1 Define your organization’s business goals

    Estimated time 1-3 hours

    1. As a group, brainstorm the business goals of the organization.
    2. Review relevant business and IT strategies.
    3. Review the business goal definitions in tab “2. Business Objectives” of the Zero Trust Protect Surface Mapping Tool, including the key goal indicator metrics.
    4. Record the most important business goals in the Business Goal column on tab “3. Protect Surfaces” of the Zero Trust Protect Surface Mapping Tool. Try to limit the number of business goals to no more than five primary goals. This limitation will be critical to help map the protect surface and the zero trust roadmap later.

    Input

    • Business and IT strategies

    Output

    • Prioritized list of business objectives

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • Security Team
    • IT Leadership
    • Business Stakeholders
    • Risk Management
    • Compliance
    • Legal

    Download the Zero Trust Protect Surface Mapping Tool

    Info-Tech Insight

    Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.

    What does zero trust mean for you?

    For a successful implementation, focus on your zero trust outcome.

    This image describes the Who, What, When, Where, Why, and How for Zero Trust.

    Regardless of whether the user is accessing resources internally or externally, zero trust is posed to authenticate, authorize, and continuously verify the security policies and posture before access is granted or denied. Many network architecture can be local, cloud based, or hybrid and with users working from any location, there is no network perimeter as we knew it and the internet is now the corporate network.

    Zero trust framework seeks to extend the perimeter-less security to the present digital transformation.

    Understand protect surface

    Data, Application, Asset, and Services

    A protect surface can be described as what’s critical, most vulnerable, or most valuable to your organization. This protect surface could include at least one of the following – data, assets, applications, and services (DAAS) – that requires protection. This is also the area that zero trust policy is aimed to protect. Understanding what your protect surface is can help channel the required energy into protecting that which is crucial to the business, and this aligns with the shift from focusing on the attack surface to narrowing it down to a smaller and achievable area of protection.

    Anything and everything that connects to the internet is a potential attack surface and pursuing every loophole will leave us one step behind due to lack of resources. Since a protect surface contains one or more DAAS element, the micro-perimeter is created around it and the appropriate protection is applied around it. As a team, we can ask ourselves this question when thinking of our protect surface: to what degree does my organization want me to secure things? The knowledge of the answer to this question can be tied to the risk tolerance level of the organization and it is only fair for us to engage the business in identifying what the protect surface should be.

    Components of a protect surface

    • Data
    • Application
    • Asset
    • Services

    Info-Tech Insight

    The protect surface is a shift from focusing on the attack surface. DAAS elements show where the initiatives and controls associated with the zero trust pillars (Identity, Devices, Network, Application, and Data) need to be applied.

    Sample Scenario

    INDUSTRY: Healthcare

    SOURCE: Info-Tech Research Group

    Illustration

    A healthcare provider would consider personal health information a critical resource worthy of being protected against data exfiltration due to a host of reasons including but not limited to privacy regulations, loss of revenue, legal, and reputational loss; hence, this would be considered a protect surface.

    • What is the data that can’t be risked exfiltrated?
    • What application(s) is used to access this data?
    • What assets are used to generate and store the data?
    • What are the services we rely on to be able to access the data?

    DAAS Element

    • The data here is the patient information.
    • The application used to access the personal health information would be EPIC, OR list, and any other application used in that organization.
    • The assets used to store the data and generate the PHI would include physical workstations, medical scanners, etc.
    • The services that can be exploited to disrupt the operation or used to access the data would include active directory, single sign-on, etc.

    DAAS and Zero Trust Pillar

    This granular identification provides an opportunity to not only see what the protect surface and DAAS elements are but also understand where to apply security controls that align with the principle of zero trust as well as how the transaction flows. The application pillar initiatives will provide protection to the EPIC application and the device pillar initiatives will provide protection to the workstations and physical scanners. The identity pillar initiatives will apply protection to the active directory, and single sign-on services. The zero trust pillar initiatives align with the protection of the DAAS elements.

    Shift from attack surface to protect surface

    This image contains a screenshot of the thought map: Shift from attack surface to protect surface.  Go from complex to a micro perimeter approach.

    Info-Tech Insight

    The protect surface is a shift from focusing on the attack surface as it creates a micro-perimeter for the application of zero trust policies on the system. This drastically reduces the success of an attack whether internally or externally, reduces the attack surface, and is also repeatable.

    1.2 Identify critical DAAS elements

    Estimated time 1-3 hours

    1. As a group, brainstorm and identify critical, valuable, sensitive assets or resources requiring high availability in the organization. Each DAAS element is part of a protect surface, or sometimes, the DAAS element itself is a protect surface.
    • Data – The sensitive data that poses the greatest risk if exfiltrated or misused. What data needs to be protected?
    • Applications – The applications that use sensitive data or control critical assets. Which applications are critical for your business functions?
    • Assets – Physical or virtual assets, including an organization’s information technology (IT), operational technology (OT), or Internet of Things devices.
    • Services – The services an organization most depends on. Services that can be exploited to disrupt normal IT or business operations.
  • Record the critical DAAS elements and protect surface in their respective columns of the Zero Trust Protect Surface Mapping Tool. Try to limit the number of business goals to no more than five primary protect surfaces to match with the business goals.
  • Download the Zero Trust Protect Surface Mapping Tool

    Input

    • Critical resources to protect
    • Understanding of how they interoperate or connect

    Output

    • Protect surfaces

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • Security Team
    • IT Leadership
    • Business Stakeholders

    1.3 Map business goals to critical DAAS elements

    Estimated time 1-2 hours

    1. The protect surface will be generated from the critical DAAS elements as a standalone protect surface or a group of interconnected DAAS elements merged into one.
    • Each protect surface can be tied back to a business objective.
  • Select from the drop-down list of business objectives the option that fits the identified protect surface as it relates to the organization.
    • Type in your business objectives if the drop-down list does not apply.

    Download the Zero Trust Protect Surface Mapping Tool

    This image contains a screenshot from the Zero Trust Protect Surface Mapping Tool, with the following columns highlighted: Business Goal Name; Protect Surface Name

    Phase 2

    Assess Key Capabilities and Identify Zero Trust Initiatives

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Assess the organization’s current capabilities.
    • Define the zero trust target state.
    • Identify tasks to close gaps
    • Define zero trust initiatives and align zero trust initiatives to business goals and protect surfaces.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    The Info-Tech Zero Trust Framework

    Info-Tech’s Zero Trust Framework aligns with zero trust references, including:

    • ACT Zero Trust Cybersecurity Current Trends. 2019
    • NIST SP 800-207: Zero Trust Architecture. 2020
    • DOD Zero Trust Reference Architecture. 2021
    • NSA Embracing a Zero Trust Security Model. 2021
    • CISA Zero Trust Maturity Model. 2021
    • Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, The White House. 2021
    • OMB Moving the U.S. Government Toward Zero Trust Cybersecurity Principles. 2022
    • NSTAC Zero Trust and Trusted Identity Management. 2022
    • NIST SP 800-53 r5: Security and Privacy Controls for Information Systems and Organizations

    Identity

    • Authentication
    • Authorization
    • Privileged Access Management

    Applications

    • Software Defined Compute
    • DevSecOps
    • Software Supply Chain

    Devices

    • Authentication
    • Authorization
    • Compliance

    Networks

    • Software Defined Networking
    • Macro Segmentations
    • Micro Segmentation

    Data

    • Software Defined Storage
    • Data Loss Prevention
    • Data Rights Management

    Info-Tech Insight

    A best-of-breed approach ensures holistic coverage of your zero trust program while refraining from locking you into a specific reference.

    2.1 Review the Info-Tech framework

    Estimated time 30-60 minutes

    1. As a group, have the team review the framework within the Zero Trust Program Gap Analysis Tool.
    2. Customize the tool as required using the instructions in tab “2. Setup”:
    • Define costing criteria
    • Define benefits criteria
    • Configure full-time equivalent hours and start year
    • Input business goals as mapped to protect surfaces (see next slide)

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Protect surfaces mapped to business objectives

    Output

    • Customized framework

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    2.1.1 Input business goals as mapped to protect surfaces

    Refer to the Protect Surface Mapping Tool, copy the following elements from the Protect Surface tab.

    1. Enter Business Goals.
    2. Enter Protect Surfaces.
    3. Enter Data.
    4. Enter Application.
    5. Enter Assets.
    6. Enter Services.

    This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool.  The Column headings are labeled as follows: 1: Business Goal Name; 2: Protect Surface; 3: DATA; 4: APPLICATION; 5: ASSETS; 6: SERVICES

    Info-Tech Insight

    Deriving protect surface elements from business goals reframes how security controls are applied. Assess control effectiveness in this context and identify zero trust capabilities to close any gaps.

    2.2 Assess current capabilities and define zero trust target state

    Estimated time 6-12 hours

    1. Using the Zero Trust Program Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to complete your current-state and target-state assessment.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Protect surfaces mapped to business objectives
    • Information on current state of controls, including sources such as audit findings, vulnerability and penetration test results, and risk registers

    Output

    • Current-state and target-state assessment for gap analysis

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management

    Understanding security target states

    Maturity models are very effective for determining target states. This table provides general descriptions for each maturity level. As a group, consider which description most accurately reflects the ideal target state in your organization.

    AD HOC 01

    Initial/ad hoc security programs are reactive. Lacking strategic vision, these programs are less effective and less responsive to the needs of the business.

    DEVELOPING 02

    Developing security programs can be effective at what they do but are not holistic. Governance is largely absent. These programs tend to rely on the talents of individuals rather than a cohesive plan.

    DEFINED 03

    A defined security program is holistic, documented, and proactive. At least some governance is in place; however, metrics are often rudimentary and operational in nature. These programs still often rely on best practices rather than strong risk management.

    MANAGED 04

    Managed security programs have robust governance and metrics processes. Management and board-level metrics for the overall program are produced. These are reviewed by business leaders and drive security decisions. More mature risk management practices take the place of best practices.

    OPTIMIZED 05

    An optimized security program is based on strong risk management practices, including the production of key risk indicators (KRIs). Individual security services are optimized using key performance indicators (KPIs) that continually measure service effectiveness and efficiency.

    2.2.1 Conduct current-state assessment

    1. Carefully review each of the controls in the Gap Analysis tab that are needed for the protect surfaces. For each control, indicate the current maturity level of the organization. The tool uses the maturity levels of the CMMI model to score maturity.
    • Only use “N/A” if you are confident that the control is not required in your protect surfaces. For example, if the protect surfaces do not require or use software-defined computing, select “N/A” for any controls related to software-defined computing.
  • Provide comments to describe your current state. This step is optional but recommended as it may be important to record this information for future reference.
  • Select the target maturity for the control.
  • This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, with the following column headings highlighted and numbered: 1: Current Maturity; 2: Current State Comments (optional); Target Maturity

    Make sure that the gap between target state and current state is achievable for the current zero trust roadmap. For instance, if you set your current maturity to 1 – Ad Hoc, then having a target maturity of 4 – Managed or 5 – Optimized is not recommended due to the big jump.

    2.2.2 Review the Gap Analysis Dashboard

    1. Use the Dashboard to map your progress on assessing current- and future-state maturities. As you fill out the Zero Trust Program Gap Analysis Tool, check with the Dashboard to see the difference between your current and target state.
    2. Use the color-coded legend to see the size of the gap between your current and target state.
    3. Zero trust processes that appear white have not yet been assessed or are rated as “N/A.”
    this image contains a screenshot of Info-tech's Zero-Trust framework discussed earlier in this blueprint, with the addition of a legend demonstrating how to use the gap analysis tool to identify the size of the gap between current and target states

    2.3 Identify tasks to close gaps

    Estimated time 5 hours

    1. Using the Zero Trust Program Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to identify gap closure tasks for each control that requires improvement.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Zero trust controls gap information

    Output

    • Gap closure task list

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management

    2.3 Identify tasks to close gaps (cont.)

    1. For each of the controls where there is a gap between the current and target state, a gap closure task should be identified:
    • Review the example tasks and copy one or more of them if appropriate. Otherwise, enter your own gap closure task.
  • Considerations for identifying gap closure tasks:
    • In small groups, have participants ask, “what would we have to do to achieve the target state?” Document these in the Gap Closure Tasks column.
    • The example gap closure tasks may be appropriate for your organization, but do not simply copy them without considering whether they are right for you.
    • Not all gaps require their own task. You can enter one task that may address multiple gaps.
    • Be aware that tasks that are along the lines of “investigate and make recommendations” may not fully close maturity gaps.
    this image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, with the following column heading highlighted and numbered: 1: Gap Closure Tasks

    Make sure that the Gap Closure Tasks are SMART (Specific, Measurable, Achievable, Realistic, Timebound).

    2.4 Define tasks and initiatives

    Estimated time 2-4 hours

    1. As a group, review the gap tasks identified in the Gap Analysis tab.
    2. Using the instructions on the following slides, finalize your tab “5. Task List.”
    3. Using the instructions on the following slides, review and consolidate your tab “6. Initiative List.”

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Gap analysis

    Output

    • Refined list of tasks
    • List of zero trust initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    2.4.1 Finalize your task list

    1. Define the gap closure task list in tab “5. Task List”:
      1. Obtain a list of all your tasks from Gap Closure Tasks column in tab “3. Gap Analysis.”
      2. Paste the list into the table in tab “5. Task List,” Task column.
    • Use Paste Values to retain the table formatting.
  • Consolidate tasks into initiatives when:
      • They have costs associated with them.
      • They require initial effort to implement and ongoing effort to maintain.
      • They must be accomplished dependently of other tasks.
    1. For each new initiative, create the initiative name on Initiative Name column in the tab “6. Initiative List.”
  • For tasks which are not incorporated into initiatives, enter a task owner and due date for each task.
  • this image contains a screenshot from Info-Tech's Zero Trust Gap analysis Tool with the following column headings highlighted and numbered: 1: Task; 2: Initiative Name; 3: (Task Owner; Due Date)

    Example: Initiative consolidation

    In the example below, we see three gap closure tasks within the Authentication process for the Identity pillar being consolidated into a single initiative “IAM modernization.”

    We can also see three gap closure tasks within the Micro Segmentation process for the Network pillar being grouped into another initiative “Network segmentation.”

    This image contains an example of Initiative Consolidation

    Info-Tech Insight

    As you go through this exercise, you may find that some tasks that you previously defined could be consolidated into an initiative.

    2.4.2 Finalize your initiative list

    1. As you go through this exercise, you may find that some tasks that you previously defined could be consolidated into an initiative.
    2. Review your final list of initiatives in tab “6. Initiative List” and make any required updates.
      1. Optionally, add a description or paste in a list of the individual gap closure actions that are associated with the initiative. This will make it easier to perform the cost and benefit analysis.
    3. Obtain a list of all gap closure tasks associated with an initiative by filtering the Initiative Name column in the Task List tab.
    4. Indicate the most appropriate pillar alignment for each initiative using the drop-down list.
      1. Refer to tab “5. Task List” for the pillar associated with an initiative under the Initiative Name column.

    This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, the following column headings are numbered and highlighted: 1: Initiative Name; 2: Description; 3: Pillar

    If the list of tasks is too long for the Description column, then you can also shorten the name of the tasks or group several tasks to a more general task.

    2.5 Align initiatives to business goals and protect surfaces

    Estimated time 30-60 minutes

    1. Using the instructions on the following slides, align initiatives to business goals in tab “6. Initiative List.”
    2. Using the instructions on the following slides, align initiatives to protect surfaces in tab “6. Initiative List.”

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • List of zero trust initiatives
    • Protect surfaces mapped to business objectives

    Output

    • List of zero trust initiatives aligned to business goals and protect surfaces

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    2.5.1 Align initiatives to business goals

    1. Indicate the most appropriate business goal(s) alignment for each initiative using the drop-down list in “Selection for Business Goal(s)” column.
      1. Use the legend to determine the most appropriate business goal(s).
    2. After that copy the selected business goal(s) to Business Goal(s) Alignment column.
    3. Then reset the selection using the blank cell in Selection for Business Goal(s) column.
    This image contains a screenshot from the Zero Trust Program Gap Analysis Tool, with the following column headings numbered: 1: Selection for Business Goal(s); Business Goals Alignment; 3: Selection for Business Goals

    2.5.2 Align initiatives to protect surfaces

    1. Indicate the most appropriate protect surface(s) for each initiative using the drop-down list in Selection for Protect Surface(s) column.
      1. Use the legend to determine the most appropriate protect surface(s).
    2. After that copy the selected protect surface(s) to Protect Surface(s) Coverage column.
    3. Reset the selection using the blank cell in Selection for Protect Surface(s) column.
    This image contains a screenshot from the Zero Trust Program Gap Analysis Tool, with the following column headings numbered: 1: Description; 2: Protect Surfaces Covered; 3: Selection for Protect Surfaces

    Phase 3

    Evaluate Candidate Solutions and Finalize Roadmap

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Define solution criteria.
    • Identify candidate solutions.
    • Evaluate candidate solutions.
    • Perform cost/benefit analysis.
    • Prioritize initiatives and build roadmap.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    3.1 Define solution criteria

    Estimated time 30-60 minutes

    1. As a group, review the scoring system within the Zero Trust Candidate Solutions Selection Tool.
    2. Customize the tool as required using the instructions on the following slides.

    Info-Tech Insight

    Don’t let your solution dictate your roadmap. Define your zero trust solution criteria before engaging in vendor selection.

    Download the Zero Trust Candidate Solutions Selection Tool

    Input

    • Zero trust initiative list

    Output

    • Zero trust candidate solutions

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    3.1.1 Define compliance and solution evaluation criteria

    On the Setup tab, provide a weight for each evaluation criterion to evaluate the candidate solutions. You can use “0%” weight if that criterion is not required in your solution selection.

    1. Verify that the Description for each criterion is accurate.
    2. Provide weights for the compliance score and the solution score, which are the overall evaluation:
    • Compliance score consists of tenets score, pillar score, threat protection score, and trust algorithm score.
    • Solution score consists of features score, usability score, affordability score, and architecture score.
    This image contains a screenshot from the Zero Trust Candidate Solutions Selection Tool, which demonstrates how to define compliance and solution evaluation criteria.

    3.1.2 Define remaining evaluation criteria

    On the Setup tab, provide a weight for each evaluation criterion to evaluate the candidate solutions. You can use “0%” weight if that criterion is not required in your solution selection.

    1. Verify that the Description for each criterion is accurate.
    2. Provide weights for the remaining evaluation criteria:
    • Tenets: Considers how well each initiative aligns with zero trust principles.
    • Pillars: Considers how well each initiative aligns with zero trust pillars.
    • Threats: Considers what zero trust threats are relevant with the candidate solution.
    • Trust Algorithm: Considers trust evaluation factors, trust evaluation process score, and input coverage.
    • Cost Estimation: Considers initial costs, which are one-time, upfront capital investments (e.g. hardware and software costs), and ongoing cost, which is any annually recurring operating expenses that are new budgetary costs (e.g. licensing, maintenance, subscription fees).
    • Deployment Architecture: Considers the solutions deployment architecture capabilities.

    This image contains a screenshot from the Zero Trust Candidate Solutions Selection Tool, and demonstrates where to define additional evaluation data

    Review available candidate solutions

    this image contains a list of available candidate Solutions.  This list includes: Zero Trust Identity; Zero-Trust Application & Workloads; Zero-Trust Networks; Zero-Trust Devices; and Zero-Trust Data

    The Rapid Application Selection Framework is a comprehensive yet fast-moving approach to help you select the right software for your organization

    Five key phases sequentially add rigor to your selection efforts while giving you a clear, swift-flowing methodology to follow.

    Awareness Education & Discovery Evaluation Selection Negotiation & Configuration
    1.1 Proactively Lead Technology Optimization & Prioritization 2.1 Understand Marketplace Capabilities & Trends 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics 4.1 Create a Weighted Vendor Selection Decision Model 5.1 Initiate Price Negotiation With Top
    1.2 Scope & Define the Selection Process for Each Selection Request Action 2.2 Discover Alternative Solutions & Conduct Market Education 3.2 Conduct a Data-Driven Comparison of Vendor Features & Capabilities 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities With Top 2-4 Vendors 5.2 Negotiate Contract Terms & Product Configuration Two Vendors Selected
    1.3 Conduct an Accelerated Business Needs Assessment 2.3 Evaluate Enterprise Architecture & Application Portfolio 3.3 Narrow the Field to Four Top Contenders 4.3 Validate Key Issues With Deep Technical Assessments, Trial Configuration & Reference Checks 5.3 Finalize Budget Approval & Project Implementation Timeline
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation 2.4 Validate the Business Case 5.4 Invest in Training & Onboarding Assistance

    Download the Rapid Application Selection Framework research

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews

    The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    The Data Quadrant Report

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    Vendors ranked by their Composite Score

    The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    Emotional Footprint

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Vendors ranked by their Customer Experience (CX) Score

    Sample whiteboard activity

    • Place sticky notes on the zero trust tenet that matches with the identified candidate solution to produce “solution requirements” that can be used to develop an RFP.
    • A sample sticky note is provided below for privileged access management.

    This image contains a screenshot of a sample whiteboard activity which can be done using sticky notes.

    • The PAM solution should support MFA
    • Live session monitoring, audit, and reporting
    • Should have password vaulting to prevent privileged users from knowing the passwords to critical systems and resources

    3.2 Identify candidate solutions

    Estimated time 2 hours

    1. As a group, have the team review the candidate solutions within the Zero Trust Program Gap Analysis Tool.
    2. On tab 3 in the Zero Trust Candidate Solutions Selection Tool:
    • Review the candidate solutions within the Zero Trust Program Gap Analysis Tool. For example, the candidate solutions with multifactor authentication (MFA) options are authenticators with SMS, mobile application, smartcard, or token.

    Input

    • Candidate solutions for zero trust tasks and initiatives

    Output

    • Suitability evaluation of candidate solutions

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    Info-Tech Insight

    Add a description associated with the candidate solution, e.g. reference link to vendors or manufacturers. This will make it easier to perform the evaluation.

    Download the Zero Trust Candidate Solutions Selection Tool

    3.2.1 Review candidate solutions

    1. Review the candidate solutions within the Zero Trust Program Gap Analysis Tool. For example, the candidate solutions with multifactor authentication (MFA) options are authenticators with SMS, mobile application, smartcard, or token.
    2. Enter candidate solutions to the Compliance Data Entry tab on the Solution column within the Zero Trust Candidate Solutions Selection Tool.
    3. Optionally, add a description associated with the candidate solution, e.g. reference link to vendors or manufacturers. This will make it easier to perform the evaluation.
    this image contains a screenshot of a sample candidate solution, which can be done using Info-Tech's Zero Trust Program Gap Analysis Tool

    3.3 Evaluate candidate solutions

    Estimated time 3 hours

    On the Scoring tab, evaluate solution features, usability, affordability, and architecture using the instructions on the following slides. This activity will produce a solution score that can be used to identify the suitability of a solution.

    Input

    • Candidate solutions

    Output

    • Candidate solutions scored

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    Download the Zero Trust Candidate Solutions Selection Tool

    3.3.3 Evaluate solution scores

    After all candidate solutions are evaluated, the Solution Score column can be sorted to rank the candidate solutions. After sorting, the top solutions can be used on prioritization of initiatives on Zero Trust Program Gap Analysis Tool.

    1. On Features
      1. Enter Coverage.
      2. Enter Quality.
    2. Enter Usability.
    3. On Affordability
      1. Enter Initial Cost.
      2. Enter Ongoing Cost (annual).
    4. Enter Architecture.
    this image contains a screenshot of how you can sort the solution score column in Info-Tech's Zero Trust Program Gap Analysis Tool

    3.4 Perform cost/benefit analysis

    Estimated time 1-2 hours

    1. Assign costing and benefits information for each initiative, following the instructions on the next slide.
    2. Define dependencies or business impacts if they will help with prioritization.

    Input

    • Ranked candidate solutions
    • Gap analysis
    • Initiative list

    Output

    • Completed cost/benefit analysis for initiative list

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.4.1 Complete the cost/benefit analysis

    Use Zero Trust Program Gap Analysis Tool.

    1. On the Prioritization tab, use the drop-down lists to enter the estimated costs and efforts for each initiative, using the criteria defined earlier.
    • Use the result from candidate selection to define the estimated costs.
    • If you have actual costs available, you can optionally enter them under the Detailed Cost Estimates columns.
  • Enter the estimated benefits, also using the criteria defined earlier.
  • This image contains a screenshot of a cost/benefit analysis table which can be found in the Zero Trust Program Gap Analysis Tool

    The Cost / Effort Rating is calculated based on the weight defined on step 2.1.1. The Benefit Rating is calculated based on the weight defined on step 2.1.2.

    3.4.2 Optionally enter detailed cost estimates

    Use Zero Trust Program Gap Analysis Tool.

    1. For each initiative, the tool will automatically populate the Detailed Cost Estimates and Detailed Staffing Estimates columns using the averages that you provided in step 2.1.1. However, if you have more detailed data about the costs and effort requirements for an initiative, you can override the calculated data by manually entering it into these columns. For example:
    • You are planning to subscribe to a security awareness vendor, and you have a quote from them specifying that the initial cost will be $75,000.
    • You have defined your “Medium” cost range as being “$10-100K,” so you select medium as your initial cost for this initiative in step 3.4.1. As you defined the average for medium costs as being $50,000, this is what the tool will put into the detailed cost estimate.
    • You can override this average by entering $75,000 as the initial cost in the detailed cost estimate column.

    This image contains a screenshot of a sample cost/benefit table found in the Zero Trust Program Gap Analysis Tool.

    The Benefits-Cost column will give results after comparing the cost and the benefit. Negative value means that the cost outweighs the benefit. Positive value means that the benefit outweighs the cost. Zero value means that the cost equals the benefit.

    3.5 Prioritize initiatives

    Estimated time 2-3 hours

    1. As a group, review the results of the cost/benefit analysis. Optionally, complete the Other Considerations columns in the Prioritization tab:
    • Dependencies can refer to other initiatives on the list or any other dependency that relates to activities or projects within the organization.
    • Business impacts can be helpful to document as they may require additional planning and communication that could impact initiative timelines.
  • Follow step 3.5.1 to create a visual effort map for your organization.
  • Follow step 3.5.2 and 3.5.3 to refine the effort map’s visual output.
  • Input

    • Gap analysis
    • Initiative list
    • Cost/benefit analysis

    Output

    • Prioritized list of initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.5.1 Create a visual effort map for your organization

    1 hour

    An effort map is a tool used for the visualization of a cost and benefit analysis. It is a quadrant output that visually shows how your gap initiatives were prioritized based on tab 7 in the Zero Trust Program Gap Analysis Tool.

    1. Establish the axes and colors for your effort map:
      1. X-axis represents the Benefit value from column J
      2. Y-axis represents the Cost/Effort value from column H
      3. Sticky note color is determined using the Alignment to Business value from column I
    2. Create sticky notes for each initiative and place them on the effort map or whiteboard based on the axes you have created with the help of your team.
    3. As you place initiatives on the visual effort map, discuss and modify rankings based on team member input.

    this image contains a sample visual effort map which can be found in the Zero Trust Program Gap Analysis Tool.

    Input

    • Outputs from activities 3.4.1 and 3.4.2

    Output

    • High-level prioritization for each of the gap-closing initiatives
    • Visual representation of quantitative values

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    3.5.2 Refine the effort map’s visual output

    1 hour

    Once the effort map is complete, work to further simplify the visual output by categorizing initiatives based on the quadrant in which they have been placed.

    1. Before moving forward with the initiative wave prioritization (activity 3.7), identify any initiatives listed across all quadrants that are required as a part of compliance and mark with a sticky dot.
    2. Document these initiatives as Execution Wave 1.

    this image contains a screenshot of a refined visual effort map, which can be done by following the instructions in this section.

    Input

    • Outputs from activity 3.5.1

    Output

    • Prioritization for each of the gap-closing initiatives
    • First execution wave of gap-closing initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Sticky dots
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    3.5.3 Refine the effort map’s visual output

    30 minutes

    1. Use a separate area of the whiteboard to draw out four to five Execution Wave columns.
    2. Group initiatives into each Execution Wave column based on their placement within the quadrant from activities 3.5.1 and 3.5.2.
      1. Ensure that all identified mandatory activities as per governing privacy law fall within the first wave.
      2. Leverage the following 0-4 Execution Wave scale:
        1. Underway –Initiatives that are already underway
        2. Must Do – Initiatives that must happen right away
        3. Should Do – Initiatives that should happen but need more time/support
        4. Could Do – Initiatives that are not a priority
        5. Won’t Do – Initiatives that likely won’t be carried out
    3. Indicate the granular level for each execution wave using the a-z scale.
    • Use the lettering to track dependencies between initiatives.
      • If one must take place before another, ensure that its letter comes first alphabetically.
      • If multiple initiatives must take place at the same time, use the same letter to show they will take place in tandem.

    This image depicts the sample output for a refined visual effort map

    Input

    • Outputs from activity 3.5.2

    Output

    • Prioritization for each of the gap-closing initiatives
    • First execution wave of gap-closing initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Sticky dots
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Wave assignment example

    In the example below, we see “IAM modernization” was assessed as 9 on cost/effort rating and 5 on benefit rating and its Benefits-Cost has a positive value of 1. We can label this as SHOULD DO (wave 2).

    We can also see “Network segmentation” was assessed as 6 on cost/effort rating and 4 on benefit rating and its Benefits-Cost has a positive value of 2. We can label this as MUST DO (wave 1).

    We can also see “Unified Endpoints Management” was assessed as 8 on cost/effort rating and 2 on benefit rating and its Benefits-Cost has a negative value of -4. We can label this as WON’T DO (no wave).

    We can also see “Data Protection” was assessed as 4 on cost/effort rating and 2 on benefit rating and its Benefits-Cost has a zero value. We can label this as COULD DO (wave 3).

    This image depicts a sample wave assignment output, discussed in this section.

    It is recommended to define the threshold of each wave based on the value of Benefits-Cost before assigning waves.

    3.6 Build roadmap

    Estimated time 2-3 hours

    1. As a group, follow step 3.6.1 to create your roadmap by scheduling initiatives into the Gantt chart within the Zero Trust Program Gap Analysis Tool.
    2. Review the roadmap for resourcing conflicts and adjust as required.
    3. Review the final cost and effort estimates for the roadmap.

    Input

    • Gap analysis
    • Cost/benefit analysis
    • Prioritized initiative list

    Output

    • Zero trust roadmap

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.6.1 Schedule initiatives using the Gantt chart

    1. On the Gantt Chart tab for each initiative, enter an owner (the role who will be primarily responsible for execution).
    2. Additionally, enter a start month and year for the initiative and the expected duration in months.
    • You can filter the Wave column to only see specific waves at any one time to assist with the scheduling.
    • You do not need to schedule Wave 4 initiatives as the expectation is that these initiatives will not be done.
    • This Image contains a screenshot of the Gantt Chart, with the following column headings highlighted and numbered: 1: Owner; 2: Expected Duration

    3.6.2 Review your roadmap

    1. When you have completed the Gantt chart, as a group review the overall roadmap to ensure that it is reasonable for your organization. Consider the following:
    • Do you have other IT or business projects planned during this time frame that may impact your resourcing or scheduling?
    • Does your organization have regular change freezes throughout the year that will impact the schedule?
    • Do you have over-subscribed resources? You can filter the list on the Owner column to identify potential over-subscription of resources.
    • Have you considered any long vacations, sabbaticals, parental leaves, or other planned longer-term absences?
    • Are your initiatives adequately aligned to your budget cycle? For instance, if you have an initiative that is expected to make recommendations for capital expenditure, it must be completed prior to budget planning.

    This image depicts an example roadmap which can be created following the use of the Gantt Chart

    3.6.3 Review your cost/effort estimates table

    1. Once you have completed your roadmap, review the total cost/effort estimates. This can be found in a table on the Results tab. This table will provide initial and ongoing costs and staffing requirements for each wave. This also includes the total three-year investment. In your review consider:
    • Is this investment realistic? Will completion of your roadmap require adding more staff or funding than you otherwise expected?
    • If the investment seems unrealistic, you may need to revisit some of your assumptions, potentially reducing target levels or increasing the amount of time to complete the strategy.

    This table provides you with the information to have important conversations with management and stakeholders.

    This image contains an example of the Zero Trust Roadmap Cost/Effort Estimates.  The column headings are as follows: Wave; Number of Initiatives; Initial Implementation - Cost; Initial Implementation - Effort; Ongoing Maintenance - Cost; Ongoing Maintenance - Effort.  A separate table is shown with the column heading: Estimated Total Three Year Investment

    Phase 4

    Formulate Policies for Roadmap Initiatives

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Formulate zero trust policies for critical DAAS elements.
    • Formulate zero trust policies to secure a path to access critical DAAS elements.

    This phase involves the following participants:

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    Understand the zero trust policy

    Use the Kipling methodology as a vendor agnostic approach to identify appropriate allow list elements when deploying multiple zero trust solutions.
    The policies help to prevent lateral movement.

    Who Who should access a resource? Here, the user ID that identifies the users through the principle of least privilege is allowed access to a particular resource. The authentication policy will be used to verify identity of a user when access request to a resource is made. Who requires MFA?
    What What application is used to access the resource? Application ID to identify applications that are only allowed on the network. Port control policies can be used for the application service.
    When When do users access the resource? Policy that identifies and enforces time schedule when an application accessed by users is used.
    Where Where is the resource located? The location of the destination resource should be added to the policy and, where possible, restrict the source of the traffic either by zone and/or IP address.
    Why Why is the data accessed? Data classification should be done to know why the data needs protection and the type of protection (data filtering).
    How How should you allow access to the resource? This covers the protection of the application traffic. Principle of least privilege access, log all traffic, configure security profiles, NGFW, decryption and encryption, consistent application of policy and threat prevention across all locations for all local and remote users on managed and unmanaged endpoints are ways to apply content-ID.

    Info-Tech Insight

    The success of a zero trust implementation relies on enforcing policies consistently. Applying the Kipling methodology to the protect surface is the best way to design zero trust policies.

    4.1.1 Formulate policy

    Estimated time 1-2 hours

    1. As a group, review the protect surface(s) identified in phase one, and using the Kipling methodology from the previous slide, formulate a policy. Each policy can be reviewed repeatedly until we are sure it satisfies the goal.
    2. The policy created should be consistent for both cloud and on-prem environments.
    3. As an example, let's use the healthcare scenario found in tab 3 of the Zero Trust Protect Surface Mapping Tool. The protect surface used is "Automated Medication Dispensing." Another example will be "Salesforce" accessed via the cloud.
    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID
    On-Prem Pyxis_Users Pyxis Any Pyxis_server Severe (high value data) Decrypt, Inspect, log traffic
    Cloud Sales Salesforce Working hours Canada Severe (high value data) Decrypt, Inspect, log traffic

    Input

    • Kipling methodology
    • Protect surface

    Output

    • Zero trust policy

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    4.1.2 Apply policy

    1-2 hours

    1. Place each protect surface in its own microperimeter. Each microperimeter should be segmented by a next-generation firewall or authentication broker that will serve as a segmentation gateway.
    2. Name the microperimeter and place it on a firewall.

    Input

    • Kipling methodology
    • Protect surface

    Output

    • Zero trust policy

    Materials

    • Whiteboard/Flip Charts
    • Sticky Notes
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    Microperimeter A
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    Microperimeter B
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    Microperimeter C
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    4.2 Secure a path to access critical DAAS elements

    How should you allow access to the resource?

    This component makes up the final piece of formulating the policies as it applies the protection of the application traffic.

    The principle of least privilege is applied to the security policy to only allow access requests and restrict the access to the purpose it serves. This access request is then logged as well as the traffic (both internal and external). Most firewalls (NGFW) have policy rules that, by default, enable logging.

    Segmentation gateways (NGFW, VM-series firewalls, agent-based and clientless VPN solutions), are used to apply zero trust policy (Kipling methodology) in the network, cloud, and endpoint (managed and unmanaged) for all local and remote users.

    These policies need to be applied to security profiles on all allowed traffic. Some of these profiles include but are not limited to the following: URL filtering profile for web access and protect against phishing attacks, vulnerability protection profile intrusion prevention systems, anti spyware profiles to protect against command-and-control threats, malware and antivirus profile to protect against malware, and a file blocking profile to block and/or alert suspicious file types.

    Good visibility on your network can also be tied to decryption as you can inspect traffic and data to the lowest level possible that is generally accepted by your organization and in compliance with regulation.

    Conceptualized flow

    With users working from anywhere on managed and unmanaged devices, access to the internet, SAAS, public cloud, and the data center will have consistent policies applied regardless of their location.

    The policy is validating that the user is who they say they are based on the role profile, what they are trying to access to make sure their role or attribute profile has the appropriate permission to the application, and within the stipulated time limit. Where the data or application is located is also verified and the why needs to be satisfied before the requested access is granted. Based on the mentioned policies, the how element is then applied throughout the lifecycle of the access.

    Who

    (Internet)

    What

    (SAAS)

    When

    Where

    (Public Cloud)

    Why

    How

    (Data Center)

    Method User-ID App-ID Time limit System Object Classification Content-ID
    On-Prem Pyxis_Users Pyxis Any Pyxis_server Severe (high value data) Decrypt, Inspect, log traffic
    Cloud Sales Salesforce Working hours Canada Severe (high value data) Decrypt, Inspect, log traffic

    Phase 5

    Monitor Zero Trust Roadmap Deployment

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Establish metrics for roadmap tasks.
    • Track metrics for roadmap tasks.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    5.1 Establish metrics for roadmap tasks

    Estimated time 2 hours

    1. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, identify metrics to measure implementation and efficacy of tasks
    2. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, document metric metadata.
    3. On the Prioritization tab, use the drop-down lists to enter the estimated costs and efforts for each initiative, using the criteria defined earlier.
    • If you have actual costs available, you can optionally enter them under the Detailed Cost Estimates columns.
  • Enter the estimated benefits, also using the criteria defined earlier.
  • Input

    • Zero trust roadmap task list

    Output

    • Metrics for measuring zero trust task implementation and efficacy

    Materials

    • Zero Trust Progress Monitoring Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Progress Monitoring Tool

    5.1.1 Identify metrics to measure implementation and efficacy of tasks

    Estimated time 3-4 hours

    1. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, for each section defined in columns C and D, enter zero trust implementation tasks into column E. If you completed the Zero Trust Program Gap Analysis Tool, use the tasks identified there to populate column E.
    2. For each task, identify in column F any metrics that will communicate implementation progress and/or implementation efficacy.
    • If multiple metrics are needed for a single task, we recommend expanding the size of the row and adding additional metrics onto a new line in the same row. A sample is provided in the tool.

    this image contains a screenshot of tab 2 in the Zero Trust Progress Monitoring Tool

    Info-Tech Insight

    To measure the efficacy of a zero trust implementation, ensure you know what a successful zero trust implementation means for your organization, and define metrics that demonstrate whether that success is being realized.

    5.1.2 Document metric metadata

    Estimated time 1-2 hours

    For each metric defined in step 4.1.1:

    1. Identify in column G whether the metric can be measured now (Phase 1), measured in a few months’ time (Phase 2), or measured in a few years’ time (Phase 3).
    2. Identify in columns H through M who is responsible for collecting the metric (Person Source), who/what is consulted to collect the metric (Technology Source), who compiles the collected metric into dashboards and presentations (Compiler), and who is informed of the measurement of the metric (Audience).
    • Add more columns under the Audience category if needed.
    • Use “X” to identify if an audience group will be informed of the measurement of the metric.
  • Identify in columns N through P the target for the metric (Metric Target), the effort it takes to collect the metric (Effort to Collect), the frequency with which the organizations plans to collect the metric (Frequency of Collection), and any comments that people should know when collecting, compiling, or presenting metrics.
  • This image contains a screenshot from the Zero Trust Progress Monitoring Tool, with the following column headings numbered: 1: Priority; 2: Roles and Responsibilities; 3: effort to collect; frequency of collection; Metric Target; Comments

    5.2 Track and report metrics

    Estimated time 2 hours

    1. In the Zero Trust Progress Monitoring Tool, copy and paste metrics you plan to track in the tool from column F on tab 2 to column B on tab 3.
    2. Use tab 3 to identify collection frequency, metric target, and measurements collected for each metric. Add notes or comments to each metric or measurement to track contextual elements that could affect metric measurements.
    3. Leverage the graphs on tab 4 to communicate metrics to the appropriated audience groups, as defined in tab 2.

    Input

    • Metrics for measuring zero trust task implementation and efficacy

    Output

    • Metric data and graphs for presenting zero trust implementation metrics to audience groups

    Materials

    • Zero Trust Progress Monitoring Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Progress Monitoring Tool

    5.2.1 Record baseline measurements for metrics

    Estimated time 1-2 hours

    On tab “3. Track Metrics” of the Zero Trust Progress Monitoring Tool:

    1. Copy and paste the metrics from Column F on tab “2. Task & Metric Register” that you want to track into Column B of this tab.
    2. For each metric, record the frequency of collection (Collection Frequency) and the metric target (Target) by referencing columns O and P on tab “2. Task & Metric Register.”
    3. Begin to record baseline/initial values for each metric in column E. Rename columns to match your highest frequency of collection.
      (e.g. if any metric is being measured monthly, there should be one column per month)
    4. Over time, conduct measurements of your metrics and store them in the table below.
    5. Add notes, as necessary.

    this image contains a screenshot of tab 3 of the Zero Trust Progress Monitoring Tool, with the following column headings numbered: 1: Your Metrics; 2: Collection Frequency; Target; 3: Jan; 4: Metric Measurements; 5: Notes

    5.2.2 Report metric health to audience groups

    Estimated time 1-2 hours

    On tab “4. Graphs” of the Zero Trust Progress Monitoring Tool:

    1. The Overall Metric Health gauge at the top of this tab presents the average percentage away from meeting metric targets for all metrics being tracked. To calculate this value, the differences between the most recent measurements and target values for each metric are averaged.
    2. Below the Overall Metric Health gauge, use the drop-down list in cell D9 to select one of the metrics from tab “3. Track Metrics.”
    3. Six different graphic representations of the tracked data for the selected metric will populate.

    Copy and paste desired graphs into presentations for audience members identified in step 5.1.2.

    This image contains a screenshot from tab “4. Graphs” of the Zero Trust Progress Monitoring Tool:

    5.3 Build a communication deck

    Estimated time 2 hours

    Leverage the Zero Trust Communication Deck to showcase the work that you have done in the tools and activities associated with this research.

    In this communication deck template, you will find the following sections:

    • Introduction
    • Protect Surfaces
    • Zero Trust Gap Analysis
    • Zero Trust Initiatives & Tasks

    Input

    • Protect surfaces mapped to business goals
    • Zero trust program gap analysis
    • Zero trust roadmap initiatives and tasks
    • Zero trust metrics

    Output

    • Communication deck for zero trust strategy

    Materials

    • Zero Trust Communication Deck

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Communication Deck

    Summary of Accomplishment

    Knowledge Gained

    • Knowledge of protect surfaces and the business goals protecting them supports
    • Comprehensive knowledge of zero trust current state and summary initiatives required to achieve zero trust objectives
    • Assessment of which solutions for zero trust tasks and initiatives are the most appropriate for the organization
    • A defined set of security metrics assessing zero trust implementation progress and efficacy

    Deliverables Completed

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.

    This is a picture of an Info-Tech Account Representative
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Zero Trust Program Gap Analysis Tool

    This is a screenshot from the Zero Trust Program Gap Analysis Tool

    Assess current security capabilities and build a roadmap of tasks and initiatives that close maturity gaps.

    Zero Trust Progress Monitoring Tool

    This is a screenshot from the Zero Trust Progress Monitoring Tool

    Identify and track metrics for zero trust tasks and initiatives.

    Research Contributors

    • Aaron Benson, CME Group, Director of IAM Governance
    • Brad Mateski, Zones, Solutions Architect for CyberSecurity
    • Bob Smock, Info-Tech Research Group, Vice President of Consulting
    • Dr. Chase Cunningham, Ericom Software, Chief Strategy Officer
    • John Kindervag, ON2IT Cybersecurity, Senior Vice President, Cybersecurity Strategy and ON2IT Group Fellow
    • John Zhao, Fonterra, Enterprise Security Architect
    • Rongxing Lu, University of New Brunswick, Associate Professor
    • Sumanta Sarkar, University of Warwick, Assistant Professor
    • Tim Malone, J.B. Hunt Transport, Senior Director Information Security
    • Vana Matte, J.B. Hunt Transport, Senior Vice President of Technology Services

    Related Info-Tech Research

    This is a screenshot from Info-Tech's Build an Information Security Strategy

    Build an Information Security Strategy

    Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations. This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building out a security roadmap.

    This is a screenshot from Info-Tech's Determine Your Zero Trust Readiness.

    Determine Your Zero Trust Readiness

    IT security was typified by perimeter security. However, the way the world does business has mandated a change to IT security. In response, zero trust is a set of principles that can add flexibility to planning your IT security strategy.

    Use this blueprint to determine your zero trust readiness and understand how zero trust can benefit both security and the business.

    This is a screenshot from Info-Tech's Mature Your Identity and Access Management Program

    Mature Your Identity and Access Management Program

    Many organizations are looking to improve their identity and access management (IAM) practices but struggle with where to start and whether all areas of IAM have been considered. This blueprint will help you improve the organization's identity and access management practices by following our three-phase methodology:

    • Assess identity and access requirements
    • Identify initiatives using the identity lifecycle
    • Prioritize initiatives and build a roadmap

    Bibliography

    • “2021 Data Breach Investigations Report.” Verizon, 2021. Web.
    • “A Zero-Trust Strategy Has 3 Needs - Identify, Authenticate, and Monitor Users and Devices On and Off The Network.” Fortinet, 15 July 2021. Web.
    • “Applying Zero Trust Principles to Enterprise Mobility.” CISA, March 2022. Web.
    • Biden Jr., Joseph R. “Executive Order on Improving the Nation’s Cybersecurity.” The White House, 12 May 2021. Web.
    • “CISA Zero Trust Maturity Model.” CISA - Cybersecurity Division, June 2021. Web.
    • “Continuous Diagnostics and Mitigation Program Overview.” CISA, Jan. 2022. Web.
    • Contributor. “The Five Business Benefits of a Zero Trust Approach to Security.” Security Brief - Australia, 19 Aug. 2020. Web.
    • “Cost of a Data Breach Report 2021.” IBM, July 2021. Web.
    • English, Melanie. “5 Stats That Show The Cost Saving Effect of Zero Trust.” Teramind, 29 Sept. 2021. Web.
    • “Improve Application Access and Security With Fortinet Zero Trust Network Access.” Fortinet, 2 March 2021. Web.
    • “Incorporating Zero-trust Strategies for Secure Network and Application Access.” Fortinet, 21 July 2021. Web.
    • Jakkal, Vasu. “Zero Trust Adoption Report: How Does Your Organization Compare?” Microsoft, 28 July 2021. Web.
    • “Jericho Forum™ Commandments.” The Open Group, Jericho Forum, May 2007. Web.
    • Johnson, Derrick. “Zero Trust vs. SASE - Here's What You Need to Know.” Security Magazine, 23 July 2021. Web.
    • Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team. “Department of Defense (DOD) Zero Trust Reference Architecture.” DoD CIO, Feb. 2021. Web.
    • Kay, Dennis. “Planning for a Zero Trust Architecture Target State.” NASA, NIST, 13 Nov. 2019. Web.
    • National Security Agency. “Embracing a Zero Trust Security Model.” U.S. Department of Defense, Feb. 2021. Web.
    • NSTAC. “Draft Report to the President - Zero Trust and Trusted Identity Management.” CISA, NSTAC, n.d. Web.
    • Rose, Scott W., et al. “Zero Trust Architecture.” NIST, 10 Aug. 2020. Web.
    • “Securing Digital Innovation Demands Zero-Trust Access.” Fortinet, 15 July 2021. Web.
    • Shackleford, Dave. “How to Create a Comprehensive Zero Trust Strategy.” SANS, Cisco, 2 Sept. 2020. Web.
    • “The CISO’s Guide to Effective Zero-Trust Access.” Fortinet, 28 April 2021. Web.
    • “The State of Zero Trust Security 2021.” Okta, June 2021. Web.
    • Kerman, Alper, et al. “Implementing a Zero Trust Architecture.” NIST - National Cybersecurity Center of Excellence, March 2020. Web.
    • Kindervag, John. “Keynote - John KINDERVAG - 021622.” Vimeo, VIRTUAL Eastern | CyberSecurity Conference, 16 Feb. 2022. Web.
    • Lodewijkx, Koos. “IBM CISO Perspective: Zero Trust Changes Security From Something You Do to Something You Have.” SecurityIntelligence, IBM, 19 Nov. 2020. Web.
    • VB Staff. “Report: Only 21% of Enterprises Use Zero Trust Architecture.” VentureBeat, 15 Feb. 2022. Web.
    • Young, Shalanda D. “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles.” The White House, EXECUTIVE OFFICE OF THE PRESIDENT - OFFICE OF MANAGEMENT AND BUDGET, 26 Jan. 2022. Web.
    • “Zero Trust Access.” Fortinet, n.d. Web.
    • “Zero Trust Architecture Technical Exchange Meeting.” NIST - National Cybersecurity Center of Excellence, 12 Nov. 2019. Web.
    • “Zero Trust Cybersecurity Current Trends.” ACT-IAC, 18 April 2019. Web.
    • “Zero-Trust Access for Comprehensive Visibility and Control.” Fortinet, 24 Sep. 2020. Web.

    Master the Public Cloud IaaS Acquisition Models

    • Buy Link or Shortcode: {j2store}228|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $3,820 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Understanding the differences in IaaS platform agreements, purchasing options, associated value, and risks. What are your options for:

    • Upfront or monthly payments
    • Commitment discounts
    • Support options
    • Migration planning and support

    Our Advice

    Critical Insight

    IaaS platforms offer similar technical features, but they vary widely on their procurement model. By fully understanding the procurement differences and options, you will be able to purchase wisely, save money both long and short term, and mitigate investment risk.

    Most vendors have similar processes and options to buy. Finding a transparent explanation and summary of each platform in a side-by-side review is difficult.

    • Are vendor reps being straight forward?
    • What are the licensing requirements?
    • What discounts or incentives can I negotiate?
    • How much do I have to commit to and for how long?

    Impact and Result

    This project will provide several benefits for both IT and the business. It includes:

    • Best IaaS platform to support current and future procurement requirements.
    • Right-sized cloud commitment tailored to the organization’s budget.
    • Predictable and controllable spend model.
    • Flexible and reliable IT infrastructure that supports the lines of business.
    • Reduced financial and legal risk.

    Master the Public Cloud IaaS Acquisition Models Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to learn how the public cloud IaaS procurement models compare. Review Info-Tech’s methodology and understand the top three platforms, features, and benefits to support and inform the IaaS vendor choice.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Educate

    Learn the IaaS basics, terminologies, purchasing options, licensing requirements, hybrid options, support, and organization requirements through a checklist process.

    • Master the Public Cloud IaaS Acquisition Models – Phase 1: Educate
    • Public Cloud Procurement Checklist
    • Microsoft Public Cloud Licensing Guide

    2. Evaluate

    Review and understand the features, downsides, and differences between the big three players.

    • Master the Public Cloud IaaS Acquisition Models – Phase 2: Evaluate
    • Public Cloud Procurement Comparison Summary

    3. Execute

    Decide on a primary vendor that meets requirements, engage with a reseller, negotiate pricing incentives, migration costs, review, and execute the agreement.

    • Master the Public Cloud IaaS Acquisition Models – Phase 3: Execute
    • Public Cloud Acquisition Executive Summary Template

    Infographic

    Understand the Difference Between Backups and Archives

    • Buy Link or Shortcode: {j2store}506|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • You don’t understand the difference between a backup and an archive or when to use one or the other.
    • Data is not constant. It is ever-changing and growing. How do you protect it?
    • You just replaced an application that was in use since day one, and even though you have a fully functional replacement, you would like to archive that original application just in case.
    • You want to save money, so you use your backup solution to archive data, but you know that is not ideal. What is the correct solution?

    Our Advice

    Critical Insight

    Keep in mind that backups are for recovery while archives are for discovery. Backups and archives are often confused but understanding the differences can result in significant savings of time and money. Backing up and archiving may be considered IT tasks, but recovery and discovery are capabilities the business wants and is willing to pay for.

    Impact and Result

    Archives and backups are not the same, and there is a use case for each. Sometimes minor adjustments may be required to make the use case work. Understanding the basics of backups and archives can lead to significant savings at a monetary and effort level.

    Understand the Difference Between Backups and Archives Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the Difference Between Backups and Archives

    What is the difference between a backup and a data archive? When should I use one over the other? They are not the same and confusing the two concepts could be expensive.

    • Understand the Difference Between Backups and Archives Storyboard
    [infographic]

    Further reading

    Understand the Difference Between Backups and Archives

    They are not the same, and confusing the two concepts could be expensive

    Analyst Perspective

    Backups and archives are not interchangeable, but they can complement each other.

    Photo of P.J. Ryan, Research Director, Infrastructure & Operations, Info-Tech Research Group.

    Backups and archives are two very different operations that are quite often confused or misplaced. IT and business leaders are tasked with protecting corporate data from a variety of threats. They also must conform to industry, geographical, and legal compliance regulations. Backup solutions keep the data safe from destruction. If you have a backup, why do you also need an archive? Archive solutions hold data for a long period of time and can be searched. If you have an archive, why do you also need a backup solution? Backups and archives used to be the same. Remember when you would keep the DAT tape in the same room as the argon gas fire suppression system for seven years? Now that's just not feasible. Some situations require a creative approach or a combination of backups and archives.

    Understand the difference between archives and backups and you will understand why the two solutions are necessary and beneficial to the business.

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • You don’t understand the difference between a backup and an archive or when to use one over the other.
    • Data is not constant. It is ever-changing and growing. How do you protect it?
    • You just replaced an application that had been in use since day one, and even though you have a fully functional replacement, you would like to archive that original application just in case.
    • You want to save money, so you use your backup solution to archive data, but you know that is not ideal. What is the correct solution?
    Common Obstacles
    • Storage costs can be expensive, as can some backup and archiving solutions.
    • Unclear requirements definition to decide between backups or archives.
    • Historically, people referred to archiving as tossing something into a box and storing it away indefinitely. Data archiving has a different meaning.
    • Executives want retired applications preserved but do not provide reasons or requirements.
    Info-Tech’s Approach
    • Spend wisely. Why spend money on an archive solution when a backup will suffice? Don’t leave money on the table.
    • Be creative and assess each backup or archive situation carefully. A custom solution may be required.
    • Backup your production data for the purpose of restoring it and adhere to the 3-2-1 rule of backups (Naviko.com).
    • Archive your older data to an alternate storge platform to save space, allow for searchability, and provide retention parameters.

    Info-Tech Insight

    Keep in mind that backups are for recovery while archives are for discovery. Backups and archives are often confused but understanding the differences can result in significant savings of time and money. Backing up and archiving may be considered IT tasks but recovery and discovery are capabilities the business wants and is willing to pay for.

    Archive

    What it IS

    A data archive is an alternate location for your older, infrequently accessed production data. It is indexed and searchable based on keywords. Archives are deleted after a specified period based on your retention policy or compliance directives.

    What it IS NOT

    Archives are not an emergency copy of your production data. They are not any type of copy of your production data. Archives will not help you if you lose your data or accidentally delete a file. Archives are not multiple copies of production data from various recovery points.

    Why use it

    Archives move older data to an alternate location. This frees up storage space for your current data. Archives are indexed and can be searched for historical purposes, compliance reasons, or in the event of a legal matter where specific data must be provided to a legal team.

    Tips & Tricks – Archiving

    • Archiving will move older data to an alternate location. This will free up storage space in the production environment.
    • Archiving solutions index the data to allow for easier searchability. This will aid in common business searches as well as assist with any potential legal searches.
    • Archiving allows companies to hold onto data for historical purposes as well as for specific retention periods in compliance with industry and regional regulations such as SOX, GDPR, FISMA, as well as others (msp360.com).

    Backup

    What it IS

    A backup is a copy of your data from a specific day and time. It is primarily used for recovery or restoration if something happens to the production copy of data. The restore will return the file or folder to the state it was in at the time of the backup.

    Backups occur frequently to ensure the most recent version of data is copied to a safe location.

    A typical backup plan makes a copy of the data every day, once a week, and once a month. The data is stored on tapes, disk, or using cloud storage.

    What it IS NOT

    Backups are not designed for searching or discovery. If you backup your email and must go to that backup in search of all email pertaining to a specific topic, you must restore the full backup and then search for that specific topic or sender. If you kept all the monthly backups for seven years, that will mean repeating that process 84 times to have a conclusive search, assuming you have adequate storage space to restore the email database 84 times.

    Backups do not free up space.

    Why use it

    Backups protect your data in the event of disaster, deletion, or accidental damage. A good backup strategy will include multiple backups on different media and offsite storage of at least one copy.

    Tips & Tricks – Backups

    • Production data should be backed up on a regular basis, ideally once a day or more frequently if possible.
    • Backups are intended to restore data when it gets deleted, over-written, or otherwise compromised. Most restore requests are from the last 24 to 48 hours, so it may be advantageous to keep a backup readily available on disk for a quick restore when needed.
    • Some vendors and industry subject matter experts advocate the use of a 3-2-1 rule when it comes to backups:
      • Keep three copies of your production data
      • In at least two separate locations (some advocate two different formats), and
      • One copy should be offsite (nakivo.com)

    Cold Storage

    • Cold storage refers to a storage option offered by some cloud vendors. In the context of the discussion between backups and archives, it can be an option for a dedicated backup solution for a specific period. Cost is low and the data is protected from destruction.
    • If an app has been replaced and all data transferred to the replacement solution but for some reason the company wishes to hold onto the data, you want a backup, not an archive. Extract the data, convert it into MongoDB or a similar solution, and drop it into cheap cloud storage (cold storage) for less than $5 per TB/month.

    Case Study

    Understanding the difference between archives and backups could save you a lot of time and money

    INDUSTRY: Manufacturing | SOURCE: Info-Tech Research

    Understanding the difference between an archive and a backup was the first step in solving their challenge.

    A leading manufacturing company found themselves in a position where they had to decide between archiving or doing nothing.

    The company had completed several acquisitions and ended up with multiple legacy applications that had been merged or migrated into replacement solutions. These legacy applications were very important to the original companies and although the data they held had been migrated to a replacement solution, executives felt they should hold onto these applications for a period of time, just in case.

    Some of the larger applications were archived using a modern archiving solution, but when it came to the smaller applications, the cost to add them to the archiving solution greatly exceeded the cost to just keep them running and maintain the associated infrastructure.

    A research advisor from Info-Tech Research Group joined a call with the manufacturing company and discussed their situation. The difference between archives and backups was explained and through the course of the conversation it was discovered that the solution was a modified backup. The application data had already been preserved through the migration, so data could be accessed in the production environment. The requirement to keep the legacy application up and running was not necessary but in compliance with the request to keep the information, the data could be exported from the legacy application into a non-sequential database, compressed, and stored in cloud-based cold storage for less than five dollars per terabyte per month. The manufacturing company’s staff realized that they could apply this same approach to several of their legacy applications and save tens of thousands of dollars in the process.

    Understand the Difference Between Backups and Archives

    Backups

    Backups are for recovery. A backup is a snapshot copy of production data at a specific point in time. If the production data is lost, destroyed, or somehow compromised, the data can be restored from the backup.

    Archives

    Archives are for discovery. It is production data that is moved to an alternate location to free up storage space, allow the data to be searchable, and still hold onto the data for historical or compliance purposes.

    Info-Tech Insight

    Archives and backups are not the same, and there is a use case for each. Sometimes minor adjustments may be required to make the use case work. Understanding the basics of backups and archives can lead to significant savings at a monetary and effort level.

    Additional Guidance

    Production data should be backed up.

    The specific backup solution is up to the business.

    Production data that is not frequently accessed should be archived.

    The specific solution to perform and manage the archiving of the data is up to the business

    • Archived data should also be backed up at least once.
    If the app has been replaced and all data transferred, you want a backup not an archive if you want to keep the data.
    • Short term – fence it off.
    • Long term – extract into Mongo then drop it into cheap cloud storage.

    Case Study

    Using tape backups as an archive solution could result in an expensive discovery and retrieval exercise.

    INDUSTRY: Healthcare | SOURCE: Zasio Enterprises Inc.

    “Do not commingle archive data with backup or disaster recovery tapes.”

    A court case in the United States District Court for the District of Nevada involving Guardiola and Renown Health in 2015 is a good example of why using a backup solution to solve an archiving challenge is a bad idea.

    Renown Health used a retention policy that declared any email older than six months of age as inactive and moved that email to a backup tape. Renown Health was ordered by the court to produce emails from a period of time in the past. Renown estimated that it would cost at least $248,000 to produce those emails, based on the effort involved to restore data from each tape and search for the email in question. Renown Health argued that this long and expensive process would result in undue costs.

    The court reviewed the situation and ruled against Renown Health and ordered them to comply with the request (Zasio.com).

    A proper archiving solution would have provided a quick and low-cost method to retrieve the emails in question.

    Backups and archives are complementary to each other

    • Archives are still production data, but the data does not change. A backup is recommended for the archived data, but the frequency of the backups can be lowered.
    • Backups protect you if a disaster strikes by providing a copy of the production data that was compromised or damaged. Archives allow you to access older data that may have just been forgotten, not destroyed or compromised. Archives could also protect you in a legal court case by providing data that is older but may prove your argument in court.

    Archives and backups are not the same.

    Backups copy your data. Archives move your data. Backups facilitate recovery. Archives facilitate discovery.

    Archive Backup
    Definition Move rarely accessed (but still production) data to separate media. Store a copy of frequently used data on a separate media to ensure timely operational recovery.
    Use Case Legal discovery, primary storage reduction, compliance requirements, and audits. Accidental deletion and/or corruption of data, hardware/software failures.
    Method Disk, cloud storage, appliance. Disk, backup appliance, snapshots, cloud.
    Data Older, rarely accessed production data. Current production data.

    Is it a backup or archive?

    • You want to preserve older data for legal and compliance reasons, so you put extra effort into keeping your tape backups safe and secure for seven years. That’s a big mistake that may cost you time and money. You want an archive solution.
    • You replace your older application and migrate all data to the new system, but you want to hold onto the old data, just in case. That’s a backup, not an archive.
    • A long serving senior executive recently left the company. You want to preserve the contents of the executive's laptop in case it is needed in the future. That’s a backup.

    Considerations When Choosing Between Solutions

    1

    Backup or archive?

    2

    What are you protecting?

    3

    Why are you protecting data?

    4

    Solution

    Backup

    Backup and/or archive.
    Additional information required.
    Column 3 may help

    Archive

    Device

    Data

    Application

    Operational Environment

    Operational recovery

    Disaster recovery

    Just in case

    Production storage space reduction

    Retention and preservation

    Governance, risk & compliance

    Backup

    Archive

    Related Info-Tech Research

    Stock image of light grids and flares. Establish an Effective Data Protection Plan

    Give data the attention it deserves by building a strategy that goes beyond backup.

    Stock image of old fuse box switches. Modernize Enterprise Storage

    Current and emerging storage technologies are disrupting the status quo – prepare your infrastructure for the exponential rise in data and its storage requirements.

    Logo for 'Software Reviews' and their information on 'Compare and Evaluate: Data Archiving.'
    Sample of Info-Tech's 'Data Archiving Policy'. Data Archiving Policy

    Bibliography

    “Backup vs. archiving: Know the difference.” Open-E. Accessed 05 Mar 2022.Web.

    G, Denis. “How to build retention policy.” MSP360, Jan 3, 2020. Accessed 10 Mar 2022.

    Ipsen, Adam. “Archive vs Backup: What’s the Difference? A Definition Guide.” BackupAssist, 28 Mar 2017. Accessed 04 Mar 2022.

    Kang, Soo. “Mitigating the expense of E-discovery; Recognizing the difference between back-ups and archived data.” Zasio Enterprises, 08 Oct 2015. Accessed 3 Mar 2022.

    Mayer, Alex. “The 3-2-1 Backup Rule – An Efficient Data Protection Strategy.” Naviko. Accessed 12 Mar 2022.

    “What is Data-Archiving?” Proofpoint. Accessed 07 Mar 2022.

    Tymans Group Consulting

    IT resilience, carefree entrepreneurship.

    Discover and implement all the ingredients that make your IT perform fast and rock solid.

    Yes, I want stable and performant IT Operations

    We are multidisciplinary infrastructure and IT Operations experts.
    We bring passion, focus, and results to our work and your company.

    TY innovates resilience embedding in your organization

    Let's have a chat

    • TY as your advisor

      This gives you our expertise on tap. Do you have an issue? Call us. You want to have a sparring partner to solve a problem? Call us. Do you need a sounding board? Call us.

      TY provides advisory services as well as traditional consulting. We also execute study and revision services for your policies, standards, procedures, and guidelines to ensure compliance with DORA, NIS2 and corporate requirements of both your own company and that of your clients. And we also check against our internal best ways of working.

      Book a conversation

    • Focused Consulting and Implementing

      This is where you have our undivided attention, and we work with you one on one until resolution. Note that there is a waiting period for this service at this time.

      If you are interested, please first book a call so that we can determine if we are a good fit together.

      Book a conversation

    What our relations tell us

    • Citigroup Manager

      As a technical consultant, Gert is an All-Star performer...  He has got many wins under his belt... His willingness to work hard, knowledge of regional systems (especially Tokyo) and Microsoft Office is well respected within the Group 

    • Sandra

      Tx for all the efforts done! Great Job! And good luck for the ones amongst you that still need to work tomorrow Grtz Sandra VB
    • Patrick A.

      Hi Gert, I'm busy documenting .... Thanks for your real friendly and careful, yet effective support :-) Patrick A.
    • Lucie VH

      During my vacation, Gert took over the management of a number of ongoing problems. Even before I actually left for my trip, he took action and proposed a number of improvements. Gert coordinated between the different stakeholders and PTA's and resolved a number of acute issues. And he did this in a very pleasant, yet effective way.
    • Dawn

      No worries. It only freaked me out for a few minutes, then I saw that the system had blocked them from doing any real damage. Thanks for the cleanup and extra measures, though! As always, you rock!
    • After a successful DRP

      Thanks for all the efforts done ans special Tx Gert for Coordinating this again!
    • A CIO

      Yet again Gert, Thanks for handling this in such a top way!
    • A Sales Manager

      Awesome Gert, I will let the team know we can close this issue!
    • Investment bank manager

      Flexibility, Adaptability, problem Solving are Gert's strong points, Exceptionally beneficial in "crisis." I can attest that Gert will always see a problem through. if he needs to hand it off, it will aways have good handoff notes. His business knowledge is good and will part of the next project.

    • Wall Street Performance Review

      As with the classes for SFC, Gert organised formal classes for all of the Research IT teams.... I would class this job as well done, given everything that was going on with Rsearch IT. 

    • Stuart B on Gert Taeymans

      Excellent technical resource. Quick help on issues and provide explanations to regional teams. Often covers for us in the evenings or when things get particularly busy.

    • Asia support to roll out global system

      Gert time in Japan was a great success. He really helped the IT group through a really difficult tume during the roll out of {the global research publishing system} and had to cover all the bases that had not been properly coverd by the previous person in Japan. Gert's visit also coincided with Stuart's joining into the Asia IT Research group. Gert was very flexible  in the hours that he worked and the lenght of time he was out in Tokyo (in the end more than 4 weeks.)

      The feedback from both the users and the IT group was VERY positive on Gertt's contribution. He was more than capabable to put across technical points to the IT team, in their language.

    • IT Director

      Gert is a knowledgeable individual who takes on additional responsibility... rapidly addressng end-user issues and developing custom solutions when needed.

    Benefits of working with Tymans Group

    • We focus on actual deliverables

      TY delivers on the IT resilience what and how. Get actionable IT, management, governance, and productivity research, insights, blueprints with templates, easy-to-use tools, and clear instructions to help you execute effectively and become IT resilient.

    • Get insights from top IT professionals

      Our TY network base constantly informs us about our IT resilience research and validates it through client experiences. TY adds to that by applying this research to real-world situations in Belgium, the Netherlands, Germany, Europe and the US.

    • Data-driven insights

      It is tempting to use your gut instinct. Don't. Everything TY does, is data-driven. From our research to our interactions with you, we use an analytical approach to help you move forward with your key IT resilience projects.

    Frequently asked questions

    • How does Tymans Group IT Operations advisory work?

      TY believes strongly in leveraging technology and personal delivery. That is why TY uses one on one calling sessions using Teams and Zoom. When needed I do on site delivery.

      Every advisory option has a set number of interactive contact points in addition to email and chat options. Every contact request is answered by me personally. 

      Through the use of technology, I ensure that instead of you having to drive to your coach, the coach “comes” to you!

    • What are Tymans Group advisory service timings?

      TY is available on European time from 09:00 until 17:00 and US EST 09:00-17:00 (depending on already booked appointments). 

    • How much to Tymans Group programs cost?

      While this is a difficult question to answer, let's give it a shot.

      Ideally I work value-based. But this is more for well-defined projects where the ROI is quantifiable rather than qualifiable.

      Often advisory services are a discovery and we obtain results together. You may even only need an experienced sounding board. This type of pricing starts from €4,500.

    • Does Tymans Group have a "pick your brain" option?

      By popular demand, yes, I added this. It is not the cheapest way to use me, but it may be the most effective for you.

    • How are Tymans Group advisory services delivered?

      TY believes strongly in leveraging technology and personal delivery. That is why TY uses one on one calling sessions using Teams and Zoom. When needed I do on site delivery.

      This way I ensure that instead of you having to drive to your coach, the coach “comes” to you!

      You are allowed to record the sessions and use them internally in your organization, including as part of your internal training. You are not allowed to resell these without a resale agreement.

    • Tymans Group is delivered online via calls? Isn't on-site better?

      Interestingly, in the majority of advisory services the answer is no.

      Purely on-site automatically limits the time we can spend together. Thus, typically, the interactions are of a shorter duration. Even when this is done over a longer timeframe, like 5 to 10 days, this is really too short for effective advising, coaching and mentoring. 

      We stay away from accelerated programs, where I can send a lot of information, and most of it will not stick.

      Terry Sejnowski  a neuroscientist, actually states that cramming does not help you remember. It gets you, maybe, through the next exam, but the information is not retained. The way to integrate and remember information is to spread out the study and repeat. This is called the spacing effect.

      This is why I employ the online delivery method. When you record our sessions, you can come back and again repeat it, note down your questions and fire them off to me. I respond and you go back into the talk. Then you apply, possibly fail, and come back again until it succeeds, and then you make it your own.

      That is why time-pressured, on-site delivery does not work. Our method makes you effective because you internalized the material and feedback. This can then be rounded-off by on-site finalization.

      10-15 years ago, this was not possible, as the web-based tools were simply not fast enough. Today, unless you are taking classes like carpentry or other topics that require on-site delivery, online delivery is the way to go.

    • Can I pay by wire transfer?

      We actually prefer wire transfer. It cuts down on the financial fees and it is the norm in the European Union. Our US customer can also use this feature and pay into our US bank.

    • Where is Tymans Group located?

      Tymans Group has two locations:

      In Europe, Belgium and in Greenville, DE, United States, 

      The HQ is in Belgium.

    • Does this work for less than 25 employees?

      Resilience is not size-dependent. That said, if you are supplying critical services to financial services firms, you may not have a choice. In that case, be prepared to up your game. Call TY in this case. We can help you fulfill third-party requirements, such as the DORA regulation.

      In other cases, if you plan to grow your company beyond 25 employees, then yes. Start with the basics, though. Make sure you have a good understanding of your current challenges. Schedule a chat with me to determine the right baseline.

      If you are just starting out and want to ensure that your company's processes are correct right out of the gate, it's better to give me a call. We can start you off in the right direction without spending too much.

      Our guides are only available to existing advisory clients. Let's chat informally if we are a fit for you.

    • I'm a small business owner, can I do all this by myself?

      Our guides are only available to existing advisory clients.

      But also see the above question about company size and target clients. If you have fewer than 25 employees and you are not supplying critical services to financial institutions, then maybe some of our guides are not for you. We can still help you organize your resilience, but it may be more cost-effective to use only our TY Advisory services.

      Once you grow beyond 25 employees, you will benefit from our processes. Just implement what you need. How do you know what you require? You probably already have an inkling of what is lacking in your organization. If you are unsure, please get in touch with us.

      In short, the answer is yes, and TY can help you. Once you know what you are looking for, that guide allows you to handle it yourself. If you require help selecting the right guide, please get in touch with us.

    • Do you provide refunds?

      Before buying the DIY guides, available only to existing advisory clients,, please refer to the free Executive Summary when available. If there is no Executive summary available, please contact me with any questions you have. 

      As these are downloadable products, I cannot provide any refunds, but I will help you with any exchange where you have a good reason. 

    • I bought the wrong item

      If you bought the wrong item, please contact me and we'll be happy to provide an alternative item.

    • I want more assistance

      Yes, more assistance is available.  Tymans Group can provide you with any assistance you require within the parameters of your contract.

      Per-guide assistance ranges from a single phone or video consultation to guided implementation or a workshop. Alternatively we can go to do-it-for-you implementation or even full-time consulting.

      Note that our guides are only available to existing advisory clients.

      Please contact me for a talk.

    I want more information to become more resilient.

    Continue reading

    Change Management

    • Buy Link or Shortcode: {j2store}3|cart{/j2store}
    • Related Products: {j2store}3|crosssells{/j2store}
    • Up-Sell: {j2store}3|upsells{/j2store}
    • Download01-Title: Change Management Executive Brief
    • Download-01: Visit Link
    • member rating overall impact: 9.6/10
    • member rating average dollars saved: $35,031
    • member rating average days saved: 34
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    Every company needs some change management. Both business and IT teams benefit from knowing what changes when.

    incident, problem, problemchange

    What is resilience?

    • Large vertical image:
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    Aside from the fact that operational resilience is mandated by law as of January 2025 (yes, next year), having your systems and applications available to your customers whenever they need your services is always a good idea. Customers, both existing and new ones, typically prefer smooth operations over new functionality. If you have any roadblocks in your current customer journey, then solving those is also part of operational resilience (and excellence).

    Does this mean you should not market new products or services? Of course not! Solving a customer journey roadblock is ensuring that your company is resilient. The Happy Meal is a prime example: it solved a product roadblock for small children and a profits roadblock for the company. For more info, just google it. But before you bring a new service online, be sure that it can withstand the punches that will be thrown at it. 

    What is resilience? 

    Resilience is the art of making sure your services are available to your customers whenever they can use them. Note I did not say 24/7/365. Your business may require that, but perhaps your systems need "only" to be available during "normal" business hours.

    Resilient systems can withstand adverse events that impair their ability to perform normal functions, and, like in the case the Happy Meals, increased peak demands. Events can include simple breakdowns (like a storage device, an internet connection that fails, or a file that fails to load) or something worse, like a cyber attack or a larger failure in your data center.

    Your client does not care what the cause is; what counts for the client is, "Can I access your service? (or buy that meal for my kid.)"

    Resilience entails several aspects:

    • availability
    • performance
    • right-sizing
    • hardening
    • restore-ability
    • testing
    • monitoring
    • management and governance

    It is now tempting to apply these aspects only to your organization's IT or technical parts. That is insufficient. Your operations, management, and even e.g. sales must ensure that services rendered result in happy clients and happy shareholders/owners. The reason is that resilient operations are a symphony. Not one single department or set of actions will achieve this. When you have product development working with the technical teams to develop a resilient flow at the right level for its earning potential, then you maximize profits.

    This synergy ensures that you invest exactly the right level of resources. There are no exaggerated technical or operational elements for ancillary services. That frees resources to ensure your main services receive the full attention they deserve.

    Resilience, in other words, is the result of a mindset and a way of operating that helps your business remain at the top of its game and provides a top service to clients while keeping the bottom line in the black. 

    Why do we need to spend on this?

    I mean, if it ain't broke, don't fix it. That old adage is true, and yet not. Services can remain up and running for a long time with single points of failure. But can you afford to have them break at any time? If yes, and your customers don't mind waiting for you to patch things up, then you can "risk-accept" that situation. But how realistic is that these days? If I cannot buy it at your shop today, I'll more than likely get it from another. If I'm in a contract with you, yet you cannot deliver, we will have a conversation, or at the very least, a moment of disappointment. If you have enough "disappointments," you will lose the customer. Lose enough customers, and you will have a reputational problem or worse.

    We don't like to spend resources on something that "may"go wrong. We do risk assessments to determine the true cost of non-delivery and the likelihood of that happening. And there are different ways to deal with that assessment's outcome. Not everything needs to have double the number of people working on it, just in case one resignes. Not every system needs an availability of 99,999%.

    But sometimes, we do not have a choice. When lives are at stake, like in medical or aviation services, being sorry is not a good starting point. The same goes for financial services. the DORA and NIS2 legislation in the EU, the CEA, FISMA, and GLBA in the US, and ESPA in Japan, to name a few, are legislations that require your company, if active in the relevant regulated sectors, to comply and ensure that your services continue to perform.

    Most of these elements have one thing in common: we need to know what is important for our service delivery and what is not.

    Business service

    That brings us to the core subject of what needs to be resilient. The answer is very short and very complex at the same time. It is the service that you offer to your customers which must meet reliance levels.

    Take the example of a hospital. When there is a power outage, the most critical systems must continue operating for a given period. That also means that sufficient capable staff must be present to operate said equipment; it even means that the paths leading to said hospital should remain available; if not by road, then, e.g., by helicopter. If these inroads are unavailable, an alternate hospital should be able to take on the workload. 

    Not everything here in this example is the responsibility of the hospital administrators! This is why the management and governance parts of the resilience ecosystem are so important in the bigger picture. 

    If we look at the financial sector, the EU DORA (Digital Operational Resilience Act) specifically states that you must start with your business services. Like many others, the financial sector can no longer function without its digital landscape. If a bank is unexpectedly disconnected from its payment network, especially SWIFT, it will not be long before there are existential issues. A trading department stands to lose millions if the trading system fails. 

    Look in your own environment; you will see many such points. What if your internet connection goes down, and you rely on it for most of your business? How long can you afford to be out? How long before your clients notice and take action? Do you supply a small but critical service to an institution? Then, you may fall under the aforementioned laws (it's called third-party requirements, and your client may be liable to follow them.)

    But also, outside of the technology, we see points in the supply chain that require resilience. Do you still rely on a single person or provider for a critical function? Do you have backup procedures if the tech stops working, yet your clients require you to continue to service them? 

    In all these and other cases, you must know what your critical services are so that you can analyze the requirements and put the right measures in place.

    Once you have defined your critical business services and have analyzed their operational requirements, you can start to look at what you need to implement the aforementioned areas of availability, monitoring, hardening, and others. Remember we're still at the level of business service. The tech comes later and will require a deeper analysis. 

    In conclusion.

    Resilient operations ensure that you continue to function, at the right price, in the face of adverse events. If you can, resilience starts at the business level from the moment of product conception. If the products have long been developed, look at how they are delivered to the client and upgrade operations, resources, and tech where needed.

    In some cases, you are legally required to undertake this exercise. But in all cases, it is important that you understand your business services and the needs of your clients and put sufficient resources in the right places of your delivery chain. 

    If you want to discuss this further, please contact me for a free talk.

     

    IT Operations

    CIO Priorities 2022

    • Buy Link or Shortcode: {j2store}328|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $31,499 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Understand how to respond to trends affecting your organization.
    • Determine your priorities based on current state and relevant internal factors.
    • Assign the right amount of resources to accomplish your vision.
    • Consider what new challenges outside of your control will demand a response.

    Our Advice

    Critical Insight

    A priority is created when external factors hold strong synergy with internal goals and an organization responds by committing resources to either avert risk or seize opportunity. These are the priorities identified in the report:

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Impact and Result

    Update your strategic roadmap to include priorities that are critical and relevant for your organization based on a balance of external and internal factors.

    CIO Priorities 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. CIO Priorities 2022 – A report on the key priorities for competing in the digital economy.

    Discover Info-Tech’s five priorities for CIOs in 2022.

    • CIO Priorities Report for 2022

    2. Listen to the podcast series

    Hear directly from our contributing experts as they discuss their case studies with Brian Jackson.

    • Frictionless hybrid working: How the Harvard Business School did it
    • Close call with ransomware: A CIO recounts a near security nightmare
    • How a financial services company dodged "The Great Resignation"
    • How Allianz took a blockchain platform from pilot to 1 million transactions
    • CVS Health chairman David Dorman on healthcare's hybrid future

    Infographic

    Further reading

    CIO Priorities 2022

    A jumble of business-related words. Info-Tech’s 2022 Tech Trends survey asked CIOs for their top three priorities. Cluster analysis of their open-ended responses shows four key themes:
    1. Business process improvements
    2. Digital transformation or modernization
    3. Security
    4. Supporting revenue growth or recovery

    Info-Tech’s annual CIO priorities are formed from proprietary primary data and consultation with our internal experts with CIO stature

    2022 Tech Trends Survey CIO Demographic N=123

    Info-Tech’s Tech Trends 2022 survey was conducted between August and September 2021 and collected a total of 475 responses from IT decision makers, 123 of which were at the C-level. Fourteen countries and 16 industries are represented in the survey.

    2022 IT Talent Trends Survey CIO Demographic N=44

    Info-Tech’s IT Talent Trends 2022 survey was conducted between September and October 2021 and collected a total of 245 responses from IT decision makers, 44 of which were at the C-level. A broad range of countries from around the world are represented in the survey.

    Internal CIO Panels’ 125 Years Of Combined C-Level IT Experience

    Panels of former CIOs at Info-Tech focused on interpreting tech trends data and relating it to client experiences. Panels were conducted between November 2021 and January 2022.

    CEO-CIO Alignment Survey Benchmark Completed By 107 Different Organizations

    Info-Tech’s CEO-CIO Alignment program helps CIOs align with their supervisors by asking the right questions to ensure that IT stays on the right path. It determines how IT can best support the business’ top priorities and address the gaps in your strategy. In 2021, the benchmark was formed by 107 different organizations.

    Build IT alignment

    IT Management & Governance Diagnostic Benchmark Completed By 320 Different Organizations

    Info-Tech’s Management and Governance Diagnostic helps IT departments assess their strengths and weaknesses, prioritize their processes and build an improvement roadmap, and establish clear ownership of IT processes. In 2021, the benchmark was formed by data from 320 different organizations.

    Assess your IT processes

    The CIO priorities are informed by Info-Tech’s trends research reports and surveys

    Priority: “The fact or condition of being regarded or treated as more important than others.” (Lexico/Oxford)

    Trend: “A general direction in which something is developing or changing.” (Lexico/Oxford)

    A sequence of processes beginning with 'Sensing', 'Hypothesis', 'Validation', and ending with 'Trends, 'Priorities'. Under Sensing is Technology Research, Interviews & Insights, Gathering, and PESTLE. Under Hypothesis is Near-Future Probabilities, Identify Patterns, Identify Uncertainties, and Identify Human Benefits. Under Validation is Test Hypothesis, Case Studies, and Data-Driven Insights. Under Trends is Technology, Talent, and Industry. Under Priorities is CIO, Applications, Infrastructure, and Security.

    Visit Info-Tech’s Trends & Priorities Research Center

    Image called 'Defining the CIO Priorities for 2022'. Image shows 4 columns, Implications, Resource Investment, Amplifiers, and Actions and Outcomes, with 2 dotted lines, labeled External Context and Internal Context, running through all 4 columns and leading to bottom-right label called CIO Priorities Formed

    The Five Priorities

    Priorities to compete in the digital economy

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Reduce friction in the hybrid operating model

    Priority 01 | APO07 Human Resources Management

    Deliver solutions that create equity between remote workers and office workers and make collaboration a joy.

    Hybrid work is here to stay

    CIOs must deal with new pain points related to friction of collaboration

    In 2020, CIOs adapted to the pandemic’s disruption to offices by investing in capabilities to enable remote work. With restrictions on gathering in offices, even digital laggards had to shift to an all-remote work model for non-essential workers.

    Most popular technologies already invested in to facilitate better collaboration

    • 24% Web Conferencing
    • 23% Instant Messaging
    • 20% Document Collaboration

    In 2022, the focus shifts to solving problems created by the new hybrid operating model where some employees are in the office and some are working remotely. Without the ease of collaborating in a central hub, technology can play a role in reducing friction in several areas:

    • Foster more connections between employees. Remote workers are less likely to collaborate with people outside of their department and less likely to spontaneously collaborate with their peers. CIOs should provide a digital employee experience that fosters collaboration habits and keeps workers engaged.
    • Prevent employee attrition. With more workers reevaluating their careers and leaving their jobs, CIOs can help employees feel connected to the overall purpose of the organization. Finding a way to maintain culture in the new context will require new solutions. While conference room technology can be a bane to IT departments, making hybrid meetings effortless to facilitate will be more important.
    • Provide new standards for mediated collaboration. Meeting isn’t as easy as simply gathering around the same table anymore. CIOs need to provide structure around how hybrid meetings are conducted to create equity between all participants. Business continuity processes must also consider potential outages for collaboration services so employees can continue the work despite a major outage.

    Three in four organizations have a “hybrid” approach to work. (Tech Trends 2022 Survey)

    In most organizations, a hybrid model is being implemented. Only 14.9% of organizations are planning for almost everyone to return to the office, and only 9.9% for almost everyone to work remotely.

    Elizabeth Clark

    CIO, Harvard Business School

    "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

    Photo of Elizabeth Clark, CIO, Harvard Business School.

    Listen to the Tech Insights podcast:
    Frictionless hybrid working: How the Harvard Business School did it

    Internal interpretation: Harvard Business School

    • March 2020
      The pandemic disrupts in-class education at Harvard Business School. Their case study method of instruction that depends on in-person, high-quality student engagement is at risk. While students and faculty completed the winter semester remotely, the Dean and administration make the goal to restore the integrity of the classroom experience with equity for both remote and in-person students.
    • May 2020
      A cross-functional task force of about 100 people work intensively, conducting seven formal experiments, 80 smaller tests, and hundreds of polling data points, and a technology and facilities solution is designed: two 4K video cameras capturing both the faculty and the in-class students, new ceiling mics, three 85-inch TV screens, and students joining the videoconference from their laptops. A custom Zoom room, combining three separate rooms, integrated all the elements in one place and integrated with the lecture capture system and learning management system.
    • October 2020
      Sixteen classrooms are renovated to install the new solution. Students return to the classroom but in lower numbers due to limits on in-room capacity, but students rotate between the in-person and remote experience.
    • September 2021
      Renovations for the hybrid solution are complete in 26 classrooms and HBS has determined this will be its standard model for the classroom. The case method of teaching is kept alive and faculty and students are thrilled with the results.
    • November 2021
      HBS is adapting its solution for the classroom to its conference rooms and has built out eight different rooms for a hybrid experience. The 4K cameras and TV screens capture all participants in high fidelity as well as the blackboard.

    Photo of a renovated classroom with Zoom participants integrated with the in-person students.
    The renovated classrooms integrate all students, whether they are participating remotely or in person. (Image courtesy of Harvard Business School.)

    Implications: Organization, Process, Technology

    External

    • Organization – About half of IT practitioners in the Tech Trends 2022 survey feel that IT leaders, infrastructure and operations teams, and security teams were “very busy” in 2021. Capacity to adapt to hybrid work could be constrained by these factors.
    • Process – Organizations that want employees to benefit from being back in the office will have to rethink how workers can get more value out of in-person meetings that also require videoconference participation with remote workers.
    • Technology – Fifty-four percent of surveyed IT practitioners say the pandemic raised IT spending compared to the projections they made in 2020. Much of that investment went into adapting to a remote work environment.

    Internal

    • Organization – HBS added 30 people to its IT staff on term appointments to develop and implement its hybrid classroom solutions. Hires included instructional designers, support technicians, coordinators, and project managers.
    • Process – Only 25 students out of the full capacity of 95 could be in the classroom due to COVID-19 regulations. On-campus students rotated through the classroom seats. An app was created to post last-minute seat availability to keep the class full.
    • Technology – A Zoom room was created that combines three rooms to provide the full classroom experience: a view of the instructor, a clear view of each student that enlarges when they are speaking, and a view of the blackboard.

    Resources Applied

    Appetite for Technology

    CIOs and their direct supervisors both ranked internal collaboration tools as being a “critical need to adopt” in 2021, according to Info-Tech’s CEO-CIO Alignment Benchmark Report.

    Intent to Invest

    Ninety-seven percent of IT practitioners plan to invest in technology to facilitate better collaboration between employees in the office and outside the office by the end of 2022, according to Info-Tech’s 2022 Tech Trends survey.

    “We got so many nice compliments, which you don’t get in IT all the time. You get all the complaints, but it’s a rare case when people are enthusiastic about something that was delivered.” (Elizabeth Clark, CIO, Harvard Business School)

    Harvard Business School

    • IT staff were reassigned from other projects to prioritize building a hybrid classroom solution. A cloud migration and other portfolio projects were put on pause.
    • The annual capital A/V investment was doubled. The amount of spend on conference rooms was tripled.
    • Employees were hired to the media services team at a time when other areas of the organization were frozen.

    Outcomes at Harvard Business School

    The new normal at Harvard Business School

    New normal: HBS has found its new default operating model for the classroom and is extending its solution to its operating environment.

    Improved CX: The high-quality experience for students has helped avoid attrition despite the challenges of the pandemic.

    Engaged employees: The IT team is also engaged and feels connected to the mission of the school.

    Photo of a custom Zoom room bringing together multiple view of the classroom as well as all remote students.
    A custom Zoom room brings together multiple different views of the classroom into one single experience for remote students. (Image courtesy of Harvard Business School.)

    From Priorities to Action

    Make hybrid collaboration a joy

    Align with your organization’s goals for collaboration and customer interaction, with the target of high satisfaction for both customers and employees. Invest in capital projects to improve the fidelity of conference rooms, develop and test a new way of working, and increase IT capacity to alleviate pressure points.

    Foster both asynchronous and synchronous collaboration approaches to avoid calendars filling up with videoconference meetings to get things done and to accommodate workers contributing from across different time zones.

    “We’ll always have hybrid now. It’s opened people’s eyes and now we’re thinking about the future state. What new markets could we explore?” (Elizabeth Clark, CIO, Harvard Business School)

    Take the next step

    Run Better Meetings
    Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.

    Prepare People Leaders for the Hybrid Work Environment
    Set hybrid work up for success by providing people leaders with the tools they need to lead within the new model.

    Hoteling and Hot-Desking: A Primer
    What you need to know regarding facilities, IT infrastructure, maintenance, security, and vendor solutions for desk hoteling and hot-desking.

    “Human Resources Management” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the Human Resources Management gap between importance and effectiveness. The difference is marked as Delta 2.3.

    Improve your ransomware readiness

    Priority 02 | APO13 Security Strategy

    Mitigate the damage of successful ransomware intrusions and make recovery as painless as possible.

    The ransomware crisis threatens every organization

    Prevention alone won’t be enough against the forces behind ransomware.

    Cybersecurity is always top of mind for CIOs but tends to be deprioritized due to other demands related to digital transformation or due to cost pressures. That’s the case when we examine our data for this report.

    Cybersecurity ranked as the fourth-most important priority by CIOs in Info-Tech’s 2022 Tech Trends survey, behind business process improvement, digital transformation, and modernization. Popular ways to prepare for a successful attack include creating offline backups, purchasing insurance, and deploying new solutions to eradicate ransomware.

    CIOs and their direct supervisors ranked “Manage IT-Related Security” as the third-most important top IT priority on Info-Tech’s CEO-CIO Alignment Benchmark for 2021, in support of business goals to manage risk, comply with external regulation, and ensure service continuity.

    Most popular ways for organizations to prepare for the event of a successful ransomware attack:

    • 25% Created offline backups
    • 18% Purchased cyberinsurance
    • 19% New tech to eradicate ransomware

    Whatever priority an organization places on cybersecurity, when ransomware strikes, it quickly becomes a red alert scenario that disrupts normal operations and requires all hands on deck to respond. Sophisticated attacks executed at wide scale demonstrate that security can be bypassed without creating an alert. After that’s accomplished, the perpetrators build their leverage by exfiltrating data and encrypting critical systems.

    CIOs can plan to mitigate ransomware attacks in several constructive ways:

    • Business impact analysis. Determine the costs of an outage for specific periods and the system and data recovery points in time.
    • Engage a partner for 24/7 monitoring. Gain real-time awareness of your critical systems.
    • Review your identity access management (IAM) policies. Use of multi-factor authentication and limiting access to only the roles that need it reduces ransomware risk.

    50% of all organizations spent time and money specifically to prevent ransomware in the past year. (Info-Tech Tech Trends 2022 Survey)

    John Doe

    CIO, mid-sized manufacturing firm in the US

    "I want to create experiences that are sticky. That keep people coming back and engaging with their colleagues."

    Blank photo.

    Listen to the Tech Insights podcast:
    Close call with ransomware: a CIO recounts a near security nightmare

    Internal interpretation: US-based, mid-sized manufacturing firm

    • May 1, 2021
      A mid-sized manufacturing firm (“The Firm”) CIO gets a call from his head of security about odd things happening on the network. A call is made to Microsoft for support. Later that night, the report is that an unwanted crypto-mining application is the culprit. But a couple of hours later, that assessment is proven wrong when it’s realized that hundreds of systems are staged for a ransomware attack. All the attacker has to do is push the button.
    • May 2, 2021
      The Firm disconnects all its global sites to cut off new pathways for the malware to infect. All normal operations cease for 24 hours. It launches its cybersecurity insurance process. The CIO engages a new security vendor, CrowdStrike, to help respond. Employees begin working from home if they can so they can make use of their own internet service. The Firm has cut off its public internet connectivity and is severed from cloud services such as Azure storage and collaboration software.
    • May 4, 2021
      The hackers behind the attack are revealed by security forensics experts. A state-sponsored agency in Russia set up the ransomware and left it ready to execute. It sold the staged attack to a cybercriminal group, Doppel Spider. According to CrowdStrike, the group uses malware to run “big game hunting operations” and targets 18 different countries including the US and multiple industries, including manufacturing.
    • May 10, 2021
      The Firm has totally recovered from the ransomware incident and avoided any serious breach or paying a ransom. The CIO worked more hours than at any other point in his career, logging an estimated 130 hours over the two weeks.
    • November 2021
      The Firm never previously considered itself a ransomware target but has now reevaluated that stance. It has hired a service provider to run a security operations center on a 24/7 basis. It's implemented a more sophisticated detection and response model and implemented multi-factor authentication. It’s doubled its security spend in 2021 and will invest more in 2022.

    “Now we take the approach that if someone does get in, we're going to find them out.” (John Doe, CIO, “The Firm”)

    Implications: Organization, Process, Technology

    External

    • Organization – Organizations must consider how their employees play a role in preventing ransomware and plan for training to recognize phishing and other common traps. They must make plans for employees to continue their work if systems are disrupted by ransomware.
    • Process – Backup processes across multiple systems should be harmonized to have both recent and common points to recover from. Work with the understanding IT will have to take systems offline if ransomware is discovered and there is no time to ask for permission.
    • Technology – Organizations can benefit from security services provided by a forensics-focused vendor. Putting cybersecurity insurance in place not only provides financial protection but also guidance in what to do and which vendors to work with to prevent and recover from ransomware.

    Internal

    • Organization – The Firm was prepared with a business continuity plan to allow many of its employees to work remotely, which was necessary because the office network was incapacitated for ten days during recovery.
    • Process – Executives didn’t seek to assign blame for the security incident but took it as a signal there were some new costs involved to stay in business. It initiated new outsource relationships and hired one more full-time employee to shore up security resources.
    • Technology – New ransomware eradication software was deployed to 2,000 computers. Scripted processes automated much of the work, but in some cases full system rebuilds were required. Backup systems were disconnected from the network as soon as the malware was discovered.

    Resources Applied

    Consider the Alternative

    Organizations should consider how much a ransomware attack on critical systems would cost them if they were down for a minimum of 24-48 hours. Plan to invest an amount at least equal to the costs of that downtime.

    Ask for ID

    Implementing across-the-board multi-factor authentication reduces chances of infection and is cheap, with enterprise solutions ranging from $2 to $5 per user on average. Be strict and deny access when connections don’t authenticate.

    “You'll never stop everything from getting into the network. You can still focus on stopping the bad actors, but then if they do make it in, make sure they don't get far.” (John Doe, CIO, “The Firm”)

    “The Firm” (Mid-Sized Manufacturer)

    • During the crisis, The Firm paused all activities and focused solely on isolating and eliminating the ransomware threat.
    • New outsourcing relationship with a vendor provides a 24/7 Security Operations Center.
    • One more full-time employee on the security team.
    • Doubled investment in security in 2021 and will spend more in 2022.

    Outcomes at “The Firm” (Mid-Sized Manufacturer)

    The new cost of doing business

    Real-time security: While The Firm is still investing in prevention-based security, it is also developing its real-time detection and response capabilities. When ransomware makes it through the cracks, it wants to know as soon as possible and stop it.

    Leadership commitment: The C-suite is taking the experience as a wake-up call that more investment is required in today’s threat landscape. The Firm rates security more highly as an overall organizational goal, not just something for IT to worry about.

    Stock photo of someone using their phone while sitting at a computer, implying multi-factor authentication.
    The Firm now uses multi-factor authentication as part of its employee sign-on process. For employees, authenticating is commonly achieved by using a mobile app that receives a secret code from the issuer.

    From Priorities to Action

    Cybersecurity is everyone’s responsibility

    In Info-Tech’s CEO-CIO Alignment Benchmark for 2021, the business goal of “Manage Risk” was the single biggest point of disagreement between CIOs and their direct supervisors. CIOs rank it as the second-most important business goal, while CEOs rank it as sixth-most important.

    Organizations should align on managing risk as a top priority given the severity of the ransomware threat. The threat actors and nature of the attacks are such that top leadership must prepare for when ransomware hits. This includes halting operations quickly to contain damage, engaging third-party security forensics experts, and coordinating with government regulators.

    Cybersecurity strategies may be challenged to be effective without creating some friction for users. Organizations should look beyond multi-layer prevention strategies and lean toward quick detection and response, spending evenly across prevention, detection, and response solutions.

    Take the next step

    Create a Ransomware Incident Response Plan
    Don’t be the next headline. Determine your current readiness, response plan, and projects to close gaps.

    Simplify Identity and Access Management
    Select and implement IAM and produce vendor RFPs that will contain the capabilities you need, including multi-factor authentication.

    Cybersecurity Series Featuring Sandy Silk
    More from Info-Tech’s Senior Workshop Director Sandy Silk in this video series created while she was still at Harvard University.

    Gap between CIOs and CEOs in points allocated to “Manage risk” as a top business goal

    A bar chart illustrating the gap between CIOs and CEOs in points allocated to 'Manage risk' as a top business goal. The difference is marked as Delta 1.5.

    Support an employee-centric retention strategy

    Priority 03 | ITRG02 Leadership, Culture & Values

    Avoid being a victim of “The Great Resignation” by putting employees at the center of an experience that will engage them with clear career path development, purposeful work, and transparent feedback.

    Defining an employee-first culture that improves retention

    The Great resignation isn’t good for firms

    In 2021, many workers decided to leave their jobs. Working contexts were disrupted by the pandemic and that saw non-essential workers sent home to work, while essential workers were asked to continue to come into work despite the risks of COVID-19. These disruptions may have contributed to many workers reevaluating their professional goals and weighing their values differently. At the same time, 2021 saw a surging economy and many new job opportunities to create a talent-hungry market. Many workers could have been motivated to take a new opportunity to increase their salary or receive other benefits such as more flexibility.

    Annual turnover rate for all us employees on the rise

    • 20% – Jan.-Aug. 2020, Dipped from 22% in 2019
    • 25% Jan.-Aug. 2021, New record high
    • Data from Visier Inc.

    When you can’t pay them, develop them

    IT may be less affected than other departments by this trend. Info-Tech’s 2022 IT Talent Trends Report shows that on average, estimated turnover rate in IT is lower than the rest of the organization. Almost half of respondents estimated their organization’s voluntary turnover rate was 10% or higher. Only 30% of respondents estimate that IT’s voluntary turnover rate is in the same range. However, CIOs working in industries with the highest turnover rates will have to work to keep their workers engaged and satisfied, as IT skills are easily transferred to other industries.

    49% ranked “enabling learning & development within IT” as high priority, more than any other single challenge. (IT Talent Trends 2022 Survey, N=227)

    A bar chart of 'Industries with highest turnover rates (%)' with 'Leisure and Hospitality' at 6.4%, 'Trade, Transportation & Utilities' at 3.6%, 'Professional and Business' at 3.3%, and 'Other Services' at 3.1%. U.S. Bureau of Labor Statistics, 2022.

    Jeff Previte

    Executive Vice-President of IT, CrossCountry Mortgage

    “We have to get to know the individual at a personal level … Not just talking about the business, but getting to know the person."

    Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

    Listen to the Tech Insights podcast:
    How a financial services company dodged ‘The Great Resignation’

    Internal interpretation: CrossCountry Mortgage

    • May 2019
      Jeff Previte joins Cleveland, Ohio-based CrossCountry Mortgage in the CIO role. The company faces a challenge with employee turnover, particularly in IT. The firm is a sales-focused organization and saw its turnover rate reach as high as 60%. Yet Previte recognized that IT had some meaningful goals to achieve and would need to attract – and retain – some higher caliber talent. His first objective in his new role was to meet with IT employees and business leadership to set priorities.
    • July 2019
      Previte takes a “people-first” approach to leadership and meets his staff face-to-face to understand their personal situations. He sets to work on defining roles and responsibilities in the organization, spending about a fifth of his time on defining the strategy.
    • June 2020
      Previte assigned his leadership team to McLean & Company’s Design an Impactful Employee Development Program. From there, the team developed a Salesforce tool called the Career Development Workbook. “We had some very passionate developers and admins that wanted to build a home-grown tool,” he says. It turns McLean & Company’s process into a digital tool employees can use to reflect on their careers and explore their next steps. It helps facilitate development conversations with managers.
    • January 2021
      CrossCountry Mortgage changes its approach to career development activities. Going to external conferences and training courses is reduced to just 30% of that effort. The rest is by doing hands-on work at the company. Previte aligned with his executives and road-mapped IT projects annually. Based on employee’s interests, opportunities are found to carve out time from usual day-to-day activities to spend time on a project in a new area. When there’s a business need, someone internally can be ready to transition roles.
    • June 2021
      In the two years since joining the company, Previte has reduced the turnover rate to just 12%. The IT department has grown to more adequately meet the needs of the business and employees are engaged with more opportunities to develop their careers. Instead of focusing on compensation, Previte focused more on engaging employees with a developmentally dedicated environment and continuous hands-on learning.

    “It’s come down to a culture shift. Folks have an idea of where we’re headed as an organization, where we’re headed as an IT team, and how their role contributes to that.” (Jeff Previte, EVP of IT, CrossCountry Mortgage)

    Implications: Organization, Process, Technology

    External

    • Organization – A high priority is being placed on improving IT’s maturity through its talent. Enabling learning and development in IT, enabling departmental innovation, and recruiting are the top three highest priorities according to IT Talent Trends 2022 survey responses.
    • Process – Recruiting is more challenging for industries that operate primarily onsite, according to McLean & Company's 2022 HR Trends Report. They face more challenges attracting applications, more rejected offers, and more candidate ghosting compared to remote-capable industries.
    • Technology – Providing a great employee experience through digital tools is more important as many organizations see a mix of workers in the office and at home. These tools can help connect colleagues, foster professional development, and improve the candidate experience.

    Internal

    • Organization – CrossCountry Mortgage faced a situation where IT employees did not have clarity on their roles and responsibilities. In terms of salary, it wasn’t offering at the high end compared to other employers in Cleveland.
    • Process – To foster a culture of growth and development, CrossCountry Mortgage put in place a performance assessment system that encouraged reflection and goal setting, aided by collaboration with a manager.
    • Technology – The high turnover rate was limiting CrossCountry Mortgage from achieving the level of maturity it needed to support the company’s goals. It ingrained its new PA process with a custom build of a Salesforce tool.

    Resources Applied

    Show me the money

    Almost six in ten Talent Trends survey respondents identified salary and compensation as the reason that employees resigned in the past year. Organizations looking to engage employees must first pay a fair salary according to market and industry conditions.

    Build me up

    Professional development and opportunity for innovative work are the next two most common reasons for resignations. Organizations must ensure they create enough capacity to allow workers time to spend on development.

    “Building our own solution created an element of engagement. There was a sense of ownership that the team had in thinking through this.” (Jeff Previte, CrossCountry Mortgage)

    CrossCountry Mortgage

    • Executive time: CIO spends 10-20% of his time on activities related to designing the approach.
    • Leveraged memberships with Info-Tech Research Group and McLean & Company to define professional development process.
    • Internal IT develops automated workflow in Salesforce.
    • Hired additional IT staff to build out overall capacity and create time for development activities.

    Outcomes at CrossCountry Mortgage

    Engaged IT workforce

    The Great Maturation: IT staff turnover rate dropped to 10-12% and IT talent is developing on the job to improve the department’s overall skill level. More IT staff on hand and more engaged workers mean IT can deliver higher maturity level results.

    Alignment achieved: Connecting IT’s initiatives to the vision of the C-suite creates a clear purpose for IT in its initiatives. Staff understand what they need to achieve to progress their careers and can grow while they work.

    Photo of employees from CrossCountry Mortgage assisting with a distribution event.
    Employees from CrossCountry Mortgage headquarters assist with a drive-thru distribution event for the Cleveland Food Bank on Dec. 17, 2021. (Image courtesy of CrossCountry Mortgage.)

    From Priorities to Action

    Staff retention is a leadership priority

    The Great Resignation trend is bringing attention to employee engagement and staff retention. IT departments are busier than ever during the pandemic as they work overtime to keep up with a remote workforce and new security threats. At the same time, IT talent is among the most coveted on the market.

    CIOs need to develop a people-first approach to improve the employee experience. Beyond compensation, IT workers need clarity in terms of their career paths, a direct connection between their work and the goals of the organization, and time set aside for professional development.

    Info-Tech’s 2021 benchmark for “Leadership, Culture & Values” shows that most organizations rate this capability very highly (9) but see room to improve on their effectiveness (6.9).

    Take the next step

    IT Talent Trends 2022
    See how IT talent trends are shifting through the pandemic and understand how themes like The Great Resignation has impacted IT.

    McLean & Company’s Modernize Performance Management
    Customize the building blocks of performance management to best fit organizational needs to impact individual and organizational performance, productivity, and engagement.

    Redesign Your IT Organizational Structure
    Define future-state work units, roles, and responsibilities that will enable the IT organization to complete the work that needs to be done.

    “Leadership, Culture & Values” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'Leadership, Culture & Values' gap between importance and effectiveness. The difference is marked as Delta 2.1.

    Design an automation platform

    Priority 04 | APO04 Innovation

    Position yourself to buy or build a platform that will enable new automation opportunities through seamless integration.

    Build it or buy it, but platform integration can yield great benefits

    Necessity is the mother of innovation

    When it’s said that digital transformation accelerated during the pandemic, what’s really meant is that processes that were formerly done manually became automated through software. In responses to the Tech Trends survey, CIOs say digital transformation was more of a focus during the pandemic, and eight in ten CIOs also say they shifted more than 20% of their organization’s processes to digital during the pandemic. Automating tasks through software can be called digitalization.

    Most organizations became more digitalized during the pandemic. But how they pursued it depends on their IT maturity. For digital laggards, partnering with a technology services platform is the path of least resistance. For sophisticated innovators, they can consider building a platform to address the specific needs of their business process. Doing so requires the foundation of an existing “digital factory” or innovation arm where new technologies can be tested, proofs of concept developed, and external partnerships formed. Patience is key with these efforts, as not every investment will yield immediate returns and some will fail outright.

    Build it or buy it, platform participants integrate with their existing systems through application programming interfaces (APIs). Organizations should determine their platform strategies based on maturity, then look to integrate the business processes that will yield the most gains.

    What role should you play in the platform ecosystem?

    A table with levels on the maturity ladder laid out as a sprint. Column headers are maturity levels 'Struggle', 'Support', 'Optimize', 'Expand', and 'Transform', row headers are 'Maturity' and 'Role'. Roles are assigned to one or many levels. 'Improve' is solely under Struggle. 'Integrate' spans from Support to Transform. 'Buy' spans Support to Expand. 'Build' begins midway through Expand and all of Transform. 'Partner' spans from Optimize to halfway through Transform.

    68% of CIOs say digital transformation became much more of a focus for their organization during the pandemic (Info-Tech Tech Trends 2022 Survey)

    Bob Crozier

    Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE

    "Smart contracts are really just workflows between counterparties."

    Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

    Listen to the Tech Insights podcast:
    How Allianz took a blockchain platform from pilot to 1 million transactions

    Internal interpretation: Allianz Technology

    • 2015
      After smart contracts are demonstrated on the Ethereum blockchain, Allianz and other insurers recognize the business value. There is potential to use the capability to administer a complex, multi-party contract where the presence of the reinsurer in the risk transfer ecosystem is required. Manual contracts could be turned into code and automated. Allianz organized an early proof of concept around a theoretical pandemic excessive loss contract.
    • 2018
      Allianz Chief Architect Bob Crozier is leading the Global Blockchain Center of Competence for Allianz. They educate Allianz on the value of blockchain for business. They also partner with a joint venture between the Technology University of Munich and the state of Bavaria. A cohort of Masters students is looking for real business problems to solve with open-source distributed ledger technology. Allianz puts its problem statement in front of the group. A student team presents a proof of concept for an international motor insurance claims settlement and it comes in second place at a pitch day competition.
    • 2019
      Allianz brings the concept back in-house, and its business leaders return to the concept. Startup Luther Systems is engaged to build a minimum-viable product for the solution, with the goal being a pilot involving three or four subsidiaries in different countries. The Blockchain Center begins communicating with 25 Allianz subsidiaries that will eventually deploy the platform.
    • 2020
      Allianz is in build mode on its international motor insurance claims platform. It leverages its internal Dev/SecOps teams based in Munich and in India.
    • May 2021
      Allianz goes live with its new platform on May 17, decommissioning its old system and migrating all live claims data onto the new blockchain platform. It sees 400 concurrent users go live across Europe.
    • January 2022
      Allianz mines its one-millionth block to its ledger on Jan. 19, with each block representing a peer-to-peer transaction across its 25 subsidiaries in different countries. The platform has settled hundreds of millions of dollars.

    Stock photo of two people arguing over a car crash.

    Implications: Organization, Process, Technology

    External

    • Organization – To explore emerging technologies like blockchain, organizations need staff that are accountable for innovation and have leeway to develop proofs of concept. External partners are often required to bring in fresh ideas and move quickly towards an MVP.
    • Process – According to the Tech Trends 2022 survey, 84% of CIOs consider automation a high-value digital capability, and 77% say identity verification is a high-value capability. A blockchain platform using smart contracts can deliver those.
    • Technology – The Linux Foundation’s Hyperledger Fabric is an open-source blockchain technology that’s become popular in the financial industry for its method of forming consensus and its modular architecture. It’s been adopted by USAA, MasterCard, and PayPal. It also underpins the IBM Blockchain Platform and is supported by Azure Blockchain.

    Internal

    • Organization – Allianz is a holding company that owns Allianz Technology and 25 operating entities across Europe. It uses the technology arm to innovate on the business process and creates shared platforms that its entities can integrate with to automate across the value chain.
    • Process – Initial interest in smart contracts on blockchain were funneled into a student competition, where a proof of concept was developed. Allianz partnered with a startup to develop an MVP, then developed the platform while aligning with its business units ahead of launch.
    • Technology – Allianz built its blockchain platform on Hyperledger Fabric because it was a permissioned system, unlike other public permissionless blockchains such as Ethereum, and because its mining mechanism was much more energy efficient compared to other blockchains using Proof of Work consensus models.

    Resources Applied

    Time to innovate

    Exploring emerging technology for potential use cases is difficult for staff tasked with running day-to-day operations. Organizations serious about innovation create a separate team that can focus on “moonshot” projects and connect with external partners.

    Long-term ROI

    Automation of new business processes often requires a high upfront initial investment for a long-term efficiency gain. A proof of concept should demonstrate clear business value that can be repeated often and for a long period.

    “My next project has to deliver in the tens of millions of value in return. The bar is high and that’s what it should be for a business of our size.” (Bob Crozier, Allianz)

    Allianz

    • Several operating entities from different countries supplied subject matter expertise and helped with the testing process.
    • Allianz Technology team has eight staff members. It is augmented by Luther Systems and the team at industry group B3i.
    • Funding of less than $5 million to develop. Dev team continues to add improvements.
    • Operating requires just one full-time employee plus infrastructure costs, mostly for public cloud hosting.

    Outcomes at Allianz

    From insurer to platform provider

    Deliver your own SaaS: Allianz Technology built its blockchain-based claims settlement platform and its subsidiaries consume it as software as a service. The platform runs on a distributed architecture across Europe, with each node running the same version of the software. Operating entities can also integrate their own systems to the platform via APIs and further automate business processes such as billing.

    Ready to scale: After processing one million transactions, the international claims settlement platform is proven and ready to add more participants. Crozier sees auto repair shops and auto manufacturers as the next logical users.

    Stock photo of Blockchain.
    Allianz is a shareholder of the Blockchain Insurance Industry Initiative (B3i). It is providing a platform used by a group of insurance companies in the commercial and reinsurance space.

    When should we use blockchain? THREE key criteria:

    • Redundant processes
      Different entities follow the same process to achieve the desired outcome.
    • Audit trail
      Accountability in the decision making must be documented.
    • Reconciliation
      Parties need to be able to resolve disputes by tracing back to the truth.

    From Priorities to Action

    It’s a build vs. buy question for platforms

    Allianz was able to build a platform for its group of European subsidiaries because of its established digital factory and commitment to innovation. Allianz Technology is at the “innovate” level of IT maturity, allowing it to create a platform that subsidiaries can integrate with via APIs. For firms that are lower on the IT maturity scale, buying a platform solution is the better path to automation. These firms will be concerned with integrating their legacy systems to platforms that can reduce the friction of their operating environments and introduce modern new capabilities.

    From Info-Tech’s Build a Winning Business Process Automation Playbook

    An infographic comparing pros and cons of Build versus Buy. On the 'Build: High Delivery Capacity & Capability' side is 'Custom Development', 'Data Integration', 'AI/ML', 'Configuration', 'Native Workflow', and 'Low & No Code'. On the 'Buy: Low Delivery Capacity & Capability' side is 'Outsource Development', 'iPaaS', 'Chatbots', 'iBPMS & Rules Engines', 'RPA', and 'Point Solutions'.

    Take the next step

    Accelerate Your Automation Processes
    Integrate automation solutions and take the first steps to building an automation suite.

    Build Effective Enterprise Integration on the Back of Business Process
    From the backend to the frontlines – let enterprise integration help your business processes fly.

    Evolve Your Business Through Innovation
    Innovation teams are tasked with the responsibility of ensuring that their organizations are in the best position to succeed while the world is in a period of turmoil, chaos, and uncertainty.

    “Innovation” gap between importance and effectiveness Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'Innovation' gap between importance and effectiveness. The difference is marked as Delta 2.1.

    Prepare to report on new environmental, social, and governance (ESG) metrics

    Priority 05 | ITRG06 Business Intelligence and Reporting

    Be ready to either lead or support initiatives to meet the criteria of new ESG reporting mandates and work toward disclosure reporting solutions.

    Time to get serious about ESG

    What does CSR or ESG mean to a CIO?

    Humans are putting increasing pressure on the planet’s natural environment and creating catastrophic risks as a result. Efforts to mitigate these risks have been underway for the past 30 years, but in the decade ahead regulators are likely to impose more strict requirements that will be linked to the financial value of an organization. Various voluntary frameworks exist for reporting on environmental, social, and governance (ESG) or corporate social responsibility (CSR) metrics. But now there are efforts underway to unify and clarify those standards.

    The most advanced effort toward a global set of standards is in the environmental area. At the United Nations’ COP26 summit in Scotland last November, the International Sustainability Standards Board (ISSB) announced its headquarters (Frankfurt) and three other international office locations (Montreal, San Francisco, and London) and its roadmap for public consultations. It is working with an array of voluntary standards groups toward a consensus.

    In Info-Tech’s 2022 Tech Trends survey, two-thirds of CIOs say their organization is committed to reducing greenhouse gas emissions, yet only 40% say their organizational leadership is very concerned with reducing those emissions. CIOs will need to consider how to align organizational concern with internal commitments and new regulatory pressures. They may investigate new real-time reporting solutions that could serve as a competitive differentiator on ESG.

    Standards informing the ISSB’s global set of climate standards

    A row of logos of organizations that inform ISSB's global set of climate standards.

    67% of CIOs say their organization is committed to reducing greenhouse gases, with one-third saying that commitment is public. (Info-Tech Tech Trends 2022 Survey)

    40% of CIOs say their organizational leadership is very concerned with reducing greenhouse gas emissions.

    David W. Dorman

    Chairman of the board, CVS Health

    “ESG is a question of what you do in the microcosm of your company to make sure there is a clear, level playing field – that there is a color-blind, gender-blind meritocracy available – that you are aware that not in every case can you achieve that without really focusing on it. It’s not going to happen on its own. That’s why our commitments have real dollars behind them and real focus behind them because we want to be the very best at doing them.”

    Photo of David W. Dorman, Chairman of the Board, CVS Health.

    Listen to the Tech Insights podcast:
    CVS Health chairman David Dorman on healthcare's hybrid future

    Internal interpretation: CVS Health

    CVS Health established a new steering committee of senior leaders in 2020 to oversee ESG commitments. It designs its corporate social responsibility strategy, Transform Health 2030, by aligning company activities in four key areas: healthy people, healthy business, healthy planet, and healthy community. The strategy aligns with the United Nations’ Sustainable Development Goals. In alignment with these goals, CVS identifies material topics where the company has the most ability to make an impact. In 2020, its top three topics were:

    1. Access to quality health care
    2. Patient and customer safety
    3. Data protection and privacy
    Material Topic
    Access to quality health care
    Material Topic
    Patient and customer safety
    Material Topic
    Data protection and privacy
    Technology Initiative
    MinuteClinic’s Virtual Collaboration for Nurses

    CVS provided Apple iPads compliant with the Health Insurance Portability and Accountability Act (HIPAA) to clinics in a phased approach, providing training to more than 700 providers in 26 states by February 2021. Nurses could use the iPads to attend virtual morning huddles and access clinical education. Nurses could connect virtually with other healthcare experts to collaborate on delivering patient care in real-time. The project was able to scale across the country through a $50,000 American Nurses Credentialing Center Pathway Award. (Wolters Kluwer Health, Inc.)

    Technology Initiative
    MinuteClinic’s E-Clinic

    MinuteClinics launched this telehealth solution in response to the pandemic, rolling it out in three weeks. The solution complemented video visits delivered in partnership with the Teladoc platform. Visits cost $59 and are covered by Aetna insurance plans, a subsidiary of CVS Health. It hosted more than 20,000 E-Clinic visits through the end of 2020. CVS connected its HealthHUBs to the solution to increase capacity in place of walk-in appointments and managed patients via phone for medication adherence and care plans. CVS also helped behavioral health providers transition patients to virtual visits. (CVS Health)

    Technology Initiative
    Next Generation Authentication Platform

    CVS patented this solution to authenticate customers accessing digital channels. It makes use of the available biometrics data and contextual information to validate identity without the need for a password. CVS planned to extend the platform to voice channels as well, using voiceprint technology. The solution prevents unauthorized access to sensitive health data while providing seamless access for customers. (LinkedIn)

    Implications: Organization, Process, Technology

    External

    • Organization – Since the mid-2010s, younger investors have demonstrated reliance on ESG data when making investment decisions, resulting in the creation of voluntary standards that offered varied approaches. Organizations in ESG exchange-traded funds are outperforming the overall S&P 500 (S&P Global Market Intelligence).
    • Process – Organizations are issuing ESG reports today despite the absence of clear rules to follow for reporting results. With regulators expected to step in to establish more rigid guidelines, many organizations will need to revisit their approach to ESG reports.
    • Technology – Real-time reporting of ESG metrics will become a competitive advantage before 2030. Engineering a solution that can alert organizations to poor performance on ESG measures and allow them to respond could avert losing market value.

    Internal

    • Organization – CVS Health established an ESG Steering Committee in 2020 composed of senior leaders including its chief governance officers, chief sustainability officer, chief risk officer, and controller and SVP of investor relations. It is supported by the ESG Operating Committee.
    • Process – CVS conducts a materiality assessment in accordance with Global Reporting Initiative standards to determine the most significant ESG impacts it can make and what topics most influence the decisions of stakeholders. It engages with various stakeholder groups on CSR topics.
    • Technology – CVS technology initiatives during the pandemic focused on supporting patients and employees in collaborating on health care delivery using virtual solutions, providing rich digital experiences that are easily accessible while upholding high security and privacy standards.

    Resources Applied

    Lack of commitment

    While 83% of businesses state support for the Sustainable Development Goals outlined by the Global Reporting Initiative (GRI), only 40% make measurable commitments to their goals.

    Show your work

    The GRI recommends organizations not only align their activities with sustainable development goals but also demonstrate contributions to specific targets in reporting on the positive actions they carry out. (GRI, “State of Progress: Business Contributions to the SDGS.”)

    “We end up with a longstanding commitment to diversity because that’s what our customer base looks like.” (David Dorman, CVS Health)

    CVS Health

    • The MinuteClinic Virtual Collaboration solution was piloted in Houston, demonstrated success, and won additional $50,000 funding from the Pathway to Excellence Award to scale the program across the country (Wolters Kluwer Health, Inc.).
    • The Next-Gen Authentication solution is provided by the vendor HYPR. It is deployed to ten million users and looking to scale to 30 million more. Pricing for enterprises is quoted at $1 per user, but volume pricing would apply to CVS (HYPR).

    Outcomes at CVS Health

    Delivering on hybrid healthcare solutions

    iPads for collaboration: Healthcare practitioners in the MinuteClinic Virtual Collaboration initiative agreed that it improved the use of interprofessional teams, working well virtually with others, and improved access to professional resources (Wolters Kluwer Health, Inc.)

    Remote healthcare: Saw a 400% increase in MinuteClinic virtual visits in 2020 (CVS Health).

    Verified ID: The Next Generation Authentication platform allowed customers to register for a COVID-19 vaccination appointment. CVS has delivered more than 50 million vaccines (LinkedIn).

    Stock photo of a doctor with an iPad.
    CVS Health is making use of digital channels to connect its customers and health practitioners to a services platform that can supplement visits to a retail or clinic location to receive diagnostics and first-hand care.

    From Priorities to Action

    Become your organization’s ESG Expert

    The risks posed to organizations and wider society are becoming more severe, driving a transition from voluntary frameworks for ESG goals to a mandatory one that’s enforced by investors and governments. Organizations will be expected to tie their core activities to a defined set of ESG goals and maintain a balance sheet of their positive and negative impacts. CIOs should become experts in ESG disclosure requirements and recommend the steps needed to meet or exceed competitors’ efforts. If a leadership vacuum for ESG accountability exists, CIOs can either seek to support their peers that are likely to become accountable or take a leadership role in overseeing the area. CIOs should start working toward solutions that deliver real-time reporting on ESG goals to make reporting frictionless.

    “If you don’t have ESG oversight at the highest levels of the company, it won’t wind up getting the focus. That’s why we review it at the Board multiple times per year. We have an annual report, we compare how we did, what we intended to do, where did we fall short, where did we exceed, and where we can run for daylight to do more.” (David Dorman, CVS Health)

    Take the next step

    ESG Disclosures: How Will We Record Status Updates on the World We Are Creating?
    Prepare for the era of mandated environmental, social, and governance disclosures.

    Private Equity and Venture Capital Growing Impact of ESG Report
    Learn about how the growing impact of ESG affects both your organization and IT specifically, including challenges and opportunities, with expert assistance.

    “Business Intelligence and Reporting” gap between importance and effectiveness
    Info-Tech Research Group Management and Governance Diagnostic Benchmark 2021

    A bar chart illustrating the 'BI and Reporting' gap between importance and effectiveness. The difference is marked as Delta 2.4.

    The Five Priorities

    Priorities to compete in the digital economy

    1. Reduce Friction in the Hybrid Operating Model
    2. Improve Your Ransomware Readiness
    3. Support an Employee-Centric Retention Strategy
    4. Design an Automation Platform
    5. Prepare to Report on New Environmental, Social, and Governance Metrics

    Contributing Experts

    Elizabeth Clark

    CIO, Harvard Business School
    Photo of Elizabeth Clark, CIO, Harvard Business School.

    Jeff Previte

    Executive Vice-President of IT, CrossCountry Mortgage
    Photo of Jeff Previte, Executive Vice-President of IT, CrossCountry Mortgage.

    Bob Crozier

    Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE
    Photo of Bob Crozier, Chief Architect, Allianz Technology & Global Head of Blockchain, Allianz Technology SE.

    David W. Dorman

    Chairman of the Board, CVS Health
    Photo of David W. Dorman, Chairman of the Board, CVS Health.

    Info-Tech’s internal CIO panel contributors

    • Bryan Tutor
    • John Kemp
    • Mike Schembri
    • Janice Clatterbuck
    • Sandy Silk
    • Sallie Wright
    • David Wallace
    • Ken McGee
    • Mike Tweedie
    • Cole Cioran
    • Kevin Tucker
    • Angelina Atkins
    • Yakov Kofner
    Photo of an internal CIO panel contributor. Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
    Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.
    Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.Photo of an internal CIO panel contributor.

    Thank you for your support

    Logo for the Blockchain Research Institute.
    Blockchain Research Institute

    Bibliography – CIO Priorities 2022

    “2020 Corporate Social Responsibility Report.” CVS Health, 2020, p. 127. Web.

    “Adversary: Doppel Spider - Threat Actor.” Crowdstrike Adversary Universe, 2021. Accessed 29 Dec. 2021.

    “Aetna CVS Health Success Story.” HYPR, n.d. Accessed 6 Feb. 2022.

    Baig, Aamer. “The CIO agenda for the next 12 months: Six make-or-break priorities.” McKinsey Digital, 1 Nov. 2021. Web.

    Ball, Sarah, Kristene Diggins, Nairobi Martindale, Angela Patterson, Anne M. Pohnert, Jacinta Thomas, Tammy Todd, and Melissa Bates. “2020 ANCC Pathway Award® winner.” Wolters Kluwer Health, Inc., 2021. Accessed 6 Feb. 2022.

    “Canadian Universities Propose Designs for a Central Bank Digital Currency.” Bank of Canada, 11 Feb. 2021. Accessed 14 Dec. 2021.

    “Carbon Sequestration in Wetlands.” MN Board of Water and Soil Resources, n.d. Accessed 15 Nov. 2021.

    “CCM Honored as a NorthCoast 99 Award Winner.” CrossCountry Mortgage, 1 Dec. 2021. Web.

    Cheek, Catherine. “Four Things We Learned About the Resignation Wave–and What to Do Next.” Visier Inc. (blog), 5 Oct. 2021. Web.

    “Companies Using Hyperledger Fabric, Market Share, Customers and Competitors.” HG Insights, 2022. Accessed 25 Jan. 2022.

    “IFRS Foundation Announces International Sustainability Standards Board, Consolidation with CDSB and VRF, and Publication of Prototype Disclosure Requirements.” IFRS, 3 Nov. 2021. Web.

    “IT Priorities for 2022: A CIO Report.” Mindsight, 28 Oct. 2021. Web.

    “Job Openings and Labor Turnover Survey.” Databases, Tables & Calculators by Subject, U.S. Bureau of Labor Statistics, 2022. Accessed 9 Feb. 2022.

    Kumar, Rashmi, and Michael Krigsman. “CIO Planning and Investment Strategy 2022.” CXOTalk, 13 Sept. 2021. Web.

    Leonhardt, Megan. “The Great Resignation Is Hitting These Industries Hardest.” Fortune, 16 Nov. 2021. Accessed 7 Jan. 2022.

    “Most companies align with SDGs – but more to do on assessing progress.” Global Reporting Initiative (GRI), 17 Jan. 2022. Web.

    Navagamuwa, Roshan. “Beyond Passwords: Enhancing Data Protection and Consumer Experience.” LinkedIn, 15 Dec. 2020.

    Ojo, Oluwaseyi. “Achieving Digital Business Transformation Using COBIT 2019.” ISACA, 19 Aug. 2019. Web.

    “Priority.” Lexico.com, Oxford University Press, 2021. Web.

    Riebold, Jan, and Yannick Bartens. “Reinventing the Digital IT Operating Model for the ‘New Normal.’” Capgemini Worldwide, 3 Nov. 2020. Web.

    Samuels, Mark. “The CIO’s next priority: Using the tech budget for growth.” ZDNet, 1 Sept. 2021. Accessed 1 Nov. 2021.

    Sayer, Peter. “Exclusive Survey: CIOs Outline Tech Priorities for 2021-22.” CIO, 5 Oct. 2021. Web.

    Shacklett, Mary E. “Where IT Leaders Are Likely to Spend Budget in 2022.” InformationWeek, 10 Aug. 2021. Web.

    “Table 4. Quits Levels and Rates by Industry and Region, Seasonally Adjusted - 2021 M11 Results.” U.S. Bureau of Labor Statistics, Economic News Release, 1 Jan. 2022. Accessed 7 Jan. 2022.

    “Technology Priorities CIOs Must Address in 2022.” Gartner, 19 Oct. 2021. Accessed 1 Nov. 2021.

    Thomson, Joel. Technology, Talent, and the Future Workplace: Canadian CIO Outlook 2021. The Conference Board of Canada, 7 Dec. 2021. Web.

    “Trend.” Lexico.com, Oxford University Press, 2021. Web.

    Vellante, Dave. “CIOs signal hybrid work will power tech spending through 2022.” SiliconANGLE, 25 Sept. 2021. Web.

    Whieldon, Esther, and Robert Clark. “ESG funds beat out S&P 500 in 1st year of COVID-19; how 1 fund shot to the top.” S&P Global Market Intelligence, April 2021. Accessed Dec. 2021.

    Prepare to Successfully Deploy PPM Software

    • Buy Link or Shortcode: {j2store}437|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • PPM suite deployments are complicated and challenging. Vendors and consultants can provide much needed expertise and assistance to organizations deploying new PPM suites.
    • While functional requirements are often defined during the procurement stage (for example, in an RFP), the level of detail during this stage is likely insufficient for actually configuring the solution to your specific PPM needs. Too many organizations fail to further develop these functional requirements between signing their contracts and the official start of their professional implementation engagement.
    • Many organizations fail to organize and record the PPM data they will need to populate the new PPM suite. In almost all cases, customers have the expertise and are in the best position to collect and organize their own data. Leaving this until the vendor or consultant arrives to help with the deployment can result in using your professional services in a suboptimal way.
    • Vendors and consultants want you to prepare for their implementation engagements so that you can make the best use of their expertise and assistance. They want you to deploy a PPM suite that can be sustainably adopted in the long term. All too often, however, they arrive onsite to find customers that are disorganized and underprepared.

    Our Advice

    Critical Insight

    • Preparing for a professional implementation engagement allows you to make the best use of your professional services, as well as helping to ensure that the PPM suite is deployed according to your specific PPM needs.
    • Involving your internal resources in the preparation of data and in fully defining functional requirements for the PPM suite helps to establish stakeholder buy-in early on, helping to build internal ownership of the solution from the beginning. This avoids the solution being perceived as something the vendor/consultant “forced upon us.”
    • Vendors and consultants are happy when organizations are organized and prepared for their professional implementation engagements. Preparation ensures these engagements are positive experiences for everyone involved.

    Impact and Result

    • Ensure that the data necessary to deploy the new PPM suite is recorded and organized.
    • Make your functional requirements detailed enough to ensure that the new PPM suite can be configured/customized during the deployment engagement in a way that best fits the organization’s actual PPM needs.
    • Through carefully preparing data and fully defining functional requirements, you help the solution become sustainably adopted in the long term.

    Prepare to Successfully Deploy PPM Software Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why preparing for PPM deployment will ensure that organizations get the most value out of the implementation professional services they purchased and will help drive long-term sustainable adoption of the new PPM suite.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a preparation team and plan

    Engage in purposeful and effective PPM deployment planning by clearly defining what to prepare and when exactly it is time to move from planning to execution.

    • Prepare to Successfully Deploy PPM Software – Phase 1: Create a Preparation Team and Plan
    • Prepare to Deploy PPM Suite Project Charter Template
    • PPM Suite Functional Requirements Document Template
    • PPM Suite Deployment Timeline Template (Excel)
    • PPM Suite Deployment Timeline Template (Project)
    • PPM Suite Deployment Communication Plan Template

    2. Prepare project-related requirements and deliverables

    Provide clearer definition to specific project-related functional requirements and collect the appropriate PPM data needed for an effective PPM suite deployment facilitated by vendors/consultants.

    • Prepare to Successfully Deploy PPM Software – Phase 2: Prepare Project-Related Requirements and Deliverables
    • PPM Deployment Data Workbook
    • PPM Deployment Dashboard and Report Requirements Workbook

    3. Prepare PPM resource requirements and deliverables

    Provide clearer definition to specific resource management functional requirements and data and create a communication and training plan.

    • Prepare to Successfully Deploy PPM Software – Phase 3: Prepare PPM Resource Requirements and Deliverables
    • PPM Suite Transition Plan Template
    • PPM Suite Training Plan Template
    • PPM Suite Training Management Tool

    4. Provide preparation materials to the vendor and implementation professionals

    Plan how to engage vendors/consultants by communicating functional requirements to them and evaluating changes to those requirements proposed by them.

    • Prepare to Successfully Deploy PPM Software – Phase 4: Provide Preparation Materials to the Vendor and Implementation Professionals
    [infographic]

    Workshop: Prepare to Successfully Deploy PPM Software

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Plan the Preparation Project

    The Purpose

    Select a preparation team and establish clear assignments and accountabilities.

    Establish clear deliverables, milestones, and metrics to ensure it is clear when the preparation phase is complete.

    Key Benefits Achieved

    Preparation activities will be organized and purposeful, ensuring that you do not threaten deployment success by being underprepared or waste resources by overpreparing.

    Activities

    1.1 Overview: Determine appropriate functional requirements to define and data to record in preparation for the deployment.

    1.2 Create a timeline.

    1.3 Create a charter for the PPM deployment preparation project: record lessons learned, establish metrics, etc.

    Outputs

    PPM Suite Deployment Timeline

    Charter for the PPM Suite Preparation Project Team

    2 Prepare Project-Related Requirements and Deliverables

    The Purpose

    Collect and organize relevant project-related data so that you are ready to populate the new PPM suite when the vendor/consultant begins their professional implementation engagement with you.

    Clearly define project-related functional requirements to aid in the configuration/customization of the tool.

    Key Benefits Achieved

    An up-to-date and complete record of all relevant PPM data.

    Avoidance of scrambling to find data at the last minute, risking importing out-of-date or irrelevant information into the new software.

    Clearly defined functional requirements that will ensure the suite is configured in a way that can be adoption in the long term.

    Activities

    2.1 Define project phases and categories.

    2.2 Create a list of all projects in progress.

    2.3 Record functional requirements for project requests, project charters, and business cases.

    2.4 Create a list of all existing project requests.

    2.5 Record the current project intake processes.

    2.6 Define PPM dashboard and reporting requirements.

    Outputs

    Project List (basic)

    Project Request Form Requirements (basic)

    Scoring/Requirements (basic)

    Business Case Requirements (advanced)

    Project Request List (basic)

    Project Intake Workflows (advanced)

    PPM Reporting Requirements (basic)

    3 Prepare PPM Resource Requirements and Deliverables

    The Purpose

    Collect and organize relevant resource-related data.

    Clearly define resource-related functional requirements.

    Create a purposeful transition, communication, and training plan for the deployment period.

    Key Benefits Achieved

    An up-to-date and complete record of all relevant PPM data that allows your vendor/consultant to get right to work at the start of the implementation engagement.

    Improved buy-in and adoption through transition, training, and communication activities that are tailored to the actual needs of your specific organization and users.

    Activities

    3.1 Create a portfolio-wide roster of project resources (and record their competencies and skills, if appropriate).

    3.2 Record resource management processes and workflows.

    3.3 Create a transition plan from existing PPM tools and processes to the new PPM suite.

    3.4 Identify training needs and resources to be leveraged during the deployment.

    3.5 Define training requirements.

    3.6 Create a PPM deployment training plan.

    Outputs

    Resource Roster and Competency Profile (basic)

    User Roles and Permissions (basic)

    Resource Management Workflows (advanced)

    Transition Approach and Plan (basic)

    Data Archiving Requirements (advanced)

    List of Training Modules and Attendees (basic)

    Internal Training Capabilities (advanced)

    Training Milestones and Deadlines (basic)

    4 Provide Preparation Materials to the Vendor and Implementation Professionals

    The Purpose

    Compile the data collected and the functional requirements defined so that they can be provided to the vendor and/or consultant before the implementation engagement.

    Key Benefits Achieved

    Deliverables that record the outputs of your preparation and can be provided to vendors/consultants before the implementation engagement.

    Ensures that the customer is an active and equal partner during the deployment by having the customer prepare their material and initiate communication.

    Vendors and/or consultants have a clear understanding of the customer’s needs and expectations from the beginning.

    Activities

    4.1 Collect, review, and finalize the functional requirements.

    4.2 Compile a functional requirements and data package to provide to the vendor and/or consultants.

    4.3 Discuss how proposed changes to the functional requirements will be reviewed and decided.

    Outputs

    PPM Suite Functional Requirements Documents

    PPM Deployment Data Workbook

    Safety as a secondary consideration

    • Large vertical image:
    • member rating overall impact: Very High
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    This is a story that should make you perk up.

    I know of a department that was eager to launch their new product. The strain was severe. The board was breathing down their necks. Rivals were catching up (or so they thought).

    What did they do?

    "Let's get this thing live, prove the market wants it, then we'll circle back and handle all the security and stability backlog items." For the product owner, at the time, that seemed the right thing to do.

    They were hacked 48 hours after going live.

    Customer information was stolen. The brand's reputation suffered. The decision led to a months-long legal nightmare. And they still had to completely rebuild the system. Making stability and security bolt-on items is never a good idea.

    The true price of "fix it later"

    See, I understand. When the product owner is pressing for user experience enhancements and you're running out of time for launch, it's easy to overlook those "non-functional requirements." Yet, we should avoid blaming the product owner. The PO is under pressure from many stakeholders, and a delayed launch may also come with significant costs.

    Load balancing isn't visible to customers, after all. Penetration testing doesn't excite them. Failure mechanisms don't matter to them. This statement is true until a malfunction impacts a client. Then it suddenly becomes the most important thing in the world.

    However, I know that ignoring non-functional requirements (NFRs) can lead to failed businesses (or business lines). This elevates these issues beyond mere technical inconveniences. NFRs are designed with the client in mind.

    Look at it this way. When your system crashes during periods of high traffic, how does the user experience change? How satisfied are customers when their personal information is stolen? When it takes 30 seconds for your website to load, how does that conversion rate look?

    Let me expose you to some consultant figures. The average cost of IT outages is $5,600 per minute, according to a 2014 Gartner study. That figure can rise to $300,000 per hour for larger businesses. The reality is that in your department, you will rarely reach these numbers. When we look at current (2020-2025) and expected (2026) trends, the typical operational loss numbers in international commercial banking or insurance are closer to 100K for high-impact incidents that are handled within 2–3 hours.

    Obviously, your numbers will vary. And if you don't know what your costs are, now would be a good time to discover that. This does not imply that you should simply accept the risks associated with such situations. You must fix or mitigate such opportunities for hackers to get in. Do so at the appropriate cost for your business.

    Data breaches are a unique phenomenon. According to IBM's Cost of a Data Breach Report 2025, a data breach typically costs $4.44 million, and detecting and containing it takes an average of 241 days. Some preview data from the 2025 report include that 97% of organizations that reported on the study indicated that they lacked access controls for their AI systems. That means that many companies don't even have the basics in order. And AI-related breaches are just going to accelerate. AI security defenses will help lower the cost of such breaches.

    Despite the decreasing cost of these breaches, I anticipate an increase in their frequency in the upcoming years.

    This means that non-functional requirements in terms of security and resilience should take a more prominent place in the prioritizations. Your client depends on your systems being safe, resilient, and performant.

    The blind spot in leadership

    And yet, this is where some leaders make mistakes. I have the impression they believe that client-focused design means more functionality and elegant interfaces. They prioritize user experience enhancements over system reliability.

    I want to share a key fact that distinguishes successful businesses: customers desire more than just a good product. It must always function for them. And that means following certain procedures. They are not there to hamper you; they are there to retain customers.

    88% of online shoppers are less likely to visit a website again after a negative experience, according to research from Forrester. Amazon found that they lose 1% of sales for every 100 ms of latency. That 100 milliseconds adds up to millions of lost profits when billions of dollars are at stake.

    You run the risk of more than just technical difficulties when you deprioritize safety. Customer trust, revenue stability, competitive advantage, adherence to the law, costs, and team morale are all at stake.

    The "happy flow" trap is costing you revenue.

    Allow me to illustrate what I see happening during development cycles.

    The team tests the happy flow. The user successfully logs in. The user navigates with ease. The user makes the purchase without any problems. The user logs off without incident.

    "Excellent! Publish it!"

    However, what occurs if 1000 users attempt to log in at once? What occurs if an attempt is made to insert malicious code into your contact form? During a transaction, what happens if your database connection fails?

    These are not extreme situations. These are real-life occurrences.

    Fifty percent of data center managers and operators reported having an impactful outage in the previous three years, according to the Uptime Institute's 2025 Global Data Center Survey. Note that this is at the infra level. The biggest contributor is power outages. What role does power play in ensuring a smooth flow? Power will not always flow as you want it, so plan for lack of power and for spikes.

    With regard to software failures, the spread of possible causes widens. AI is a big contributor. AI is typically brought in to accelerate development and assist in coding. But it tends to introduce subtle bugs and vulnerabilities that a seasoned developer has to review and solve.

    Another upcoming article will discuss how faster release cycles often lead to a rush in testing. This should not be the case; by spending some time automating your (non-)regression test bank, you will gain speed. But you have to invest time in building the test suite.

    Can your system handle success? This question should keep every executive awake at night.

    I've witnessed businesses invest millions in advertising campaigns to drive traffic to systems that fail due to their success. Consider describing to your board how your greatest marketing victory became your worst operational mishap.

    Managing traffic spikes is only one aspect of load balancing. It is about ensuring that your business can handle opportunities without being overwhelmed.

    The mindset that transforms everything

    Let's now address the most pressing issue: security.

    The majority of leaders consider security to be like insurance, something you hope you never need. The fact that security is more than just protection, however, will alter the way you approach every project. It's approval to develop.

    According to the Ponemon Institute's 2025 Cost of Insider Threats Global Report, the average annualized cost of insider threats, defined as employee negligence, criminal insiders, and credential thieves, has risen to $17.4 million per incident, up from $15.4 million in 2022. The number of discovered and analyzed incidents increased from 3,269 in 2018 to 7,868 in 2025 research studies. 

    Cybersecurity Ventures predicts that cybercrime will cost the global economy $10.5 trillion annually by 2025.

    The most fascinating thing, though, is that companies that invest in proactive security see measurable outcomes. Organizations that allocate over 10% of their IT budget to cybersecurity have a 2.5-fold higher chance of experiencing no security incidents than those that allocate less than 1%, per Deloitte's Future of Cyber Survey.

    By hardening your systems against common attack vectors, you can scale quickly without worrying about the future. You can handle sensitive data with confidence, enter new markets without fear, establish partnerships that require trust, and focus on innovation instead of crisis management.

    The non-functional needs that genuinely generate income

    Allow me to explain this in a way that will satisfy your CFO.

    Retention is equal to reliability. Customers return when a system functions reliably (given you sell items they want). The Harvard Business Review claims that a 5% increase in customer retention rates boosts profits by 25% to 95%. It is five to twenty-five times less expensive to retain customers than to acquire new ones.

    Scalability is equal to security. Secure systems can handle larger client volumes, more sensitive data, and higher-value transactions. 69% of board members and C-suite executives think that privacy and cyber risks could affect their company's ability to grow, according to PwC.

    Profit is equal to performance. You lose conversions for every second of load time. Google discovered that the likelihood of a bounce rises by 32% as page load time increases from 1 to 3 seconds. It increases by 90% from 1 second to 5 seconds. Walmart discovered that every second improvement in page load time led to a 2% increase in conversions.

    Reputation is equal to resilience. Guess which company benefits when your system works while your competitors' systems fail? Failures reduce trust. 71% of consumers will actively advocate against companies they don't trust, and 67% of consumers will stop purchasing from them, according to Edelman's 2023 Trust Barometer. While the 2025 report does not present comparative numbers, distrust impacting consumer behavior is likely to be even more prevalent. 

    The structure that reverses the script

    Reframe this discussion with your executives and team

    • The question we should not ask is, "Can we afford to build this right?" but rather, "Can we afford not to?" This consideration is crucial because we risk losing customers at every obstacle they encounter. 
    • Non-functional requirements should be viewed as competitive advantages rather than obstructions. If it suddenly does not work, the customer walks away.
    • Consider viewing system reliability as a profit center instead of a cost center. When a customer knows it will work, they will order again and refer a friend.

    The numbers support this point. Businesses that invest in operational resilience see three times higher profit margins and 2.5 times higher revenue growth than their counterparts, according to McKinsey's 2023 State of Organizations report. In 2025 we see a focus on AI, but the point remains.

    These metrics will grab the attention when you're presenting them.

    Although the average cost of downtime varies by industry, it is always high. 

    The impact of a security breach on customer lifetime value is equally uncomfortable. Following a data breach, 78% of consumers will cease interacting with a brand online, and 36% will never do so again, according to Ping Identity's 2023 Consumer Identity Breach Report.

    Every second that the system is unavailable results in a rapidly mounting loss of money. That's about $3,170 per minute of full downtime for a business that makes $100 million a year. We're talking about $31,700 per minute for billion-dollar businesses. Again, your experience may differ, but it's important to note that this cost is often unseen yet undeniable. If you want to calculate this more granularly, then I have a calculation method for you that is easy to implement.

    There is a discernible trend in the cost of rebuilding versus building correctly the first time. Resolving a problem in production can cost four to five times as much as fixing it during design, and it can cost up to 100 times as much as fixing it during the requirements and design phase, according to IBM's Systems Sciences Institute.

    The plan of action that truly works

    This is what you should do right away.

    Please begin by reviewing your current primary systems. When they're under stress, what happens? What occurs if they are attacked? What occurs if they don't work? 40% of businesses that suffer a significant system failure never reopen, although only 23% of organizations have tested their disaster recovery plans in the previous year, according to Gartner. Companies we work with test their systems at least once per year. If the results are unsatisfactory, we conduct a retest to ensure they meet our standards.

    Next, please determine the actual cost of addressing issues at a later stage. Add in the costs of customer attrition, security breaches, downtime, and reconstruction. To lend credibility to your calculations, try to work out exact numbers for your company. Industry standards (like in this article) will give you indicators, but you need to know your figures.

    Third, recast your non-functional needs as business needs. Consider focusing on strategies for managing success rather than solely discussing load balancing. Instead of discussing security testing, focus on revenue protection.

    Fourth, consider safety when defining "done." Until a feature is dependable, secure, and scalable, it isn't considered complete. Projects that incorporate non-functional requirements from the outset have a threefold higher chance of success, per the Standish Group's 2023 Chaos Report.

    Fifth, use system dependability as a differentiator in the marketplace. You're up when your rivals are down. You're safe when they're compromised.

    The bottom line

    I understand that resilience isn't sexy. I am aware that UI enhancements are more exciting than infrastructure resilience.

    And yet, I know that businesses that prioritize safety will survive and lead after seeing others thrive and fail based on this one choice. Customers trust them. They are capable of scaling without breaking. Because they are confident that their systems can manage whatever comes next, they are the ones who get a good night's sleep.

    Resilient organizations are twice as likely to surpass customer satisfaction goals and are 2.5 times more likely to achieve revenue growth of 10% or more.

    Resilience represents the most significant competitive advantage. You have a choice. Just keep in mind that your clients are depending on you to do the job correctly.

    Always happy to engage in a conversation.

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}366|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    More than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Therefore, organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.
    • Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Impact and Result

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Regulatory and Compliance Risk Impacts to Your Organization Storyboard – Use the research to better understand the negative impacts of vendor actions to your brand reputation.

    Use this research to identify and quantify the potential regulatory impacts caused by vendors. Use Info-Tech's approach to look at the regulatory impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Storyboard

    2. Regulatory Risk Impact Tool – Use this tool to help identify and quantify the operational impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Regulatory Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Risk Impacts on Your Organization

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.

    Analyst perspective

    Organizations must understand the regulatory damage vendors may cause from lack of compliance.

    Frank Sewell.

    The sheer number of regulations on the international market is immense, ever-changing, and make it almost impossible for any organization to consistently keep up with compliance.

    As regulatory enforcement increases, organizations must hold their vendors accountable for compliance through ongoing monitoring and validation of regulatory compliance to the relevant standards in their industries, or face increasing penalties for non-compliance.

    Frank Sewell,

    Research Director, Vendor Management

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    More than at any previous time, our world is changing rapidly. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.

    Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to regulatory changes in the global market. Ongoing monitoring of the vendors who must comply with industry and governmental regulations is crucial to avoiding penalties and maintaining your regulatory compliance.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:

    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Regulatory and Compliance risk impacts

    Potential losses to the organization due regulatory and compliance incidents.

    • In this blueprint we’ll:
      • Explore regulatory and compliance risks and their impacts.
      • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to identify, manage, and monitor vendor performance.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational. Regulatory & Compliance is highlighted on the cube.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them and avoid penalties.

    When the unexpected happens, being able to adapt quickly to new priorities and regulations ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    45%

    Have no visibility into their upstream supply chain, or they can only see as far as their first-tier suppliers.

    2022 McKinsey

    61%

    Of compliance officers expect to increase investment in their compliance function over the next two years.

    2022 Accenture

    $770k+

    Breaches involving third-party vendors cost more on average.

    2022 HIT Consultant.net

    Regulatory Compliance

    Consider implementing vendor management initiatives and practices in your organization to help gain compliance with your expanding vendor landscape.

    Your organizational risks may be monitored but are your n-party vendors?

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    Review your expectations with your vendors and hold them accountable.

    Regulatory entities are looking beyond your organization’s internal compliance these days. More and more they are diving into your third-party and downstream relationships, particularly as awareness of downstream breaches increases globally.

    • Are you assessing your vendors regularly?
    • Are you validating those assessments?
    • Do your vendors have a map of their downstream support vendors?
    • Do they have the mechanisms to hold those downstream vendors accountable to your standards?

    Regulatory Guidance and Industry Standards

    Are you confident your vendors meet your standards?

    Identify and manage regulatory and compliance risks

    Environmental, Social, Governance (ESG)
    Regulatory agencies are putting more enforcement on ESG practices across the globe. As a result, organizations will need to monitor the changing regulations and validate that their vendors and n-party support vendors are adhering to these regulations, or face penalties for non-compliance.

    Data Protection
    Data Protection remains an issue in the world. Organizations should ensure that the data their vendors obtain remains protected throughout the vendor’s lifecycle, including post-termination. Otherwise, they could be monitoring for a data breach in perpetuity.

    Mergers and Acquisitions
    More prominent vendors continuously buy smaller companies to control the market in the IT industry. Therefore, organizations should put protections in their contracts to ensure that an IT vendor’s acquisition does not put them in a relationship with someone that could cause them an issue.

    What to look for

    Identify regulatory and compliance risk impacts.

    • Is there a record of complaints against the vendor from their employees or customers?
    • Has the vendor been cited for regulatory compliance issues in the past?
    • Does the vendor have a comprehensive list of their n-party vendor partners?
      • Are they willing to accept appropriate contractual protections regarding them?
    • Does the vendor self-audit, or do they use a vetted third-party audit firm to issue a SOC report annually?
    • Does the vendor operate in regions known for regulatory violations?
    • Is the vendor willing to make concessions on contractual protections, or are they only offering “one-sided” agreements with “as-is” warranties?

    Prepare your vendor risk management for success

    Due diligence will enable successful outcomes.

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term, with ongoing updates and continuing education for the organization.

    (Adapted from COSO)

    How to assess third-party risk

    1. Review Organizational Regulations
    2. Understand the organization’s regulatory risks to prepare for the “What If” game exercise.

    3. Identify & Understand Potential Regulatory-Compliance Risks
    4. Play the “What If” game with the right people at the table.

    5. Create a Risk Profile Packet for Leadership
    6. Pull all the information together in a presentation document.

    7. Validate the Risks
    8. Work with leadership to ensure that the proposed risks are in line with their thoughts.

    9. Plan to Manage the Risks
    10. Lower the overall risk potential by putting mitigations in place.

    11. Communicate the Plan
    12. It is important not only to have a plan but also to socialize it in the organization for awareness.

    13. Enact the Plan
    14. Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Adapted from Harvard Law School Forum on Corporate Governance

    Insight summary

    Regulatory risk impacts often come from unexpected places and have significant consequences. Knowing who your vendors are using for their support and supply chain could be crucial in eliminating the risk of non-compliance for your organization. Having a plan to identify and validate the regulatory compliance of your vendors is a must for any organization, to avoid penalties.

    Insight 1

    Organizations fail to plan for vendor acquisitions appropriately.

    Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans around replacing critical vendors purchased in such a manner?

    Insight 2

    Organizations often fail to understand how n-party vendors could place them in non-compliance.

    Even if you know your complete third-party vendor landscape, you may not be aware of the downstream vendors in play. Ensure that you get visibility into this space as well and hold your direct vendors accountable for the actions of their vendors.

    Insight 3

    Organizations need to know where their data lives and ensure it is protected.

    Make sure you know which vendors are accessing/storing your data, where they are keeping it, and that you can get it back and have the vendors destroy it when the relationship is over. Without adequate protection throughout the lifecycle of the vendor, you could be monitoring for breaches in perpetuity.

    Identifying regulatory and compliance risks

    Who should be included in the discussion.

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from regulatory risk experts within your organization will enhance your long-term potential for successful compliance.
    • Involving those who not only directly manage vendors but also understand your regulatory requirements will aid in determining the path forward for relationships with your current vendors, and identifying new emerging potential partners.

    See the blueprint Build an IT Risk Management Program

    Review your risk management plans for new risks on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent

    Managing vendor regulatory and compliance risk impacts

    How could your vendors fall out of compliance?

    • Review vendors’ downstream connections to understand thoroughly with whom you are in business.
      • Monitor their regulatory stance as it could reflect on your organization.
    • Institute proper vendor lifecycle management.
      • Make sure to follow corporate due diligence and risk assessment policies and procedures.
      • Failure to consistently do so is a recipe for disaster.
    • Develop IT risk governance and change control.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your regulatory requirements for new and changing risks.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time, and adjust your plans accordingly.

    Organizations must review their regulatory risk appetite and tolerance levels, considering their complete landscape.

    Changing regulations, acquisitions, and events that affect global supply chains are current realities, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned.

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and update our plans.

    The “what if” game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Regulatory Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.
    Input Output
    • List of identified potential risk scenarios scored by regulatory-compliance impact
    • List of potential mitigations of the scenarios to reduce the risk
    • Comprehensive regulatory risk profile on the specific vendor solution
    Materials Participants
    • Whiteboard/flip charts
    • Regulatory Risk Impact Tool to help drive discussion
    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    High risk example from tool

    The image contains a screenshot demonstrating high risk example from the tool.

    How to mitigate:

    Contractually insist that the vendor have a third-party security audit performed annually, with the stipulation that they will not denigrate below your acceptable standards.

    Note: Even though a few items are “scored” they have not been added to the overall weight, signaling that the company has noted but does not necessarily hold them against the vendor.

    Low risk example from tool

    The image contains a screenshot demonstrating low risk example from the tool.

    Summary

    Seek to understand all regulatory requirements to obtain compliance.

    • Organizations need to understand and map out their entire vendor landscape.
    • Understand where all your data lives and how you can control it throughout the vendor lifecycle.
    • Those organizations that consistently follow their established risk assessment and due diligence processes are better positioned to avoid penalties.
    • Bring the right people to the table to outline potential risks in the market and your organization.
    • Incorporate “lessons learned” from prior incidents into your risk management process to build better plans for future issues.

    Keeping up with the ever-changing regulations can make compliance a difficult task.

    Organizations should increase the resources dedicated to monitoring these regulations as agencies continue to hold them more accountable.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Info-Tech Insight

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.


    Bibliography

    Alicke, Knut, et al. "Taking the pulse of shifting supply chains", McKinsey & Company, August 26th 2022. Accessed October 31st
    Regan, Samantha, et al. "Can compliance keep up with warp-speed Change?", accenture, May 18th 2022. Accessed Oct 31st 2022.
    Feria, Nathalie, and Rosenberg, Daniel. "Mitigating Healthcare Cyber Risk Through Vendor Management", HIT Consultant, October 17th 2022. Accessed Oct 31st 2022.
    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.
    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Build a Value Measurement Framework

    • Buy Link or Shortcode: {j2store}182|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $82,374 Average $ Saved
    • member rating average days saved: 35 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Rapid changes in today’s market require rapid, value-based decisions, and organizations that lack a shared definition of value fail to maintain their competitive advantage.
    • Different parts of an organization have different value drivers that must be given balanced consideration.
    • Focusing solely on revenue ignores the full extent of value creation in your organization and does not necessarily result in the right outcomes.

    Our Advice

    Critical Insight

    • Business is the authority on business value. While IT can identify some sources of value, business stakeholders must participate in the creation of a definition that is meaningful to the whole organization.
    • It’s about more than profit. Organizations must have a definition that encompasses all of the sources of value or they risk making short-term decisions with long-term negative impacts.
    • Technology creates business value. Treating IT as a cost center makes for short-sighted decisions in a world where every business process is enabled by technology.

    Impact and Result

    • Standardize your definition of business value. Work with your business partners to define the different sources of business value that are created through technology-enabled products and services.
    • Weigh your value drivers. Ensure that business and IT understand the relative weight and priority of the different sources of business value you have identified.
    • Use a balanced scorecard to understand value. Use the different value drivers to understand and prioritize different products, applications, projects, initiatives, and enhancements.

    Build a Value Measurement Framework Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why building a consistent and aligned framework to measure the value of your products and services is vital for setting priorities and getting the business on board.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your value drivers

    This phase will help you define and weigh value drivers based on overarching organizational priorities and goals.

    • Build a Value Measurement Framework – Phase 1: Define Your Value Drivers
    • Value Calculator

    2. Measure value

    This phase will help you analyze the value sources of your products and services and their alignment to value drivers to produce a value score that you can use for prioritization.

    • Build a Value Measurement Framework – Phase 2: Measure Value
    [infographic]

    Further reading

    Build a Value Measurement Framework

    Focus product delivery on business value–driven outcomes.

    ANALYST PERSPECTIVE

    "A meaningful measurable definition of value is the key to effectively managing the intake, prioritization, and delivery of technology-enabled products and services."

    Cole Cioran,

    Senior Director, Research – Application Development and Portfolio Management

    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs who need to understand the value IT creates
    • Application leaders who need to make good decisions on what work to prioritize and deliver
    • Application and project portfolio managers who need to ensure the portfolio creates business value
    • Product owners who are accountable for delivering value

    This Research Will Help You:

    • Define quality in your organization’s context from both business and IT perspectives.
    • Define a repeatable process to understand the value of a product, application, project, initiative, or enhancement.
    • Define value sources and metrics.
    • Create a tool to make it easier to balance different sources of value.

    This Research Will Also Assist:

    • Product and application delivery teams who want to make better decisions about what they deliver
    • Business analysts who need to make better decisions about how to prioritize their requirements

    This Research Will Help Them:

    • Create a meaningful relationship with business partners around what creates value for the organization.
    • Enable better understanding of your customers and their needs.

    Executive summary

    Situation

    • Measuring the business value provided by IT is critical for improving the relationship between business and IT.
    • Rapid changes in today’s market require rapid, value-based decisions.
    • Every organization has unique drivers that make it difficult to see the benefits based on time and impact approaches to prioritization.

    Complication

    • An organization’s lack of a shared definition of value leads to politics and decision making that does not have a firm, quantitative basis.
    • Different parts of an organization have different value drivers that must be given balanced consideration.
    • Focusing solely on revenue does not necessarily result in the right outcomes.

    Resolution

    • Standardize your definition of business value. Work with your business partners to define the different sources of business value that are created through technology-enabled products and services.
    • Weigh your value drivers. Ensure business and IT understand the relative weight and priority of the different sources of business value you have identified.
    • Use a balanced scorecard to understand value. Use the different value drivers to understand and prioritize different products, applications, projects, initiatives, and enhancements.

    Info-Tech Insight

    1. Business is the authority on business value. While IT can identify some sources of value, business stakeholders must participate in the creation of a definition that is meaningful to the whole organization.
    2. It’s about more than profit. Organizations must have a definition that encompasses all of the sources of value, or they risk making short-term decisions with long-term negative impacts.
    3. Technology creates business value. Treating IT as a cost center makes for short-sighted decisions in a world where every business process is enabled by technology.

    Software is not currently creating the right outcomes

    Software products are taking more and more out of IT budgets.

    38% of spend on IT employees goes to software roles.

    Source: Info-Tech’s Staffing Survey

    18% of opex is spent on software licenses.

    Source: SoftwareReviews.com

    33% of capex is spent on new software.

    However, the reception and value of software products do not justify the money invested.

    Only 34% of software is rated as both important and effective by users.

    Source: Info-Tech’s CIO Business Vision

    IT benchmarks do not help or matter to the business. Focus on the metrics that represent business outcomes.

    A pie chart is shown as an example to show how benchmarks do not help the business.

    IT departments have a tendency to measure only their own role-based activities and deliverables, which only prove useful for selling practice improvement services. Technology doesn’t exist for technology's sake. It’s in place to generate specific outcomes. IT and the business need to be aligned toward a common goal of enabling business outcomes, and that’s the important measurement.

    "In today’s connected world, IT and business must not speak different languages. "

    – Cognizant, 2017

    CxOs stress the importance of value as the most critical area for IT to improve reporting

    A bar graph is shown to demonstrate the CxOs importance of value. Business value metrics are 32% of significant improvement necessary, and 51% where some improvement is necessary.

    N=469 CxOs from Info-Tech’s CEO/CIO Alignment Diagnostic

    Key stakeholders want to know how you and your products or services help them realize their goals.

    While the basics of value are clear, few take the time to reach a common definition and means to measure and apply value

    Often, IT misses the opportunity to become a strategic partner because it doesn’t understand how to communicate and measure its value to the business.

    "Price is what you pay. Value is what you get."

    – Warren Buffett

    Being able to understand the value context will allow IT to articulate where IT spend supports business value and how it enables business goal achievement.

    Value is...

    Derived from business context

  • What is our business context?
  • Enabled through governance and strategy

  • Who sees the strategy through?
  • The underlying context for decision making

  • How is value applied to support decisions?
  • A measure of achievement

  • How do I measure?
  • Determine your business context by assessing the goals and defining the unique value drivers in your organization

    Competent organizations know that value cannot always be represented by revenue or reduced expenses. However, it is not always apparent how to envision the full spectrum of sources of value. Dissecting value by the benefit type and the value source’s orientation allows you to see the many ways in which a product or service brings value to the organization.

    A business value matrix is shown. It shows the relationship between reading customers, increase revenue, reduce costs, and enhance services.

    Financial Benefits vs. Improved Capabilities

    Financial Benefits refers to the degree to which the value source can be measured through monetary metrics and is often quite tangible. Human Benefits refers to how a product or service can deliver value through a user’s experience.

    Inward vs. Outward Orientation

    Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Increase Revenue

    Reduce Costs

    Enhance Services

    Reach Customers

    Product or service functions that are specifically related to the impact on your organization’s ability to generate revenue.

    Reduction of overhead. They typically are less related to broad strategic vision or goals and more simply limit expenses that would occur had the product or service not been put in place.

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    See your strategy through by involving both IT and the business

    Buy-in for your IT strategy comes from the ability to showcase value. IT needs to ensure it has an aligned understanding of what is valuable to the organization.

    Business value needs to first be established by the business. After that, IT can build a partnership with the business to determine what that value means in the context of IT products and services.

    The Business

    What the Business and IT have in common

    IT

    Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the products along with those most familiar with the capabilities or processes enabled by technology.

    Business Value of Products and Services

    Technical subject matter experts of the products and services they deliver and maintain. Each IT function works together to ensure quality products and services are delivered up to stakeholder expectations.

    Measure your product or services with Info-Tech’s Value Measurement Framework (VMF) and value scores

    The VMF provides a consistent and less subjective approach to generating a value score for an application, product, service, or individual feature, by using business-defined value drivers and product-specific value metrics.

    Info-Tech's Value Measurement Framework is shown.

    A consistent set of established value drivers, sources, and metrics gives more accurate comparisons of relative value

    Value Drivers

    Value Sources

    Value Fulfillment Metrics

    Broad categories of values, weighed and prioritized based on overarching goals

    Instances of created value expressed as a “business outcome” of a particular function

    Units of measurement and estimated targets linked to a value source

    Reach Customers

    Customer Satisfaction

    Net Promoter Score

    Customer Loyalty

    # of Repeat Visits

    Create Revenue Streams

    Data Monetization

    Dollars Derived From Data Sales

    Leads Generation

    Leads Conversation Rate

    Operational Efficiency

    Operational Efficiency

    Number of Interactions

    Workflow Management

    Cycle Time

    Adhere to regulations & compliance

    Number of Policy Exceptions

    A balanced and weighted scorecard allows you to measure the various ways products generate value to the business

    The Info-Tech approach to measuring value applies the balanced value scorecard approach.

    Importance of value source

    X

    Impact of value source

    = Value Score

    Which is based on…

    Which is based on…

    Alignment to value driver

    Realistic targets for the KPI

    Which is weighed by…

    Which is estimated by…

    A 1-5 scale of the relative importance of the value driver to the organization

    A 1-5 scale of the application or feature’s ability to fulfill that value source

    +

    Importance of Value Source

    X

    Impact of Value Source

    +

    Importance of Value Source

    +

    Impact of Value Source

    +

    Importance of Value Source

    +

    Impact of Value Source

    +

    Importance of Value Source

    +

    Impact of Value Source

    =

    Balanced Business Value Score

    Value Score1 + VS2 + … + VSN = Overall Balance Value Score

    Value scores help support decisions. This blueprint looks specifically at four use cases for value scores.

    A value score is an input to the following activities:

    1. Prioritize Your Product Backlog
    2. Estimate the relative value of different product backlog items (i.e. epics, features, etc.) to ensure the highest value items are completed first.

      This blueprint can be used as an input into Info-Tech’s Build a Better Backlog.

    3. Prioritize Your Project Backlog
    4. Estimate the relative value of proposed new applications or major changes or enhancements to existing applications to ensure the right projects are selected and completed first.

      This blueprint can be used as an input into Info-Tech’s Optimize Project Intake, Approval, and Prioritization.

    5. Rationalize Your Applications
    6. Gauge the relative value from the current use of your applications to support strategic decision making such as retirement, consolidation, and further investments.

      This blueprint can be used as an input into Info-Tech’s Visualize Your Application Portfolio Strategy With a Business Value-Driven Roadmap.

    7. Categorize Application Tiers
    8. Gauge the relative value of your existing applications to distinguish your most to least important systems and build tailored support structures that limit the downtime of key value sources.

      This blueprint can be used as an input into Info-Tech’s Streamline Application Maintenance.

    The priorities, metrics, and a common understanding of value in your VMF carry over to many other Info-Tech blueprints

    Transition to Product Delivery

    Build a Product Roadmap

    Modernize Your SDLC

    Build a Strong Foundation for Quality

    Implement Agile Practices That Work

    Use Info-Tech’s Value Calculator

    The Value Calculator facilitates the activities surrounding defining and measuring the business value of your products and services.

    Use this tool to:

    • Weigh the importance of each Value Driver based on established organizational priorities.
    • Create a repository for Value Sources to provide consistency throughout each measurement.
    • Produce an Overall Balanced Value Score for a specific item.

    Info-Tech Deliverable

    A screenshot of Info-Tech's Value Calculator is shown.

    Populate the Value Calculator as you complete the activities and steps on the following slides.

    Limitations of the Value Measurement Framework

    "All models are wrong, but some are useful."

    – George E.P. Box, 1979

    Value is tricky: Value can be intangible, ambiguous, and cause all sorts of confusion, with the multiple, and often conflicting, priorities any organization is sure to have. You won’t likely come to a unified understanding of value or an agreement on whether one thing is more valuable than something else. However, this doesn’t mean you shouldn’t try. The VMF provides a means to organize various priorities in a meaningful way and to assess the relative value of a product or service to guide managers and decision makers on the right track and keep alignment with the rest of the organization.

    Relative value vs. ROI: This assessment produces a score to determine the value of a product or service relative to other products or services. Its primary function is to prioritize similar items (projects, epics, requirements, etc.) as opposed to producing a monetary value that can directly justify cost and make the case for a positive ROI.

    Apply caution with metrics: We live in a metric-crazed era, where everything is believed to be measurable. While there is little debate over recent advances in data, analytics, and our ability to trace business activity, some goals are still quite intangible, and managers stumble trying to link these goals to a quantifiable data source.

    In applying the VMF Info-Tech urges you to remember that metrics are not a magical solution. They should be treated as a tool in your toolbox and are sometimes no more than a rough gauge of performance. Carefully assign metrics to your products and services and do not disregard the informed subjective perspective when SMART metrics are unavailable.

    "One of the deadly diseases of management is running a company on visible figures alone."

    – William Edwards Deming, 1982

    Info-Tech’s Build a Value Measurement Framework glossary of terms

    This blueprint discusses value in a variety of ways. Use our glossary of terms to understand our specific focus.

    Value Measurement Framework (VMF)

    A method of measuring relative value for a product or service, or the various components within a product or service, through the use of metrics and weighted organizational priorities.

    Value Driver

    A board organizational goal that acts as a category for many value sources.

    Value Source

    A specific business goal or outcome that business and product or service capabilities are designed to fulfill.

    Value Fulfillment

    The degree to which a product or service impacts a business outcome, ideally linked to a metric.

    Value Score

    A measurement of the value fulfillment factored by the weight of the corresponding value driver.

    Overall Balanced Value Score

    The combined value scores of all value sources linked to a product or service.

    Relative Value

    A comparison of value between two similar items (i.e. applications to applications, projects to projects, feature to feature).

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Value Measurement Framework – project overview

    1. Define Your Value Drivers

    2. Measure Value

    Best-Practice Toolkit

    1.1 Identify your business value authorities.

    2.1 Define your value drivers.

    2.2 Weigh your value drivers.

    • Identify your product or service SMEs.
    • List your products or services items and components.
    • Identify your value sources.
    • Align to a value driver.
    • Assign metrics and gauge value fulfillment.

    Guided Implementations

    Identify the stakeholders who should be the authority on business value.

    Identify, define, and weigh the value drivers that will be used in your VMF and all proceeding value measurements.

    Identify the stakeholders who are the subject matter experts for your products or services.

    Measure the value of your products and services with value sources, fulfillment, and drivers.

    Outcome:

    • Value drivers and weights

    Outcome:

    • An initial list of reusable value sources and metrics
    • Value scores for your products or services

    Phase 1

    Define Your Value Drivers

    First determine your value drivers and add them to your VMF

    One of the main aspects of the VMF is to apply consistent and business-aligned weights to the products or services you will evaluate.

    This is why we establish your value drivers first:

    • Get the right executive-level “value authorities” to establish the overarching weights.
    • Build these into the backbone of the VMF to consistently apply to all your future measurements.
    An image of the Value Measure Framework is shown.

    Step 1.1: Identify Value Authorities

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Identify your authorities on business value.

    This step involves the following participants:

    • Owners of your value measurement framework

    Outcomes of this step

    • Your list of targeted individuals to include in Step 2.1

    Business value is best defined and measured by the combined effort and perspective of both IT and the business

    Buy-in for your IT strategy comes from the ability to showcase value. IT needs to ensure it has an aligned understanding of what is valuable to the organization. First, priorities need to be established by the business. Second, IT can build a partnership with the business to determine what that value means in the context of IT products and services.

    The Business

    What the Business and IT have in common

    IT

    Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the products along with those most familiar with the capabilities or processes enabled by technology.

    Business Value of Products and Services

    Technical subject matter experts of the products and services they deliver and maintain. Each IT function works together to ensure quality products and services are delivered up to stakeholder expectations.

    Engage key stakeholders to reach a consensus on organizational priorities and value drivers

    Engage these key players to create your value drivers:

    CEO: Who better holds the vision or mandate of the organization than its leader? Ideally, they are front and center for this discussion.

    CIO: IT must ensure that technical/practical considerations are taken into account when determining value.

    CFO: The CFO or designated representative will ensure that estimated costs and benefits can be used to manage the budgets.

    VPs: Application delivery and mgmt. is designed to generate value for the business. Senior management from business units must help define what that value is.

    Evaluators (PMO, PO, APM, etc.): Those primarily responsible for applying the VMF should be present and active in identifying and carefully defining your organization’s value drivers.

    Steering Committee: This established body, responsible for the strategic direction of the organization, is really the primary audience.

    Identify your authorities of business value to identify, define, and weigh value drivers

    1.1 Estimated Time: 15 minutes

    The objective of this exercise is to identify key business stakeholders involved in strategic decision making at an organizational level.

    1. Review your organization’s governance structure and any related materials.
    2. Identify your key business stakeholders. These individuals are the critical business strategic partners.
      1. Target those who represent the business at an organizational level and often comprise the organization’s governing bodies.
      2. Prioritize a product backlog – include product owners and product managers who are in tune with the specific value drivers of the product in question.

    INFO-TECH TIP

    If your organization does not have a formal governance structure, your stakeholders would be the key players in devising business strategy. For example:

    • CEO
    • CFO
    • BRMs
    • VPs

    Leverage your organizational chart, governing charter, and senior management knowledge to better identify key stakeholders.

    INPUT

    • Key decision maker roles

    OUTPUT

    • Targeted individuals to define and weigh value drivers

    Materials

    • N/A

    Participants

    • Owner of the value measurement framework

    Step 1.2: Define Value Drivers

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Define your value drivers.
    • Weigh your value drivers.

    This step involves the following participants:

    • Owners of your value measurement framework
    • Authorities of business value

    Outcomes of this step

    • A list of your defined and weighted value drivers

    Value is based on business needs and vision

    Value is subjective. It is defined through the organization’s past achievement and its future objectives.

    Purpose & Mission

    Past Achievement & Current State

    Vision & Future State

    Culture & Leadership

    There must be a consensus view of what is valuable within the organization, and these values need to be shared across the enterprise. Instead of maintaining siloed views and fighting for priorities, all departments must have the same value and purpose in mind. These factors – purpose and mission, past achievement and current state, vision and future state, and culture and leadership – impact what is valuable to the organization.

    Value derives from the mission and vision of an organization; therefore, value is unique to each organization

    Business value represents what the business needs to do to achieve its target state. Establishing the mission and vision helps identify that target state.

    Mission

    Vision

    Business Value

    Why does the company exist?

    • Specify the company’s purpose, or reason for being, and use it to guide each day’s activities and decisions.

    What does the organization see itself becoming?

    • Identify the desired future state of the organization. The vision articulates the role the organization strives to play and the way it wants to be perceived by the customer.
    • State the ends, rather than the means, to get to the future state.

    What critical factors fulfill the mission and vision?

    • Articulate the important capabilities the business should have in order to achieve its objectives. All business activities must enable business value.
    • Communicate the means to achieve the mission and vision.

    Understand the many types of value your products or services produce

    Competent organizations know that value cannot always be represented by revenue or reduced expenses. However, it is not always apparent how to envision the full spectrum of value sources. Dissecting value by the benefit type and the value source’s orientation allows you to see the many ways in which a product or service brings value to the organization.

    A business value matrix is shown. It shows the relationship between reading customers, increase revenue, reduce costs, and enhance services.

    Financial Benefits vs. Improved Capabilities

    Financial Benefits refers to the degree to which the value source can be measured through monetary metrics and is often quite tangible. Human Benefits refers to how a product or service can deliver value through a user’s experience.

    Inward vs. Outward Orientation

    Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations. Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Increase Revenue

    Reduce Costs

    Enhance Services

    Reach Customers

    Product or service functions that are specifically related to the impact on your organization’s ability to generate revenue.

    Reduction of overhead. They typically are less related to broad strategic vision or goals and more simply limit expenses that would occur had the product or service not been put in place.

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    Expand past Info-Tech’s high-level value quadrants and identify the value drivers specific to your organization

    Different industries have a wide range of value drivers. Consider the difference between public and private entities with respect to generating revenue or reaching their customers or other external stakeholders. Even organizations in the same industry may have different values. For example, a mature, well-established manufacturer may view reputation and innovation as its highest-priority values, whereas a struggling manufacturer will see revenue or market share growth as its main drivers.

    Value Drivers

    Increase Revenue

    Reduce Costs

    Enhance Services

    Reach Customers

    • Revenue growth
    • Data monetization
    • Cost optimization
    • Labor reduction
    • Collaboration
    • Risk and compliance
    • Customer experience
    • Trust and reputation

    You do not need to dissect each quadrant into an exhaustive list of value drivers. Info-Tech recommends defining distinct value drivers only for the areas you’ve identified as critical to your organization’s core goals and objectives.

    Understand value drivers that enable revenue growth

    Direct Revenue

    This value driver is the ability of a product or service to directly produce revenue through core revenue streams.

    Can be derived from:

    • Creating revenue
    • Improving the revenue generation of an existing service
    • Preventing the loss of a revenue stream

    Be aware of the differences between your products and services that enable a revenue source and those that facilitate the flow of capital.

    Funding

    This value driver is the ability of a product or service to enable other types of funding unrelated to core revenue streams.

    Can be derived from:

    • Tax revenue
    • Fees, fines, and ticketing programs
    • Participating in government subsidy or grant programs

    Be aware of the difference between your products and services that enable a revenue source and those that facilitate the flow of capital.

    Scale & Growth

    In essence, this driver can be viewed as the potential for growth in market share or new developing revenue sources.

    Does the product or service:

    • Increase your market share
    • Help you maintain your market share

    Be cautious of which items you identify here, as many innovative activities may have some potential to generate future revenue. Stick to those with a strong connection to future revenue and don’t qualify for other value driver categories.

    Monetization of Assets

    This value driver is the ability of your products and services to generate additional assets.

    Can be derived from:

    • Sale of data
    • Sale of market or customer reports or analysis
    • Sale of IP

    This value source is often overlooked. If given the right attention, it can lead to a big win for IT’s role in the business.

    Understand value drivers that reduce costs

    Cost Reduction

    A cost reduction is a “hard” cost saving that is reflected as a tangible decrease to the bottom line.

    This can be derived from reduction of expenses such as:

    • Salaries and wages
    • Hardware/software maintenance
    • Infrastructure

    Cost reduction plays a critical role in an application’s ability to increase efficiency.

    Cost Avoidance

    A cost avoidance is a “soft” cost saving, typically achieved by preventing a cost from occurring in the first place (i.e. risk mitigation). Cost avoidance indirectly impacts the bottom line.

    This can be derived from prevention of expenses by:

    • Mitigating a business outage
    • Mitigating another risk event
    • Delaying a price increase

    Understand the value drivers that enhance your services

    Enable Core Operations

    Some applications are in place to facilitate and support the structure of the organization. These vary depending on the capabilities of your organization but should be assessed in relation to the organization’s culture and structure.

    • Enables a foundational capability
    • Enables a niche capability

    This example is intentionally broad, as “core operations” should be further dissected to define different capabilities with ranging priority.

    Compliance

    A product or service may be required in order to meet a regulatory requirement. In these cases, you need to be aware of the organizational risk of NOT implementing or maintaining a service in relation to those risks.

    In this case, the product or service is required in order to:

    • Prevent fines
    • Allow the organization to operate within a specific jurisdiction
    • Remediate audit gaps
    • Provide information required to validate compliance

    Internal Improvement

    An application’s ability to create value outside of its core operations and facilitate the transfer of information, insights, and knowledge.

    Value can be derived by:

    • Data analytics
    • Collaboration
    • Knowledge transfer
    • Organizational learning

    Innovation

    Innovation is typically an ill-defined value driver, as it refers to the ability of your products and services to explore new value streams.

    Consider:

    • Exploration into new markets and products
    • New methods of organizing resources and processes

    Innovation is one of the more divisive value drivers, as some organizations will strive to be cutting edge and others will want no part in taking such risks.

    Understand business value drivers that connect the business to your customers

    Policy

    Products and services can also be assessed in relation to whether they enable and support policies of the organization. Policies identify and reinforce required processes, organizational culture, and core values.

    Policy value can be derived from:

    • The service or initiative will produce outcomes in line with our core organizational values.
    • Products that enable sustainability and corporate social responsibility

    Experience

    Applications are often designed to improve the interaction between customer and product. This value type is most closely linked to product quality and user experience. Customers, in this sense, can also include any stakeholders who consume core offerings.

    Customer experience value can be derived from:

    • Improving customer satisfaction
    • Ease of use
    • Resolving a customer issue or identified pain point
    • Providing a competitive advantage for your customers

    Customer Information

    Understanding demand and customer trends is a core driver for all organizations. Data provided through understanding the ways, times, and reasons that consumers use your services is a key driver for growth and stability.

    Customer information value can be achieved when an app:

    • Addresses strategic opportunities or threats identified through analyzing trends
    • Prevents failures due to lack of capacity to meet demand
    • Connects resources to external sources to enable learning and growth within the organization

    Trust & Reputation

    Products and services are designed to enable goals of digital ethics and are highly linked to your organization’s brand strategy.

    Trust and reputation can also be described as:

    • Customer loyalty and sustainability
    • Customer privacy and digital ethics

    Prioritizing this value source is critical, as traditional priorities can often come at the expense of trust and reputation.

    Define your value drivers

    1.2 Estimated Time: 1.5 hours

    The objective of this exercise is to establish a common understanding of the different values of the organization.

    1. Place your business value authorities at the center of this exercise.
    2. Collect all the documents your organization has on the mission and vision, strategy, governance, and target state, which may be defined by enterprise architecture.
    3. Identify the company mission and vision. Simply transfer the information from the mission and vision document into the appropriate spaces in the business value statement.
    4. Determine the organization’s business value drivers. Use the mission and vision, as well as the information from the collected documents, to formulate your own idea of business values.
    5. Use value driver template on the next slide to define the value driver, including:
    • Value Driver Name
    • Description
    • Related Business Capabilities – If available, review business architecture materials, such as business capability maps.
    • Established KPI and Targets – If available, include any organization-wide established KPIs related to your value driver. These KPIs will likely be used or influence the metrics eventually assigned to your applications.

    INPUT

    • Mission, vision, value statements

    OUTPUT

    • List and description of value drivers

    Materials

    • Whiteboard
    • Markers

    Participants

    • Business value authorities
    • Owner of value measurement framework

    Example Value Driver

    Value Driver Name

    Reach Customers

    Value Driver Description

    Our organization’s ability to provide quality products and experience to our core customers

    Value Driver Weight

    10/10

    Related Business Capabilities

    • Customer Services
    • Marketing
      • Customer Segmentation
      • Customer Journey Mapping
    • Product Delivery
      • User Experience Design
      • User Acceptance Testing

    Key Business Outcomes, KPIs, and Targets

    • Improved Customer Satisfaction
      • Net Promotor Score: 80%
    • Improved Loyalty
      • Repeat Sales: 30%
      • Customer Retention: 25%
      • Customer Lifetime Value: $2,500
    • Improved Interaction
      • Repeat Visits: 50%
      • Account Conversation Rates: 40%

    Weigh your value drivers

    1.3 Estimated Time: 30 minutes

    The objective of this exercise is to prioritize your value drivers based on their relative importance to the business.

    1. Again, place the business value authorities at the center of this exercise.
    2. In order to determine priority, divide 100% among your value drivers, allocating a percentage to each based on its relative importance to the organization.
    3. Normalize those percentages on to a scale of 1 to 10, which will act as the weights for your value drivers.

    INPUT

    • Mission, vision, value statements

    OUTPUT

    • Weights for value drivers

    Materials

    • Whiteboard
    • Markers

    Participants

    • Business value authorities
    • Owner of value measurement framework

    Weigh your value drivers

    1.3 Estimated Time: 30 minutes

    Value Driver

    Percentage Allocation

    1 to 10 Weight

    Revenue and other funding

    24%

    9

    Cost reduction

    8%

    3

    Compliance

    5%

    2

    Customer value

    30%

    10

    Operations

    13%

    7

    Innovation

    5%

    2

    Sustainability and social responsibility

    2%

    1

    Internal learning and development

    3%

    1

    Future growth

    10%

    5

    Total

    100%

    Carry results over to the Value Calculator

    1.3

    Document results of this activity in the “Value Drivers” tab of the Value Calculator.

    A screenshot of Info-Tech's Value Calculator is shown.

    List your value drivers.

    Define or describe your value drivers.

    Use this tool to create a repository for value sources to reuse and maintain consistency across your measurements.

    Enter the weight of each value driver in terms of importance to the organization.

    Phase 2

    Measure Value

    Step 2.1: Identify Product or Service SMEs

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Identify your product or service SMEs.
    • List your product or services items and components.

    This step involves the following participants:

    • Owners of your value measurement framework
    • Product or service SMEs

    Outcomes of this step

    • Your list of targeted individuals to include in Step 2.2

    Identify the products and services you are evaluating and break down their various components for the VMF

    In order to get a full evaluation of a product or service you need to understand its multiple facets, functions, features capabilities, requirements, or any language you use to describe its various components.

    An image of the value measure framework is shown.

    Decompose a product or service:

    • Get the right subject matter experts in place who know the business and technical aspects of the product or service.
    • Decompose the product or service to capture all necessary components.

    Before beginning, consider how your use case will impact your value measurement approach

    This table looks at how the different use cases of the VMF call for variations of this analysis, is directed at different roles, and relies on participation from different subject matter experts to provide business context.

    Use Case (uses of the VMF applied in this blueprint)

    Value (current vs. future value)

    Item (the singular entity you are producing a value score for)

    Components (the various facets of that entity that need to be considered)

    Scope (# of systems undergoing analysis)

    Evaluator (typical role responsible for applying the VMF)

    Cadence (when and why do you apply the VMF)

    Information Sources (what documents, tools, etc., do you need to leverage)

    SMEs (who needs to participate to define and measure value)

    1. Prioritize Your Product Backlog

    You are estimating future value of proposed changes to an application.

    Product backlog items (epic, feature, etc.) in your product backlog

    • Features
    • User stories
    • Enablers

    A product

    Product owner

    Continuously apply the VMF to prioritize new and changing product backlog items.

    • Epic hypothesis, documentation
    • Lean business case

    Product manager

    ????

    2. Prioritize Your Project Backlog

    Proposed projects in your project backlog

    • Benefits
    • Outcomes
    • Requirements

    Multiple existing and/or new applications

    Project portfolio manager

    Apply the VMF during your project intake process as new projects are proposed.

    • Completed project request forms
    • Completed business case forms
    • Project charters
    • Business requirements documents

    Project manager

    Product owners

    Business analysts

    3. Application Rationalization

    You are measuring current value of existing applications and their features.

    An application in your portfolio

    The uses of the application (features, function, capabilities)

    A subset of applications or the full portfolio

    Application portfolio manager

    During an application rationalization initiative:

    • Iteratively collect information and perform value measurements.
    • Structure your iterations based on functional areas to target the specific SMEs who can speak to a particular subset of applications.
    • Business capability maps

    Business process owners

    Business unit representatives

    Business architects

    Application architects

    Application SMEs

    4. Application Categorization

    The full portfolio

    Application maintenance or operations manager

    • SLAs
    • Business capability maps

    Identify your product or service SMEs

    2.1 Estimated Time: 15 minutes

    The objective of this exercise is to identify specific business stakeholders who can speak to the business outcomes of your applications at a functional level.

    1. Review your related materials that reference the stakeholders for the scoped products and services (i.e. capability maps, org charts, stakeholder maps).
    2. Identify your specific business stakeholders and application SMEs. These individuals represent the business at a functional level and are in tune with the business outcomes of their operations and the applications that support their operations.
      1. Use Case 1 – Product Owner, Product Manager
      2. Use Case 2 – Project Portfolio Manager, Project Manager, Product Owners, Business Process Owners, Appropriate Business Unit Representatives
      3. Use Case 3 – Application Portfolio Manager, Product Owners, Business Analysts, Application SMEs, Business Process Owners, Appropriate Business Unit Representatives
      4. Use Case 4 – Application Maintenance Manager, Operations Managers, Application Portfolio Manager, Product Owners, Application SMEs, Business Process Owners, Appropriate Business Unit Representatives

    INPUT

    • Specific product or service knowledge

    OUTPUT

    • Targeted individuals to measure specific products or services

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework

    Use Case 1: Collect and review all of the product backlog items

    Prioritizing your product backlog (epics, features, etc.) requires a consistent method of measuring the value of your product backlog items (PBIs) to continuously compare their value relative to one another. This should be treated as an ongoing initiative as new items are added and existing items change, but an initial introduction of the VMF will require you to collect and analyze all of the items in your backlog.

    Regardless of producing a value score for an epic, feature, or user story, your focus should be on identifying their various value sources. Review your product’s artifact documentation, toolsets, or other information sources to extract the business outcomes, impact, benefits, KPIs, or any other description of a value source.

    High

    Epics

    Carefully valuated with input from multiple stakeholders, using metrics and consistent scoring

    Level of valuation effort per PBI

    User Stories

    Collaboratively valuated by the product owner and teams based on alignment and traceability to corresponding epic or feature

    Low

    Raw Ideas

    Intuitively valuated by the product owner based on alignment to product vision and organization value drivers

    What’s in your backlog?

    You may need to create standards for defining and measuring your different PBIs. Traceability can be critical here, as defined business outcomes for features or user stories may be documented at an epic level.

    Additional Research

    Build a Better Backlog helps you define and organize your product backlog items.

    Use Case 2: Review the scope and requirements of the project to determine all of the business outcomes

    Depending on where your project is in your intake process, there should be some degree of stated business outcomes or benefits. This may be a less refined description in the form of a project request or business case document, or it could be more defined in a project charter, business requirements document/toolset, or work breakdown structure (WBS). Regardless of the information source, to make proper use of the VMF you need a clear understanding of the various business outcomes to establish the new or improved value sources for the proposed project.

    Project

    User Requirements

    Business Requirements

    System Requirements

    1

    1

    1

    2

    2

    2

    3

    3

    4

    Set Metrics Early

    Good project intake documentation begins the discussion of KPIs early on. This alerts teams to the intended value and gives your PMO the ability to integrate it into the workload of other proposed or approved projects.

    Additional Research

    Optimize Project Intake, Approval, and Prioritization provides templates to define proposed project benefits and outcomes.

    Use Cases 3 & 4: Ensure you’ve listed all of each application’s uses (functions, features, capabilities, etc.) and user groups

    An application can enable multiple capabilities, perform a variety of functions, and have a range of different user groups. Therefore, a single application can produce multiple value sources, which range in type, impact, and significance to the business’ overarching priorities. In order to effectively measure the overall value of an application you need to determine all of the ways in which that application is used and apply a business-downward view of your applications.

    Business Capability

    • Sub-capability
    • Process
    • Task

    Application

    • Module
    • Feature
    • Function

    Aim for Business Use

    Simply listing the business capabilities of an app can be too high level. Regardless of your organization’s terminology, you need to establish all of the different uses and users of an application to properly measure all of the facets of its value.

    Additional Research

    Discover Your Applications helps you identify and define the business use and features of your applications.

    List your product or services items and components

    2.2 Estimated Time: 15 minutes

    The objective of this exercise is to produce a list of the different items that you are scoring and ensure you have considered all relevant components.

    1. List each item you intend to produce a value score for:
      1. Use Case 1 – This may be the epics in your product backlog.
      2. Use Case 2 – This may be the projects in your project backlog.
      3. Use Cases 3 & 4 – This may be the applications in your portfolio. For this approach Info-Tech strongly recommends iteratively assessing the portfolio to produce a list of a subset of applications.
    2. For each item list its various components:
      1. Use Case 1 – This may be the features or user stories of an epic.
      2. Use Case 2 – This may be the business requirements of a project.
      3. Use Cases 3 & 4 – This may be the modules, features, functions, capabilities, or subsystems of an application.

    Item

    Components

    Add Customer Portal (Epic)

    User story #1: As a sales team member I need to process customer info.

    User story #2: As a customer I want access to…

    Transition to the Cloud (Project)

    Requirement #1: Build Checkout Cart

    NFR – Build integration with data store

    CRM (Application)

    Order Processing (module), Returns & Claims (module), Analytics & Reporting (Feature)

    INPUT

    • Product or service knowledge

    OUTPUT

    • Detailed list of items and components

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Use Cases 3 & 4: Create a functional view of your applications (optional)

    2.3 Estimated Time: 1 hour

    The objective of this exercise is to establish the different use cases of an application.

    1. Recall the functional requirements and business capabilities for your applications.
    2. List the various actors who will be interacting with your applications and list the consumers who will be receiving the information from the applications.
    3. Based on your functional requirements, list the use cases that the actors will perform to deliver the necessary information to consumers. Each use case serves as a core function of the application. See the diagram below for an example.
    4. Sometimes several use cases are completed before information is sent to consumers. Use arrows to demonstrate the flow of information from one use case to another.

    Example: Ordering Products Online

    Actors

    Order Customer

    Order Online

    Search Products

    Consumers

    Submit Delivery Information

    Order Customer

    Pay Order

    Bank

    INPUT

    • Product or service knowledge

    OUTPUT

    • Product or service function

    Materials

    • Whiteboard
    • Markers

    Participants

    • Application architect
    • Enterprise architect
    • Business and IT stakeholders
    • Business analyst
    • Development teams

    Use Cases 3 & 4: Create a functional view of your applications (optional) (cont’d.)

    2.3 Estimated Time: 1 hour

    5. Align your application’s use cases to the appropriate business capabilities and stakeholder objectives.

    Example:

    Stakeholder Objective: Automate Client Creation Processes

    Business Capability: Account Management

    Function: Create Client Profile

    Function: Search Client Profiles

    Business Capability: Sales Transaction Management

    Function: Order Online

    Function: Search Products Function: Search Products

    Function: Submit Delivery Information

    Function: Pay Order

    Step 2.2: Measure Value

    Phase 1

    1.1: Identify Value Authorities

    1.2: Define Value Drivers

    Phase 2

    2.1: Identify Product or Service SMEs

    2.2: Measure Value

    This step will walk you through the following activities:

    • Identify your value sources.
    • Align to a value driver.
    • Assign metrics and gauge value fulfillment.

    This step involves the following participants:

    • Owners of your value measurement framework
    • Product or service SMEs

    Outcomes of this step

    • An initial list of reusable value sources and metrics
    • Value scores for your products or services

    Use your VMF and a repeatable process to produce value scores for all of your items

    With your products or services broken down, you can then determine a list of value sources, as well as their alignment to a value driver and a gauge of their value fulfillment, which in turn indicate the importance and impact of a value source respectively.

    A image of the value measure framework is shown.

    Lastly, we produce a value score for all items:

    • Determine business outcomes and value sources.
    • Align to the appropriate value driver.
    • Use metrics as the gauge of value fulfillment.
    • Collect your score.
    • Repeat.

    The business outcome is the impact the product or service has on the intended business activity

    Business outcomes are the business-oriented results produced by organization’s capabilities and the applications that support those capabilities. The value source is, in essence, “How does the application impact the outcome?” and this can be either qualitative or quantitative.

    Quantitative

    Qualitative

    Key Words

    Examples

    Key Words

    Examples

    Faster, cheaper

    Deliver faster

    Better

    Better user experience

    More, less

    More registrations per week

    Private

    Enhanced privacy

    Increase, decrease

    Decrease clerical errors

    Easier

    Easier to input data

    Can, cannot

    Can access their own records

    Improved

    Improved screen flow

    Do not have to

    Do not have to print form

    Enjoyable

    Enjoyable user experience

    Compliant

    Complies with regulation 12

    Transparent

    Transparent progress

    Consistent

    Standardized information gathered

    Richer

    Richer data availability

    Adapted from Agile Coach Journal.

    Measure value – Identify your value sources

    2.4 Estimated Time: 30 minutes

    The objective of this exercise is to establish the different value sources of a product or service.

    1. List the items you are producing an overall balance value score for. These can be products, services, projects, applications, product backlog items, epics, etc.
    2. For each item, list its various business outcomes in the form of a description that includes:
      1. The item being measured
      2. Business capability or activity
      3. How the item impacts said capability or activity

    Consider applying the user story format for future value sources or a variation for current value sources.

    As a (user), I want to (activity) so that I get (impact)

    INPUT

    • Product or service knowledge
    • Business process knowledge

    OUTPUT

    • List of value sources

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Measure value – Align to a value driver

    2.5 Estimated Time: 30 minutes

    The objective of this exercise is to determine the value driver for each value source.

    1. Align each value source to a value driver. Choose between options A and B.
      1. Using a whiteboard, draw out a 2 x 2 business value matrix or an adapted version based on your own organizational value drivers. Place each value source in the appropriate quadrant.
        1. Increase Revenue
        2. Reduce Costs
        3. Enhance Services
        4. Reach Customers
      2. Using a whiteboard or large sticky pads, create a section for each value driver. Place each value source with the appropriate value driver.

    INPUT

    • Product or service knowledge
    • Business process knowledge

    OUTPUT

    • Value driver weight

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Brainstorm the different sources of business value (cont’d.)

    2.5

    Example:

    An example of activity 2.5 is shown.

    Carry results over to the Value Calculator

    2.5

    Document results of this activity in the Value Calculator in the Item {#} tab.

    A screenshot of the Value Calculator is shown.

    List your Value Sources

    Your Value Driver weights will auto-populate

    Aim, but do not reach, for SMART metrics

    Creating meaningful metrics

    S pecific

    M easureable

    A chievable

    R ealisitic

    T ime-based

    Follow the SMART framework when adding metrics to the VMF.

    The intention of SMART goals and metrics is to make sure you have chosen a gauge that will:

    • Reflect the actual business outcome or value source you are measuring.
    • Ensure all relevant stakeholders understand the goals or value you are driving towards.
    • Ensure you actually have the means to capture the performance.

    Info-Tech Insight

    Metrics are NOT a magical solution. They should be treated as a tool in your toolbox and are sometimes no more than a rough gauge of performance. Carefully assign metrics to your products and services and do not disregard the informed subjective perspective when SMART metrics are unavailable.

    Info-Tech Best Practice

    One last critical consideration here is the degree of effort required to collect the metric compared to the value of the analysis you are performing. Assessing whether or not to invest in a project should apply the rigor of carefully selecting and measuring value. However, performing a rationalization of the full app portfolio will likely lead to analysis paralysis. Taking an informed subjective perspective may be the better route.

    Measure value – Assign metrics and gauge value fulfillment

    2.6 30-60 minutes

    The objective of this exercise is to determine an appropriate metric for each value source.

    1. For each value source assign a metric that will be the unit of measurement to gauge the value fulfilment of the application.
    2. Review the product or services performance with the metric
      1. Use case 1&2 (Proposed Applications and/or Features) - You will need to estimate the degree of impact the product or services will have on your selected metric.
      2. Use case 3&4 (Existing Applications and/or Features) – You can review historically how the product or service has performed with your selected metric
    3. Determine a value fulfillment on a scale of 1 – 10.
    4. 10 = The product or service far exceeds expectations and targets on the metric.

      5 = the product or service meets expectations on this metric.

      1 = the product or service underperforms on this metric.

    INPUT

    • Product or service knowledge
    • Business process knowledge

    OUTPUT

    • Value driver weight

    Materials

    • Whiteboard
    • Markers

    Participants

    • Owner of value measurement framework
    • Product or service SMEs

    Carry results over to the Value Calculator

    2.6

    Document results of this activity in the Value Calculator in the Item {#} tab.

    A screenshot of Info-Tech's Value Calculator is shown.

    Assign Metrics.

    Consider using current or estimated performance and targets.

    Assess the impact on the value source with the value fulfillment.

    Collect your Overall Balanced Value Score

    Appendix

    Bibliography

    Brown, Alex. “Calculating Business Value.” Agile 2014 Orlando – July 13, 2014. Scrum Inc. 2014. Web. 20 Nov. 2017.

    Brown, Roger. “Defining Business Value.” Scrum Gathering San Diego 2017. Agile Coach Journal. Web.

    Curtis, Bill. “The Business Value of Application Internal Quality.” CAST. 6 April 2009. Web. 20 Nov. 2017.

    Fleet, Neville, Joan Lasselle, and Paul Zimmerman. “Using a Balance Scorecard to Measure the Productivity and Value of Technical Documentation Organizations.” CIDM. April 2008. Web. 20 Nov. 2017.

    Harris, Michael. “Measuring the Business Value of IT.” David Consulting Group. 20 Nov. 2017.

    Intrafocus. “What is a Balanced Scorecard?” Intrafocus. Web. 20 Nov. 2017

    Kerzner, Harold. Project Management: A Systems Approach to Planning, Scheduling, and Controlling. 12th ed., Wiley, 2017.

    Lankhorst, Marc., et al. “Architecture-Based IT Valuation.” Via Nova Architectura. 31 March 2010. Web. 20 Nov. 2017.

    Rachlin, Sue, and John Marshall. “Value Measuring Methodology.” Federal CIO Council, Best Practices Committee. October 2002. Web. April 2019.

    Thiagarajan, Srinivasan. “Bridging the Gap: Enabling IT to Deliver Better Business Outcomes.” Cognizant. July 2017. Web. April 2019.

    Implement and Mature Your User Experience Design Practice

    • Buy Link or Shortcode: {j2store}430|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design

    Many organizations want to get to market quickly and on budget but don’t know the steps to get the right product/service to satisfy the users and business. This may be made apparent through uninformed decisions leading to lack of adoption of your product or service, rework due to post-implementation user feedback, or the competition discovering new approaches that outshine yours.

    Our Advice

    Critical Insight

    Ensure your practice has a clear understanding of the design problem space – not just the solution. An understanding of the user is critical to this.

    Impact and Result

    • Create a practice that is focused on human outcomes; it starts and ends with the people you are designing for. This includes:
      • Establishing a practice with a common vision.
      • Enhancing the practice through four design factors.
      • Communicating a roadmap to improve your business through design.
    • Create a practice that develops solutions specific to the needs of users, customers, and stakeholders.

    Implement and Mature Your User Experience Design Practice Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an experience design practice, review Info-Tech’s methodology, and understand the four dimensions we recommend using to mature your practice.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build the foundation

    Motivate your team with a common vision, mission, and goals.

    • Design Roadmap Workbook
    • User Experience Practice Roadmap

    2. Review the design dimensions

    Examine your practice – from the perspectives of organizational alignment, business outcomes, design perspective, and design integration – to determine what it takes to improve your maturity.

    3. Build your roadmap and communications

    Bring it all together – determine your team structure, the roadmap for the practice maturity, and communication plan.

    [infographic]

    Workshop: Implement and Mature Your User Experience Design Practice

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Answer “So What?”

    The Purpose

    Make the case for UX. Bring the team together with a common mission, vision, and goals.

    Key Benefits Achieved

    Mission, vision, and goals for design

    Activities

    1.1 Define design practice goals.

    1.2 Generate the vision statement.

    1.3 Develop the mission statement.

    Outputs

    Design vision statement

    Design mission statement

    Design goals

    2 Examine Design Dimensions

    The Purpose

    Review the dimensions that help organizations to mature, and assess what next steps make sense for your organization.

    Key Benefits Achieved

    Develop initiatives that are right-sized for your organization.

    Activities

    2.1 Examine organizational alignment.

    2.2 Establish priorities for initiatives.

    2.3 Identify business value sources.

    2.4 Identify design perspective.

    2.5 Brainstorm design integration.

    2.6 Complete UCD-Canvas.

    Outputs

    Documented initiatives for design maturity

    Design canvas framework

    3 Create Structure and Initiatives

    The Purpose

    Make your design practice structure right for you.

    Key Benefits Achieved

    Examine patterns and roles for your organization.

    Activities

    3.1 Structure your design practice.

    Outputs

    Design practice structure with patterns

    4 Roadmap and Communications

    The Purpose

    Define the communications objectives and audience for your roadmap.

    Develop your communication plan.

    Sponsor check-in.

    Key Benefits Achieved

    Complete in-progress deliverables from previous four days.

    Set up review time for workshop deliverables and to discuss next steps.

    Activities

    4.1 Define the communications objectives and audience for your roadmap.

    4.2 Develop your communication plan.

    Outputs

    Communication Plan and Roadmap

    Portfolio Management

    • Buy Link or Shortcode: {j2store}47|cart{/j2store}
    • Related Products: {j2store}47|crosssells{/j2store}
    • member rating overall impact: 9.6/10
    • member rating average dollars saved: $40,234
    • member rating average days saved: 30
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • Typically your business wants much more than your IT development organization can deliver with the available resources at the requested quality levels.
    • Over-damnd has a negative influence on delivery throughput. IT starts many projects (or features) but has trouble delivering most of them within the set parameters of scope, time, budget, and quality. Some requested deliverables may even be of questionable value to the business.
    • You may not have the right project portfolio management (PPM) strategy to bring order in IT's delivery activities and to maximize business value.

    Our advice

    Insight

    • Many in IT mix PPM and project management. Your project management playbook does not equate to the holistic view a real PPM practice gives you.
    • Some organizations also mistake PPM for a set of processes. Processes are needed, but a real strategy works towards tangible goals.
    • PPM works at the strategic level of the company; hence executive buy-in is critical. Without executive support, any effort to reconcile supply and demand will be tough to achieve.

    Impact and results 

    • PPM is a coherent business-aligned strategy that maximizes business value creation across the entire portfolio, rather than in each project.
    • Our methodology tackles the most pressing challenge upfront: get executive buy-in before you start defining your goals. With senior management behind the plan, implementation will become easier.
    • Create PPM processes that are a cultural fit for your company. Define your short and long-term goals for your strategy and support them with fully embedded portfolio management processes.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand why you should develop a PPM strategy and understand how our methodology can help you. We show you how we can support you.

    Obtain executive buy-in for your strategy

    Ensure your strategy is a cultural fit or cultural-add for your company.

    • Develop a Project Portfolio Management Strategy – Phase 1: Get Executive Buy-In for Your PPM Strategy (ppt)
    • PPM High-Level Supply-Demand Calculator (xls)
    • PPM Strategic Plan Template (ppt)
    • PPM Strategy-Process Goals Translation Matrix Template (xls)

    Align the PPM processes to your company's strategic goals

    Use the advice and tools in this stage to align the PPM processes.

    • Develop a Project Portfolio Management Strategy – Phase 2: Align PPM Processes to Your Strategic Goals (ppt)
    • PPM Strategy Development Tool (xls)

    Refine and complete your plan

    Use the inputs from the previous stages and add a cost-benefit analysis and tool recommendation.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities (ppt)

    Streamline your maintenance delivery

    Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.

    • Develop a Project Portfolio Management Strategy – Phase 3: Complete Your PPM Strategic Plan (ppt)
    • Project Portfolio Analyst / PMO Analyst (doc)

     

     

    Build an ERP Strategy and Roadmap

    • Buy Link or Shortcode: {j2store}585|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $76,462 Average $ Saved
    • member rating average days saved: 22 Average Days Saved
    • Parent Category Name: Enterprise Resource Planning
    • Parent Category Link: /enterprise-resource-planning
    • Organizations often do not know where to start with an ERP project.
    • They focus on tactically selecting and implementing the technology.
    • ERP projects are routinely reported as going over budget, over schedule, and they fail to realize any benefits.

    Our Advice

    Critical Insight

    • An ERP strategy is an ongoing communication tool for the business.
    • Accountability for ERP success is shared between IT and the business.
    • An actionable roadmap provides a clear path to benefits realization.

    Impact and Result

    • Align the ERP strategy and roadmap with business priorities, securing buy-in from the business for the program.
    • Identification of gaps, needs, and opportunities in relation to business processes; ensuring the most critical areas are addressed.
    • Assess alternatives for the critical path(s) most relevant to your organization’s direction.

    Build an ERP Strategy and Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build an ERP Strategy and Roadmap – A comprehensive guide to align business and IT on what the organization needs from their ERP.

    A business-led, top-management-supported initiative partnered with IT has the greatest chance of success.

  • Aligning and prioritizing key business and technology drivers.
  • Clearly defining what is in and out of scope for the project.
  • Getting a clear picture of how the business process and underlying applications support the business strategic priorities.
  • Pulling it all together into an actionable roadmap.
    • Build an ERP Strategy and Roadmap – Phases 1-4
    • ERP Strategy Report Template
    [infographic]

    Workshop: Build an ERP Strategy and Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Introduction to ERP

    The Purpose

    To build understanding and alignment between business and IT on what an ERP is and the goals for the project

    Key Benefits Achieved

    Clear understanding of how the ERP supports the organizational goals

    What business processes the ERP will be supporting

    An initial understanding of the effort involved

    Activities

    1.1 Introduction to ERP

    1.2 Background

    1.3 Expectations and goals

    1.4 Align business strategy

    1.5 ERP vision and guiding principles

    1.6 ERP strategy model

    1.7 ERP operating model

    Outputs

    ERP strategy model

    ERP Operating model

    2 Build the ERP operation model

    The Purpose

    Generate an understanding of the business processes, challenges, and application portfolio currently supporting the organization.

    Key Benefits Achieved

    An understanding of the application portfolio supporting the business

    Detailed understanding of the business operating processes and pain points

    Activities

    2.1 Build application portfolio

    2.2 Map the level 1 ERP processes including identifying stakeholders, pain points, and key success indicators

    2.3 Discuss process and technology maturity for each level 1 process

    Outputs

    Application portfolio

    Mega-processes with level 1 process lists

    3 Project set up

    The Purpose

    A project of this size has multiple stakeholders and may have competing priorities. This section maps those stakeholders and identifies their possible conflicting priorities.

    Key Benefits Achieved

    A prioritized list of ERP mega-processes based on process rigor and strategic importance

    An understanding of stakeholders and competing priorities

    Initial compilation of the risks the organization will face with the project to begin early mitigation

    Activities

    3.1 ERP process prioritization

    3.2 Stakeholder mapping

    3.3 Competing priorities review

    3.4 Initial risk register compilation

    Outputs

    Prioritized ERP operating model

    Stakeholder map.

    Competing priorities list.

    Initial risk register.

    4 Roadmap and presentation review

    The Purpose

    Select a future state and build the initial roadmap to set expectations and accountabilities.

    Key Benefits Achieved

    Identification of the future state

    Initial roadmap with expectations on accountability and timelines

    Activities

    4.1 Discuss future state options

    4.2 Build initial roadmap

    4.3 Review of final deliverable

    Outputs

    Future state options

    Initiative roadmap

    Draft final deliverable

    Further reading

    Build an ERP Strategy and Roadmap

    Align business and IT to successfully deliver on your ERP initiative

    Table of Contents

    Analyst Perspective

    Phase 3: Plan Your Project

    Executive Summary

    Step 3.1: Stakeholders, risk, and value

    Phase 1: Build Alignment and Scope

    Step 3.2: Project set up

    Step 1.1: Aligning Business and IT

    Phase 4: Next Steps

    Step 1.2: Scope and Priorities

    Step 4.1: Build your roadmap

    Phase 2: Define Your ERP

    Step 4.2: Wrap up and present

    Step 2.1: ERP business model

    Summary of Accomplishment

    Step 2.2: ERP processes and supporting applications

    Research Contributors

    Step 2.3: Process pains, opportunities, and maturity

    Related Info-Tech Research

    Bibliography

    Build an ERP Strategy and Roadmap

    Align business and IT to successfully deliver on your ERP initiative

    EXECUTIVE BRIEF

    Analyst Perspective

    A foundational ERP strategy is critical to decision making.

    Photo of Robert Fayle, Research Director, Enterprise Applications, Info-Tech Research Group.

    Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business

    ERP systems are expensive, their benefits are difficult to quantify, and they often suffer from poor user satisfaction. Post-implementation, technology evolves, organizational goals change, and the health of the system is not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.

    Too often organizations jump into selecting replacement systems without understanding the needs of the organization. Alignment between business and IT is just one part of the overall strategy. Identifying key pain points and opportunities, assessed in the light of organizational strategy, will provide a strong foundation to the transformation of the ERP system.

    Robert Fayle
    Research Director, Enterprise Applications
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Organizations often do not know where to start with an ERP project. They focus on tactically selecting and implementing the technology but ignore the strategic foundation that sets the ERP system up for success. ERP projects are routinely reported as going over budget, over schedule, and they fail to realize any benefits.

    Common Obstacles

    ERP projects impact the entire organization – they are not limited to just financial and operating metrics. The disruption is felt during both implementation and in the production environment.

    Missteps early on can cost time, financial resources, and careers. Roughly 55% of ERP projects reported being over budget, and two-thirds of organizations implementing ERP realized less than half of their anticipated benefits.

    Info-Tech’s Approach

    Obtain organizational buy-in and secure top management support. Set clear expectations, guiding principles, and critical success factors.

    Build an ERP operating model/business model that identifies process boundaries, scope, and prioritizes requirements. Assess stakeholder involvement, change impact, risks, and opportunities.

    Understand the alternatives your organization can choose for the future state of ERP. Develop an actionable roadmap and meaningful KPIs that directly align with your strategic goals.

    Info-Tech Insight

    Accountability for ERP success is shared between IT and the business. There is no single owner of an ERP. A unified approach to building your strategy promotes an integrated roadmap so all stakeholders have clear direction on the future state.

    Insight summary

    Enterprise resource planning (ERP) systems facilitate the flow of information across business units. It allows for the seamless integration of systems and creates a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    A measured and strategic approach to change will help mitigate many of the risks associated with ERP projects, which will avoid the chances of these changes becoming the dreaded “career killers.”

    A business led, top management supported initiative partnered with IT has the greatest chance of success.

    • A properly scoped ERP project reduces churn and provides all parts of the business with clarity.
    • This blueprint provides the business and IT the methodology to get the right level of detail for the business processes that the ERP supports so you can avoid getting lost in the details.
    • Build a successful ERP Strategy and roadmap by:
      • Aligning and prioritizing key business and technology drivers.
      • Clearly defining what is in and out of scope for the project.
      • Providing a clear picture of how the business process and underlying applications support the business strategic priorities.
      • Pulling it all together into an actionable roadmap.

    Enterprise Resource Planning (ERP)

    What is ERP?

    Enterprise resource planning (ERP) systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    An ERP system:

    • Automates processes, reducing the amount of manual, routine work.
    • Integrates with core modules, eliminating the fragmentation of systems.
    • Centralizes information for reporting from multiple parts of the value chain to a single point.

    A diagram visualizing the many aspects of ERP and the categories they fall under. Highlighted as 'Supply Chain Management' are 'Supply Chain: Procure to Pay' and 'Distribution: Forecast to Delivery'. Highlighted as 'Customer Relationship Management' are 'Sales: Quote to Cash', 'CRM: Market to Order', and 'Customer Service: Issue to Resolution'.

    ERP use cases:

    • Product-Centric
      Suitable for organizations that manufacture, assemble, distribute, or manage material goods.
    • Service-Centric
      Suitable for organizations that provide and manage field services and/or professional services.

    ERP by the numbers

    50-70%
    Statistical analysis of ERP projects indicates rates of failure vary from 50 to 70%. Taking the low end of those analyst reports, one in two ERP projects is considered a failure. (Source: Saxena and Mcdonagh)

    85%
    Companies that apply the principles of behavioral economics outperform their peers by 85% in sales growth and more than 25% in gross margin. (Source: Gallup)

    40%
    Nearly 40% of companies said functionality was the key driver for the adoption of a new ERP. (Source: Gheorghiu)

    ERP dissatisfaction

    Drivers of Dissatisfaction
    Business
    • Misaligned objectives
    • Product fit
    • Changing priorities
    • Lack of metrics
    Data
    • Access to data
    • Data hygiene
    • Data literacy
    • One view of the customer
    People and teams
    • User adoption
    • Lack of IT support
    • Training (use of data and system)
    • Vendor relations
    Technology
    • Systems integration
    • Multi-channel complexity
    • Capability shortfall
    • Lack of product support

    Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.

    Info-Tech’s methodology for developing a foundational ERP strategy and roadmap

    1. Build alignment and scope 2. Define your ERP 3. Plan your project 4. Next Steps
    Phase Steps
    1. Aligning business and IT
    2. Scope and priorities
    1. ERP Business Model
    2. ERP processes and supporting applications
    3. Process pains, opportunities & maturity
    1. Stakeholders, risk & value
    2. Project set up
    1. Build your roadmap
    2. Wrap up and present
    Phase Outcomes Discuss organizational goals and how to advance those using the ERP system. Establish the scope of the project and ensure that business and IT are aligned on project priorities. Build the ERP business model then move on to the top level (mega) processes and an initial list of the sub-processes. Generate a list of applications that support the identified processes. Conclude with a complete view of the mega-processes and their sub-processes. Map out your stakeholders to evaluate their impact on the project, build an initial risk register and discuss group alignment. Conclude the phase by setting the initial core project team and their accountabilities to the project. Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution. Build a communication plan as part of organizational change management, which includes the stakeholder presentation.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Sample of the Key Deliverable 'ERP Strategy Report'.

    ERP Strategy Report

    Complete an assessment of processes, prioritization, and pain points, and create an initiative roadmap.

    Samples of blueprint deliverables related to 'ERP Strategy Report'.

    ERP Business Model
    Align your business and technology goals and objectives in the current environment.
    Sample of the 'ERP Business Model' blueprint deliverable.
    ERP Operating Model
    Identify and prioritize your ERP top-level processes.
    Sample of the 'ERP Operating Model' blueprint deliverable.
    ERP Process Prioritization
    Assess ERP processes against the axes of rigor and strategic importance.
    Sample of the 'ERP Process Prioritization' blueprint deliverable.
    ERP Strategy Roadmap
    A data-driven roadmap of how to address the ERP pain points and opportunities.
    Sample of the 'ERP Strategy Roadmap' blueprint deliverable.

    Executive Brief Case Study

    INDUSTRY: Aerospace
    SOURCE: Panorama, 2021

    Aerospace organization assesses ERP future state from opportunities, needs, and pain points

    Challenge

    Several issues plagued the aerospace and defense organization. Many of the processes were ad hoc and did not use the system in place, often relying on Excel. The organization had a very large pain point stemming from its lack of business process standardization and oversight. The biggest gap, however, was from the under-utilization of the ERP software.

    Solution

    By assessing the usage of the system by employees and identifying key workarounds, the gaps quickly became apparent. After assessing the organization’s current state and generating recommendations from the gaps, it realized the steps needed to achieve its desired future state. The analysis of the pain points generated various needs and opportunities that allowed the organization to present and discuss its key findings with executive leadership to set milestones for the project.

    Results

    The overall assessment led the organization to the conclusion that in order to achieve its desired future state and maximize ROI from its ERP, the organization must address the internal issues prior to implementing the upgraded software.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between eight to twelve calls over the course of four to six months.

    Phase 1

    • Call #1: Scoping call to understand the current situation.
    • Call #2: Establish business & IT alignment and project scope.

    Phase 2

    • Call #3: Discuss the ERP Strategy business model and mega-processes.
    • Call #4: Begin the drill down on the level 1 processes.

    Phase 3

    • Call #5: Establish the stakeholder map and project risks.
    • Call #6: Discuss project setup including stakeholder commitment and accountability.

    Phase 4

    • Call #7: Discuss resolution paths and build initial roadmap.
    • Call #8: Summarize results and plan next steps.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Introduction to ERP

    1.1 Introduction to ERP

    1.2 Background

    1.3 Expectations and goals

    1.4 Align business strategy

    1.5 ERP vision and guiding principles

    1.6 ERP strategy model

    1.7 ERP operating model

    Build the ERP operating model

    2.1 Build application portfolio

    2.2 Map the level 1 ERP processes including identifying stakeholders, pain points, and key success indicators

    2.3 Discuss process and technology maturity for each level 1 process

    Project set up

    3.1 ERP process prioritization

    3.2 Stakeholder mapping

    3.3 Competing priorities review

    3.4 Initial risk register compilation

    3.5 Workshop retrospective

    Roadmap and presentation review

    4.1 Discuss future state options

    4.2 Build initial roadmap

    4.3 Review of final deliverable

    Next Steps and wrap-up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. ERP strategy model
    2. ERP operating model
    1. Application portfolio
    2. Mega-processes with level 1 process lists
    1. Prioritized ERP operating model
    2. Stakeholder map
    3. Competing priorities list
    4. Initial risk register
    1. Future state options
    2. Initiative roadmap
    3. Draft final deliverable
    1. Completed ERP strategy template
    2. ERP strategy roadmap

    Build an ERP Strategy and Roadmap

    Phase 1

    Build alignment and scope

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    Build a common language to ensure clear understanding of the organizational needs. Define a vision and guiding principles to aid in decision making and enumerate how the ERP supports achievement of the organizational goals. Define the initial scope of the ERP project. This includes the discussion of what is not in scope.

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Create a compelling case that addresses strategic business objectives

    When someone at the organization asks you WHY, you need to deliver a compelling case. The ERP project will receive pushback, doubt, and resistance; if you can’t answer the question WHY, you will be left back-peddling.

    When faced with a challenge, prepare for the WHY.

    • Why do we need this?
    • Why are we spending all this money?
    • Why are we bothering?
    • Why is this important?
    • Why did we do it this way?
    • Why did we choose this vendor?

    Most organizations can answer “What?”
    Some organizations can answer “How?”
    Very few organizations have an answer for “Why?”

    Each stage of the project will be difficult and present its own unique challenges and failure points. Re-evaluate if you lose sight of WHY at any stage in the project.

    Step 1.1

    Aligning business and IT

    Activities
    • 1.1.1 Build a glossary
    • 1.1.2 ERP Vision and guiding principles
    • 1.1.3 Corporate goals and ERP benefits

    This step will walk you through the following activities:

    • Building a common language to ensure a clear understanding of the organization’s needs.
    • Creating a definition of your vision and identifying the guiding principles to aid in decision making.
    • Defining how the ERP supports achievement of the organizational goals.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    Business and IT have a shared understanding of how the ERP supports the organizational goals.

    Are we all talking about the same thing?

    Every group has their own understanding of the ERP system, and they may use the same words to describe different things. For example, is there a difference between procurement of office supplies and procurement of parts to assemble an item for sale? And if they are different, do your terms differ (e.g., procurement versus purchasing)?

    Term(s) Definition
    HRMS, HRIS, HCM Human Resource Management System, Human Resource Information System, Human Capital Management. These represent four capabilities of HR: core HR, talent management, workforce management, and strategic HR.
    Finance Finance includes the core functionalities of GL, AR, and AP. It also covers such items as treasury, financial planning and analysis (FP&A), tax management, expenses, and asset management.
    Supply Chain The processes and networks required to produce and distribute a product or service. This encompasses both the organization and the suppliers.
    Procurement Procurement is about getting the right products from the right suppliers in a timely fashion. Related to procurement is vendor contract management.
    Distribution The process of getting the things we create to our customers.
    CRM Customer Relationship Management, the software used to maintain records of our sales and non-sales contact with our customers.
    Sales The process of identifying customers, providing quotes, and converting those quotes to sales orders to be invoiced.
    Customer Service This is the process of supporting customers with challenges and non-sales questions related to the delivery of our products/services.
    Field Service The group that provides maintenance services to our customers.

    Activity 1.1.1 Build a glossary

    1 hour
    1. As a group, discuss the organization’s functional areas, business capabilities, value streams, and business processes.
    2. Ask each of the participants if there are terms or “jargon” that they hear used that they may be unclear on or know that others may not be aware of. Record these items in the table along with a description.
      • Acronyms are particularly important to document. These are often bandied about without explanation. For example, people outside of finance may not understand that FP&A is short for Financial Planning and Analysis.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Glossary'.

    Download the ERP Strategy Report Template

    Activity 1.1.1 Working slide

    Example/working slide for your glossary. Consider this a living document and keep it up to date.

    Term(s) Definition
    HRMS, HRIS, HCM Human Resource Management System, Human Resource Information System, Human Capital Management. These represent four capabilities of HR: core HR, talent management, workforce management, and strategic HR.
    Finance Finance includes the core functionalities of GL, AR, and AP. It also covers such items as treasury, financial planning and analysis (FP&A), tax management, expenses, and asset management.
    Supply Chain The processes and networks required to produce and distribute a product or service. This encompasses both the organization and the suppliers.
    Procurement Procurement is about getting the right products from the right suppliers in a timely fashion. Related to procurement is vendor contract management.
    Distribution The process of getting the things we create to our customers.
    CRM Customer Relationship Management, the software used to maintain records of our sales and non-sales contact with our customers.
    Sales The process of identifying customers, providing quotes, and converting those quotes to sales orders to be invoiced.
    Customer Service This is the process of supporting customers with challenges and non-sales questions related to the delivery of our products/services.
    Field Service The group that provides maintenance services to our customers.

    Vision and Guiding Principles

    GUIDING PRINCIPLES

    Guiding principles are high-level rules of engagement that help to align stakeholders from the outset. Determine guiding principles to shape the scope and ensure stakeholders have the same vision.

    Creating Guiding Principles

    Guiding principles should be constructed as full sentences. These statements should be able to guide decisions.

    EXAMPLES

    • [Organization] is implementing an ERP system to streamline processes and reduce redundancies, saving time and money.
    • [Organization] is implementing an ERP to integrate disparate systems and rationalize the application portfolio.
    • [Organization] is aiming at taking advantage of best industry practices and strives to minimize the level of customization required in solution.

    Questions to Ask

    1. What is a strong statement that will help guide decision making throughout the life of the ERP project?
    2. What are your overarching requirements for business processes?
    3. What do you ultimately want to achieve?
    4. What is a statement that will ensure all stakeholders are on the same page for the project?

    Activity 1.1.2 – ERP Vision and Project Guiding Principles

    1 hour

    1. As a group, discuss whether you want to create a separate ERP vision statement or re-state your corporate vision and/or goals.
      • An ERP vision statement will provide project-guiding principles, encompass the ERP objectives, and give a rationale for the project.
      • Using the corporate vision/goals will remind the business and IT that the project is to find an ERP solution that supports and enhances the organizational objectives.
    2. Review each of the sample guiding principles provided and ask the following questions:
      1. Do we agree with the statement?
      2. Is this statement framed in the language we used internally? Does everyone agree on the meaning of the statement?
      3. Will this statement help guide our decision-making process?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Guiding Principles.

    Download the ERP Strategy Report Template

    Activity 1.1.2 – ERP Vision and Project Guiding Principles

    We, [Organization], will select and implement an integrated software suite that enhances the growth and profitability of the organization through streamlined global business processes, real time data-driven decisions, increased employee productivity, and IT investment protection.

    • Support Business Agility: A flexible and adaptable integrated business system providing a seamless user experience.
    • Utilize ERP best practices: Do not recreate or replicate what we have today, focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
    • Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
    • Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
    • Strive for “One Source of Truth”: Unify data model and integrate processes where possible. Assess integration needs carefully.

    Align the ERP strategy with the corporate strategy

    Corporate Strategy Unified Strategy ERP Strategy
    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the future state.
    • ERP optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives.
    • Communicates the organization’s budget and spending on ERP.
    • Identifies IT initiatives that will support the business and key ERP objectives.
    • Outlines staffing and resourcing for ERP initiatives.

    Info-Tech Insight

    ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just to occur at the executive level alone, but at each level of the organization.

    1.1.3 – Corporate goals and ERP benefits

    1-2 hours

    1. Discuss the business objectives. Identify two or three objectives that are a priority for this year.
    2. Produce several ways a new ERP system will meet each objective.
    3. Think about the modules and ERP functions that will help you realize these benefits.

    Cost Reduction

    • Decrease Total Cost: Reduce total costs by five percent by January 2022.
    • Decrease Specific Costs: Reduce costs of “x” business unit by ten percent by Jan. next year.

    ERP Benefits

    • Reduce headcount
    • Reallocate workers
    • Reduce overtime
    • Increased compliance
    • Streamlined audit process
    • Less rework due to decrease in errors

    Download the ERP Strategy Report Template

    Activity 1.1.3 – Corporate goals and ERP benefits

    Corporate Strategy ERP Benefits
    End customer visibility (consumer experience)
    • Help OEM’s target customers
    • Keep customer information up-to-date, including contact choices
    • [Product A] process support improvements
    • Ability to survey and track responses
    • Track and improve renewals
    • Service support – improve cycle times for claims, payment processing, and submission quality
    Social responsibility
    • Reduce paper internally and externally
    • Facilitating tracking and reporting of EFT
    • One location for all documents
    New business development
    • Track all contacts
    • Measure where in process the contact is
    • Measure impact of promotions
    Employee experience
    • Improve integration of systems reducing manual processes through automation
    • Better tracking of sales for employee comp
    • Ability to survey employees

    Step 1.2

    Scope and priorities

    Activities
    • 1.2.1 Project scope
    • 1.2.2 Competing priorities

    This step will walk you through the following activities:

    • Define the initial scope of the ERP project. This includes the discussion of what is not in scope. For example, a stand-alone warehouse management system may be out of scope while an existing HRMS could be in scope.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    A project scope statement and a prioritized list of projects that may compete for organizational resources.

    Understand the importance of setting expectations with a scope statement

    Be sure to understand what is in scope for an ERP strategy project. Prevent too wide of a scope to avoid scope creep – for example, we aren’t tackling MMS or BI under ERP.

    A diamond shape with three layers. Inside is 'In Scope', middle is 'Scope Creep', and outside is 'Out of Scope'.

    Establishing the parameters of the project in a scope statement helps define expectations and provides a baseline for resource allocation and planning. Future decisions about the strategic direction of ERP will be based on the scope statement.

    Well-executed requirements gathering will help you avoid expanding project parameters, drawing on your resources, and contributing to cost overruns and project delays. Avoid scope creep by gathering high-level requirements that lead to the selection of category-level application solutions (e.g. HRIS, CRM, PLM etc.) rather than granular requirements that would lead to vendor application selection (e.g. SAP, Microsoft, Oracle, etc.).

    Out-of-scope items should also be defined to alleviate ambiguity, reduce assumptions, and further clarify expectations for stakeholders. Out-of-scope items can be placed in a backlog for later consideration.

    In Scope Out of Scope
    Strategy High-level ERP requirements, strategic direction
    Software selection Vendor application selection, Granular system requirements

    Activity 1.2.1 – Define scope

    1 hour

    1. Formulate a scope statement. Decide which people, processes, and functions the ERP strategy will address. Generally, the aim of this project is to develop strategic requirements for the ERP application portfolio – not to select individual vendors.
    2. To assist in forming your scope statement, answer the following questions:
      • What are the major coverage points?
      • Who will be using the systems?
      • How will different users interact with the systems?
      • What are the objectives that need to be addressed?
      • Where do we start?
      • Where do we draw the line?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Scope Statements'.

    Download the ERP Strategy Report Template

    Activity 1.2.1 – Define scope

    Scope statements

    The following systems are considered in scope for this project:

    • Finance
    • HRMS
    • CRM
    • Supply chain

    The following systems are out of scope for this project:

    • PLM – product lifecycle management
    • Project management
    • Contract management

    The following systems are in scope, in that they must integrate into the new system. They will not change.

    • Payroll processing
    • Bank accounts
    • EDI software

    Know your competing priorities

    Organizations typically have multiple projects on the table or in flight. Each of those projects requires resources and attention from business and/or the IT organization.

    Don’t let poor prioritization hurt your ERP implementation.
    BNP Paribas Fortis had multiple projects that were poorly prioritized resulting in the time to bring products to market to double over a three-year period. (Source: Neito-Rodriguez, 2016)

    Project Timeline Priority notes Implications
    Warehouse management system upgrade project Early 2022 implementation High Taking IT staff and warehouse team, testing by finance
    Microsoft 365 October 2021-March 2022 High IT Staff, org impacted by change management
    Electronic Records Management April 2022 – Feb 2023 High Legislative requirement, org impact due to record keeping
    Web site upgrade Early fiscal 2023

    Activity 1.2.2 – Competing priorities

    1 hour

    1. As a group, discuss the projects that are currently in flight as well as any known projects including such things as territory expansion or new regulation compliance.
    2. For each project discuss and record the following items:
      • The project timeline. When does it start and how long is it expected to run?
      • How important is this project to the organization? A lot of high priority projects are going to require more attention from the staff involved.
      • What are the implications of this project?
        • What staff will be impacted? What business users will be impacted, and what is the IT involvement?
        • To what extent will the overall organization be impacted? Is it localized to a location or is it organization wide?
        • Can the project be deferred?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'ERP Strategy Report Template: Priorities'.

    Download the ERP Strategy Report Template

    Activity 1.2.2 – Competing priorities

    List all your known projects both current and proposed. Discuss the prioritization of those projects, whether they are more or less important than your ERP project.

    Project Timeline Priority notes Implications
    Warehouse management system upgrade project Early 2022 implementation High Taking IT staff and warehouse team, testing by finance
    Microsoft 365 October 2021-March 2022 High IT Staff, org impacted by change management
    Electronic Records Management April 2022 – Feb 2023 High Legislative requirement, org impact due to record keeping
    Web site upgrade Early fiscal 2023 Medium
    Point of Sale replacement Oct 2021– Mar 2022 Medium
    ERP utilization and training on unused systems Friday, Sept 17 Medium Could impact multiple staff
    Managed Security Service RFP This calendar year Medium
    Mental Health Dashboard In research phase Low

    Build an ERP Strategy and Roadmap

    Phase 2

    Define your ERP

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Build the ERP business model then move on to the top level (mega) processes and an initial list of the sub-processes
    • Generate a list of applications that support the identified processes
    • Assign stakeholders, discuss pain points, opportunities, and key success indicators
    • Assign process and technology maturity to each stakeholder

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Step 2.1

    ERP business model

    Activities
    • 2.1.1 Environmental factors, technology drivers, and business needs
    • 2.1.2 Challenges, pain points, enablers, and organizational goals

    This step will walk you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discuss the ERP benefits and opportunities

    This step involves the following participants:

    • ERP implementation team
    • Business stakeholders

    Outcomes of this step

    • ERP business model

    Explore environmental factors and technology drivers

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization.
    3. Consider external considerations, organizational drivers, technology drivers, and key functional requirements
    The ERP Business Model with 'Business Needs', 'Environmental Factors', and 'Technology Drivers' highlighted. At the center is 'ERP Strategy' with 'Barriers' above and 'Enablers' below. Surrounding and feeding into the center group are 'Business Needs', 'Environmental Factors', 'Technology Drivers', and 'Organizational Goals'.
    External Considerations
    • Regulations
    • Elections
    • Availability of resources
    • Staff licensing and certifications
    Organizational Drivers
    • Compliance
    • Scalability
    • Operational efficiency
    • Union agreements
    • Self service
    • Role appropriate dashboards and reports
    • Real time data access
      • Use of data in the system (no exports)
    Technology Considerations
    • Data accuracy
    • Data quality
    • Better reporting
    Functional Requirements
    • Information availability
    • Integration between systems
    • Secure data

    Activity 2.1.1 – Explore environmental factors and technology drivers

    1 hour

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard or flip charts and markers to capture key findings.
    3. Consider External Considerations, Organizational Drivers, Technology Drivers, and Key Functional Requirements.

    Record this information in the ERP Strategy Report Template.

    Sample of the next slide, 'ERP Business Model', with an iconized ERP Business Model and a table highlighting 'Environmental Factors', 'Technology Drivers', and 'Business Needs'.

    Download the ERP Strategy Report Template

    ERP Business Model A iconized version of the ERP Business Model.

    Environmental FactorsTechnology DriversBusiness Needs
    • Regulations
    • Elections
    • Availability of resources
    • Staff licensing and certifications
    • Document storage
    • Cloud security standards
    • Functionality based on deployment
    • Cloud-first based on above
    • Integration with external data suppliers
    • Integration with internal systems (Elite?)
    • Compliance
    • Scalability
    • Operational efficiency
    • Union agreements
    • Self service
    • Role appropriate dashboards and reports
    • Real time data access
    • Use of data in the system (no exports)
    • CapEx vs. OpEx

    Discuss challenges, pain points, enablers and organizational goals

    1. Identify challenges with current systems and processes.
    2. Brainstorm potential barriers to successful ERP selection and implementation. Use a whiteboard and marker to capture key findings.
    3. Consider organizational goals along with barriers and enablers to ERP success.
    The ERP Business Model with 'Organizational Goals', 'Enablers', and 'Barriers' highlighted. At the center is 'ERP Strategy' with 'Barriers' above and 'Enablers' below. Surrounding and feeding into the center group are 'Business Needs', 'Environmental Factors', 'Technology Drivers', and 'Organizational Goals'.
    Functional Gaps
    • No online purchase order requisition
    Technical Gaps
    • Inconsistent reporting – data quality concerns
    Process Gaps
    • Duplication of data
    • Lack of system integration
    Barriers to Success
    • Cultural mindset
    • Resistance to change
    Business Benefits
    • Business-IT alignment
    IT Benefits
    • Compliance
    • Scalability
    Organizational Benefits
    • Data accuracy
    • Data quality
    Enablers of Success
    • Change management
    • Alignment to strategic objectives

    Activity 2.1.2 – Discuss challenges, pain points, enablers, and organizational goals

    1 hour

    1. Identify challenges with the current systems and processes.
    2. Brainstorm potential barriers to successful ERP selection and implementation. Use a whiteboard or flip chart and markers to capture key findings.
    3. Consider functional gaps, technical gaps, process gaps, and barriers to ERP success.
    4. Identify the opportunities and benefits from an integrated system.
    5. Brainstorm potential enablers for successful ERP selection and implementation. Use a whiteboard and markers to capture key findings.
    6. Consider business benefits, IT benefits, organizational benefits, and enablers of success.

    Record this information in the ERP Strategy Report Template.

    Sample of the next slide, 'ERP Business Model', with an iconized ERP Business Model and a table highlighting 'Organizational Goals', 'Enablers', and 'Barriers'.

    Download the ERP Strategy Report Template

    ERP Business Model A iconized version of the ERP Business Model.

    Organizational Goals Enablers Barriers
    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal
    • Cross-trained employees
    • Desire to focus on value-add activities
    • Collaborative
    • Top level executive support
    • Effective change management process
    • Organizational silos
    • Lack of formal process documentation
    • Funding availability
    • What goes first? Organizational priorities

    Step 2.2

    ERP processes and supporting applications

    Activities
    • 2.2.1 ERP process inventory
    • 2.2.2 Application portfolio

    This step will walk you through the following activities:

    • Identify the top-level (mega) processes and create an initial list of the sub-processes
    • Generate a list of applications that support the identified processes

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    • A list of in scope business processes
    • A list of current applications and services supporting the business processes

    Process Inventory

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation rather than how.

    Business capabilities:

    • Represent stable business functions
    • Are unique and independent of each other
    • Will typically have a defined business outcome

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    A process map titled 'Business capability map (Level 0)' with many processes sectioned off into sections and subsections. The top-left section is 'Products and Services Development' with subsections 'Design'(6 processes) and 'Manufacturing'(3 processes). The top-middle section is 'Revenue Generation'(3 processes) and below that is 'Sourcing'(2 processes). The top-right section is 'Demand Fulfillment'(9 processes). Along the bottom is the section 'Enterprise Management and Planning' with subsections 'Human Resources'(4 processes), 'Business Direction'(4 processes), and 'Finance'(4 processes).

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of business processes.

    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    APQC’s Process Classification Framework

    Activity 2.2.1 – Process inventory

    2-4 hours

    1. As a group, discuss the business capabilities, value streams, and business processes.
    2. For each capability determine the following:
      • Is this capability applicable to our organization?
      • What application, if any, supports this capability?
    3. Are there any missing capabilities to add?

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Process Inventory' table on the next slide.

    Download the ERP Strategy Report Template

    Activity 2.2.1 – Process inventory

    Core Finance Core HR Workforce Management Talent Management Warehouse Management Enterprise Asset Management
    Process Technology Process Technology Process Technology Process Technology Process Technology Process Technology
    • General ledger
    • Accounts payable
    • Accounts receivable
    • GL consolidation
    • Cash management
    • Billing and invoicing
    • Expenses
    • Payroll accounting
    • Tax management
    • Reporting
    • Payroll administration
    • Benefits administration
    • Position management
    • Organizational structure
    • Core HR records
    • Time and attendance
    • Leave management
    • Scheduling
    • Performance management
    • Talent acquisition
    • Offboarding & onboarding
    • Plan layout
    • Manage inventory
    • Manage loading docks
    • Pick, pack, ship
    • Plan and manage workforce
    • Manage returns
    • Transfer product cross-dock
    • Asset lifecycle management
    • Supply chain management
    • Maintenance planning & scheduling
    Planning & Budgeting Strategic HR Procurement Customer Relationship Management Facilities Management Project Management
    Process Technology Process Technology Process Technology Process Technology Process Technology Process Technology
    • Budget reporting
    • Variance analysis
    • Multi-year operating plan
    • Monthly forecasting
    • Annual operating plan
    • Compensation planning
    • Workforce planning
    • Succession planning
    • Supplier management
    • Purchase order management
    • Workflow approvals
    • Contract / tender management
    • Contact management
    • Activity management
    • Analytics
    • Plan and acquire
    • Asset maintenance
    • Disposal
    • Project management
    • Project costing
    • Budget control
    • Document management

    Complete an inventory collection of your application portfolio

    MANAGED vs. UNMANAGED APPLICATION ENVIRONMENTS

    • Managed environments make way for easier inventory collection since there is significant control as to what applications can be installed on a company asset. Organizations will most likely have a comprehensive list of supported and approved applications.
    • Unmanaged environments are challenging to control because users are free to install any applications on company assets, which may or may not be supported by IT.
    • Most organizations fall somewhere in between – there is usually a central repository of applications and several applications that are exceptions to the company policies. Ensure that all applications are accounted for.

    Determine your inventory collection method:

    MANUAL INVENTORY COLLECTION
    • In its simplest form, a spreadsheet is used to document your application inventory.
    • For large organizations, reps interview all business domains to create a list of installed applications.
    • Conducting an end-user survey within your business domains is one way to gather your application inventory and assess quality.
    • This manual approach is most appropriate for smaller organizations with small application portfolios across domains.
    AUTOMATED INVENTORY COLLECTION
    • Using inventory collection compatibility tools, discover all of the supported applications within your organization.
    • This approach may not capture all applications, depending on the parameters of your automated tool.
    • This approach works well in a managed environment.

    Activity 2.2.2 – Understand the current application portfolio

    1-2 hours

    1. Brainstorm a list of the applications that support the ERP business processes inventoried in Activity 2.2.1. If an application has multiple instances, list each instance as a separate line item.
    2. Indicate the following for each application:
      1. User satisfaction. This may be more than one entry as different groups – e.g., IT vs. business – may differ.
      2. Processes supported. Refer to processes defined in Activity 2.2.1. Update 2.2.1 if additional processes are identified during this exercise.
      3. Define a future disposition: Keep, Update, Replace. It is possible to have more than one disposition, e.g., Update or Replace is a valid disposition.
    3. [Optional] Collect the following information about each application. This information can be used to calculate the cost per application and total cost per user:
      1. Number of users or user groups
      2. Estimated maintenance costs
      3. Estimated capital costs
      4. Estimated licensing costs
      5. Estimated support costs

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Application Portfolio' table on the next slide.

    Download the ERP Strategy Report Template

    2.2.2 - Application portfolio

    Inventory your applications and assess usage, satisfaction, and disposition

    Application Name Satisfaction Processes Supported Future Disposition
    PeopleSoft Financials Medium and declining ERP – shares one support person with HR Update or Replace
    Time Entry (custom) Low Time and Attendance Replace
    PeopleSoft HR Medium Core HR Update or Replace
    ServiceNow High ITSM
    CSM: Med-Low
    ITSM and CSM
    CSM – complexity and process changes
    Update
    Data Warehouse High IT
    Business: Med-Low
    BI portal – Tibco SaaS datamart Keep
    Regulatory Compliance Medium Regulatory software – users need training Keep
    ACL Analytics Low Audit Replace
    Elite Medium Supply chain for wholesale Update (in progress)
    Visual Importer Med-High Customs and taxes Keep
    Custom Reporting application Med-High Reporting solution for wholesale (custom for old system, patched for Elite) Replace

    2.3.1 – Visual application portfolio [optional]

    A diagram of applications and how they connect to each other. There are 'External Systems' and 'Internal Systems' split into three divisions, 'Retail Division', 'Wholesale Division', and 'Corporate Services'. Example external systems are 'Moneris', 'Freight Carriers', and 'Banks'. Example internal systems are 'Retail ERP/POS', 'Elite', and 'Excel'.

    Step 2.3

    Process pains, opportunities, and maturity

    Activities
    • 2.3.1 Level one process inventory with stakeholders
    • 2.3.2 Process pain points and opportunities
    • 2.3.3 Process key success indicators
    • 2.3.4 Process and technology maturity
    • 2.3.5 Mega-process prioritization

    This step will walk you through the following activities:

    • Assign stakeholders, discuss pain points, opportunities, and key success indicators for the mega-processes identified in Step 2.1
    • Assign process and technology maturity to each prioritizing the mega-processes

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP applications support team

    Outcomes of this step

    For each mega-process:

    • Level 1 processes with process and technology maturity assigned
    • Stakeholders identified
    • Process pain points, opportunities, and key success indicators identified
    • Prioritize the mega-processes

    Building out the mega-processes

    Congratulations, you have made it to the “big lift” portion of the blueprint. For each of the processes that were identified in exercise 2.2.1, you will fill out the following six details:

    1. Primary stakeholder(s)
    2. A description of the process
    3. hat level 1 processes/capabilities the mega-process is composed of
    4. Problems the new system must solve
    5. What success will look like when the new system is implemented
    6. The process and technological maturity of each level 1 process.

    Sample of the 'Core Finance' slide in the ERP Strategy Report, as shown on the next slide, with numbers corresponding to the ordered list above. 1 is on a list of 'Stakeholders', 2 is by the 'Description' box, 3 is on the 'Capability' table column, 4 is on the 'Current Pain Points' box, 5 is on the 'Key Success Factors' box, and 6 is on the 'Maturity' ratings column.

    It will take one to three hours per mega-process to complete the six different sections.

    Note:
    For each mega-process identified you will create a separate slide in the ERP Strategy Report. Default slides have been provided. Add or delete as necessary.

    Sample of the 'Core Finance' slide in the ERP Strategy Report. Note on the list of stakeholders reads 'Primary Stakeholders'. Note on the title, Core Finance, reads 'Mega-process name'. Note on the description box reads 'Description of the process'. Note on the 'Key Success Factors' box reads 'What success looks like'. Note on the 'Current Pain Points' box reads 'Problems the new system must solve'. Below is a capability table with columns 'Capability', 'Maturity', and a blank on for notes. Note on the 'Capability' table column reads 'Level 1 process'. Note on the 'Maturity' ratings column reads 'Level 1 process maturity of process and technology'. Note on the notes column reads 'Level 1 process notes'.

    An ERP project is most effective when you follow a structured approach to define, select, implement, and optimize

    Top-down approach

    ERP Strategy
    • Operating Model – Define process strategy, objectives, and operational implications.
    • Level 1 Processes –Define process boundaries, scope at the organization level; the highest level of mega-process.

    • Level 2 Processes – Define processes by function/group which represent the next level of process interaction in the organization.
    • Level 3 Processes – Decompose process by activity and role and identify suppliers, inputs, outputs, customers, metrics, and controls.
    • Functional Specifications; Blueprint and Technical Framework – Refine how the system will support and enable processes; includes functional and technical elements.
    • Org Structure and Change Management – Align org structure and develop change mgmt. strategy to support your target operating model.
    • Implementation and Transition to Operations – Execute new methods, systems, processes, procedures, and organizational structure.
    • ERP Optimization and Continuous Improvement – Establish a program to monitor, govern, and improve ERP systems and processes.

    *A “stage gate” approach should be used: the next level begins after consensus is achieved for the previous level.

    Activity 2.3.1 – Level 1 process inventory with stakeholders

    1 hour per mega-process

    1. Identify the primary stakeholder for the mega-process. The primary stakeholder is usually the process owner. For example, for core finance the CFO is the process owner/primary stakeholder. Name a maximum of three stakeholders.
    2. In the lower section, detail all the capabilities/processes associated with the mega-process. Be careful to remain at the level 1 process level as it is easy to start identifying the “How” of a process. The “How” is too deep.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Stakeholders' list and 'Capability' table column highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.2 – Process pain points and opportunities

    30+ minutes per mega-process

    1. As a group, write a clear description of the mega-process. This helps establish alignment on the scope of the mega-process.
    2. Start with the discussion of current pain points with the various capabilities. These pain points will be items that the new solution will have to resolve.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Description', 'Key Success Factors', and 'Current Pain Points' boxes highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.3 – Key success indicators

    30 minutes per mega-process

    1. Document key success factors that should be base-lined in the existing system to show the overall improvement once the new system is implemented. For example, if month-end close takes 12 days in the current system, target three days for month-end close in the new system.

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Description', 'Key Success Factors', and 'Current Pain Points' boxes highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.4 – Process and technology maturity

    1 hour

    1. For each capability/level 1 process identified determine you level of process maturity:
      • Weak – Ad hoc processes without documentation
      • Moderate – Documented processes that are often executed consistently
      • Strong – Documented processes that include exception handling that are rigorously followed
      • Payroll is an example of a strong process, even if every step is manual. The process is executed the same every time to ensure staff are paid properly and on time.
    2. For each capability/level 1 process identified determine you level of technology maturity:
      • Weak – manual execution and often paper-based
      • Moderate – Some technology support with little automation
      • Strong – The process executed entirely within the technology stack with no manual processes

    Record this information in the ERP Strategy Report Template.

    Sample of the 'Core Finance' slide in the ERP Strategy Report with the 'Maturity' and notes columns highlighted.

    Download the ERP Strategy Report Template

    Activity 2.3.5 – Mega-process prioritization

    1 hour

    1. For the mega-processes identified, map each process’s current state in terms of process rigor versus organizational importance.
      • For process rigor, refer to your process maturity in the previous exercises.
    2. Now, as a group discuss how you want to “move the needle” on each of the processes. Remember that you have a limited capacity so focus on the processes that are, or will be, of strategic importance to the organization. The processes that are placed in the top right quadrant are the ones that are likely the strategic differentiators.

    Record this information in the ERP Strategy Report Template.

    A smaller version of the process prioritization map on the next slide.

    Download the ERP Strategy Report Template.

    ERP Process Prioritization

    Establishing an order of importance can impact vendor selection and implementation roadmap; high priority areas are critical for ERP success.

    A prioritization map placing processes by 'Rigor' and 'Organizational Importance' They are numbered 1-9, 0, A, and B and are split into two colour-coded sets for 'Future (green)' and 'Current(red)'. On the x-axis 'Organizational Importance' ranges from 'Operational' to 'Strategic' and on the y-axis 'Process Rigor' ranges from 'Get the Job Done' to 'Best Practice'. Comparing 'Current' to 'Future', they have all moved up from 'Get the Job Done' into 'Best Practice' territory and a few have migrated over from 'Operational' to 'Strategic'. Processes are 1. Core Finance, 2. Core HR, 3. Workforce Management, 4.Talent Management, 5. Employee Health and Safety, 6. Enterprise Asset Management, 7.Planning & Budgeting, 8. Strategic HR, 9. Procurement Mgmt., 0. CRM, A. Facilities, and B. Project Management.

    Build an ERP Strategy and Roadmap

    Phase 3

    Plan your project

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Map out your stakeholders to evaluate their impact on the project
    • Build an initial risk register and ensure the group is aligned
    • Set the initial core project team and their accountabilities and get them started on the project

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Step 3.1

    Stakeholders, risk, and value

    Activities
    • 3.1.1 Stakeholder analysis
    • 3.1.2 Potential pitfalls and mitigation strategies
    • 3.1.3 Project value [optional]

    This step will walk you through the following activities:

    • Map out your stakeholders to evaluate their impact on the project
    • Build an initial risk register and ensure the group is aligned

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • An understanding of the stakeholders and their project influence
    • An initial risk register
    • A consensus on readiness to proceed

    Understand how to navigate the complex web of stakeholders in ERP

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Sponsor End User IT Business
    Description An internal stakeholder who has final sign-off on the ERP project. Front-line users of the ERP technology. Back-end support staff who are tasked with project planning, execution, and eventual system maintenance. Additional stakeholders that will be impacted by any ERP technology changes.
    Examples
    • CEO
    • CIO/CTO
    • COO
    • CFO
    • Warehouse personnel
    • Sales teams
    • HR admins
    • Applications manager
    • Vendor relationship manager(s)
    • Director, Procurement
    • VP, Marketing
    • Manager, HR
    Value Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation. End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor. IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data. Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives.

    Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    An example stakeholder map, categorizing stakeholders by amount of influence and interest.

    Activity 3.1.1 – Map your stakeholders

    1 hour

    1. As a group, identify all the ERP stakeholders. A stakeholder may be an individual such as the CEO or CFO, or it may be a group such as front-line employees.
    2. Map each stakeholder on the quadrant based on their expected Influence and Involvement in the project
    3. [Optional] Color code the users using the scale below to quickly identify the group that the stakeholder belongs to.
      • Sponsor – An internal stakeholder who has final sign-off on the ERP project.
      • End User – Front-line users of the ERP technology.
      • IT – Back-end support staff who are tasked with project planning, execution, and eventual system maintenance.
      • Business – Additional stakeholders that will be impacted by any ERP technology changes.

    Record this information in the ERP Strategy Report Template.

    Preview of the next slide.

    Download the ERP Strategy Report Template

    Slide titled 'Map the organization's stakeholders with a more in-depth example of a stakeholder map and long 'List of Stakeholders'. The quadrants that stakeholders are sorted into by influence and involvement are labelled 'Keep Satisfied (1)', 'Involve Closely (2)', 'Monitor (3)', and 'Keep Informed (4)'.

    Prepare contingency plans to minimize time spent handling unexpected risks

    Understanding the technical and strategic risks of a project can help you establish contingencies to reduce the likelihood of risk occurrence and devise mitigation strategies to help offset their impact if contingencies are insufficient.

    Risk Impact Likelihood Mitigation Effort
    Inadequate budget for additional staffing resources. 2 1 Use internal transfers and role-sharing rather than external hiring.
    Push-back on an ERP solution. 2 2 Use formal communication plans, an ERP steering committee, and change management to overcome organizational readiness.
    Overworked resources. 1 1 Create a detailed project plan that outlines resources and timelines in advance.
    Rating Scale:
    Impact: 1- High Risk 2- Moderate Risk 3- Minimal Risk
    Likelihood: 1- High/Needs Focus 2- Can Be Mitigated 3- Remote Likelihood

    Remember

    The biggest sources of risk in an ERP strategy are lack of planning, poorly defined requirements, and lack of governance.

    Apply the following mitigation tips to avoid pitfalls and delays.

    Risk Mitigation Tips

    • Upfront planning
    • Realistic timelines
    • Resource support
    • Managing change
    • Executive sponsorship
    • Sufficient funding
    • Setting the right expectations

    Activity 3.1.2 – Identify potential project pitfalls and mitigation strategies

    1-2 hours

    1. Discuss what “Impact” and “Likelihood” mean to your organization. For example, define Impact by what is important to your organization – financial loss, reputational impact, employee loss, and process impairment are all possible factors.
    2. Identify potential risks that may impede the successful completion of each work initiative. Risks may include predictable factors such as low resource capability, or unpredictable factors such as a change in priorities leading to withdrawn buy-in.
    3. For each risk, identify mitigation tactics. In some cases, mitigation tactics might take the form of standalone work initiative. For example, if a risk is lack of end-user buy-in, a work initiative to mitigate that risk might be to build an end-user communication plan.

    Record this information in the ERP Strategy Report Template.

    Preview of the next slide.

    Download the ERP Strategy Report Template

    Risks

    Risk Impact Likelihood Mitigation Effort
    Inadequate budget for additional staffing resources. 2 1 Use internal transfers and role-sharing rather than external hiring.
    Push-back on an ERP solution. 2 2 Use formal communication plans, an ERP steering committee, and change management to overcome organizational readiness.
    Overworked resources. 1 1 Create a detailed project plan that outlines resources and timelines in advance.
    Project approval 1 1 Build a strong business case for project approval and allow adequate time for the approval process
    Software does not work as advertised resulting in custom functionality with associated costs to create/ maintain 1 2 Work with staff to change processes to match the software instead of customizing the system thorough needs analysis prior to RFP creation
    Under estimation of staffing levels required, i.e. staff utilized at 25% for project when they are still 100% on their day job 1 2 Build a proper business case around staffing (be somewhat pessimistic)
    EHS system does not integrate with new HRMS/ERP system 2 2
    Selection of an ERP/HRMS that does not integrate with existing systems 2 3 Be very clear in RFP on existing systems that MUST be integrated to
    Rating Scale:
    Impact: 1- High Risk 2- Moderate Risk 3- Minimal Risk
    Likelihood: 1- High/Needs Focus 2- Can Be Mitigated 3- Remote Likelihood

    Is the organization committed to the ERP project?

    A recent study of critical success factors to an ERP implementation identified top management support and interdepartmental communication and cooperation as the top two success factors.

    By answering the seven questions the key stakeholders are indicating their commitment. While this doesn’t guarantee that the top two critical success factors have been met, it does create the conversation to guide the organization into alignment on whether to proceed.

    A table of example stakeholder questions with options 1-5 for how strongly they agree or disagree. 'Strongly disagree - 1', 'Somewhat disagree - 2', 'Neither agree or disagree - 3', 'Somewhat agree - 4', 'Strongly agree - 5'.

    Activity 3.1.3 – Project value (optional)

    30 minutes

    1. As a group, discuss the seven questions in the table. Ensure everyone agrees on what the questions are asking. If necessary, modify the language so that the meaning is clear to everyone.
    2. Have each stakeholder answer the seven questions on their own. Have someone compile the answers looking for:
      1. Any disagrees, strongly, somewhat, or neither as this indicates a lack of clarity. Endeavour to discover what additional information is required.
      2. [Optional] Have the most positive and most negative respondents present their points of view for the group to discuss. Is someone being overly optimistic, or pessimistic? Did the group miss something?

    There are no wrong answers. It should be okay to disagree with any of these statements. The goal of the exercise is to generate conversation that leads to support of the project and collaboration on the part of the participants.

    Record this information in the ERP Strategy Report Template.

    A preview of the next slide.

    Download the ERP Strategy Report Template

    Ask the right questions now to determine the value of the project to the organization

    Please indicate how much you agree or disagree with each of the following statements.

    Question # Question Strongly disagree Somewhat disagree Neither agree nor disagree Somewhat agree Strongly agree
    1. I have everything I need to succeed. 1 2 3 4 5
    2. The right people are involved in the project. 1 2 3 4 5
    3. I understand the process of ERP selection. 1 2 3 4 5
    4. My role in the project is clear to me. 1 2 3 4 5
    5. I am clear about the vision for this project. 1 2 3 4 5
    6. I am nervous about this project. 1 2 3 4 5
    7. There is leadership support for the project. 1 2 3 4 5

    Step 3.2

    Project set up

    Activities
    • 3.2.1 Create the project team
    • 3.2.2 Set the project RACI

    This step will walk you through the following activities:

    • Set the initial core project team and their accountabilities to the project.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • Identify the core team members and their time commitments.
    • Assign responsibility, accountability or communication needs.

    Identify the right stakeholders for your project team

    Consider the core team functions when composing the project team. It is essential to ensure that all relevant perspectives (business, IT, etc.) are evaluated to create a well-aligned and holistic ERP strategy.

    PROJECT TEAM ROLES

    • Project champion
    • Project advisor
    • Steering committee
    • Project manager
    • Project team
    • Subject matter experts
    • Change management specialist

    PROJECT TEAM FUNCTIONS

    • Collecting all relevant inputs from the business.
    • Gathering high-level requirements.
    • Creating a roadmap.

    Info-Tech Insight

    There may be an inclination towards a large project team when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units like HR and Finance, as well as IT.

    Activity 3.2.1 – Project team

    1 hour

    1. Considering your ERP project scope, discuss the resources and capabilities necessary, and generate a complete list of key stakeholders considering each of the roles indicated on the chart to the right.
    2. Using the list previously generated, identify a candidate(s) for each role and determine their responsibility in the ERP strategy and their expected time commitment.

    Record this information in the ERP Strategy Report Template.

    Preview of the table on the next slide.

    Download the ERP Strategy Report Template

    Project team

    Of particular importance for this table is the commitment column. It is important that the organization understands the level of involvement for all roles. Failure to properly account for the necessary involvement is a major risk factor.

    Role Candidate Responsibility Commitment
    Project champion John Smith
    • Provide executive sponsorship.
    20 hours/week
    Steering committee
    • Establish goals and priorities.
    • Define scope and approve changes.
    • Provide adequate resources and resolve conflict.
    • Monitor project milestones.
    10 hours/week
    Project manager
    • Prepare and manage project plan.
    • Monitor project team progress.
    • Conduct project team meetings.
    40 hours/week
    Project team
    • Drive day-to-day project activities.
    • Coordinate department communication.
    • Make process and design decisions.
    40 hours/week
    Subject matter experts by area
    • Attend meetings as needed.
    • Respond to questions and inquiries.
    5 hours/week

    Define project roles and responsibilities to improve progress tracking

    Build a list of the core ERP strategy team members and then structure a RACI chart with the relevant categories and roles for the overall project.

    • Responsible – Conducts work to achieve the task
    • Accountable – Answerable for completeness of task
    • Consulted – Provides input for the task
    • Informed – Receives updates on the task

    Benefits of assigning RACI early:

    • Improve project quality by assigning the right people to the right tasks.
    • Improve chances of project task completion by assigning clear accountabilities.
    • Improve project buy-in by ensuring stakeholders are kept informed of project progress, risks, and successes.

    Activity 3.2.2 – Project RACI

    1 hour

    1. The ERP strategy will require a cross-functional team within IT and business units. Make sure the responsibilities are clearly communicated to the selected project sponsor.
    2. Modify the left-hand column to match the activities expected in your project.

    Record this information in the ERP Strategy Report Template.

    Preview of the RACI chart on the next slide.

    Download the ERP Strategy Report Template

    3.2.2 – Project RACI

    Project champion Project advisor Project steering committee Project manager Project team Subject matter experts
    Determine project scope & vision I C A R C C
    Document business goals I I A R I C
    Inventory ERP processes I I A C R R
    Map current state I I A R I R
    Assess gaps and opportunities I C A R I I
    Explore alternatives R R A I I R
    Build a roadmap R A R I I R
    Create a communication plan R A R I I R
    Present findings R A R I I R

    Build an ERP Strategy and Roadmap

    Phase 4

    Next steps

    Phase 1

    • 1.1 Aligning business and IT
    • 1.2 Scope and priorities

    Phase 2

    • 2.1 ERP Business Model
    • 2.2 ERP processes and supporting applications
    • 2.3 Process pains, opportunities & maturity

    Phase 3

    • 3.1 Stakeholders, risk & value
    • 3.2 Project set up

    Phase 4

    • 4.1 Build your roadmap
    • 4.2 Wrap up and present

    This phase will walk you through the following activities:

    • Review the different options to solve the identified pain points
    • Build out a roadmap showing how you will get to those solutions
    • Build a communication plan that includes the stakeholder presentation

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Step 4.1

    Build your roadmap

    Activities
    • 4.1.1 Pick your path
    • 4.1.2 Build your roadmap
    • 4.1.3 Visualize your roadmap (optional)

    This step will walk you through the following activities:

    • Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • A strategic direction is set
    • An initial roadmap is laid out

    Choose the right path for your organization

    There are several different paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state.

    A diagram of strategies. At the top is 'Current State', at the bottom is 'Future State', and listed strategies are 'Maintain Current System', 'Augment Current System', 'Optimize', and 'Transform'.

    Explore the options for achieving your ideal future state

    CURRENT STATE STRATEGY
    Your existing application satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention. MAINTAIN CURRENT SYSTEM
    Your existing application is, for the most part, functionally rich, but may need some tweaking. Spend time and effort building and enhancing additional functionalities or consolidating and integrating interfaces. AUGMENT CURRENT SYSTEM
    Your ERP application portfolio consists of multiple apps serving the same functions. Consolidating applications with duplicate functionality is more cost efficient and makes integration and data sharing simpler. OPTIMIZE: CONSOLIDATE AND INTEGRATE SYSTEMS
    Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes altogether. TRANSFORM: REPLACE CURRENT SYSTEM

    Option: Maintain your current system

    Resolve your existing process and people pain points

    MAINTAIN CURRENT SYSTEM

    Keep the system, change the process.

    Your existing application satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention.

    Maintaining your current system entails adjusting current processes and/or adding new ones, and involves minimal cost, time, and effort.

    INDICATORS POTENTIAL SOLUTIONS
    People Pain Points
    • Lack of training
    • Low user adoption
    • Lack of change management
    • Contact vendor to inquire about employee training opportunities
    • Build a change management strategy
    Process Pain Points
    • Legacy processes
    • Workarounds and shortcuts
    • Highly specialized processes
    • Inconsistent processes
    • Explore process reengineering and process improvement opportunities
    • Evaluate and standardize processes

    Option: Augment your current system

    Use augmentation to resolve your existing technology and data pain points

    AUGMENT CURRENT SYSTEM

    Add to the system.

    Your existing application is for the most part functionally rich but may need some tweaking. Spend time and effort enhancing your current system.

    You will be able to add functions by leveraging existing system features. Augmentation requires limited investment and less time and effort than a full system replacement.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Lack of reporting functions.
    • Lacking functional depth in key process areas.
    • Add point solutions or enable modules to address missing functionality.
    Data Pain Points
    • Poor data quality
    • Lack of data for processing and reporting
    • Single-source data entry
    • Add modules or augment processes to capture data

    Option: Consolidate and integrate

    Consolidate and integrate your current systems to address your technology and data pain points

    CONSOLIDATE AND INTEGRATE SYSTEMS

    Get rid of one system, combine two, or connect many.

    Your ERP application portfolio consists of multiple apps serving the same functions.

    Consolidating your systems eliminates the need to manage multiple pieces of software that provide duplicate functionality. Reducing the number of ERP applications makes integration and data sharing simpler.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Disparate and disjointed systems
    • Multiple systems supporting the same function
    • Unused software licenses
    • System consolidation
    • System and module integration
    • Assess usage and consolidate licensing
    Data Pain Points
    • Multiple versions of same data
    • Duplication of data entry in different modules or systems
    • Poor data quality
    • Centralize core records
    • Assign data ownership
    • Single-source data entry

    Option: Replace your current system

    Replace your system to address gaps in your existing processes and various pain points

    REPLACE CURRENT SYSTEM

    Start from scratch.

    You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes all together.

    INDICATORS POTENTIAL SOLUTIONS
    Technology Pain Points
    • Lack of functionality and poor integration.
    • Obsolete technology.
    • Not aligned with technology direction or enterprise architecture plans.
    • Evaluate the ERP technology landscape.
    • Determine if you need to replace the current system with a point solution or an all-in-one solution.
    • Align ERP technologies with enterprise architecture.
    Data Pain Points
    • Limited capability to store and retrieve data.
    • Understand your data requirements.
    Process Pains
    • Insufficient tools to manage workflow.
    • Review end-to-end processes.
    • Assess user satisfaction.

    Activity 4.1.1 – Path to future state

    1+ hour
    1. Discuss the four options and the implications for your organization.
    2. Come to an agreement on your chosen path.

    The same diagram of strategies. At the top is 'Current State', at the bottom is 'Future State', and listed strategies are 'Maintain Current System', 'Augment Current System', 'Optimize', and 'Transform'.

    Activity 4.1.2 – Build a roadmap

    1-2 hours

    1. Start your roadmap with the stakeholder presentation. This is your mark in the sand to launch the project.
    2. For each item on your roadmap assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.

    Record this information in the ERP Strategy Report Template.

    Note:
    Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    Preview of the strategy roadmap table on the next slide.

    Download the ERP Strategy Report Template

    ERP Strategy roadmap

    Initiative Owner Start Date Completion Date
    Create final workshop deliverable Info-Tech 16 September, 2021
    Review final deliverable Workshop sponsor
    Present to executive team Oct 2021
    Build business case CFO, CIO, Directors 3 weeks to build
    3-4 weeks process time
    Build an RFI for initial costings 1-2 weeks
    Stage 1 approval for requirements gathering Executive committee Milestone
    Determine and acquire BA support for next step 1 week
    Requirements gathering – level 2 processes Project team 5-6 weeks effort
    Build RFP (based on informal approval) CFO, CIO, Directors 4th calendar quarter 2022 Possible completion January 2023
    2-4 weeks

    Activity 4.1.3 – Build a visual roadmap [optional]

    1 hour

    1. For some, a visual representation of a roadmap is easier to comprehend. Consider taking the roadmap built in 4.1.2 and creating a visual.

    Record this information in the ERP Strategy Report Template.

    Preview of the visual strategy roadmap chart on the next slide.

    Download the ERP Strategy Report Template

    ERP Strategy Roadmap

    A table set up similarly to the previous one, but instead of 'Start Date' and 'Completion Date' columns there are multiple small columns broken up by fiscal quarters (i.e.. FY2022: Q1, Q2, Q3, Q4). There is a key with a light blue diamond shape representing a 'Milestone' and a blue arrow representing a 'Work in progress'; they are placed the Quarters columns according to when each row item reached a milestone or began its progress.

    Step 4.2

    Wrap up and present

    Activities
    • 4.2.1 Communication plan
    • 4.2.2 Stakeholder presentation

    This step will walk you through the following activities:

    • Build a communication plan as part of organizational change management, which includes the stakeholder presentation

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • An initial communication plan for organizational change management
    • A stakeholder presentation

    Effectively communicate the changes an ERP foundation strategy will impose

    A communication plan is necessary because not everyone will react positively to change. Therefore, you must be prepared to explain the rationale behind any initiatives that are being rolled out.

    Steps:

    1. Start by building a sound communication plan.
    2. The communication plan should address all stakeholders that will be subject to change, including executives and end users.
    3. Communicate how a specific initiative will impact the way employees work and the work they do.
    4. Clearly convey the benefits of the strategy to avoid resistance.

    “The most important thing in project management is communication, communication, communication. You have to be able to put a message into business terms rather than technical terms.” (Lance Foust, I.S. Manager, Plymouth Tube Company)

    Project Goals Communication Goals Required Resources Communication Channels
    Why is your organization embarking on an ERP project? What do you want employees to know about the project? What resources are going to be utilized throughout the ERP strategy? How will your project team communicate project updates to the employees?
    Streamline processes and achieve operational efficiency. We will focus on mapping and gathering requirements for (X) mega-processes. We will be hiring process owners for each mega-process. You will be kept up to date about the project progress via email and intranet. Please feel free to contact the project owner if you have any questions.

    Activity 4.2.1 – Communication plan

    1 hour

    1. List the types of communication events and documents you will need to produce and distribute.
    2. Indicate the purpose of the event or document, who the audience is, and who is responsible for the communication.
    3. Identify who will be responsible for the development and delivery of the communication plan.

    Record this information in the ERP Strategy Report Template.

    Preview of the Communication Plan table on the next slide.

    Download the ERP Strategy Report Template

    Communication plan

    Use the communication planning template to track communication methods needed to convey information regarding ERP initiatives.

    This is designed to help your organization make ERP initiatives visible and create stakeholder awareness.

    Audience Purpose Delivery/ Format Communicator Delivery Date Status/Notes
    Front-line employees Highlight successes Bi-weekly email CEO Mondays
    Entire organization Highlight successes
    Plans for next iteration
    Monthly townhall Senior leadership Last Thursday of every month Recognize top contributors from different parts of the business. Consider giving out prizes such as coffee mugs
    Iteration demos Show completed functionality to key stakeholders Iteration completion web conference Delivery lead Every other Wednesday Record and share the demonstrations to all employees

    Conduct a presentation of the final deliverable for stakeholders

    After completing the activities and exercises within this blueprint, the final step of the process is to present the deliverable to senior management and stakeholders.

    Know Your Audience

    • Decide what needs to be presented and to whom. The purpose and format for communicating initiatives varies based on the audience. Identify the audience first to ensure initiatives are communicated appropriately.
    • IT and the business speak different languages. The business may not have the patience to try to understand IT, so it is up to IT to learn and use the language of business. Failing to put messages into language that resonates with the business will create disengagement and resistance.
    • Effective communication takes preparation to get the right content and tone to convey your real message.

    Learn From Other Organizations

    “When delivering the strategy and next steps, break the project down into consumable pieces. Make sure you deliver quick wins to retain enthusiasm and engagement.

    By making it look like a different project you keep momentum and avoid making it seem unattainable.” (Scott Clark, Innovation Credit Union)

    “To successfully sell the value of ERP, determine what the high-level business problem is and explain how ERP can be the resolution. Explicitly state which business areas ERP is going to touch. The business often has a very narrow view of ERP and perceives it as just a financial system. The key part of the strategy is that the organization sees the broader view of ERP.” (Scott Clark, Innovation Credit Union)

    Activity 4.2.2 – Stakeholder presentation

    1 hour

    1. The following sections of the ERP Strategy Report Template are designed to function as the stakeholder presentation:
      1. Workshop Overview
      2. ERP Models
      3. Roadmap
    2. You can use the Template as your presentation deck or extract the above sections to create a stand-alone stakeholder presentation.
    3. Remember to take your audience into account and anticipate the questions they may have.

    Samples of the ERP Strategy Report Template.

    Download the ERP Strategy Report Template

    Summary of Accomplishment

    Get the Most Out of Your ERP

    ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.

    Build an ERP Strategy and Roadmap allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:

    • Alignment and prioritization of key business and technology drivers.
    • Identification of ERP processes, including classification and gap analysis.
    • Measurement of user satisfaction across key departments.
    • Improved vendor relations.
    • Data quality initiatives.

    This formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Research Contributors

    Name Title Organization
    Anonymous Anonymous Software industry
    Anonymous Anonymous Pharmaceutical industry
    Boris Znebel VP of Sales Second Foundation
    Brian Kudeba Director, Administrative Systems Fidelis Care
    David Lawrence Director, ERP Allegheny Technologies Inc.
    Ken Zima CIO Aquarion Water Company
    Lance Foust I.S. Manager Plymouth Tube Company
    Pooja Bagga Head of ERP Strategy & Change Transport for London
    Rob Schneider Project Director, ERP Strathcona County
    Scott Clark Innovation Credit Union
    Tarek Raafat Manager, Application Solutions IDRC
    Tom Walker VP, Information Technology StarTech.com

    Related Info-Tech Research

    Bibliography

    Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub. 2018. Accessed 21 Feb. 2021.

    "Maximizing the Emotional Economy: Behavioral Economics." Gallup. n.d. Accessed 21 Feb. 2021.

    Neito-Rodriguez, Antonio. Project Management | How to Prioritize Your Company's Projects. 13 Dec. 2016. Accessed 29 Nov 2021. Web.

    "A&D organization resolves organizational.“ Case Study. Panorama Consulting Group. 2021. PDF. 09 Nov. 2021. Web.

    "Process Frameworks." APQC. n.d. Accessed 21 Feb. 2021.

    Saxena, Deepak and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, 29-37. 22 Feb. 2019. Accessed 21 Feb. 2021.

    Present Security to Executive Stakeholders

    • Buy Link or Shortcode: {j2store}262|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $2,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • There is a disconnect between security leaders and executive stakeholders on what information is important to present.
    • Security leaders find it challenging to convey the necessary information to obtain support for security objectives.
    • Changes to the threat landscape and shifts in organizational goals exacerbate the issue, as they impact security leaders' ability to prioritize topics to be communicated.
    • Security leaders struggle to communicate the importance of security to a non-technical audience.

    Our Advice

    Critical Insight

    Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and ensuring that you have met your goal.

    Impact and Result

    • Developing a thorough understanding of the security communication goals.
    • Understanding the importance of leveraging highly relevant and understandable data.
    • Developing and delivering presentations that will keep your audience engaged and build trust with your executive stakeholders.

    Present Security to Executive Stakeholders Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Present Security to Executive Stakeholders – A step-by-step guide to communicating security effectively to obtain support from decision makers.

    Use this as a guideline to assist you in presenting security to executive stakeholders.

    • Present Security to Executive Stakeholders Storyboard

    2. Security Presentation Templates – A set of security presentation templates to assist you in communicating security to executive stakeholders.

    The security presentation templates are a set of customizable templates for various types of security presentation including:

    • Present Security to Executive Stakeholders Templates

    Infographic

    Further reading

    Present Security to Executive Stakeholders

    Learn how to communicate security effectively to obtain support from decision makers.

    Analyst Perspective

    Build and deliver an effective security communication to your executive stakeholders.

    Ahmad Jowhar

    As a security leader, you’re tasked with various responsibilities to ensure your organization can achieve its goals while its most important assets are being protected.

    However, when communicating security to executive stakeholders, challenges can arise in determining what topics are pertinent to present. Changes in the security threat landscape coupled with different business goals make identifying how to present security more challenging.

    Having a communication framework for presenting security to executive stakeholders will enable you to effectively identify, develop, and deliver your communication goals while obtaining the support you need to achieve your objectives.

    Ahmad Jowhar
    Research Specialist, Security & Privacy

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • Many security leaders struggle to decide what to present and how to present security to executive stakeholders.
    • Constant changes in the security threat landscape impacts a security leader’s ability to prioritize topics to be communicated.
    • There is a disconnect between security leaders and executive stakeholders on what information is important to present.
    • Security leaders struggle to communicate the importance of security to a non-technical audience.
    • Developing a thorough understanding of security communication goals.
    • Understanding the importance of leveraging highly relevant and understandable data.
    • Developing and delivering presentations that will keep your audience engaged and build trust with your executive stakeholders.

    Info-Tech Insight

    Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

    Your challenge

    As a security leader, you need to communicate security effectively to executive stakeholders in order to obtain support for your security objectives.

    • When it comes to presenting security to executive stakeholders, many security leaders find it challenging to convey the necessary information in order to obtain support for security objectives.
    • This is attributed to various factors, such as an increase in the threat landscape, changes to industry regulations and standards, and new organizational goals that security has to align with.
    • Furthermore, with the limited time to communicate with executive stakeholders, both in frequency and duration, identifying the most important information to address can be challenging.

    76% of security leaders struggle in conveying the effectiveness of a cybersecurity program.

    62% find it difficult to balance the risk of too much detail and need-to-know information.

    41% find it challenging to communicate effectively with a mixed technical and non-technical audience.

    Source: Deloitte, 2022

    Common obstacles

    There is a disconnect between security leaders and executive stakeholders when it comes to the security posture of the organization:

    • Executive stakeholders are not confident that their security leaders are doing enough to mitigate security risks.
    • The issue has been amplified, with security threats constantly increasing across all industries.
    • However, security leaders don’t feel that they are in a position to make themselves heard.
    • The lack of organizational security awareness and support from cross-functional departments has made it difficult to achieve security objectives (e.g. education, investments).
    • Defining an approach to remove that disconnect with executive stakeholders is of utmost importance for security leaders, in order to improve their organization’s security posture.

    9% of boards are extremely confident in their organization’s cybersecurity risk mitigation measures.

    77% of organizations have seen an increase in the number of attacks in 2021.

    56% of security leaders claimed their team is not involved when leadership makes urgent security decisions.

    Source: EY, 2021
    The image contains a screenshot of an Info-Tech Thoughtmodel titled: Presenting Security to Executive Stakeholders.

    Info-Tech’s methodology for presenting security to executive stakeholders

    1. Identify communication goals

    2. Collect information to support goals

    3. Develop communication

    4. Deliver communication

    Phase steps

    1. Identify drivers for communicating to executives
    2. Define your goals for communicating to executives
    1. Identify data to collect
    2. Plan how to retrieve data
    1. Plan communication
    2. Build a compelling communication document
    1. Deliver a captivating presentation
    2. Obtain/verify goals

    Phase outcomes

    A defined list of drivers and goals to help you develop your security presentations

    A list of data sources to include in your communication

    A completed communication template

    A solidified understanding of how to effectively communicate security to your stakeholders

    Develop a structured process for communicating security to your stakeholders

    Security presentations are not a one-way street
    The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

    Identifying your goals is the foundation of an effective presentation
    Defining your drivers and goals for communicating security will enable you to better prepare and deliver your presentation, which will help you obtain your desired outcome.

    Harness the power of data
    Leveraging data and analytics will help you provide quantitative-based communication, which will result in a more meaningful and effective presentation.

    Take your audience on a journey
    Developing a storytelling approach will help engage with your audience.

    Win your audience by building a rapport
    Establishing credibility and trust with executive stakeholders will enable you to obtain their support for security objectives.

    Tactical insight
    Conduct background research on audience members (i.e. professional background) to help understand how best to communicate with them and overcome potential objections.

    Tactical insight
    Verifying your objectives at the end of the communication is important, as it ensures you have successfully communicated to executive stakeholders.

    Project deliverables

    This blueprint is accompanied by a supporting deliverable which includes five security presentation templates.

    Report on Security Initiatives
    Template showing how to inform executive stakeholders of security initiatives.

    Report on Security Initiatives.

    Security Metrics
    Template showing how to inform executive stakeholders of current security metrics that would help drive future initiatives.

    Security Metrics.

    Security Incident Response & Recovery
    Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.

    Security Incident Response & Recovery

    Security Funding Request
    Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.

    Security Funding Request

    Key template:

    Security and Risk Update

    Template showing how to inform executive stakeholders of proactive security and risk initiatives.

    Blueprint benefits

    IT/InfoSec benefits

    Business benefits

    • Reduce effort and time spent preparing cybersecurity presentations for executive stakeholders by having templates to use.
    • Enable security leaders to better prepare what to present and how to present it to their executive stakeholders, as well as driving the required outcomes from those presentations.
    • Establish a best practice for communicating security and IT to executive stakeholders.
    • Gain increased awareness of cybersecurity and the impact executive stakeholders can have on improving an organization’s security posture.
    • Understand how security’s alignment with the business will enable the strategic growth of the organization.
    • Gain a better understanding of how security and IT objectives are developed and justified.

    Measure the value of this blueprint

    Phase

    Measured Value (Yearly)

    Phase 1: Identify communication goals

    Cost to define drivers and goals for communicating security to executives:

    16 FTE hours @ $233K* =$1,940

    Phase 2: Collect information to support goals

    Cost to collect and synthesize necessary data to support communication goals:

    16 FTE hours @ $233K = $1,940

    Phase 3: Develop communication

    Cost to develop communication material that will contextualize information being shown:

    16 FTE hours @ $233K = $1,940

    Phase 4: Deliver communication

    Potential Savings:

    Total estimated effort = $5,820

    Our blueprint will help you save $5,820 and over 40 FTE hours

    * The financial figure depicts the annual salary of a CISO in 2022

    Source: Chief Information Security Officer Salary.” Salary.com, 2022

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Phase 1

    Identify communication goals

    Phase 1 Phase 2 Phase 3 Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Understanding the different drivers for communicating security to executive stakeholders
    • Identifying different communication goals

    This phase involves the following participants:

    • Security leader

    1.1. Identify drivers for communicating to executive stakeholders

    As a security leader, you meet with executives and stakeholders with diverse backgrounds, and you aim to showcase your organization’s security posture along with its alignment with the business’ goals.

    However, with the constant changes in the security threat landscape, demands and drivers for security could change. Thus, understanding potential drivers that will influence your communication will assist you in developing and delivering an effective security presentation.

    39% of organizations had cybersecurity on the agenda of their board’s quarterly meeting.

    Source: EY, 2021.

    Info-Tech Insight

    Not all security presentations are the same. Keep your communication strategy and processes agile.

    Know your drivers for security presentations

    By understanding the influences for your security presentations, you will be able to better plan what to present to executive stakeholders.

    • These meetings, which are usually held once per quarter, provide you with less than one hour of presentation time.
    • Hence, it is crucial to know why you need to present security and whether these drivers are similar across the other presentations.

    Understanding drivers will also help you understand how to present security to executive stakeholders.

    • These drivers will shape the structure of your presentation and help determine your approach to communicating your goals.
    • For example, financial-based presentations that are driven by budget requests might create a sense of urgency or assurance about investment in a security initiative.

    Identify your communication drivers, which can stem from various initiatives and programs, including:

    • Results from internal or external audit reports.
    • Upcoming budget meetings.
    • Briefing newly elected executive stakeholders on security.

    When it comes to identifying your communication drivers, you can collaborate with subject matter experts, like your corporate secretary or steering committees, to ensure the material being communicated will align with some of the organizational goals.

    Examples of drivers for security presentations

    Audit
    Upcoming internal or external audits might require updates on the organization’s compliance

    Organizational restructuring
    Restructuring within an organization could require security updates

    Merger & Acquisition
    An M&A would trigger presentations on organization’s current and future security posture

    Cyber incident
    A cyberattack would require an immediate presentation on its impact and the incident response plan

    Ad hoc
    Provide security information requested by stakeholders

    1.2. Define your goals for communicating to executives

    After identifying drivers for your communication, it’s important to determine what your goals are for the presentation.

    • Communication drivers are mainly triggers for why you want to present security.
    • Communication goals are the potential outcomes you are hoping to obtain from the presentation.
    • Your communication goals would help identify what data and metrics to include in your presentation, the structure of your communication deck, and how you deliver your communication to executive stakeholders.

    Identifying your communication goals could require the participation of the security team, IT leadership, and other business stakeholders.

    • As a group, brainstorm the security goals that align with your business goals for the coming year.
      • Aim to have at least two business goals that align with each security goal.
    • Identify what benefits and value the executive stakeholders will gain from the security goal being presented.
      • E.g. Increased security awareness, updates on organization's security posture.
    • Identify what the ask is for this presentation.
      • E.g. Approval for increasing budget to support security initiatives, executive support to implement internal security programs.

    Info-Tech Insight

    There can be different reasons to communicate security to executive stakeholders. You need to understand what you want to get out of your presentation.

    Examples of security presentation goals

    Educate
    Educate the board on security trends and/or latest risks in the industry

    Update
    Provide updates on security initiatives, relevant security metrics, and compliance posture

    Inform
    Provide an incident response plan due to a security incident or deliver updates on current threats and risks

    Investment
    Request funding for security investments or financial updates on past security initiatives

    Ad hoc
    Provide security information requested by stakeholders

    Phase 2

    Collect information to support goals

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Understanding what types of data to include in your security presentations
    • Defining where and how to retrieve data

    This phase involves the following participants:

    • Security leader
    • Network/security analyst

    2.1 Identify data to collect

    After identifying drivers and goals for your communication, it’s important to include the necessary data to justify the information being communicated.

    • Leveraging data and analytics will assist in providing quantitative-based communication, which will result in a more meaningful and effective presentation.
    • The data presented will showcase the visibility of an organization’s security posture along with potential risks and figures on how to mitigate those risks.
    • Providing analysis of the quantitative data presented will also showcase further insights on the figures, allow the audience to better understand the data, and show its relevance to the communication goals.

    Identifying data to collect doesn’t need to be a rigorous task; you can follow these steps to help you get started:

    • Work with your security team to identify the main type of data applicable to the communication goals.
      • E.g. Financial data would be meaningful to use when communicating a budget presentation.
    • Identify supporting data linked to the main data defined.
      • E.g. If a financial investment is made to implement a security initiative, then metrics on improvements to the security posture will be relevant.
    • Show how both the main and supporting data align with the communication goals.
      • E.g. Improvement in security posture would increase alignment with regulation standards, which would result in additional contracts being awarded and increased revenue.

    Info-Tech Insight

    Understand how to present your information in a way that will be meaningful to your audience, for instance by quantifying security risks in financial terms.

    Examples of data to present

    Educate
    Number of organizations in industry impacted by data breaches during past year; top threats and risks affecting the industries

    Update
    Degree of compliance with standards (e.g. ISO-27001); metrics on improvement of security posture due to security initiatives

    Inform
    Percentage of impacted clients and disrupted business functions; downtime; security risk likelihood and financial impact

    Investment
    Capital and operating expenditure for investment; ROI on past and future security initiatives

    Ad hoc
    Number of security initiatives that went over budget; phishing test campaign results

    2.2 Plan how to retrieve the data

    Once the data that is going to be used for the presentation has been identified, it is important to plan how the data can be retrieved, processed, and shared.

    • Most of the data leveraged for security presentations are structured data, which are highly organized data that are often stored in a relational and easily searchable database.
      • This includes security log reports or expenditures for ongoing and future security investments.
    • Retrieving the data, however, would require collaboration and cooperation from different team members.
    • You would need to work with the security team and other appropriate stakeholders to identify where the data is stored and who the data owner is.

    Once the data source and owner has been identified, you need to plan how the data would be processed and leveraged for your presentation

    • This could include using queries to retrieve the relevant information needed (e.g. SQL, Microsoft Excel).
    • Verify the accuracy and relevance of the data with other stakeholders to ensure it is the most appropriate data to be presented to the executive stakeholders.

    Info-Tech Insight

    Using a data-driven approach to help support your objectives is key to engaging with your audience.

    Plan where to retrieve the data

    Identifying the relevant data sources to retrieve your data and the appropriate data owner enables efficient collaboration between departments collecting, processing, and communicating the data and graphics to the audience.

    Examples of where to retrieve your data

    Data Source

    Data

    Data Owner

    Communication Goal

    Audit & Compliance Reports

    Percentage of controls completed to be certified with ISO 27001; Number of security threats & risks identified.

    Audit Manager;

    Compliance Manager;

    Security Leader

    Ad hoc, Educate, Inform

    Identity & Access Management (IAM) Applications

    Number of privileged accounts/department; Percentage of user accounts with MFA applied

    Network/Security Analyst

    Ad hoc, Inform, Update

    Security Information & Event Management (SIEM)

    Number of attacks detected and blocked before & after implementing endpoint security; Percentage of firewall rules that triggered a false positive

    Network/Security Analyst

    Ad hoc, Inform, Update

    Vulnerability Management Applications

    Percentage of critical vulnerabilities patched; Number of endpoints encrypted

    Network/Security Analyst

    Ad hoc, Inform, Update

    Financial & Accounting Software

    Capital & operating expenditure for future security investments; Return on investment (ROI) on past and current security investments

    Financial and/or Accounting Manager

    Ad hoc, Educate, Investments

    Phase 3

    Develop communication

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Identifying a communication strategy for presenting security
    • Identifying security templates that are applicable to your presentation

    This phase involves the following participants:

    • Security leader

    3.1 Plan communication: Know who your audience is

    • When preparing your communication, it's important to understand who your target audience is and to conduct background research on them.
    • This will help develop your communication style and ensure your presentation caters to the expected audience in the room.

    Examples of two profiles in a boardroom

    Formal board of directors

    The executive team

    • In the private sector, this will include an appointed board of shareholders and subcommittees external to the organization.
    • In the public sector, this can include councils, commissions, or the executive team itself.
    • In government, this can include mayors, ministers, and governors.
    • The board’s overall responsibility is governance.
    • This audience will include your boss and your peers internal to the organization.
    • This category is primarily involved in the day-to-day operations of the organization and is responsible for carrying out the strategic direction set by the board.
    • The executive team’s overall responsibility is operations.

    3.1.1 Know what your audience cares about

    • Understanding what your executive stakeholders value will equip you with the right information to include in your presentations.
    • Ensure you conduct background research on your audience to assist you in knowing what their potential interests are.
    • Your background research could include:
      • Researching the audience’s professional background through LinkedIn.
      • Reviewing their comments from past executive meetings.
      • Researching current security trends that align with organizational goals.
    • Once the values and risks have been identified, you can document them in notes and share the notes with subject matter experts to verify if these values and risks should be shared in the coming meetings.

    A board’s purpose can include the following:

    • Sustaining and expanding the organization’s purpose and ability to execute in a competitive market.
    • Determining and funding the organization’s future and direction.
    • Protecting and increasing shareholder value.
    • Protecting the company’s exposure to risks.

    Examples of potential values and risks

    • Business impact
    • Financial impact
    • Security and incidents

    Info-Tech Insight
    Conduct background research on audience members (e.g. professional background on LinkedIn) to help understand how best to communicate to them and overcome potential objections.

    Understand your audience’s concerns

    • Along with knowing what your audience values and cares about, understanding their main concerns will allow you to address those items or align them with your communication.
    • By treating your executive stakeholders as your project sponsors, you would build a level of trust and confidence with your peers as the first step to tackling their concerns.
    • These concerns can be derived from past stakeholder meetings, recent trends in the industry, or strategic business alignments.
    • After capturing their concerns, you’ll be equipped with the necessary understanding on what material to include and prioritize during your presentations.

    Examples of potential concerns for each profile of executive stakeholders

    Formal board of directors

    The executive team

    • Business impact (What is the impact of IT in solving business challenges?)
    • Investments (How will it impact organization’s finances and efficiency?)
    • Cybersecurity and risk (What are the top cybersecurity risks, and how is IT mitigating those risks to the business?)
    • Business alignment (How do IT priorities align to the business strategy and goals?)
    • IT operational efficiency (How is IT set up for success with foundational elements of IT’s operational strategy?)
    • Innovation & transformation priorities (How is IT enabling the organization’s competitive advantage and supporting transformation efforts as a strategic business partner?)

    Build your presentation to tackle their main concerns

    Your presentation should be well-rounded and compelling when it addresses the board’s main concerns about security.

    Checklist:

    • Research your target audience (their backgrounds, board composition, dynamics, executive team vs. external group).
    • Include value and risk language in your presentation to appeal to your audience.
    • Ensure your content focuses on one or more of the board’s main concerns with security (e.g. business impact, investments, or risk).
    • Include information about what is in it for them and the organization.
    • Research your board’s composition and skillsets to determine their level of technical knowledge and expertise. This helps craft your presentation with the right amount of technology vs. business-facing information.

    Info-Tech Insight
    The executive stakeholder’s main concerns will always boil down to one important outcome: providing a level of confidence to do business through IT products, services, and systems – including security.

    3.1.2 Take your audience through a security journey

    • Once you have defined your intended target and their potential concerns, developing the communication through a storytelling approach will be the next step to help build a compelling presentation.
    • You need to help your executive stakeholders make sense of the information being conveyed and allow them to understand the importance of cybersecurity.
    • Taking your audience through a story will allow them to see the value of the information being presented and better resonate with its message.
    • You can derive insights for your storytelling presentation by doing the following:
      • Provide a business case scenario on the topic you are presenting.
      • Identify and communicate the business problem up front and answer the three questions (why, what, how).
      • Quantify the problems in terms of business impact (money, risk, value).

    Info-Tech Insight
    Developing a storytelling approach will help keep your audience engaged and allow the information to resonate with them, which will add further value to the communication.

    Identify the purpose of your presentation

    You should be clear about your bottom line and the intent behind your presentation. However, regardless of your bottom line, your presentation must focus on what business problems you are solving and why security can assist in solving the problem.

    Examples of communication goals

    To inform or educate

    To reach a decision

    • In this presentation type, it is easy for IT leaders to overwhelm a board with excessive or irrelevant information.
    • Focus your content on the business problem and the solution proposed.
    • Refrain from too much detail about the technology – focus on business impact and risk mitigated. Ask for feedback if applicable.
    • In this presentation type, there is a clear ask and an action required from the board of directors.
    • Be clear about what this decision is. Once again, don’t lead with the technology solution: Start with the business problem you are solving, and only talk about technology as the solution if time permits.
    • Ensure you know who votes and how to garner their support.

    Info-Tech Insight
    Nobody likes surprises. Communicate early and often. The board should be pre-briefed, especially if it is a difficult subject. This also ensures you have support when you deliver a difficult message.

    Gather the right information to include in your boardroom presentation

    Once you understand your target audience, it’s important to tailor your presentation material to what they will care about.

    Typical IT boardroom presentations include:

    • Communicating the value of ongoing business technology initiatives.
    • Requesting funds or approval for a business initiative that IT is spearheading.
    • Security incident response/Risk/DRP.
    • Developing a business program or an investment update for an ongoing program.
    • Business technology strategy highlights and impacts.
    • Digital transformation initiatives (value, ROI, risk).

    Info-Tech Insight
    You must always have a clear goal or objective for delivering a presentation in front of your board of directors. What is the purpose of your board presentation? Identify your objective and outcome up front and tailor your presentation’s story and contents to fit this purpose.

    Info-Tech Insight
    Telling a good story is not about the message you want to deliver but the one the executive stakeholders want to hear. Articulate what you want them to think and what you want them to take away, and be explicit about it in your presentation. Make your story logically flow by identifying the business problem, complication, the solution, and how to close the gap. Most importantly, communicate the business impacts the board will care about.

    Structure your presentation to tell a logical story

    To build a strong story for your presentation, ensure you answer these three questions:

    WHY

    Why is this a business issue, or why should the executive stakeholders care?

    WHAT

    What is the impact of solving the problem and driving value for the company?

    HOW

    How will we leverage our resources (technology, finances) to solve the problem?

    Examples:

    Scenario 1: The company has experienced a security incident.

    Intent: To inform/educate the board about the security incident.

    WHY

    The data breach has resulted in a loss of customer confidence, negative brand impact, and a reduction in revenue of 30%.

    WHAT

    Financial, legal, and reputational risks identified, and mitigation strategies implemented. IT is working with the PR team on communications. Incident management playbook executed.

    HOW

    An analysis of vulnerabilities was conducted and steps to address are in effect. Recovery steps are 90% completed. Incident management program reviewed for future incidents.

    Scenario 2: Security is recommending investments based on strategic priorities.

    Intent: To reach a decision with the board – approve investment proposal.

    WHY

    The new security strategy outlines two key initiatives to improve an organization’s security culture and overall risk posture.

    WHAT

    Security proposed an investment to implement a security training & phishing test campaign, which will assist in reducing data breach risks.

    HOW

    Use 5% of security’s budget to implement security training and phishing test campaigns.

    Time plays a key role in delivering an effective presentation

    What you include in your story will often depend on how much time you have available to deliver the message.

    Consider the following:

    • Presenting to executive stakeholders often means you have a short window of time to deliver your message. The average executive stakeholder presentation is 15 minutes, and this could be cut short due to other unexpected factors.
    • If your presentation is too long, you risk overwhelming or losing your audience. You must factor in the time constraints when building your board presentation.
    • Your executive stakeholders have a wealth of experience and knowledge, which means they could jump to conclusions quickly based on their own experiences. Ensure you give them plenty of background information in advance. Provide your presentation material, a brief, or any other supporting documentation before the meeting to show you are well prepared.
    • Be prepared to have deep conversations about the topic, but respect that the executive stakeholders might not be interested in hearing the tactical information. Build an elevator pitch, a one-pager, back-up slides that support your ask and the story, and be prepared to answer questions within your allotted presentation time to dive deeper.

    Navigating through Q&A

    Use the Q&A portion to build credibility with the board.

    • It is always better to say, “I’m not certain about the answer but will follow up,” than to provide false or inaccurate information on the spot.
    • When asked challenging or irrelevant questions, ensure you have an approach to deflect them. Questions can often be out of scope or difficult to answer in a group. Find what works for you to successfully navigate through these questions:
      • “Let’s work with the sub-committee to find you an answer.”
      • “Let’s take that offline to address in more detail.”
      • “I have some follow-up material I can provide you to discuss that further after our meeting.”
    • And ensure you follow up! Make sure to follow through on your promise to provide information or answers after the meeting. This helps build trust and credibility with the board.

    Info-Tech Insight
    The average board presentation is 15 minutes long. Build no more than three or four slides of content to identify the business problem, the business impacts, and the solution. Leave five minutes for questions at the end, and be prepared with back-up slides to support your answers.

    Storytelling checklist

    Checklist:

    • Tailor your presentation based on how much time you have.
    • Find out ahead of time how much time you have.
    • Identify if your presentation is to inform/educate or reach a decision.
    • Identify and communicate the business problem up front and answer the three questions (why, what, how).
    • Express the problem in terms of business impact (risk, value, money).
    • Prepare and send pre-meeting collateral to the members of the board and executive team.
    • Include no more than 5-6 slides for your presentation.
    • Factor in Q&A time at the end of your presentation window.
    • Articulate what you want them to think and what you want them to take away – put it right up front and remind them at the end.
    • Have an elevator speech handy – one or two sentences and a one-pager version of your story.
    • Consider how you will build your relationship with the members outside the boardroom.

    3.1.3 Build a compelling communication document

    Once you’ve identified your communication goals, data, and plan to present to your stakeholders, it’s important to build the compelling communication document that will attract all audiences.

    A good slide design increases the likelihood that the audience will read the content carefully.

    • Bad slide structure (flow) = Audience loses focus
      • You can have great content on a slide, but if a busy audience gets confused, they’ll just close the file or lose focus. Structure encompasses horizontal and vertical logic.
    • Good visual design = Audience might read more
      • Readers will probably skim the slides first. If the slides look ugly, they will already have a negative impression. If the slides are visually appealing, they will be more inclined to read carefully. They may even use some slides to show others.
    • Good content + Good structure + Visual appeal = Good presentation
      • A presentation is like a house. Good content is the foundation of the house. Good structure keeps the house strong. Visual appeal differentiates houses.

    Slide design best practices

    Leverage these slide design best practices to assist you in developing eye-catching presentations.

    • Easy to read: Assume reader is tight on time. If a slide looks overwhelming, the reader will close the document.
    • Concise and clear: Fewer words = more skim-able.
    • Memorable: Use graphics and visuals or pithy quotes whenever you can do so appropriately.
    • Horizontal logic: Good horizontal logic will have slide titles that cascade into a story with no holes or gaps.
    • Vertical logic: People usually read from left to right, top to bottom, or in a Z pattern. Make sure your slide has an intuitive flow of content.
    • Aesthetics: People like looking at visually appealing slides, but make sure your attempts to create visual appeal do not detract from the content.

    Your presentation must have a logical flow

    Horizontal logic

    Vertical logic

    • Horizontal logic should tell a story.
    • When slide titles are read in a cascading manner, they will tell a logical and smooth story.
    • Title & tagline = thesis (best insight).
    • Vertical logic should be intuitive.
    • Each step must support the title.
    • The content you intend to include within each slide is directly applicable to the slide title.
    • One main point per slide.

    Vertical logic should be intuitive

    The image contains a screenshot example of a bad design layout for a slide. The image contains a screenshot example of a good design layout for a slide.

    The audience is unsure where to look and in what order.

    The audience knows to read the heading first. Then look within the pie chart. Then look within the white boxes to the right.

    Horizontal and vertical logic checklists

    Horizontal logic

    Vertical logic

    • List your slide titles in order and read through them.
    • Good horizontal logic should feel like a story. Incomplete horizontal logic will make you pause or frown.
    • After a self-test, get someone else to do the same exercise with you observing them.
    • Note at which points they pause or frown. Discuss how those points can be improved.
    • Now consider each slide title proposed and the content within it.
    • Identify if there is a disconnect in title vs. content.
    • If there is a disconnect, consider changing the title of the slide to appropriately reflect the content within it, or consider changing the content if the slide title is an intended path in the story.

    Make it easy to read

    The image contains a screenshot that demonstrates an uneasy to read slide. The image contains a screenshot that demonstrates an easy to read slide.
    • Unnecessary coloring makes it hard on the eyes
    • Margins for title at top is too small
    • Content is not skim-able (best to break up the slide)

    Increase skim-ability:

    • Emphasize the subheadings
    • Bold important words

    Make it easier on the eyes:

    • Declutter and add sections
    • Have more white space

    Be concise and clear

    1. Write your thoughts down
      • This gets your content documented.
      • Don’t worry about clarity or concision yet.
    2. Edit for clarity
      • Make sure the key message is very clear.
      • Find your thesis statement.
    3. Edit for concision
      • Remove unnecessary words.
      • Use the active voice, not passive voice (see below for examples).

    Passive voice

    Active voice

    “There are three things to look out for” (8 words)

    “Network security was compromised by hackers” (6 words)

    “Look for these three things” (5 words)

    “Hackers compromised network security” (4 words)

    Be memorable

    The image contains a screenshot of an example that demonstrates a bad example of how to be memorable. The image contains a screenshot of an example that demonstrates a good example of how to be memorable.

    Easy to read, but hard to remember the stats.

    The visuals make it easier to see the size of the problem and make it much more memorable.

    Remember to:

    • Have some kind of visual (e.g. graphs, icons, tables).
    • Divide the content into sections.
    • Have a bit of color on the page.

    Aesthetics

    The image contains a screenshot of an example of bad aesthetics. The image contains a screenshot of an example of good aesthetics.

    This draft slide is just content from the outline document on a slide with no design applied yet.

    • Have some kind of visual (e.g. graphs, icons, tables) as long as it’s appropriate.
    • Divide the content into sections.
    • Have a bit of color on the page.
    • Bold or italicize important text.

    Why use visuals?

    How graphics affect us

    Cognitively

    • Engage our imagination
    • Stimulate the brain
    • Heighten creative thinking
    • Enhance or affect emotions

    Emotionally

    • Enhance comprehension
    • Increase recollection
    • Elevate communication
    • Improve retention

    Visual clues

    • Help decode text
    • Attract attention
    • Increase memory

    Persuasion

    • 43% more effective than text alone
    Source: Management Information Systems Research Center

    Presentation format

    Often stakeholders prefer to receive content in a specific format. Make sure you know what you require so that you are not scrambling at the last minute.

    • Is there a standard presentation template?
    • Is a hard-copy handout required?
    • Is there a deadline for draft submission?
    • Is there a deadline for final submission?
    • Will the presentation be circulated ahead of time?
    • Do you know what technology you will be using?
    • Have you done a dry run in the meeting room?
    • Do you know the meeting organizer?

    Checklist to build compelling visuals in your presentation

    Leverage this checklist to ensure you are creating the perfect visuals and graphs for your presentation.

    Checklist:

    • Do the visuals grab the audience’s attention?
    • Will the visuals mislead the audience/confuse them?
    • Do the visuals facilitate data comparison or highlight trends and differences in a more effective manner than words?
    • Do the visuals present information simply, cleanly, and accurately?
    • Do the visuals display the information/data in a concentrated way?
    • Do the visuals illustrate messages and themes from the accompanying text?

    3.2 Security communication templates

    Once you have identified your communication goals and plans for building your communication document, you can start building your presentation deck.

    These presentation templates highlight different security topics depending on your communication drivers, goals, and available data.

    Info-Tech has created five security templates to assist you in building a compelling presentation.

    These templates provide support for presentations on the following five topics:

    • Security Initiatives
    • Security & Risk Update
    • Security Metrics
    • Security Incident Response & Recovery
    • Security Funding Request

    Each template provides instructions on how to use it and tips on ensuring the right information is being presented.

    All the templates are customizable, which enables you to leverage the sections you need while also editing any sections to your liking.

    The image contains screenshots of the Security Presentation Templates.

    Download the Security Presentation Templates

    Security template example

    It’s important to know that not all security presentations for an organization are alike. However, these templates would provide a guideline on what the best practices are when communicating security to executive stakeholders.

    Below is an example of instructions to complete the “Security Risk & Update” template. Please note that the security template will have instructions to complete each of its sections.

    The image contains a screenshot of the Executive Summary slide. The image contains a screenshot of the Security Goals & Objectives slide.

    The first slide following the title slide includes a brief executive summary on what would be discussed in the presentation. This includes the main security threats that would be addressed and the associated risk mitigation strategies.

    This slide depicts a holistic overview of the organization’s security posture in different areas along with the main business goals that security is aligning with. Ensure visualizations you include align with the goals highlighted.

    Security template example (continued)

    The image contains a screenshot example of the Top Threats & Risks. The image contains a screenshot example of the Top Threats & Risks.

    This slide displays any top threats and risks an organization is facing. Each threat consists of 2-3 risks and is prioritized based on the negative impact it could have on the organization (i.e. red bar = high priority; green bar = low priority). Include risks that have been addressed in the past quarter, and showcase any prioritization changes to those risks.

    This slide follows the “Top Threats & Risks” slide and focuses on the risks that had medium or high priority. You will need to work with subject matter experts to identify risk figures (likelihood, financial impact) that will enable you to quantify the risks (Likelihood x Financial Impact). Develop a threshold for each of the three columns to identify which risks require further prioritization, and apply color coding to group the risks.

    Security template example (continued)

    The image contains a screenshot example of the slide, Risk Analysis. The image contains a screenshot example of the slide, Risk Mitigation Strategies & Roadmap.

    This slide showcases further details on the top risks along with their business impact. Be sure to include recommendations for the risks and indicate whether further action is required from the executive stakeholders.

    The last slide of the “Security Risk & Update” template presents a timeline of when the different initiatives to mitigate security risks would begin. It depicts what initiatives will be completed within each fiscal year and the total number of months required. As there could be many factors to a project’s timeline, ensure you communicate to your executive stakeholders any changes to the project.

    Phase 4

    Deliver communication

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Identifying a strategy to deliver compelling presentations
    • Ensuring you follow best practices for communicating and obtaining your security goals

    This phase involves the following participants:

    • Security leader

    4.1 Deliver a captivating presentation

    You’ve gathered all your data, you understand what your audience is expecting, and you are clear on the outcomes you require. Now, it’s time to deliver a presentation that both engages and builds confidence.

    Follow these tips to assist you in developing an engaging presentation:

    • Start strong: Give your audience confidence that this will be a good investment of their time. Establish a clear direction for what’s going to be covered and what the desired outcome is.
    • Use your time wisely: Odds are, your audience is busy, and they have many other things on their minds. Be prepared to cover your content in the time allotted and leave sufficient time for discussion and questions.
    • Be flexible while presenting: Do not expect that your presentation will follow the path you have laid out. Anticipate jumping around and spending more or less time than you had planned on a given slide.

    Keep your audience engaged with these steps

    • Be ready with supporting data. Don’t make the mistake of not knowing your content intimately. Be prepared to answer questions on any part of it. Senior executives are experts at finding holes in your data.
    • Know your audience. Who are you presenting to? What are their specific expectations? Are there sensitive topics to be avoided? You can’t be too prepared when it comes to understanding your audience.
    • Keep it simple. Don’t assume that your audience wants to learn the details of your content. Most just want to understand the bottom line, the impact on them, and how they can help. More is not always better.
    • Focus on solving issues. Your audience members have many of their own problems and issues to worry about. If you show them how you can help make their lives easier, you’ll win them over.

    Info-Tech Insight
    Establishing credibility and trust with executive stakeholders is important to obtaining their support for security objectives.

    Be honest and straightforward with your communication

    • Be prepared. Being properly prepared means not only that your update will deliver the value that you expect, but also that you will have confidence and the flexibility you require when you’re taken off track.
    • Don’t sugarcoat it. These are smart, driven people that you are presenting to. It is neither beneficial nor wise to try to fool them. Be open and transparent about problems and issues. Ask for help.
    • No surprises. An executive stakeholder presentation is not the time or the place for a surprise. Issues seen as unexpected or contentious should always be dealt with prior to the meeting with those most impacted.

    Hone presentation skills before meeting with the executive stakeholders

    Know your environment

    Be professional but not boring

    Connect with your audience

    • Your organization has standards for how people are expected to dress at work. Make sure that your attire meets this standard – don’t be underdressed.
    • Think about your audience – would they appreciate you starting with a joke, or do they want you to get to the point as quickly as possible?
    • State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.
    • Present with lots of energy, smile, and use hand gestures to support your speech.
    • Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention on you.
    • Never read from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.

    Checklist for presentation logistics

    Optimize the timing of your presentation:

    • Less is more: Long presentations are detrimental to your cause – they lead to your main points being diluted. Keep your presentation short and concise.
    • Keep information relevant: Only present information that is important to your audience. This includes the information that they are expecting to see and information that connects to the business.
    • Expect delays: Your audience will likely have questions. While it is important to answer each question fully, it will take away from the precious time given to you for your presentation. Expect that you will not get through all the information you have to present.

    Script your presentation:

    • Use a script to stay on track: Script your presentation before the meeting. A script will help you present your information in a concise and structured manner.
    • Develop a second script: Create a script that is about half the length of the first script but still contains the most important points. This will help you prepare for any delays that may arise during the presentation.
    • Prepare for questions: Consider questions that may be asked and script clear and concise answers to each.
    • Practice, practice, practice: Practice your presentation until you no longer need the script in front of you.

    Checklist for presentation logistics (continued)

    Other considerations:

    • After the introduction of your presentation, clearly state the objective – don’t keep people guessing and consequently lose focus on your message.
    • After the presentation is over, document important information that came up. Write it down or you may forget it soon after.
    • Rather than create a long presentation deck full of detailed slides that you plan to skip over during the presentation, create a second, compact deck that contains only the slides you plan to present. Send out the longer deck after the presentation.

    Checklist for delivering a captivating presentation

    Leverage this checklist to ensure you are prepared to develop and deliver an engaging presentation.

    Checklist:

    • Start with a story or something memorable to break the ice.
    • Go in with the end state in mind (focus on the outcome/end goal and work back from there) – What’s your call to action?
    • Content must compliment your end goal, filter out any content that doesn’t compliment the end goal.
    • Be prepared to have less time to speak. Be prepared with shorter versions of your presentation.
    • Include an appendix with supporting data, but don’t be data heavy in your presentation. Integrate the data into a story. The story should be your focus.

    Checklist for delivering a captivating presentation (continued)

    • Be deliberate in what you want to show your audience.
    • Ensure you have clean slides so the audience can focus on what you’re saying.
    • Practice delivering your content multiple times alone and in front of team members or your Info-Tech counselor, who can provide feedback.
    • How will you handle being derailed? Be prepared with a way to get back on track if you are derailed.
    • Ask for feedback.
    • Record yourself presenting.

    4.2 Obtain and verify support on security goals

    Once you’ve delivered your captivating presentation, it’s imperative to communicate with your executive stakeholders.

    • This is your opportunity to open the floor for questions and clarify any information that was conveyed to your audience.
    • Leverage your appendix and other supporting documents to justify your goals.
    • Different approaches to obtaining and verifying your goals could include:
      • Acknowledgment from the audience that information communicated aligns with the business’s goals.
      • Approval of funding requests for security initiatives.
      • Written and verbal support for implementation of security initiatives.
      • Identifying next steps for information to communicate at the next executive stakeholder meeting.

    Info-Tech Insight
    Verifying your objectives at the end of the presentation is important, as it ensures you have successfully communicated to executive stakeholders.

    Checklist for obtaining and verify support on security goals

    Follow this checklist to assist you in obtaining and verifying your communication goals.

    Checklist:

    • Be clear about follow-up and next steps if applicable.
    • Present before you present: Meet with your executive stakeholders before the meeting to review and discuss your presentation and other supporting material and ensure you have executive/CEO buy-in.
    • “Be humble, but don’t crumble” – demonstrate to the executive stakeholders that you are an expert while admitting you don’t know everything. However, don’t be afraid to provide your POV and defend it if need be. Strike the right balance to ensure the board has confidence in you while building a strong relationship.
    • Prioritize a discussion over a formal presentation. Create an environment where they feel like they are part of the solution.

    Summary of Accomplishment

    Problem Solved

    A better understanding of security communication drivers and goals

    • Understanding the difference between communication drivers and goals
    • Identifying your drivers and goals for security presentation

    A developed a plan for how and where to retrieve data for communication

    • Insights on what type of data can be leveraged to support your communication goals
    • Understanding who you can collaborate with and potential data sources to retrieve data from

    A solidified communication plan with security templates to assist in better presenting to your audience

    • A guideline on how to prepare security presentations to executive stakeholders
    • A list of security templates that can be customized and used for various security presentations

    A defined guideline on how to deliver a captivating presentation to achieve your desired objectives

    • Clear message on best practices for delivering security presentations to executive stakeholders
    • Understanding how to verify your communication goals have been obtained

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Build an Information Security Strategy
    This blueprint will walk you through the steps of tailoring best practices to effectively manage information security.

    Build a Security Metrics Program to Drive Maturity
    This blueprint will assist you in identifying security metrics that can tie to your organizational goals and build those metrics to achieve your desired maturity level.

    Bibliography

    Bhadauriya, Amit S. “Communicating Cybersecurity Effectively to the Board.” Metricstream. Web.
    Booth, Steven, et al. “The Biggest Mistakes Made When Presenting Cyber Security to Senior Leadership or the Board, and How to Fix Them.” Mandiant, May 2019. Web.
    Bradford, Nate. “6 Slides Every CISO Should Use in Their Board Presentation.” Security Boulevard, 9 July 2020. Web.
    Buckalew, Lauren, et al. “Get the Board on Board: Leading Cybersecurity from the Top Down.” Newsroom, 2 Dec. 2019. Web.
    Burg, Dave, et al. “Cybersecurity: How Do You Rise above the Waves of a Perfect Storm?” EY US - Home, EY, 22 July 2021. Web.
    Carnegie Endowment for International Peace. Web.
    “Chief Information Security Officer Salary.” Salary.com, 2022. Web.
    “CISO's Guide to Reporting to the Board - Apex Assembly.” CISO's Guide To Reporting to the Board. Web.
    “Cyber Security Oversight in the Boardroom” KPMG, Jan. 2016. Web.
    “Cybersecurity CEO: My 3 Tips for Presenting in the Boardroom.” Cybercrime Magazine, 31 Mar. 2020. Web.
    Dacri , Bryana. Do's & Don'ts for Security Professionals Presenting to Executives. Feb. 2018. Web.
    Froehlich, Andrew. “7 Cybersecurity Metrics for the Board and How to Present Them: TechTarget.” Security, TechTarget, 19 Aug. 2022. Web.
    “Global Board Risk Survey.” EY. Web.
    “Guidance for CISOs Presenting to the C-Suite.” IANS, June 2021. Web.
    “How to Communicate Cybersecurity to the Board of Directors.” Cybersecurity Conferences & News, Seguro Group, 12 Mar. 2020. Web.
    Ide, R. William, and Amanda Leech. “A Cybersecurity Guide for Directors” Dentons. Web.
    Lindberg, Randy. “3 Tips for Communicating Cybersecurity to the Board.” Cybersecurity Software, Rivial Data Security, 8 Mar. 2022. Web.
    McLeod, Scott, et al. “How to Present Cybersecurity to Your Board of Directors.” Cybersecurity & Compliance Simplified, Apptega Inc, 9 Aug. 2021. Web.
    Mickle, Jirah. “A Recipe for Success: CISOs Share Top Tips for Successful Board Presentations.” Tenable®, 28 Nov. 2022. Web.
    Middlesworth, Jeff. “Top-down: Mitigating Cybersecurity Risks Starts with the Board.” Spiceworks, 13 Sept. 2022. Web.
    Mishra, Ruchika. “4 Things Every CISO Must Include in Their Board Presentation.” Security Boulevard, 17 Nov. 2020. Web.
    O’Donnell-Welch, Lindsey. “CISOs, Board Members and the Search for Cybersecurity Common Ground.” Decipher, 20 Oct. 2022. Web.

    Bibliography

    “Overseeing Cyber Risk: The Board's Role.” PwC, Jan. 2022. Web.
    Pearlson, Keri, and Nelson Novaes Neto. “7 Pressing Cybersecurity Questions Boards Need to Ask.” Harvard Business Review, 7 Mar. 2022. Web.
    “Reporting Cybersecurity Risk to the Board of Directors.” Web.
    “Reporting Cybersecurity to Your Board - Steps to Prepare.” Pondurance ,12 July 2022. Web.
    Staynings, Richard. “Presenting Cybersecurity to the Board.” Resource Library. Web.
    “The Future of Cyber Survey.” Deloitte, 29 Aug. 2022. Web.
    “Top Cybersecurity Metrics to Share with Your Board.” Packetlabs, 10 May 2022. Web.
    Unni, Ajay. “Reporting Cyber Security to the Board? How to Get It Right.” Cybersecurity Services Company in Australia & NZ, 10 Nov. 2022. Web.
    Vogel, Douglas, et al. “Persuasion and the Role of Visual Presentation Support.” Management Information Systems Research Center, 1986.
    “Welcome to the Cyber Security Toolkit for Boards.” NCSC. Web.

    Research Contributors

    • Fred Donatucci, New-Indy Containerboard, VP, Information Technology
    • Christian Rasmussen, St John Ambulance, Chief Information Officer
    • Stephen Rondeau, ZimVie, SVP, Chief Information Officer

    Business Continuity

    • Buy Link or Shortcode: {j2store}36|cart{/j2store}
    • Related Products: {j2store}36|crosssells{/j2store}
    • member rating overall impact: 9.2/10
    • member rating average dollars saved: $30,547
    • member rating average days saved: 37
    • Parent Category Name: Security and Risk
    • Parent Category Link: /security-and-risk

    The challenge

    • Recent crises have put business continuity firmly on the radar with executives. The pressures mount to have a proper BCP in place.

    • You may be required to show regulators and oversight bodies proof of having your business continuity processes under control.
    • Your customers want to know that you can continue to function under adverse circumstances and may require proof of your business continuity practices and plans.
    • While your company may put the BCM function in facility management or within the business, it typically falls upon IT leaders to join the core team to set up the business continuity plans.

    Our advice

    Insight

    • Business continuity plans require the cooperation and input from all departments with often conflicting objectives.
    • For most medium-sized companies, BCP activities do not require a full-time position. 
    • While the set up of a BCP is an epic or project, embed the maintenance and exercises in its regular activities.
    • As an IT leader in your company, you have the skillset and organizational overview to lead a BCP set up. It is the business that must own the plans. They know their processes and know where to prioritize.
    • The traditional approach to creating a BCP is a considerable undertaking. Most companies will hire one or more consultants to guide them. If you want to do this in-house, then carve up the work into discrete tasks to make it more manageable. Our blueprint explains to you how to do that.

    Impact and results 

    • You have a structured and straightforward process that you can apply to one business unit or department at a time.
    • Start with a pilot, and use the results to fine-tune your approach, fill the gaps while at the same time slowly reducing your business continuity exposure. Repeat the process for each department or team.
    • Enable the business to own the plans. Develop templates that they can use.
    • Leverage the BCP project's outcome and refine your disaster recovery plans to ensure alignment with the overall BCP.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why you should develop a sound business continuity practice in your company. We'll show you our methodology and the ways we can help you in completing this.

    Identify your current maturity and document process dependencies.

    Choose a medium-sized department and build a team. Identify that department's processes, dependencies, and alternatives.

    • BCP Maturity Scorecard (xls)
    • BCP Pilot Project Charter Template (doc)
    • BCP Business Process Workflows Example (Visio)
    • BCP Business Process Workflows Example (PDF)

    Conduct a business impact analysis to determine what needs to recover first and how much (if any) data you can afford to lose in a disaster.

    Define an objective impact scoring scale for your company. Have the business estimate the impact of downtime and set your recovery targets.

    • BCP Business Impact Analysis Tool (xls)

    Document the recovery workflow entirely.

    The need for clarity is critical. In times when you need the plans, people will be under much higher stress. Build the workflow for the steps necessary to rebuild. Identify gaps and brainstorm on how to close them. Prioritize solutions that mitigate the remaining risks.

    • BCP Tabletop Planning Template (Visio)
    • BCP Tabletop Planning Template (PDF)
    • BCP Project Roadmap Tool
    • BCP Relocation Checklists

    Report the results of the pilot BCP and implement governance.

    Present the results of the pilot and propose the next steps. Assign BCM teams or people within each department. Update and maintain the overall BCMS documentation.

    • BCP Pilot Results Presentation (ppt)
    • BCP Summary (doc)
    • Business Continuity Teams and Roles Tool (xls)

    Additional business continuity tools and templates

    These can help with the creation of your BCP.

    • BCP Recovery Workflow Example (Visio)
    • BCP Recovery Workflow Example (PDF)
    • BCP Notification, Assessment, and Disaster Declaration Plan (doc)
    • BCP Business Process Workarounds and Recovery Checklists (doc)
    • Business Continuity Management Policy (doc)
    • Business Unit BCP Prioritization Tool (xls)
    • Industry-Specific BIA Guidelines (zip)
    • BCP-DRP Maintenance Checklist (xls)
    • Develop a COVID-19 Pandemic Response Plan Storyboard (ppt)

     

    Document and Maintain Your Disaster Recovery Plan

    • Buy Link or Shortcode: {j2store}417|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $52,224 Average $ Saved
    • member rating average days saved: 38 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Disaster recovery plan (DRP) documentation is often driven by audit or compliance requirements rather than aimed at the team that would need to execute recovery.
    • Between day-to-day IT projects and the difficulty of maintaining 300+ page manuals, DRP documentation is not updated and quickly becomes unreliable.
    • Inefficient publishing strategies result in your DRP not being accessible during disaster or key staff not knowing where to find the latest version.

    Our Advice

    Critical Insight

    • DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
    • Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
    • Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    Impact and Result

    • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans. Don’t mix the two in an all-in-one plan that is not effective for either audience.
    • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
    • Incorporate DRP maintenance into change management procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Document and Maintain Your Disaster Recovery Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should adopt a visual-based DRP, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Streamline DRP documentation

    Start by documenting your recovery workflow. Create supporting documentation in the form of checklists, flowcharts, topology diagrams, and contact lists. Finally, summarize your DR capabilities in a DRP Summary Document for stakeholders and auditors.

    • Document and Maintain Your Disaster Recovery Plan – Phase 1: Streamline DRP Documentation

    2. Select the optimal DRP publishing strategy

    Select criteria for assessing DRP tools, and evaluate whether a business continuity management tool, document management solution, wiki site, or manually distributing documentation is best for your DR team.

    • Document and Maintain Your Disaster Recovery Plan – Phase 2: Select the Optimal DRP Publishing Strategy
    • DRP Publishing and Document Management Solution Evaluation Tool
    • BCM Tool – RFP Selection Criteria

    3. Keep your DRP relevant through maintenance best practices

    Learn how to integrate DRP maintenance into core IT processes, and learn what to look for during testing and during annual reviews of your DRP.

    • Document and Maintain Your Disaster Recovery Plan – Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices
    • Sample Project Intake Form Addendum for Disaster Recovery
    • Sample Change Management Checklist for Disaster Recovery
    • DRP Review Checklist
    • DRP-BCP Review Workflow (Visio)
    • DRP-BCP Review Workflow (PDF)

    4. Appendix: XMPL Case Study

    Model your DRP after the XMPL case study disaster recovery plan documentation.

    • Document and Maintain Your Disaster Recovery Plan – Appendix: XMPL Case Study
    • XMPL DRP Summary Document
    • XMPL Notification, Assessment, and Declaration Plan
    • XMPL Systems Recovery Playbook
    • XMPL Recovery Workflows (Visio)
    • XMPL Recovery Workflows (PDF)
    • XMPL Data Center and Network Diagrams (Visio)
    • XMPL Data Center and Network Diagrams (PDF)
    • XMPL DRP Business Impact Analysis Tool
    • XMPL DRP Workbook
    [infographic]

    Workshop: Document and Maintain Your Disaster Recovery Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Streamline DRP Documentation

    The Purpose

    Teach your team how to create visual-based documentation.

    Key Benefits Achieved

    Learn how to create visual-based DR documentation.

    Activities

    1.1 Conduct a table-top planning exercise.

    1.2 Document your high-level incident response plan.

    1.3 Identify documentation to include in your playbook.

    1.4 Create an initial collection of supplementary documentation.

    1.5 Discuss what further documentation is necessary for recovering from a disaster.

    1.6 Summarize your DR capabilities for stakeholders.

    Outputs

    Documented high-level incident response plan

    List of documentation action items

    Collection of 1-3 draft checklists, flowcharts, topology diagrams, and contact lists

    Action items for ensuring that the DRP is executable for both primary and backup DR personnel

    DRP Summary Document

    2 Select the Optimal DRP Publishing Strategy

    The Purpose

    Learn the considerations for publishing your DRP.

    Key Benefits Achieved

    Identify the best strategy for publishing your DRP.

    Activities

    2.1 Select criteria for assessing DRP tools.

    2.2 Evaluate categories for DRP tools.

    Outputs

    Strategy for publishing DRP

    3 Learn How to Keep Your DRP Relevant Through Maintenance Best Practices

    The Purpose

    Address the common pain point of unmaintained DRPs.

    Key Benefits Achieved

    Create an approach for maintaining your DRP.

    Activities

    3.1 Alter your project intake considerations.

    3.2 Integrate DR considerations into change management.

    3.3 Integrate documentation into performance measurement and performance management.

    3.4 Learn best practices for maintaining your DRP.

    Outputs

    Project Intake Form Addendum Template

    Change Management DRP Checklist Template

    Further reading

    Document and Maintain Your Disaster Recovery Plan

    Put your DRP on a diet – keep it fit, trim, and ready for action.

    ANALYST PERSPECTIVE

    The traditional disaster recovery plan (DRP) “red binder” is dead. It takes too long to create, it’s too hard to maintain, and it’s not usable in a crisis.

    “This blueprint outlines the following key tactics to streamline your documentation effort and produce a better result:

    • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.
    • Use flowcharts, checklists, and diagrams over traditional manuals. This drives documentation that is more concise, easier to maintain, and effective in a crisis.
    • Create your DRP in layers to get tangible results faster, starting with a recovery workflow that outlines your DR strategy, and then build out the specific documentation needed to support recovery.”
    (Frank Trovato, Research Director, Infrastructure, Info-Tech Research Group)

    This project is about DRP documentation after you have clarified your DR strategy; create these necessary inputs first

    These artifacts are the cornerstone for any disaster recovery plan.

    • Business Impact Analysis
    • DR Roles and Responsibilities
    • Recovery Workflow

    Missing a component? Start here. ➔ Create a Right-Sized Disaster Recovery Plan

    This blueprint walks you through building these inputs.
    Our approach saves clients on average US$16,825.22. (Clients self-reported an average saving of US$16,869.21 while completing the Create a Right-Sized Disaster Recovery Plan blueprint through advisory calls, guided implementations, or workshops (Info-Tech Research Group, 2017, N=129).)

    How this blueprint will help you document your DRP

    This Research is Designed For:

    • IT managers in charge of disaster recovery planning (DRP) and execution.
    • Organizations seeking to optimize their DRP using best-practice methodology.
    • Business continuity professionals that are involved with disaster recovery.

    This Research Will Help You:

    • Divide the process of creating DR documentation into manageable chunks, providing a defined scope for you to work in.
    • Identify an appropriate DRP document management and distribution strategy.
    • Ensure that DR documentation is up to date and accessible.

    This Research Will Also Assist:

    • IT managers preparing for a DR audit.
    • IT managers looking to incorporate components of DR into an IT operations document.

    This Research Will Help Them:

    • Follow a structured approach in building DR documentation using best practices.
    • Integrate DR into day-to-day IT operations.

    Executive summary

    Situation

    • DR documentation is often driven by audit or compliance requirements, rather than aimed at the team that would need to execute recovery.
    • Traditional DRPs are text-heavy, 300+ page manuals that are simply not usable in a crisis.
    • Compounding the problem, DR documentation is rarely updated, so it’s just shelf-ware.

    Complication

    • DRP is often given lower priority as day-to-day IT projects displace DR documentation efforts.
    • Inefficient publishing strategies result in your DRP not being accessible during disasters or key staff not knowing where to find the latest version.
    • Organizations that create traditional DRPs end up with massive manuals that are difficult to maintain, so they quickly become unreliable.

    Resolution

    • Create visual and concise DR documentation that strips out unnecessary content and is written for an IT audience – the team that would actually be executing the recovery. Your business leaders can take the same approach to create separate business response plans – don’t mix the two into an all-in-one plan that is not effective for either audience.
    • Determine a documentation distribution strategy that supports ease of maintenance and accessibility during a disaster.
    • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Info-Tech Insight

    1. DR documentation fails when organizations try to boil the ocean with an all-in-one plan aimed at auditors, business leaders, and IT. It’s too long, too hard to maintain, and ends up being little more than shelf-ware.
    2. Using flowcharts, checklists, and diagrams aimed at an IT audience is more concise and effective in a disaster, quicker to create, and easier to maintain.
    3. Create your DRP in layers to keep the work manageable. Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    An effective DRP that mitigates a wide range of potential outages is critical to minimizing the impact of downtime

    The criticality of having an effective DRP is underestimated.

    Cost of Downtime for the Fortune 1000
    • Cost of unplanned apps downtime per year: $1.25B to $2.5B
    • Cost of critical apps failure per hour: $500,000 to $1M
    • Cost of infrastructure failure per hour: $100,000
    • 35% reported to have recovered within 12 hours.
    • 17% of infrastructure failures took more than 24 hours to recover.
    • 13% of application failures took more than 24 hours to recover.
    Size of Impact Increasing Across Industries
    • The cost of downtime is rising across the board and not just for organizations that traditionally depend on IT (e.g. e-commerce).
    • Downtime cost increase since 2010:
      • Hospitality: 129% increase
      • Transportation: 108% increase
      • Media organizations: 104% increase
    Potential Lost Revenue
    A line graph of Potential Lost Revenue with vertical axis 'LOSS ($)' and horizontal axis 'TIME'. The line starts with low losses near the origin where 'Incident Occurs', gradually accelerates to higher losses as time passes, then decelerates before 'All Revenue Lost'. Note: 'Delay in recovery causes exponential revenue loss'.
    (Adapted from: Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan (2007 Edition).)

    The impact of downtime increases significantly over time, not just in terms of lost revenue (as illustrated here) but also goodwill/reputation and health/safety. An effective DR solution and overall resiliency that mitigate a wide range of potential outages are critical to minimizing the impact of downtime.

    Without an effective DRP, your organization is gambling on being able to define and implement a recovery strategy during a time of crisis. At the very least, this means extended downtime – potentially weeks – and substantial impact.

    Only 38% of those with a full or mostly complete DRP believe their DRPs would be effective in a real crisis

    Organizations continue to struggle with creating DRPs, let alone making them actionable.

    Why are so many living with either an incomplete or ineffective DRP? For the same reasons that IT documentation in general continues to be a pain point:

    • It is an outdated model of what documentation should be – the traditional manual with detailed (lengthy) descriptions and procedures.
    • Despite the importance of DR, low priority is placed on creating a DRP and the day-to-day SOPs required to support a recovery.
    • There is a lack of effective processes for ensuring documentation stays up to date.
    A bar graph documenting percentages of survey responses about the completeness of their DRP. 'Only 20% of survey respondents indicated they have a complete DRP'. 13% said 'No DRP'. 33% said 'Partial DRP'. 34% said 'Mostly Completed'. 20% said 'Full DRP'.
    (Source: Info-Tech Research Group, N=165)
    A bar graph documenting percentages of survey responses about the level of confidence in their DRP. 'Only 38% of those who have a mostly completed or full DRP actually feel it would be effective in a crisis'. 4% said 'Low'. 58% said 'Unsure'. 38% said 'Confident'.
    (Source: Info-Tech Research Group, N=69 (includes only those who indicated DRP is mostly completed or completed))

    Improve usability and effectiveness with visual-based and more-concise documentation

    Choose flowcharts over process guides, checklists over lengthy procedures, and diagrams over descriptions.

    If you need a three-inch binder to hold your DRP, imagine having to flip through it to determine next steps during a crisis.

    DR documentation needs to be concise, scannable, and quickly understood to be effective. Visual-based documentation meets these requirements, so it’s no surprise that it also leads to higher DR success.

    DR success scores are based on:

    • Meeting recovery time objectives (RTOs).
    • Meeting recovery point objectives (RPOs).
    • IT staff’s confidence in their ability to meet RTOs/RPOs.
    A line graph of DR documentation types and their effectiveness. The vertical axis is 'DR Success', from Low to High. The horizontal axis is Documentation Type, from 'Traditional Manual' to 'Primarily flowcharts, checklists, and diagrams'. The line trends up to higher success with visual-based and more-concise documentation.(Source: Info-Tech Research Group, N=95)

    “Without question, 300-page DRPs are not effective. I mean, auditors love them because of the detail, but give me a 10-page DRP with contact lists, process flows, diagrams, and recovery checklists that are easy to follow.” (Bernard Jones, MBCI, CBCP, CORP, Manager Disaster Recovery/BCP, ActiveHealth Management)

    Maintainability is another argument for visual-based, concise documentation

    There are two end goals for your DR documentation: effectiveness and maintainability. Without either, you will not have success during a disaster.

    Organizations using a visual-based approach were 30% more likely to find that DR documentation is easy to maintain. “Easy to maintain” leads to a 46% higher rate of DR success.
    Two bar graphs documenting survey responses regarding maintenance ease of DR documentation types. The first graph compares Traditional Manual vs Visual-based. For 'Traditional Manual' 72% responded they were Difficult to maintain while 28% responded they were Easy to maintain; for 'Visual-based' 42% responded they were Difficult to maintain while 58% responded they were Easy to maintain. Visual-based DR documentation received 30% more votes for Easy to Maintain. The second graph compares success rates of 'Difficult to Maintain' vs 'Easy to Maintain' DR documentation with Difficult being 31% and Easy being 77%, a 46% difference. 'Source: Info-Tech Research Group, N=96'.

    Not only are visual-based disaster recovery plans more effective, but they are also easier to maintain.

    Overcome documentation inertia with a tiered model that allows you to eat the elephant one bite at a time

    Start with a recovery workflow to at least ensure a coordinated response. Then use that workflow to determine required supporting documentation.

    Recovery Workflow: Starting the project with overly detailed documentation can slow down the entire process. Overcome planning inertia by starting with high-level incident response plans in a flowchart format. For examples and additional information, see XMPL Medical’s Recovery Workflows.

    Recovery Procedures (Systems Recovery Playbook): For each step in the high-level flowchart, create recovery procedures where necessary using additional flowcharts, checklists, and diagrams as appropriate. Leverage Info-Tech’s Systems Recovery Playbook example as a starting point.

    Additional Reference Documentation: Reference existing IT documentation, such as network diagrams and configuration documents, as well as more detailed step-by-step procedures where necessary (e.g. vendor documentation), particularly where needed to support alternate recovery staff who may not be as well versed as the primary system owners.

    Info-Tech Insight

    Organizations that use flowcharts, checklist, and diagrams over traditional, dense DRP manuals are far more likely to meet their RTOs/RPOs because their documentation is more usable and easier to maintain.

    Use a DRP summary document to satisfy executives, auditors, and clients

    Stakeholders don’t have time to sift through a pile of paper. Summarize your overall continuity capabilities in one, easy-to-read place.

    DRP Summary Document

    • Summarize BIA results
    • Summarize DR strategy (including DR sites)
    • Summarize backup strategy
    • Summarize testing and maintenance plans

    Follow Info-Tech’s methodology to make DRP documentation efficient and effective

    Phases

    Phase 1: Streamline DRP documentation Phase 2: Select the optimal DRP publishing strategy Phase 3: Keep your DRP relevant through maintenance best practices

    Phases

    1.1

    Start with a recovery workflow

    2.1

    Decide on a publishing strategy

    3.1

    Incorporate DRP maintenance into core IT processes

    1.2

    Create supporting DRP documentation

    3.2

    Conduct an annual focused review

    1.3

    Write the DRP Summary

    Tools and Templates

    End-to-End Sample DRP DRP Publishing Evaluation Tool Project In-take/Request Form

    Change Management Checklist

    Follow XMPL Medical’s journey through DR documentation

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

    Outline of the Disaster Recovery Plan

    XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

    Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

    Resulting Disaster Recovery Plan

    XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

    Disaster Recovery Plan
    • Recovery Workflow
    • Business Impact Analysis
    • DRP Summary
    • System Recovery Checklists
    • Communication, Assessment, and Disaster Declaration Plan

    Info-Tech Best Practice

    XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

    Model your disaster recovery documentation off of our example

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Recovery Workflow:

    • Recovery Workflows (PDF, VSDX)

    Recovery Procedures (Systems Recovery Playbook):

    • DR Notification, Assessment, and Disaster Declaration Plan
    • Systems Recovery Playbook
    • Network Topology Diagrams

    Additional Reference Documentation:

    • DRP Workbook
    • Business Impact Analysis
    • DRP Summary Document

    Use Info-Tech’s DRP Maturity Scorecard to evaluate your progress

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Document and Maintain Your Disaster Recovery Plan – Project Overview

    1. Streamline DRP Documentation 2. Select the Optimal DRP Publishing Strategy 3. Keep Your DRP Relevant
    Supporting Tool icon
    Best-Practice Toolkit

    1.1 Start with a recovery workflow

    1.2 Create supporting DRP documentation

    1.3 Write the DRP summary

    2.1 Create Committee Profiles

    3.1 Build Governance Structure Map

    3.2 Create Committee Profiles

    Guided Implementations
    • Review Info-Tech’s approach to DRP documentation.
    • Create a high-level recovery workflow.
    • Create supporting DRP documentation.
    • Write the DRP summary.
    • Identify criteria for selecting a DRP publishing strategy.
    • Select a DRP publishing strategy.
    • Optional: Select requirements for a BCM tool and issue an RFP.
    • Optional: Review responses to RFP.
    • Learn best practices for integrating DRP maintenance into day-to-day IT processes.
    • Learn best practices for DRP-focused reviews.
    Associated Activity icon
    Onsite Workshop
    Module 1:
    Streamline DRP documentation
    Module 2:
    Select the optimal DRP publishing strategy
    Module 3:
    Learn best practices for keeping your DRP relevant
    Phase 1 Outcome:
    • A complete end-to-end DRP
    Phase 2 Outcome:
    • Selection of a publishing and management tool for your DRP documentation
    Phase 3 Outcome:
    • Strategy for maintaining your DRP documentation

    Workshop Overview Associated Activity icon

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Info-Tech Analysts Finalize Deliverables
    Activities
    Assess DRP Maturity and Review Current Capabilities

    0.1 Assess current DRP maturity through Info-Tech’s Maturity Scorecard.

    0.2 Identify the IT systems that support mission-critical business activities, and select 2 or 3 key applications to be the focus of the workshop.

    0.3 Identify current recovery strategies for selected applications.

    0.4 Identify current DR challenges for selected applications.

    Document Your Recovery Workflow

    1.1 Create a recovery workflow: review tabletop planning, walk through DR scenarios, identify DR gaps, and determine how to fill them.

    Create Supporting Documentation

    1.2 Create supporting DRP documentation.

    1.3 Write the DRP summary.

    Establish a DRP Publishing, Management, and Maintenance Strategy

    2.1 Decide on a publishing strategy.

    3.1 Incorporate DRP maintenance into core IT.

    3.2 Considerations for reviewing your DRP regularly.

    Deliverables
    1. Baseline DRP metric (based on DRP Maturity Scorecard)
    1. High-level DRP workflow
    2. DRP gaps and risks identified
    1. Recovery workflow and/or checklist for sample of IT systems
    2. Customized DRP Summary Template
    1. Strategy for selecting a DRP publishing tool
    2. DRP management and maintenance strategy
    3. Workshop summary presentation deck

    Workshop Goal: Learn how to document and maintain your DRP.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.


    Phase 1: Streamline DRP Documentation

    Step 1.1: Start with a recovery workflow

    PHASE 1
    PHASE 2
    PHASE 3
    1.1 1.2 1.3 2.1 3.1 3.2
    Start with a Recovery Workflow Create Supporting Documentation Write the DRP Summary Select DRP Publishing Strategy Integrate into Core IT Processes Conduct an Annual Focused Review

    This step will walk you through the following activities:

    • Review a model DRP.
    • Review your recovery workflow.
    • Identify documentation required to support the recovery workflow.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Alternate DR Personnel

    Outcomes of this step

    • Understanding the visual-based, concise approach to DR documentation.
    • Creating a recovery workflow that provides a roadmap for coordinating incident response and identifying required supporting documentation.

    Info-Tech Insights

    A DRP is a collection of procedures and supporting documents that allow an organization to recover its IT services to minimize system downtime for the business.

    1.1 — Start with a recovery workflow to ensure a coordinated response and identify required supporting documentation

    The recovery workflow clarifies your DR strategy and ensures the DR team is on the same page.

    Recovery Workflow

    The recovery workflow maps out the incident response plan from event detection, assessment, and declaration to systems recovery and validation.

    This documentation includes:

    • Clarifying initial incident response steps.
    • Clarifying the order of systems recovery and which recovery actions can occur concurrently.
    • Estimating actual recovery timeline through each stage of recovery.
    Recovery Procedures (Playbook)
    Additional Reference Documentation

    “We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management.” (Assistant Director-IT Operations, Healthcare Industry)

    Review business impact analysis (BIA) results to plan your recovery workflow

    The BIA defines system criticality from the business’s perspective. Use it to guide system recovery order.

    Specifically, review the following from your BIA:

    • The list of tier 1, 2, and 3 applications. This will dictate the recovery order in your recovery workflow.
    • Application dependencies. This will outline what needs to be included as part of an application recovery workflow.
    • The recovery time objective (RTO) and recovery point objective (RPO) for each application. This will also guide the recovery, and enable you to identify gaps where the recovery workflow does not meet RTOs and RPOs.

    CASE STUDY: The XMPL DRP documentation is based on this Business Impact Analysis Tool.

    Haven’t conducted a BIA? Use Info-Tech’s streamlined approach.

    Info-Tech’s publication Create a Right-Sized Disaster Recovery Plan takes a very practical approach to BIA work. Our process gives IT leaders a mechanism to quickly get agreement on system recovery order and DR investment priorities.

    Conduct a tabletop planning exercise to determine your recovery workflow

    Associated Activity icon 1.1.1 Tabletop Planning Exercise

    1. Define a scenario to drive the tabletop planning exercise:
      • Use a scenario that forces a full failover to your DR environment, so you can capture an end-to-end recovery workflow.
      • Avoid scenarios that impact health and safety such as tornados or a fire. You want to focus on IT recovery.
      • Example scenarios: Burst water pipe that causes data-center-wide damage or a gas leak that forces evacuation and power to be shut down for at least two days.

    Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

    Info-Tech Insight

    Use scenarios to provide context for DR planning, and to test your plans, but don’t create a separate plan for every possibility.

    The high-level recovery plan will be the same whether the incident is a fire, flood, or tornado. While there might be some variances and outliers, these scenarios can be addressed by adding decision points and/or separate, supplementary instructions.

    Walk through the scenario and capture the recovery workflow

    Associated Activity icon 1.1.2 Tabletop Planning Exercise
    1. Capture the following information for tier 1, tier 2, and tier 3 systems:
      1. On white cue cards, record the steps and track start and end times for each step (where 00:00 is when the incident occurred).
      2. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
      3. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

    Note:

    • Ensure the language is sufficiently genericized (e.g. refer to events, not specifically a burst water pipe).
    • Review isolated failures (e.g. hardware, software). Typically, the recovery procedure documented for individual systems covers the essence of the recovery workflow whether it’s just the one system that failed or it’s part of a site-wide recovery.

    Note: You may have already completed this exercise as part of Create a Right-Sized Disaster Recovery Plan.

    Document your current-state recovery workflow based on the results of the tabletop planning

    Supporting Tool icon 1.1.2 Incident Response Plan Flowcharts, Tabs 2 and 3

    After you finish the tabletop planning exercise, the steps on the set of cue cards define your recovery workflow. Capture this in a flowchart format.

    Use the sample DRP to guide your own flowchart. Some notes on the example are:

    • XMPL’s Incident Management to DR flowchart shows the connection between its standard Service Desk processes and DR processes.
    • XMPL’s high-level workflows outline its recovery of tier 1, 2, and 3 systems.
    • Where more detail is required, include links to supporting documentation. In this example, XMPL Medical includes links to its Systems Recovery Playbook.
    Preview of an Info-Tech Template depicting a sample flowchart.

    This sample flowchart is included in XMPL Recovery Workflows.

    Step 1.2: Create Supporting DRP Documentation

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Create checklists for your playbook.
    • Document more complex procedures with flowcharts.
    • Gather and/or write network topology diagrams.
    • Compile a contact list.
    • Ensure there is enough material for backup personnel.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Backup DR Personnel

    Outcomes of this step

    • Actionable supporting documentation for your disaster recovery plan.
    • Contact list for IT personnel, business personnel, and vendor support.

    1.2 — Create supporting documentation for your disaster recovery plan

    Now that you have a high-level incident response plan, collect the information you need for executing that plan.

    Recovery Workflow

    Write your recovery procedures playbook to be effective and usable. Your playbook documentation should include:

    • Supplementary flowcharts
    • Checklists
    • Topology diagrams
    • Contact lists
    • DRP summary

    Reference vendors’ technical information in your flowcharts and checklists where appropriate.

    Recovery Procedures (Playbook)

    Additional Reference Documentation

    Info-Tech Insight

    Write for your audience. The playbook is for IT; include only the information they need to execute the plan. DRP summaries are for executives and auditors; do not include information intended for IT. Similarly, your disaster recovery plan is not for business units; keep BCP content out of your DRP.

    Use checklists to streamline step-by-step procedures

    Supporting Tool icon 1.2.1 XMPL Medical’s System Recovery Checklists

    Checklists are ideal when staff just need a reminder of what to do, not how to do it.

    XMPL Medical used its high-level flowcharts as a roadmap for creating its Systems Recovery Playbook.

    • Since its Playbook is intended for experienced IT staff, the writing style in the checklists is concise. XMPL includes links to reference material to support recovery, especially for alternate staff who might need additional instruction.
    • XMPL includes key parameters (e.g. IP addresses) rather than assume those details would be memorized, especially in a stressful DR scenario.
    • Similarly, include links to other useful resources such as VM templates.
    Preview of the Info-Tech Template 'Systems Recovery Playbook'.

    Included in the XMPL Systems Recovery Playbook are checklists for recovering XMPL’s virtual desktop infrastructure, mission-critical applications, and core infrastructure components.

    Use flowcharts to document processes with concurrent tasks not easily captured in a checklist

    Supporting Tool icon 1.2.2 XMPL Medical’s Phone Services Recovery Flowchart

    Recovery procedures can consist of flowcharts, checklists, or both, as well as diagrams. The main goal is to be clear and concise.

    • XMPL Medical created a flowchart to capture its phone services recovery procedure to capture concurrent tasks.
    • Additional instructions, where required, could still be captured in a Playbook checklist or other supporting documentation.
    • The flowchart could have also included key settings or other details as appropriate, particularly if the DR team chose to maintain this recovery procedure just in a flowchart format.
    Preview of the Info-Tech Template 'Recovery Workflows'.

    Included in the XMPL DR documentation is an example flowchart for recovering phone systems. This flowchart is in Recovery Workflows.

    Reference this blueprint for more SOP flowchart examples: Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Use topology diagrams to capture network layout, integrations, and system information

    Supporting Tool icon 1.2.4 XMPL Medical’s Data Center and Network Diagrams

    Topology diagrams, key checklists, and configuration settings are often enough for experienced networking staff to carry out their DR tasks.

    • XMPL Medical includes these diagrams with its DRP. Instead of recreating these diagrams, the XMPL Medical DR Manager asked their network team for these diagrams:
      • Primary data center diagram
      • DR site diagram
      • High-level network diagrams
    • Often, organizations already have network topology diagrams for reference purposes.

    “Our network engineers came to me and said our standard SOP template didn't work for them. They're now using a lot of diagrams and flowcharts, and that has worked out better for them.” (Assistant Director-IT Operations, Healthcare Industry)

    Preview of the Info-Tech Template 'Systems Recovery Playbook'.

    You can download a PDF and a VSD version of these Data Center and Network Diagrams from Info-Tech’s website.

    Create a list of organizational, IT, and vendor contacts that may be required to assist with recovery

    If there is something strange happening to your IT infrastructure, who you gonna call?

    Many DR managers have their team on speed dial. However, having the contact info of alternate staff, BCP leads, and vendors can be very helpful during a disaster. XMPL Medical lists the following information in its DRP Workbook:

    • The DR Teams, SMEs critical to disaster recovery, their backups, and key contacts (e.g. BC Management team leads, vendor contacts) that would be involved in:
      • Declaring a disaster.
      • Coordinating a response at an organizational level.
      • Executing recovery.
    • The people that have authority to declare a disaster.
    • Each person’s spending authority.
    • The rules for delegating authority.
    • Primary and alternate staff for each role.
    Example list of alternate staff, BCP leads, and vendors.

    Confirm with your DR team that you have all of the documentation that you need to recover during a disaster

    Associated Activity icon 1.2.7 Group Discussion

    DISCUSS: Is there enough information in your DRP for both primary and backup DR personnel?

    • Is it clear who is responsible for each DR task, including notification steps?
    • Have alternate staff for each role been identified?
    • Does the recovery workflow capture all of the high-level steps?
    • Is there enough documentation for alternate staff (e.g. network specs)?

    Step 1.3: Write the DRP Summary

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Write a DRP summary document.

    This step involves the following participants:

    • DRP Owner

    Outcomes of this step

    • High-level outline of your DRP capabilities for stakeholders such as executives, auditors, and clients.

    Summarize your DR capabilities using a DRP summary document

    Supporting Tool icon 1.3.1 DRP Summary Document

    The sample included on Info-Tech’s website is customized for the XMPL Medical Case Study – use the download as a starting point for your own summary document.

    DRP Summary Document

    XMPL’s DRP Summary is organized into the following categories:

    • DR requirements: This includes a summary of scope, business impact analysis (BIA), risk assessment, and high-level RTOs and achievable RTOs.
    • DR strategy: This includes a summary of XMPL’s recovery procedures, DR site, and backup strategy.
    • Testing and maintenance: This includes a summary of XMPL’s DRP testing and maintenance strategy.

    Be transparent about existing business risks in your DRP summary

    The DRP summary document is business facing. Include information of which business leaders (and other stakeholders) need to be aware.

    • Discrepancies between desired and achievable RTOs? Organizational leadership needs to know this information. Only then can they assign the resources and budget that IT needs to achieve the desired DR capabilities.
    • What is the DRP’s scope? XMPL Medical lists the IT components that will be recovered during a disaster, and components which will not. For instance, XMPL’s DRP does not recover medical equipment, and XMPL has separate plans for business continuity and emergency response coordination.
    Application tier Desired RTO (hh:mm) Desired RPO (hh:mm) Achievable RTO (hh:mm) Achievable RPO (hh:mm)
    Tier 1 4:00 1:00 *90:00 1:00
    Tier 2 8:00 1:00 *40:00 1:00
    Tier 3 48:00 24:00 *96:00 24:00

    The above table to is a snippet from the XMPL DR Summary Document (section 2.1.3.2).

    In the example, the DR team is unable to recover tier 1, 2, and 3 systems within the desired RTO. As such, they clearly communicate this information in the DRP summary, and include action items to address these gaps.

    Phase 2: Select the Optimal DRP Publishing Strategy

    Step 2.1: Select a DRP Publishing Strategy

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Select criteria for assessing DRP tools.
    • Evaluate categories for DRP tools.
    • Optional: Write an RFP for a BCM tool.

    This step involves the following participants:

    • DRP Owner

    Outcomes of this step

    • Identified strategies for publishing your DRP (i.e. making it available to your DR team).

    Info-Tech Insights

    Diversify your publishing strategy to ensure you can access your DRP in a disaster. For example, if you are using a BCM tool or SharePoint Online as your primary documentation repository, also push the DRP to your DR team’s smartphones as a backup in case the disaster affects internet access.

    2.1 — Select a DR publishing and document management strategy that fits your organization

    Publishing and document management considerations:

    Portability/External Access: Assume your primary site is down and inaccessible. Can you still access your documentation? As shown in this chart, traditional strategies of either keeping a copy at another location (e.g. at the failover site) or with staff (e.g. on a USB drive) still dominate, but these aren’t necessarily the best options.
    A bar chart titled 'Portability Strategy Popularity'. 'External Website (wiki site, cloud-based DRP tool, etc.)' scored 16%. 'Failover Site (network drive or redundant SharePoint, etc.)' scored 53%. 'Distribute to Staff (use USB drive, personal email, etc.)' scored 50%. 'Not Accessible Offsite' scored 7%.
    Note: Percentages total more than 100% due to respondents using more than one portability strategy.
    (Source: Info-Tech Research Group, N=118)
    Maintainability/Usability: How easy is it to create, update, and use the documentation? Is it easy to link to other documents as shown in the flowchart and checklist examples? Is there version control? Lack of version control can create a maintenance nightmare as well as issues in a crisis if staff are questioning whether they have the right version.
    Cost/Effort: Is the cost and effort appropriate? For example, a large enterprise may need a formal solution (e.g. DRP tools or SharePoint), but the cost might be hard to justify for a smaller company.

    Pros and cons of potential strategies

    This section will review the following strategies, their pros and cons, and how they meet publishing and document management requirements:

    • DRP tools (e.g. eBRP, Recovery Planner, LDRPS)
    • In-house solutions combining SharePoint and MS Office (or equivalent)
    • Wiki site
    • “Manual” approaches such as storing documents on a USB drive

    Avoid 42 hours of downtime due to a non-diversified publishing strategy

    CASE STUDY

    Industry Municipality
    Source Interview

    Situation

    • A municipal government has recently completed an end-to-end disaster recovery plan.
    • The team is feeling good about the fact that they were able to identify:
      • Relative criticality of applications.
      • Dependencies for each application.
      • Incident response plans for the current state and desired state.
      • System recovery procedures.

    Challenge

    • While the DR plan itself was comprehensive, the team only published the DR onto the government’s network drives.
    • A power generation issue caused power to be shut down, which in turn cascaded into downtime for the network.
    • Once the network was down, their DRP was inaccessible.

    Insights

    • Each piece of documentation that was created could have contributed to recovery efforts. However, because they were inaccessible, there was a delayed response to the incident. The result was 42 hours of downtime for end users.
    • Having redundant publishing strategies is just like having redundant IT infrastructure. In the event of downtime, not only do you need to have DR documentation, but you also need to make sure that it is accessible.

    Decide on a DR publishing strategy by looking at portability, maintainability, cost, and required effort

    Supporting Tool icon 2.1.1 DRP Publishing and Management Evaluation Tool

    Use the information included in Step 2.1 to guide your analysis of DRP publishing solutions.

    The tool enables you to compare two possible solutions based on these key considerations discussed in this section:

    • Portability/external access
    • Maintainability/usability
    • Cost
    • Effort

    The right choice will depend on factors such as current in-house tools, maturity around document management, the size of your IT department, and so on.

    For example, a small shop may do very well with the USB drive strategy, whereas a multi-national company will need a more formal strategy to manage consistent DRP distribution.

    Preview of Info-Tech's 'DRP Publishing and Management Solution Evaluation Tool'.

    The DRP Publishing and Management Solution Evaluation Tool helps you to evaluate the tools included in this section.

    Don’t think of a business continuity management (BCM) tool as a silver bullet; know what you’re getting out of it

    Portability/External Access:
    • Pros: Typically a SaaS option provides built-in external access with appropriate security and user administration to vary access rights.
    • Cons: Degree of external access is often dependent on the vendor.
    Maintainability/Usability:
    • Pros: Built-in templates encourage consistency and guide initial content development by indicating what details need to be captured.
    • Pros: Built-in document management (e.g. version control, metadata support), centralized access/navigation to required documents, and some automation (e.g. update contacts throughout the system).
    • Cons: Not a silver bullet. You still have to do the work to define and capture your processes.
    • Cons: Requires end-user and administrator training.
    Cost/Effort:
    • Pros: For large enterprises, the convenience of built-in document management and templates can outweigh the cost.
    • Cons: Expect leading DRP tools to cost $20K or more per year.

    About this approach:
    BCM tools are solutions that provide templates, tools, and document management to create BC and DR documentation.

    Info-Tech Insight

    The business case for a BCM tool is built by answering the following questions:

    • Will the BCM tool solve an unmet need?
    • Will the tool be more effective and efficient than an in-house solution?
    • Will the solution provide enhanced capabilities that an in-house solution cannot provide?

    If you cannot get a satisfactory answer to each of these questions, then opt for an in-house solution.

    “We explored a DRP tool, and it was something we might have used, but it was tens of thousands of pounds per year, so it didn’t stack up financially for us at all.” (Rik Toms, Head of Strategy – IP and IT, Cable and Wireless Communications)

    For in-house solutions, leverage tools such as SharePoint to provide document management capabilities

    Portability/External Access:
    • Pros: SharePoint is commonly web-enabled and supports external access with appropriate security and user administration.
    • Cons: Must be installed at redundant sites or be cloud-based to be effective in a crisis that takes down your primary data center.
    Maintainability/Usability:
    • Pros: Built-in document management (e.g. version control, metadata support) as well as centralized access/navigation to required documents.
    • Pros: No tool learning curve – SharePoint and MS Office would be existing solutions already used on a daily basis.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Using existing tools, so this is a sunk cost in terms of capex.
    • Cons: Additional effort required to create templates and manage the documentation library.

    About this approach:
    DRPs and SOPs most often start as MS Office documents, even if there is a DRP tool available. For organizations that elect to bypass a formal DRP tool, and most do, the biggest gap they have to overcome is document management.

    Many organizations are turning to SharePoint to meet this need. For those that already have SharePoint in place, it makes sense to further leverage SharePoint for DR documentation and day-to-day SOPs.

    For SharePoint to be a practical solution, the documentation must still be accessible if the primary data center is down, e.g. by having redundant SharePoint instances at multiple in-house locations, or using a cloud-based SharePoint solution.

    “Just about everything that a DR planning tool does, you can do yourself using homegrown solutions or tools that you're already familiar with such as Word, Excel, and SharePoint.” (Allen Zuk, President and CEO, Sierra Management Consulting)

    A healthcare company uses SharePoint as its DRP and SOP documentation management solution

    CASE STUDY Healthcare

    • This organization is responsible for 50 medical facilities across three states.
    • It explored DRP tools, but didn’t find the right fit, so it has developed an in-house solution based in SharePoint. While DRP tools have improved, the organization no longer needs that type of solution. Its in-house solution is meeting its needs.
    • It has SharePoint instances at multiple locations to ensure availability if one site is down.

    Documentation Strategy

    • Created an IT operations library in SharePoint for DR and SOPs, from basic support to bare-metal restore procedures.
    • SOPs are linked from SharePoint to the virtual help desk for greater accessibility.
    • Where practical, diagrams and flowcharts are used, e.g. DR process flowcharts and network services SOPs dominated by diagrams and flowcharts.

    Management Strategy

    • Directors and the CIO have made finishing off SOPs their performance improvement objective for the year. The result is staff have made time to get this work done.
    • Status updates are posted monthly, and documentation is a regular agenda item in leadership meetings.
    • Regular tabletop testing validates documentation and ensures familiarity with procedures, including where to find required information.

    Results

    • Dependency on a few key individuals has been reduced. All relevant staff know what they need to do and where to access required documentation.
    • SOPs are enabling DR training as well as day-to-day operations training for new staff.
    • The organization has a high confidence in its ability to recovery from a disaster within established timelines.

    Explore using a wiki site as an inexpensive alternative to SharePoint and other content management solutions

    Portability/External Access:
    • Pros: Wiki sites can support external access as with any web solution.
    • Cons: Must be installed at redundant sites, hosted, or cloud-based to be effective in a crisis that takes down your primary data center.
    Maintainability/Usability:
    • Pros: Built-in document management (version control, metadata support, etc.) as well as centralized access/navigation to required information.
    • Pros: Authorized users can make updates dynamically, depending on how much restriction you have on the site.
    • Cons: No built-in automation (e.g. automated updates to contacts throughout the system).
    • Cons: Consistency depends on creating templates and implementing processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: An inexpensive option compared to traditional content management solutions such as SharePoint.
    • Cons: Learning curve if wikis are new to your organization.

    About this approach:
    Wiki sites are websites where users collaborate to create and edit the content. Wikipedia is an example.

    While wiki sites are typically used for collaboration and dynamic content development, the traditional collaborative authoring model can be restricted to provide structure and an approval process.

    Several tools are available to create and manage wiki sites (and other collaboration solutions), as outlined in the following research:

    Info-Tech Insight

    If your organization is not already using wiki sites, this technology can introduce a culture shock. Start slow by using a wiki site within a specific department or for a particular project. Then evaluate how well your staff adapt to this technology as well as its potential effectiveness in your organization. Refer to our collaboration strategy research for additional guidance.

    For small IT shops, distributing documentation to key staff (e.g. via a USB drive) can still be effective

    Portability/External Access:
    • Pros: Appropriate staff have the documentation with them; there is no need to log into a remote site or access a tool to get at the information.
    • Cons: Relies on staff to be diligent about ensuring they have the latest documentation and keep it with them (not leave it in their desk drawer).
    Maintainability/Usability:
    • Pros: With this strategy, MS Office (or equivalent) is used to create and maintain the documentation, so there is no learning curve.
    • Pros: Simple, straightforward methodology – keep the master on a network drive, and download a copy to your USB drive.
    • Cons: No built-in automation (e.g. automated updates to contact information) or document management (e.g. version control).
    • Cons: Consistency depends on creating templates and implementing rigid processes for document updates, review, and approval.
    Cost/Effort:
    • Pros: Little to no cost and no tool management required.
    • Cons: “Manual” document management requires strict attention to process for version control, updates, approvals, and distribution.

    About this approach:
    With this strategy, your ERT and key IT staff keep a copy of your DRP and relevant documentation with them (e.g. on a USB drive). If the primary site experiences a major event, they have ready access to the documentation.

    Fifty percent of respondents in our recent survey use this strategy. A common scenario is to use a shared network drive or a solution such as SharePoint as the master centralized repository, but distribute a copy to key staff.

    Info-Tech Insight

    This approach can have similar disadvantages as using hard copies. Ensuring the USB drives are up to date, and that all staff who might need access have a copy, can become a burdensome process. More often, USB drives are updated periodically, so there is the risk that the information will be out of date or incomplete.

    Avoid extensive use of paper copies of DR documentation

    DR documents need to be easy to update, accessible from anywhere, and searchable. Paper doesn’t meet these needs.

    Portability/External Access:
    • Pros: Does not rely on technology or power.
    • Cons: Requires all staff who might be involved in a DR to have a copy, and to have it with them at all times, to truly have access at any time from anywhere.
    Maintainability/Usability:
    • Pros: In terms of usability, again there is no dependence on technology.
    • Cons: Updates need to be printed and distributed to all relevant staff every time there is a change to ensure staff have access to the latest, most accurate documentation if a disaster occurred. You can’t schedule disasters, so information needs to be current all the time.
    • Cons: Navigation to other information is manual – flipping through pages, etc. No searching or hyperlinks.
    Cost/Effort:
    • Pros: No technology system to maintain, aside from what you use for printing.
    • Cons: Printing expenses are actually among the highest incurred by organizations, and this adds to it.
    • Cons: Labor intensive due to need to print and physically distribute documentation updates.

    About this approach:
    Traditionally DRPs are printed and distributed to managers and/or kept in a central location at both the primary site and a secondary site. In addition, wallet cards are distributed that contain key information such as contact numbers.

    A wallet card or even a few printed copies of your high-level DRP for general reference can be helpful, but paper is not a practical solution for your overall DR documentation library, particularly when you include SOPs for recovery procedures.

    One argument in favor of paper is there is no dependency on power during a crisis. However, in a power outage, staff can use smartphones and potentially laptops (with battery power) to access electronically stored documentation to get through first response steps. In addition, your DR site should have backup power to be an appropriate recovery site.

    Optional: Partial list of BCM tool vendors

    A partial list of BCM tool vendors, including: Business Protector, catalyst, clearview, ContinuityLogic. Fusion, Logic Manager, Quantivate, RecoveryPlanner.com, MetricStream, SimpleRisk, riskonnect, Strategic BCP - ResilienceONE, RSA, and Sungard Availability Services.

    The list is only a partial list of BCM tool vendors. The order in which vendors are presented, and inclusion in this list, does not represent an endorsement.

    Optional: Use our list of requirements as a foundation for selecting and reviewing BCM tools

    Supporting Tool icon 2.1.2 BCM Tool – RFP Selection Criteria

    If a BCM tool is the best option for your environment, expedite the evaluation process with our BCM Tool – RFP Selection Criteria.

    Through advisory services, workshops, and consulting engagements, we have created this BCM Tool Requirements List. The featured requirements includes the following categories:

    1. Integrations
    2. Planning and Monitoring
    3. Administration
    4. Architecture
    5. Security
    6. Support and Training
    Preview of the Info-Tech template 'BCM Tool – RFP Selection Criteria'.

    This BCM Tool – RFP Selection Criteria can be appended to an RFP. You can leverage Info-Tech’s RFP Template if your organization does not have one.

    Info-Tech can write full RFPs

    As part of a consulting engagement, Info-Tech can write RFPs for BCM tools and provide a customized scoring tool based on your environment’s unique requirements.

    Phase 3: Keep Your DRP Relevant Through Maintenance Best Practices

    Step 3.1: Integrate DRP maintenance into core IT processes

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    • Integrate DRP maintenance with Project Management.
    • Integrate DRP considerations into Change Management.
    • Integrate with Performance Management.

    This step involves the following participants:

    • DRP Owner
    • Head of Project Management Office
    • Head of Change Advisory Board
    • CIO

    Outcomes of this step

    • Updated project intake form.
    • Updated change management practice.
    • Updated performance appraisals.

    3.1 — Incorporate DRP maintenance into core IT processes

    Focusing on these three processes will help ensure that your plan stays current, accurate, and usable.

    The Info-Tech / COBIT5 'IT Management and Governance Framework' with three processes highlighted: 'MEA01 Performance Measurement', 'BAI06 Change Management', and 'BAI01 Project Management'.

    Info-Tech Best Practice

    Prioritize quick wins that will have large benefits. The advice presented in this section offers easy ways to help keep your DRP up to date. These simple solutions can save a lot of time and effort for your DRP team as opposed to more intricate changes to the processes above.

    Assess how new projects impact service criticality and DR requirements upfront during project intake

    Icon for process 'BAI01 Project Management'.
    Supporting Tool icon 3.1.1 Sample Project Intake Form Addendum

    Understand the RTO/RPO requirements and IT impacts for new or enhanced services to ensure appropriate provisioning and overall DRP updates.

    • Have submitters include service continuity requirements. This information can be inserted into your business impact analysis. Use similar language that you use in your own BIA.
      • The submitter should know how critical the resulting project will be. Any items that the submitter doesn’t know, the Project Steering Committee should investigate.
    • Have IT assess the impact on the DRP. The submitter will not know how the DRP will be impacted directly. Ask the project committee to consider how DRP documentation and the DR environment will need to be changed due to the project under consideration.

    Note: The goal is not to make DR a roadblock, but rather to ensure project requirements will be met – including availability and DR requirements.

    Preview of the Info-Tech template 'Project Intake Form'.

    This Project Intake Form asks the submitter to fill out the availability and criticality requirements for the project.

    Leverage your change management process to identify required DRP updates as they occur

    Icon for process 'BAI06 Change Management'.

    Avoid the year-end rush to update your DRP. Keeping it up to date as changes occur saves time in the long run and ensures your plan is accurate when you need it.

    • As part of your change management process, identify potential updates to:
      • System documentation (e.g. configuration settings).
      • Recovery procedures (e.g. if a system has been virtualized, that changes the recovery procedure).
      • Your DR environment (e.g. system configuration updates for standby systems).
    • Keep track of how often a system has changed. Relevant DRP documentation might be due for a deeper review:
      • After a system has been changed ten times (even from routine changes), notify your DRP Manager to flag the relevant DRP documentation for review.
      • As part of formal DRP reviews, pay closer attention to DRP documentation for the flagged systems.
    Preview of the Info-Tech template 'Disaster Recovery Change Management'.

    This template asks the submitter to fill out the availability and criticality requirements for the project.

    For change management best practices beyond DRP considerations, please see Optimize Change Management.

    Integrate documentation into performance measurement and performance management

    Icon for process 'MEA01 Performance Measurement'.

    Documentation is a necessary evil – few like to create it and more immediate tasks take priority. If it isn’t scheduled and prioritized, it won’t happen.

    Why documentation is such a challenge

    How management can address these challenges

    We all know that IT staff typically do not like to write documentation. That’s not why they were hired, and good documentation is not what gets them promoted. Include documentation deliverables in your IT staff’s performance appraisal to stress the importance of ensuring documentation is up to date, especially where it might impact DR success.
    Similarly, documentation is secondary to more urgent tasks. Time to write documentation is often not allocated by project managers. Schedule time for developing documentation, just like any other project, or it won’t happen.
    Writing manuals is typically a time-intensive task. Focus on what is necessary for another experienced IT professional to execute the recovery. As discussed earlier, often a diagram or checklist is good enough and actually far more usable in a crisis.

    “Our directors and our CIO have tied SOP work to performance evaluations, and SOP status is reviewed during management meetings. People have now found time to get this work done.” (Assistant Director – IT Operations, Healthcare Industry)

    Step 3.2: Conduct an Annual Focused Review

    PHASE 1
    PHASE 2
    PHASE 3
    1.11.21.32.13.13.2
    Start with a Recovery WorkflowCreate Supporting DocumentationWrite the DRP SummarySelect DRP Publishing StrategyIntegrate into Core IT ProcessesConduct an Annual Focused Review

    This step will walk you through the following activities:

    1. Identify components of your DRP to refresh.
    2. Identify organizational changes requiring further focus.
    3. Test your DRP and identify problems.
    4. Correct problems identified with DRP.

    This step involves the following participants:

    • DRP Owner
    • System SMEs
    • Backup DR Personnel

    Outcomes of this step

    • An actionable, up-to-date DRP.

    Info-Tech Insight

    Testing is a waste of time and resources if you do not fix what’s broken. Tabletop testing is effective at uncovering gaps in your DR processes, but if you don’t address those gaps, then your DRP will still be unusable in a disaster.

    Set up a safety net to capture changes that slipped through the cracks with a focused review process

    Evaluate documentation supporting high-priority systems, as well as documentation supporting IT systems that have been significantly changed.

    • Ideally you’re maintaining documentation as you go along. But you need to have an annual review to catch items that may have slipped through.
    • Don’t review everything. Instead, review:
      • IT systems that have had 10+ changes: small changes and updates can add up over time. Ensure:
        • The plans for these systems are updated for changes (e.g. configuration changes).
        • SMEs and backup personnel are familiar with the changes.
      • Tier 1 / Gold Systems: Ensure that you can still recover tier 1 systems with your existing DRP documentation.
    • Track documentation issues that you discovered with your ticketing system or service desk tool to ensure necessary documentation changes are made.
    1. Annual Focused Review
    2. Tier 1 Systems
    3. Significantly Changed Systems
    4. Organizational Changes

    Identify larger changes, both organizational and within IT, that necessitate DRP updates

    During your focused review, consider how organizational changes have impacted your DRP.

    The COBIT 5 Enablers provide a foundation for this analysis. Consider:

    • Changes in regulatory requirements: Are there new requirements for IT that are not reflected in your DRP? Is the organization required to comply with any additional regulations?
    • Changes to organizational structures, business processes, and how employees work: Can employees still be productive once tier 1 services are restored or have RTOs changed? Has organizational turnover impacted your DRP?
    • SMEs leaving or changing roles: Can IT still execute your DRP? Are there still people for all the key roles?
    • Changes to IT infrastructure and applications: Can the business still access the information they need during a disaster? Is your BIA still accurate? Do new services need to be considered tier 1?

    Info-Tech Best Practice

    COBIT 5 Enablers
    What changes need to be reflected in your DRP?

    A cycle visualization titled 'Disaster Recovery Plan'. Starting at 'Changes in Regulatory Requirements', it proceeds clockwise to 'Organizational Structure', 'Changes in Business Processes', and 'How Employees Work', before it returns to DRP. Then 'Changes to Applications', 'Changes to Infrastructure', 'SMEs Leaving or Changing Roles', and then back to the DRP.

    Create a plan during your annual focused review to test your DRP throughout the year

    Regardless of your documentation approach, training and familiarity with relevant procedures is critical.

    • Start with tabletop exercises and progress to technology-based testing (simulation, parallel, and full-scale testing).
    • Ask staff to reference documentation while testing, even if they do not need to. This practice helps to confirm documentation accuracy and accessibility.
    • Incorporate cross-training in DR testing. This gives important experience to backup personnel and will further validate that documents are complete and accurate.
    • Track any discovered documentation issues with your ticketing system or project tracking tools to ensure necessary documentation changes are made.

    Example Test Schedule:

    1. Q1: Tabletop testing shadowed by backup personnel
    2. Q2: Tabletop testing led by backup personnel
    3. Q3: Technology-based testing
    4. Annual Focused Review: Review Results

    Reference this blueprint for guidance on DRP testing plans: Reduce Costly Downtime Through DR Testing

    Appendix A: XMPL Case Study

    Follow XMPL Medical’s journey through DR documentation

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Streamline your documentation and maintenance process by following the approach outlined in XMPL Medical’s journey to an end-to-end DRP.

    Outline of the Disaster Recovery Plan

    XMPL’s disaster recovery plan includes its business impact analysis and a subset of tier 1 and tier 2 patient care applications.

    Its DRP includes incident response flowcharts, system recovery checklists, and a communication plan. Its DRP also references IT operations documentation (e.g. asset management documents, system specs, and system configuration docs), but this material is not published with the example documentation.

    Resulting Disaster Recovery Plan

    XMPL’s DRP includes actionable documents in the form of high-level disaster response plan flowcharts and system recovery checklists. During an incident, the DR team is able to clearly see the items for which they are responsible.

    Disaster Recovery Plan
    • Recovery Workflow
    • Business Impact Analysis
    • DRP Summary
    • System Recovery Checklists
    • Communication, Assessment, and Disaster Declaration Plan

    Info-Tech Best Practice

    XMPL Medical’s disaster recovery plan illustrates an effective DRP. Model your end-to-end disaster recovery plan after XMPL’s completed templates. The specific data points will differ from organization to organization, but the structure of each document will be similar.

    Model your disaster recovery documentation off of our example

    CASE STUDY

    Industry Healthcare
    Source Created by amalgamating data from Info-Tech’s client base

    Recovery Workflow:

    • Recovery Workflows (PDF, VSDX)

    Recovery Procedures (Systems Recovery Playbook):

    • DR Notification, Assessment, and Disaster Declaration Plan
    • Systems Recovery Playbook
    • Network Topology Diagrams

    Additional Reference Documentation:

    • DRP Workbook
    • Business Impact Analysis
    • DRP Summary Document

    Use our structure to create your practical disaster recovery plan.

    Appendix B: Summary, Next Steps, and Bibliography

    Insight breakdown

    Use visual-based documentation instead of a traditional DRP manual.

    • Flowcharts, checklists, and diagrams are more concise, easier to maintain, and more effective in a crisis.
    • Write for an IT audience and focus on how to recover. You don’t need 30 pages of fluff describing the purpose of the document.

    Create your DRP in layers to keep the work manageable.

    • Start with a recovery workflow to ensure a coordinated response, and build out supporting documentation over time.

    Prioritize quick wins to make DRP maintenance easier and more likely to happen.

    • Incorporate DRP maintenance into change management and project intake procedures to systematically update and refine the DR documentation. Don’t save up changes for a year-end blitz, which turns document maintenance into an onerous project.

    Summary of accomplishment

    Knowledge Gained

    • How to create visual-based DRP documentation
    • How to integrate DRP maintenance into core IT processes

    Processes Optimized

    • DRP documentation creation
    • DRP publishing tool selection
    • DRP documentation maintenance

    Deliverables Completed

    • DRP documentation
    • Strategy for publishing your DRP
    • Modified project-intake form
    • Change management checklist for DR considerations

    Project step summary

    Client Project: Document and Maintain Your Disaster Recovery Plan

    • Create a recovery workflow.
    • Create supporting DRP documentation.
    • Write a summary for your DRP.
    • Decide on a publishing strategy.
    • Incorporate DRP maintenance into core IT processes.
    • Conduct an annual focused review.

    Info-Tech Insight

    This project has the ability to fit the following formats:

    • Onsite workshop by Info-Tech Research Group consulting analysts.
    • Do-it-yourself with your team.
    • Remote delivery (Info-Tech Guided Implementation).

    Related Info-Tech research

    Create a Right-Sized Disaster Recovery Plan
    Close the gap between your DR capabilities and service continuity requirements.

    Reduce Costly Downtime Through DR Testing
    Improve the accuracy of your DRP and your team’s ability to efficiently execute recovery procedures through regular DR testing.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind
    Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.

    Prepare for a DRP Audit
    Assess your current DRP maturity, identify required improvements, and complete an audit-ready DRP summary document.

    Bibliography

    A Structured Approach to Enterprise Risk Management (ERM) and the Requirements of ISO 31000. The Association of Insurance and Risk Managers, Alarm: The Public Risk Management Association, and The Institute of Risk Management, 2010.

    “APO012: Manage Risk.” COBIT 5: Enabling Processes. ISACA, 2012.

    Bird, Lyndon, Ian Charters, Mel Gosling, Tim Janes, James McAlister, and Charlie Maclean-Bristol. Good Practice Guidelines: A Guide to Global Good Practice in Business Continuity. Global ed. Business Continuity Institute, 2013.

    COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. ISACA, 2012.

    “EDM03: Ensure Risk Optimisation.” COBIT 5: Enabling Processes. ISACA, 2012.

    Risk Management. ISO 31000:2009.

    Rothstein, Philip Jan. Disaster Recovery Testing: Exercising Your Contingency Plan. Rothstein Associates: 1 Oct. 2007.

    Societal Security – Business continuity management systems – Guidance. ISO 22313:2012.

    Societal Security – Business continuity management systems – Requirements. ISO 22301:2012.

    Understanding and Articulating Risk Appetite. KPMG, 2008.

    Lead Staff through Change

    • Buy Link or Shortcode: {j2store}510|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: High Impact Leadership
    • Parent Category Link: /lead
    • Sixty to ninety percent of change initiatives fail, costing organizations dollars off the bottom line and lost productivity.
    • Seventy percent of change initiatives fail because of people-related issues, which place a major burden on managers to drive change initiatives successfully.
    • Managers are often too busy focusing on the process elements of change; as a result, they neglect major opportunities to leverage and mitigate staff behaviors that affect the entire team.

    Our Advice

    Critical Insight

    • Change is costly, but failed change is extremely costly. Managing change right the first time is worth the time and effort.
    • Staff pose the biggest opportunity and risk when implementing a change – managers must focus on their teams in order to maintain positive change momentum.
    • Large and small changes require the same change process to be followed but at different scales.
    • The size of a change must be measured according to the level of impact the change will have on staff, not how executives and managers perceive the change.
    • To effectively lead their staff through change, managers must anticipate staff reaction to change, develop a communication plan, introduce the change well, help their staff let go of old behaviors while learning new ones, and motivate their staff to adopt the change.

    Impact and Result

    • Anticipate and respond to staff questions about the change in order to keep messages consistent, organized, and clear.
    • Manage staff based on their specific concerns and change personas to get the best out of your team during the transition through change.
    • Maintain a feedback loop between staff, executives, and other departments in order to maintain the change momentum and reduce angst throughout the process.

    Lead Staff through Change Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Learn how to manage people throughout the change process

    Set up a successful change adoption.

    • Storyboard: Lead Staff through Change

    2. Learn the intricacies of the change personas

    Correctly identify which persona most closely resembles individual staff members.

    • None

    3. Assess the impact of change on staff

    Ensure enough time and effort is allocated in advance to people change management.

    • Change Impact Assessment Tool

    4. Organize change communications messages for a small change

    Ensure consistency and clarity in change messages to staff.

    • Basic Business Change Communication Worksheet

    5. Organize change communications messages for a large change

    Ensure consistency and clarity in change messages to staff.

    • Advanced Business Change Description Form

    6. Evaluate leadership of the change process with the team

    Improve people change management for future change initiatives.

    • Change Debrief Questionnaire
    [infographic]

    Security Priorities 2022

    • Buy Link or Shortcode: {j2store}244|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Ransomware activities and the cost of breaches are on the rise.
    • Cybersecurity talent is hard to find, and an increasing number of cybersecurity professionals are considering leaving their jobs.
    • Moving to the digital world increases the risk of a breach.

    Our Advice

    Critical Insight

    • The pandemic has fundamentally changed the technology landscape. Security programs must understand how their threat surface is now different and adapt their controls to meet the challenge.
    • The upside to the upheaval in 2021 is new opportunities to modernize your security program.

    Impact and Result

    • Use the report to ensure your plan in 2022 addresses what’s important in cybersecurity.
    • Understand the current situation in the cybersecurity space.

    Security Priorities 2022 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Security Priorities 2022 – A report that describes priorities and recommendations for CISOs in 2022.

    Use this report to understand the current situation in the cybersecurity space and inform your plan for 2022. This report includes sections on protecting against and responding to ransomware, acquiring and retaining talent, securing a remote workforce, securing digital transformation, and adopting zero trust.

    • Security Priorities for 2022 Report

    Infographic

    Further reading

    Security Priorities 2022

    The pandemic has changed how we work

    disruptions to the way we work caused by the pandemic are here to stay.

    The pandemic has introduced a lot of changes to our lives over the past two years, and this is also true for various aspects of how we work. In particular, a large workforce moved online overnight, which shifted the work environment rapidly.

    People changed how they communicate, how they access company information, and how they connect to the company network. These changes make cybersecurity a more important focus than ever.

    Although changes like the shift to remote work occurred in response to the pandemic, they are largely expected to remain, regardless of the progression of the pandemic itself. This report will look into important security trends and the priorities that stemmed from these trends.

    30% more professionals expect transformative permanent change compared to one year ago.

    47% of professionals expect a lot of permanent change; this remains the same as last year. (Source: Info-Tech Tech Trends 2022 Survey; N=475)

    The cost of a security breach is rising steeply

    The shift to remote work exposes organizations to more costly cyber incidents than ever before.

    $4.24 million

    Average cost of a data breach in 2021
    The cost of a data breach rose by nearly 10% in the past year, the highest rate in over seven years.

    $1.07 million

    More costly when remote work involved in the breach

    The average cost of breaches where remote work is involved is $1.07 million higher than breaches where remote work is not involved.

    The ubiquitous remote work that we saw in 2021 and continue to see in 2022 can lead to more costly security events. (Source: IBM, 2021)

    Remote work is here to stay, and the cost of a breach is higher when remote work is involved.

    The cost comes not only directly from payments but also indirectly from reputational loss. (Source: IBM, 2021)

    Security teams can participate in the solution

    The numbers are clear: in 2022, when we face a threat environment like WE’VE never EXPERIENCED before, good security is worth the investment

    $1.76 million

    Saved when zero trust is deployed facing a breach

    Zero trust controls are realistic and effective controls.

    Organizations that implement zero trust dramatically reduce the cost of an adverse security event.

    35%

    More costly if it takes more than 200 days to identify and contain a breach

    With increased BYOD and remote work, detection and response is more challenging than ever before – but it is also highly effective.

    Organizations that detect and respond to incidents quickly will significantly reduce the impact. (Source: IBM, 2021)

    Breaches are 34% less costly when mature zero trust is implemented.

    A fully staffed and well-prepared security team could save the cost through quick responses. (Source: IBM, 2021)

    Top security priorities and constraints in 2022

    Survey results

    As part of its research process for the 2022 Security Priorities Report, Info-Tech Research Group surveyed security and IT leaders (N=97) to ask their top security priorities as well as their main obstacles to security success in 2022:

    Top Priorities
    A list of the top three priorities identified in the survey with their respective percentages, 'Acquiring and retaining talent, 30%', 'Protecting against and responding to ransomware, 23%', and 'Securing a remote workforce, 23%'.

    Survey respondents were asked to force-rank their security priorities.

    Among the priorities chosen most frequently as #1 were talent management, addressing ransomware threats, and securing hybrid/remote work.

    Top Obstacles
    A list of the top three obstacles identified in the survey with their respective percentages, 'Staffing constraints, 31%', 'Demand of ever-changing business environment, 23%', and 'Budget constraints, 15%'.

    Talent management is both the #1 priority and the top obstacle facing security leaders in 2022.

    Unsurprisingly, the ever-changing environment in a world emerging from a pandemic and budget constraints are also top obstacles.

    We know the priorities…

    But what are security leaders actually working on?

    This report details what we see the world demanding of security leaders in the coming year.

    Setting aside the demands – what are security leaders actually working on?

    A list of 'Top security topics among Info-Tech members' with accompanying bars, 'Security Strategy', 'Security Policies', 'Security Operations', 'Security Governance', and 'Security Incident Response'.

    Many organizations are still mastering the foundations of a mature cybersecurity program.

    This is a good idea!

    Most breaches are still due to gaps in foundational security, not lack of advanced controls.

    We know the priorities…

    But what are security leaders actually working on?

    A list of industries with accompanying bars representing their demand for security. The only industry with a significant positive percentage is 'Government'. Security projects included in annual plan relative to industry.

    One industry plainly stands out from the rest. Government organizations are proportionally much more active in security than other industries, and for good reason: they are common targets.

    Manufacturing and professional services are proportionally less interested in security. This is concerning, given the recent targeting of supply chain and personal data holders by ransomware gangs.

    5 Security Priorities for 2022 Logo for Info-Tech. Logo for ITRG.

    People

    1. Acquiring and Retaining Talent
      Create a good working environment for existing and potential employees. Invest time and effort into talent issues to avoid being understaffed.
    2. Securing a Remote Workforce
      Create a secure environment for users and help your people build safe habits while working remotely.

    Process

    1. Securing Digital Transformation
      Build in security from the start and check in frequently to create agile and secure user experiences.

    Technology

    1. Adopting Zero Trust
      Manage access of sensitive information based on the principle of least privilege.
    2. Protecting Against and Responding to Ransomware
      Put in your best effort to build defenses but also prepare for a breach and know how to recover.

    Main Influencing Factors

    COVID-19 Pandemic
    The pandemic has changed the way we interact with technology. Organizations are universally adapting their business and technology processes to fit the post-pandemic paradigm.
    Rampant Cybercrime Activity
    By nearly every conceivable metric, cybercrime is way up in the past two years. Cybercriminals smell blood and pose a more salient threat than before. Higher standards of cybersecurity capability are required to respond to this higher level of threat.
    Remote Work and Workforce Reallocation
    Talented IT staff across the globe enabled an extraordinarily fast shift to remote and distance work. We must now reckon with the security and human resourcing implications of this huge shift.

    Acquire and Retain Talent

    Priority 01

    Security talent was in short supply before the pandemic, and it's even worse now.

    Executive summary

    Background

    Cybersecurity talent has been in short supply for years, but this shortage has inflected upward since the pandemic.

    The Great Resignation contributed to the existing talent gap. The pandemic has changed how people work as well as how and where they choose work. More and more senior workers are retiring early or opting for remote working opportunities.

    The cost to acquire cybersecurity talent is huge, and the challenge doesn’t end there. Retaining top talent can be equally difficult.

    Current situation

    • A 2021 survey by ESG shows that 76% of security professional agree it’s difficult to recruit talent, and 57% said their organization is affected by this talent shortage.
    • (ISC)2 reports there are 2.72 million unfilled job openings and an increasing workforce gap (2021).

    2.72 million unfilled cybersecurity openings (Source: (ISC)2, 2021)

    IT leaders must do more to attract and retain talent in 2022

    • Over 70% of IT professionals are considering quitting their jobs (TalentLMS, 2021). Meanwhile, 51% of surveyed cybersecurity professionals report extreme burnout during the last 12 months and many of them have considered quitting because of it (VMWare, 2021).
    • Working remotely makes it easier for people to look elsewhere, lowering the barrier to leaving.
    • This is a big problem for security leaders, as cybersecurity talent is in very short supply. The cost of acquiring and retaining quality cybersecurity staff in 2022 is significant, and many organizations are unwilling or unable to pay the premium.
    • Top talent will demand flexible working conditions – even though remote work comes with security risk.
    • Most smart, talented new hires in 2022 are demanding to work remotely most of the time.
    Top reasons for resignations in 2021
    Burnout 30%
    Other remote opportunities 20%
    Lack of growth opportunities 20%
    Poor culture 20%
    Acquisition concerns 10%
    (Source: Survey of West Coast US cybersecurity professionals; TechBeacon, 2021)

    Talent will be 2022’s #1 strength and #1 weakness

    Staffing obstacles in 2022:

    “Attracting and retaining talent is always challenging. We don’t pay as well and my org wants staff in the office at least half of the time. Most young, smart, talented new hires want to work remotely 100 percent of the time.“

    “Trying to grow internal resources into security roles.”

    “Remote work expectations by employees and refusal by business to accommodate.”

    “Biggest obstacle: payscales that are out of touch with cybersecurity market.”

    “Request additional staff. Obtaining funding for additional position is most significant obstacle.”

    (Info-Tech Tech Security Priorities Survey 2022)
    Top obstacles in 2022:

    As you can see, respondents to our security priorities survey have strong feelings on the challenges of staffing a cybersecurity team.

    The growth of remote work means local talent can now be hired by anybody, vastly increasing your competition as an employer.

    Hiring local will get tougher – but so will hiring abroad. People who don’t want to relocate for a new job now have plenty of alternatives. Without a compelling remote work option, you will find non-local prospects unwilling to move for a new job.

    Lastly, many organizations are still reeling at the cost of experienced cybersecurity talent. Focused internal training and development will be the answer for many organizations.

    Recommended Actions

    Provide career development opportunities

    Many security professionals are dissatisfied with their unclear career development paths. To improve retention, organizations should provide their staff with opportunities and clear paths for career and skills advancement.

    Be open-minded when hiring

    To broaden the candidate pool, organizations should be open-minded when considering who to hire.

    • Enable remote work.
    • Do not fixate on certificates and years of experience; rather, be open to developing those who have the right interest and ability.
    • Consider using freelance workers.
    Facilitate work-life balance

    Many security professionals say they experience burnout. Promoting work-life balance in your organization can help retain critical skills.

    Create inclusive environment

    Hire a diverse team and create an inclusive environment where they can thrive.

    Talent acquisition and retention plan

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Address a top priority and a top obstacle with a plan to attract and retain top organizational and cybersecurity talent.

    Initiative Description:

    • Provide secure remote work capabilities for staff.
    • Work with HR to refine a hiring plan that addresses geographical and compensation gaps with cybersecurity and general staff.
    • Survey staff engagement to identify points of friction and remediate where needed.
    • Define a career path and growth plan for staff.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing down.
    Reduction in costs due to turnover and talent loss

    Other Expected Business Benefits:

    Arrow pointing up.
    Productivity due to good morale/ engagement
    Arrow pointing up.
    Improved corporate culture
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Big organizational and cultural changes
    • Increased attack surface of remote/hybrid workforce

    Related Info-Tech Research:

    Secure a Remote Workforce

    Priority 02

    Trends suggest remote work is here to stay. Addressing the risk of insecure endpoints can no longer be deferred.

    Executive summary

    Remote work poses unique challenges to cybersecurity teams. The personal home environment may introduce unauthorized people and unknown network vulnerabilities, and the organization loses nearly all power and influence over the daily cyber hygiene of its users.

    In addition, the software used for enabling remote work itself can be a target of cybersecurity criminals.

    Current situation

    • 70% of workers in technical services work from home.
    • Employees of larger firms and highly paid individuals are more likely to be working outside the office.
    • 80% of security and business leaders find that remote work has increased the risk of a breach.
    • (Source: StatCan, 2021)

    70% of tech workers work from home (Source: Statcan, 2021)

    Remote work demands new security solutions

    The security perimeter is finally gone

    The data is outside the datacenter.
    The users are outside the office.
    The endpoints are … anywhere and everywhere.

    Organizations that did not implement digital transformation changes following COVID-19 experience higher costs following a breach, likely because it is taking nearly two months longer, on average, to detect and contain a breach when more than 50% of staff are working remotely (IBM, 2021).

    In 2022 the cumulative risk of so many remote connections means we need to rethink how we secure the remote/hybrid workforce.

    Security
    • Distributed denial of service
    • DNS hijacking
    • Weak VPN protocols
    Identity
    • One-time verification allowing lateral movement
    Colorful tiles representing the surrounding security solutions. Network
    • Risk perimeter stops at corporate network edge
    • Split tunneling
    Authentication
    • Weak authentication
    • Weak password
    Access
    • Man-in-the-middle attack
    • Cross-site scripting
    • Session hijacking

    Recommended Actions

    Mature your identity management

    Compromised identity is the main vector to breaches in recent years. Stale accounts, contractor accounts, misalignment between HR and IT – the lack of foundational practices leads to headline-making breaches every week.
    Tighten up identity control to keep your organization out of the newspaper.

    Get a handle on your endpoints

    Work-from-home (WFH) often means unknown endpoints on unknown networks full of other unknown devices…and others in the home potentially using the workstation for non-work purposes. Gaining visibility into your endpoints can help to keep detection and resolution times short.

    Educate users

    Educate everyone on security best practices when working remotely:

    • Apply secure settings (not just defaults) to the home network.
    • Use strong passwords.
    • Identify suspicious email.
    Ease of use

    Many workers complain that the corporate technology solution makes it difficult to get their work done.

    Employees will take productivity over security if we force them to choose, so IT needs to listen to end users’ needs and provide a solution that is nimble and secure.

    Roadmap to securing remote/hybrid workforce

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    The corporate network now extends to the internet – ensure your security plan has you covered.

    Initiative Description:

    • Reassess enterprise security strategy to include the WFH attack surface (especially endpoint visibility).
    • Ensure authentication requirements for remote workers are sufficient (e.g. MFA, strong passwords, hardware tokens for high-risk users/connections).
    • Assess the value of zero trust networking to minimize the blast radius in the case of a breach.
    • Perform penetration testing annually.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing down.


    Reduced cost of security incidents/reputational damage

    Other Expected Business Benefits:

    Arrow pointing up.
    Improved ability to attract and retain talent
    Arrow pointing up.
    Increased business adaptability
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Potential disruption to traditional working patterns
    • Cost of investing in WFH versus risk of BYOD

    Related Info-Tech Research:

    Secure Digital Transformation

    Priority 03

    Digital transformation could be a competitive advantage…or the cause of your next data breach.

    Executive summary

    Background

    Digital transformation is occurring at an ever-increasing rate these days. As Microsoft CEO Satya Nadella said early in the pandemic, “We’ve seen two years’ worth of digital transformation in two months.”

    We have heard similar stories from Info-Tech members who deployed rollouts that were scheduled to take months over a weekend instead.

    Microsoft’s own shift to rapidly expand its Teams product is a prime example of how quickly the digital landscape has changed. The global adaption to a digital world has largely been a success story, but rapid change comes with risk, and there is a parallel story of rampant cyberattacks like we have never seen before.

    Insight

    There is an adage that “slow is smooth, and smooth is fast” – the implication being that fast is sloppy. In 2022 we’ll see a pattern of organizations working to catch up their cybersecurity with the transformations we all made in 2020.

    $1.78 trillion expected in digital transformation investments (Source: World Economic Forum, 2021)

    An ounce of security prevention versus a pound of cure

    The journey of digital transformation is a risky one.

    Digital transformations often rely heavily on third-party cloud service providers, which increases exposure of corporate data.

    Further, adoption of new technology creates a new threat surface that must be assessed, mitigations implemented, and visibility established to measure performance.

    However, digital transformations are often run on slim budgets and without expert guidance.

    Survey respondents report as much: rushed deployments, increased cloud migration, and shadow IT are the top vulnerabilities reported by security leaders and executives.

    In a 2020 Ponemon survey, 82% of IT security and C-level executives reported experiencing at least one data breach directly resulting from a digital transformation they had undergone.

    Scope creep is inevitable on any large project like a digital transformation. A small security shortcut early in the project can have dire consequences when it grows to affect personal data and critical systems down the road.

    Recommended Actions

    Engage the business early and often

    Despite the risks, organizations engage in digital transformations because they also have huge business value.

    Security leaders should not be seeking to slow or stop digital transformations; rather, we should be engaging with the business early to get ahead of risks and enable successful transformation.

    Establish a vendor security program

    Data is moving out of datacenters and onto third-party environments. Without security requirements built into agreements, and clear visibility into vendor security capabilities, that data is a major source of risk.

    A robust vendor security program will create assurance early in the process and help to reinforce the responsibility of securing data with other parts of the organization.

    Build/revisit your security strategy

    The threat surface has changed since before your transformation. This is the right time to revisit or rebuild your security strategy to ensure that your control set is present throughout the new environment – and also a great opportunity to show how your current security investments are helping secure your new digital lines of business!

    Educate your key players

    Only 16% of security leaders and executives report alignment between security and business processes during digital transformation.

    If security is too low a priority, then key players in your transformation efforts are likely unaware of how security risks impact their own success. It will be incumbent upon the CISO to start that conversation.

    Securing digital transformation

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Ensure your investment in digital transformation is appropriately secured.

    Initiative Description:

    • Engage security with digital transformation and relevant governance structures (steering committees) to ensure security considerations are built into digital transformation planning.
    • Incorporate security stage gates in project management procedures.
    • Establish a vendor security assessment program.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Increased likelihood of digital transformation success

    Other Expected Business Benefits:

    Arrow pointing up.
    Ability to make informed decisions for the field rep strategy
    Arrow pointing down.
    Reduced long-term cost of digital transformation
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Potential increased up front cost (reduced long-term cost)
    • Potential slowed implementation with security stage gates in project management

    Related Info-Tech Research:

    Adopt Zero Trust

    Priority 04

    Governments are recognizing the importance of zero trust strategies. So should your organization.

    Why now for zero trust?

    John Kindervag modernized the concept of zero trust back in 2010, and in the intervening years there has been enormous interest in cybersecurity circles, yet in 2022 only 30% of organizations report even beginning to roll out zero trust capabilities (Statista, 2022).

    Why such little action on a revolutionary and compelling model?

    Zero trust is not a technology; it is a principle. Zero trust adoption takes concerted planning, effort, and expense, for which the business value has been unclear throughout most of the last 10 years. However, several recent developments are changing that:

    • Securing technology has become very hard! The size, complexity, and attack surface of IT environments has grown significantly – especially since the pandemic.
    • Cyberattacks have become rampant as the cost to deploy harmful ransomware has become lower and the impact has become higher.
    • The shift away from on-premises datacenters and offices created an opening for zero trust investment, and zero trust technology is more mature than ever before.

    The time has come for zero trust adoption to begin in earnest.

    97% will maintain or increase zero trust budget (Source: Statista, 2022)

    Traditional perimeter security is not working

    Zero trust directly addresses the most prevalent attack vectors today

    A hybrid workforce using traditional VPN creates an environment where we are exposed to all the risks in the wild (unknown devices at any location on any network), but at a stripped-down security level that still provides the trust afforded to on-premises workers using known devices.

    What’s more, threats such as ransomware are known to exploit identity and remote access vulnerabilities before moving laterally within a network – vectors that are addressed directly by zero trust identity and networking. Ninety-three percent of surveyed zero trust adopters state that the benefits have matched or exceeded their expectations (iSMG, 2022).

    Top reasons for building a zero trust program in 2022

    (Source: iSMG, 2022)

    44%

    Enforce least privilege access to critical resources

    44%

    Reduce attacker ability to move laterally

    41%

    Reduce enterprise attack surface

    The business case for zero trust is clearer than ever

    Prior obstacles to Zero Trust are disappearing

    A major obstacle to zero trust adoption has been the sheer cost, along with the lack of business case for that investment. Two factors are changing that paradigm in 2022:

    The May 2021 US White House Executive Order for federal agencies to adopt zero trust architecture finally placed zero trust on the radar of many CEOs and board members, creating the business interest and willingness to consider investing in zero trust.

    In addition, the cost of adopting zero trust is quickly being surpassed by the cost of not adopting zero trust, as cyberattacks become rampant and successful zero trust deployments create a case study to support investment.

    Bar chart titled 'Cost to remediate a Ransomware attack' with bars representing the years '2021' and '2020'. 2021's cost sits around $1.8M while 2020's was only $750K The cost to remediate a ransomware attack more than doubled from 2020 to 2021. Widespread adoption of zero trust capabilities could keep that number from doubling again in 2022. (Source: Sophos, 2021)

    The cost of a data breach is on average $1.76 million less for organizations with mature zero trust deployments.

    That is, the cost of a data breach is 35% reduced compared to organizations without zero trust controls. (Source: IBM, 2021)

    Recommended Actions

    Start small

    Don’t put all your eggs in one basket by deploying zero trust in a wide swath. Rather, start as small as possible to allow for growing pains without creating business friction (or sinking your project altogether).

    Build a sensible roadmap

    Zero trust principles can be applied in a myriad of ways, so where should you start? Between identities, devices, networking, and data, decide on a use case to do pilot testing and then refine your approach.

    Beware too-good-to-be-true products

    Zero trust is a powerful buzzword, and vendors know it.

    Be skeptical and do your due diligence to ensure your new security partners in zero trust are delivering what you need.

    Zero trust roadmap

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Develop a practical roadmap that shows the business value of security investment.

    Initiative Description:

    • Define desired business and security outcomes from zero trust adoption.
    • Assess zero trust readiness.
    • Build roadmaps for zero trust:
      1. Identity
      2. Networking
      3. Devices
      4. Data
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Increased security posture and business agility

    Other Expected Business Benefits:

    Arrow pointing down.
    Reduced impact of security events
    Arrow pointing down.
    Reduced cost of managing complex control set
    Arrow pointing up.
    More secure business transformation (i.e. cloud/digital)
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Learning curve of implementation (start small and slow)
    • Transition from current control set to zero trust model

    Related Info-Tech Research:

    Protect Against and Respond to Ransomware

    Priority 05

    Ransomware is still the #1 threat to the safety of your data.

    Executive summary

    Background

    • Ransomware attacks have transformed in 2021 and show no sign of slowing in 2022. There is a new major security breach every week, despite organizations spending over $150 billion in a year on cybersecurity (Nasdaq, 2021).
    • Ransomware as a service (RaaS) is commonplace, and attackers are doubling down by holding encrypted data ransom and also demanding payment under threat to disclose exfiltrated data – and they are making good on their threats.
    • The global cost of ransomware is expected to rise to $265 billion by 2031 (Cybersecurity Ventures, 2021).
    • We expect to see an increase in ransomware incidents in 2022, both in severity and volume – multiple attacks and double extortion are now the norm.
    • High staff turnover increases risk because new employees are unfamiliar with security protocols.

    150% increase ransomware attacks in 2020 (Source: ENISA)

    This is a new golden age of ransomware

    What is the same in 2022

    Unbridled ransomware attacks make it seem like attackers must be using complex new techniques, but prevalent ransomware attack vectors are actually well understood.

    Nearly all modern variants are breaching victim systems in one of three ways:

    • Email phishing
    • Software vulnerabilities
    • RDP/Remote access compromise
    What is new in 2022
    The sophistication of victim targeting

    Victims often find themselves asking, “How did the attackers know to phish the most security-oblivious person in my staff?” Bad actors have refined their social engineering and phishing to exploit high-risk individuals, meaning your chain is only as strong as the weakest link.

    Ability of malware to evade detection

    Modern ransomware is getting better at bypassing anti-malware technology, for example, through creative techniques such as those seen in the MedusaLocker variant and in Ghost Control attacks.

    Effective anti-malware is still a must-have control, but a single layer of defense is no longer enough. Any organization that hopes to avoid paying a ransom must prepare to detect, respond, and recover from an attack.

    Many leaders still don’t know what a ransomware recovery would look like

    Do you know what it would take to recover from a ransomware incident?

    …and does your executive leadership know what it would take to recover?

    The organizations that are most likely to pay a ransom are unprepared for the reality of recovering their systems.

    If you have not done a tabletop or live exercise to simulate a true recovery effort, you may be exposed to more risk than you realize.

    Are your defenses sufficiently hardened against ransomware?

    Organizations with effective security prevention are often breached by ransomware – but they are prepared to contain, detect, and eradicate the infection.

    Ask yourself whether you have identified potential points of entry for ransomware. Assume that your security controls will fail.

    How well are your security controls layered, and how difficult would it be for an attacker to move east/west within your systems?

    Recommended Actions

    Be prepared for a breach

    There is no guarantee that an organization will not fall victim to ransomware, so instead of putting all their effort into prevention, organizations should also put effort into planning to respond to a breach.

    Security awareness training/phishing detection

    Phishing continues to be the main point of entry for ransomware. Investing in phishing awareness and detection among your end users may be the most impactful countermeasure you can implement.

    Zero trust adoption

    Always verify at every step of interaction, even when access is requested by internal users. Manage access of sensitive information based on the principle of least privilege access.

    Encrypt and back up your data

    Encrypt your data so that even if there is a breach, the attackers don’t have a copy of your data. Also, keep regular backups of data at a separate location so that you still have data to work with after a breach occurs.

    You never want to pay a ransom. Being prepared to deal with an incident is your best chance to avoid paying!

    Prevent and respond to ransomware

    Use this template to explain the priorities you need your stakeholders to know about.

    Provide a brief value statement for the initiative.

    Determine your current readiness, response plan, and projects to close gaps.

    Initiative Description:

    • Execute a systematic assessment of your current security and ransomware recovery capabilities.
    • Perform tabletop activities and live recoveries to test data recovery capabilities.
    • Train staff to detect suspicious communications and protect their identities.
    Description must include what IT will undertake to complete the initiative.

    Primary Business Benefits:

    Arrow pointing up.


    Improved productivity and brand protection

    Other Expected Business Benefits:

    Arrow pointing down.
    Reduced downtime and disruption
    Arrow pointing down.
    Reduced cost due to incidents (ransom payments, remediation)
    Align initiative benefits back to business benefits or benefits for the stakeholder groups that it impacts.

    Risks:

    • Friction with existing staff

    Related Info-Tech Research:

    Deepfakes: Dark-horse threat for 2022

    Deepfake video

    How long has it been since you’ve gone a full workday without having a videoconference with someone?

    We have become inherently trustful that the face we see on the screen is real, but the technology required to falsify that video is widely available and runs on commercially available hardware, ushering in a genuinely post-truth online era.

    Criminals can use deepfakes to enhance social engineering, to spread misinformation, and to commit fraud and blackmail.

    Deepfake audio

    Many financial institutions have recently deployed voiceprint authentication. TD describes its VoicePrint as “voice recognition technology that allows us to use your voiceprint – as unique to you as your fingerprint – to validate your identity” over the phone.

    However, hackers have been defeating voice recognition for years already. There is ripe potential for voice fakes to fool both modern voice recognition technology and the accounts payable staff.

    Bibliography

    “2021 Ransomware Statistics, Data, & Trends.” PurpleSec, 2021. Web.

    Bayern, Macy. “Why 60% of IT security pros want to quit their jobs right now.” TechRepublic, 10 Oct. 2018. Web.

    Bresnahan, Ethan. “How Digital Transformation Impacts IT And Cyber Risk Programs.” CyberSaint Security, 25 Feb. 2021. Web.

    Clancy, Molly. “The True Cost of Ransomware.” Backblaze, 9 Sept. 2021.Web.

    “Cost of a Data Breach Report 2021.” IBM, 2021. Web.

    Cybersecurity Ventures. “Global Ransomware Damage Costs To Exceed $265 Billion By 2031.” Newswires, 4 June 2021. Web.

    “Digital Transformation & Cyber Risk: What You Need to Know to Stay Safe.” Ponemon Institute, June 2020. Web.

    “Global Incident Response Threat Report: Manipulating Reality.” VMware, 2021.

    Granger, Diana. “Karmen Ransomware Variant Introduced by Russian Hacker.” Recorded Future, 18 April 2017. Web.

    “Is adopting a zero trust model a priority for your organization?” Statista, 2022. Web.

    “(ISC)2 Cybersecurity Workforce Study, 2021: A Resilient Cybersecurity Profession Charts the Path Forward.” (ISC)2, 2021. Web.

    Kobialka, Dan. “What Are the Top Zero Trust Strategies for 2022?” MSSP Alert, 10 Feb. 2022. Web.

    Kost, Edward. “What is Ransomware as a Service (RaaS)? The Dangerous Threat to World Security.” UpGuard, 1 Nov. 2021. Web.

    Lella, Ifigeneia, et al., editors. “ENISA Threat Landscape 2021.” ENISA, Oct. 2021. Web.

    Mello, John P., Jr. “700K more cybersecurity workers, but still a talent shortage.” TechBeacon, 7 Dec. 2021. Web.

    Naraine, Ryan. “Is the ‘Great Resignation’ Impacting Cybersecurity?” SecurityWeek, 11 Jan. 2022. Web.

    Oltsik, Jon. “ESG Research Report: The Life and Times of Cybersecurity Professionals 2021 Volume V.” Enterprise Security Group, 28 July 2021. Web.

    Osborne, Charlie. “Ransomware as a service: Negotiators are now in high demand.” ZDNet, 8 July 2021. Web.

    Osborne, Charlie. “Ransomware in 2022: We’re all screwed.” ZDNet, 22 Dec. 2021. Web.

    “Retaining Tech Employees in the Era of The Great Resignation.” TalentLMS, 19 Oct. 2021. Web.

    Rubin, Andrew. “Ransomware Is the Greatest Business Threat in 2022.” Nasdaq, 7 Dec. 2021. Web.

    Samartsev, Dmitry, and Daniel Dobrygowski. “5 ways Digital Transformation Officers can make cybersecurity a top priority.“ World Economic Forum, 15 Sept. 2021. Web.

    Seymour, John, and Azeem Aqil. “Your Voice is My Passport.” Presented at black hat USA 2018.

    Solomon, Howard. “Ransomware attacks will be more targeted in 2022: Trend Micro.” IT World Canada, 6 Jan. 2022. Web.

    “The State of Ransomware 2021.” Sophos, April 2021. Web.

    Tarun, Renee. “How The Great Resignation Could Benefit Cybersecurity.” Forbes Technology Council, Forbes, 21 Dec. 2021. Web.

    “TD VoicePrint.” TD Bank, n.d. Web.

    “Working from home during the COVID-19 pandemic, April 202 to June 2021.” Statistics Canada, 4 Aug. 2021. Web.

    “Zero Trust Strategies for 2022.” iSMG, Palo Alto Networks, and Optiv, 28 Jan. 2022. Web.

    Develop Infrastructure & Operations Policies and Procedures

    • Buy Link or Shortcode: {j2store}452|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $46,324 Average $ Saved
    • member rating average days saved: 42 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
    • Standard operating procedures are less effective without a policy to provide a clear mandate and direction.
    • Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
    • Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.

    Our Advice

    Critical Insight

    • Document what you need to document and forget the rest. Always check to see if you can use a previously approved policy before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.

    Impact and Result

    • Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
    • Create effective policies that are reasonable, measurable, auditable, and enforceable.
    • Create and document procedures to support policy changes.

    Develop Infrastructure & Operations Policies and Procedures Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should change your approach to developing Infrastructure & Operations policies and procedures, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify policy and procedure gaps

    Create a prioritized action plan for documentation based on business need.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 1: Identify Policy and Procedure Gaps

    2. Develop policies

    Adapt policy templates to meet your business requirements.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 2: Develop Policies
    • Availability and Capacity Management Policy
    • Business Continuity Management Policy
    • Change Control – Freezes & Risk Evaluation Policy
    • Change Management Policy
    • Configuration Management Policy
    • Firewall Policy
    • Hardware Asset Management Policy
    • IT Triage and Support Policy
    • Release Management Policy
    • Software Asset Management Policy
    • System Maintenance Policy – NIST
    • Internet Acceptable Use Policy

    3. Document effective procedures

    Improve policy adherence and service effectiveness through procedure standardization and documentation.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 3: Document Effective Procedures
    • Capacity Plan Template
    • Change Management Standard Operating Procedure
    • Configuration Management Standard Operation Procedures
    • Incident Management and Service Desk SOP
    • DRP Summary Template
    • Service Desk Standard Operating Procedure
    • HAM Standard Operating Procedures
    • SAM Standard Operating Procedures
    [infographic]

    Further reading

    Develop Infrastructure & Operations Policies and Procedures

    Document what you need to document and forget the rest.

    Table of contents

    Project Rationale

    Project Outlines

    • Phase 1: Identify Policy and Procedure Gaps
    • Phase 2: Develop Policies
    • Phase 3: Document Effective Procedures

    Bibliography

    ANALYST PERSPECTIVE

    Document what you need to document now and forget the rest.

    "Most IT organizations struggle to create and maintain effective policies and procedures, despite known improvements to consistency, compliance, knowledge transfer, and transparency.

    The numbers are staggering. Fully three-quarters of IT professionals believe their policies need improvement, and the same proportion of organizations don’t update procedures as required.

    At the same time, organizations that over-document and under-document perform equally poorly on key measures such as policy quality and policy adherence. Take a practical, step-by-step approach that prioritizes the documentation you need now. Leave the rest for later."

    (Andrew Sharp, Research Manager, Infrastructure & Operations Practice, Info-Tech Research Group)

    Our understanding of the problem

    This Research Is Designed For:

    • Infrastructure Managers
    • Chief Technology Officers
    • IT Security Managers

    This Research Will Help You:

    • Address policy gaps
    • Develop effective procedures and procedure documentation to support policy compliance

    This Research Will Also Assist:

    • Chief Information Officers
    • Enterprise Risk and Compliance Officers
    • Chief Human Resources Officers
    • Systems Administrators and Engineers

    This Research Will Help Them:

    • Understand the importance of a coherent approach to policy development
    • Understand the importance of Infrastructure & Operations policies
    • Support Infrastructure & Operations policy development and enforcement

    Info-Tech Best Practice

    This blueprint supports templates for key policies and procedures that help Infrastructure & Operations teams to govern and manage internal operations. For security policies, see the NIST SP 800-171 aligned Info-Tech blueprint, Develop and Deploy Security Policies.

    Executive Summary

    Situation

    • Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
    • Standard operating procedures are less effective without a policy to provide a clear mandate and direction.

    Complication

    • Existing policies were written, approved, signed – and forgotten for years because no one has time to maintain them.
    • Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
    • Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.

    Resolution

    • Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
    • Create effective policies that are reasonable, measurable, auditable, and enforceable.
    • Create and document procedures to support policy changes.

    Info-Tech Insight

    1. Document what you need to document and forget the rest.
      Always check if a previously approved policy exists before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.
    2. Support policies with documented procedures.
      Build procedures that embed policy adherence in daily operations. Find opportunities to automate policy adherence (e.g. removing local admin rights from user computers).

    What are policies, procedures, and processes?

    A policy is a governing document that states the long-term goals of the organization and in broad strokes outlines how they will be achieved (e.g. a Data Protection Policy).

    In the context of policies, a procedure is composed of the steps required to complete a task (e.g. a Backup and Restore Procedure). Procedures are informed by required standards and recommended guidelines. Processes, guidelines, and standards are three pillars that support the achievement of policy goals.

    A process is higher level than a procedure – a set of tasks that deliver on an organizational goal.

    Better policies and procedures reduce organizational risk and, by strengthening the ability to execute processes, enhance the organization’s ability to execute on its goals.

    Visualization of policies, procedures, and processes using pillars. Two separate structures, 'Policy A' and 'Policy B', are each held up by three pillars labelled 'Standards', 'Procedures', and 'Guidelines'. Two lines pass through the pillars of both structures and are each labelled 'Value-creating process'.

    Document to improve governance and operational processes

    Deliver value

    Build, deliver, and support Infrastructure assets in a consistent way, which ultimately reduces costs associated with downtime, errors, and rework. A good manual process is the foundation for a good automated process.

    Simplify Training

    Use documentation for knowledge transfer. Routine tasks can be delegated to less-experienced staff.

    Maintain compliance

    Comply with laws and regulations. Policies are often required for compliance, and formally documented and enforced policies help the organization maintain compliance by mandating required due diligence, risk reduction, and reporting activities.

    Provide transparency

    Build an open kitchen. Other areas of the organization may not understand how Infra & Ops works. Your documentation can provide the answer to the perennial question: “Why does that take so long?”

    Info-Tech Best Practice

    Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

    Document what you need to document – and forget the rest

    Half of all organizations believe their policy suite is insufficient. (Info-Tech myPolicies Survey Data (N=59))

    Pie chart with three sections labelled 'Too Many Policies and Procedures 14%', 'Adequate Policies and Procedures 37%', 'Insufficient Policies and Procedures 49%'

    Too much documentation and a lack of documentation are both ineffective. (Info-Tech myPolicies Survey Data (N=59))

    Two bar charts labelled 'Policy Adherence' and 'Policy Quality' each with three bars representing 'Too Many Policies and Procedures', 'Insufficient Policies and Procedures', and 'Adequate Policies and Procedures'. The values shown are an average score out of 5. For Policy Adherence: Too Many is 2.4, Insufficient is 2.1, and Adequate is 3.2. For Policy Quality: Too Many is 2.9, Insufficient is 2.6, and Adequate is 4.1.

    77% of IT professionals believe their policies require improvement. (Kaspersky Lab)

    Presenting: A COBIT-aligned policy suite

    We’ve developed a suite of effective policy templates for every Infra & Ops manager based on Info-Tech’s IT Management & Governance Framework.

    Policy templates and the related aspects of Info-Tech's IT Management & Governance Framework

    Info-Tech Best Practice

    Look for these symbols as you work through the deck. Prioritize and focus on the policies you work on first based on the value of the policy to the enterprise and the existing gaps in your governance structure.

    Project outline

    Phases

    1. Identify policy and procedure gaps 2. Develop policies 3. Document effective procedures

    Steps

    • Review and right-size the existing policy set
    • Create an action plan to address policy gaps
    • Modify policy templates and gather feedback
    • Implement, enforce, measure, and maintain new policies
    • Scope and outline procedures
    • Document and maintain procedures

    Outcomes

    Action list of policy and procedure gaps New or updated Infrastructure & Operations policies Procedure documentation

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Accelerate policy development with a Guided Implementation

    Your trusted advisor is just a call away.

    • Identify Policy and Procedure Gaps (Calls 1-2)
      Assess current policies, operational challenges, and gaps. Mitigate significant risks first.
    • Create and Review Policies (Calls 2-4)
      Modify and review policy templates with an Info-Tech analyst.
    • Create and Review Procedures (Calls 4-6)
      Workflow procedures, using templates wherever possible. Review documentation best practices.

    Contact Info-Tech to set up a Guided Implementation with a dedicated advisor who will walk you through every stage of your policy development project.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 1

    Identify Policy and Procedure Gaps

    PHASE 1: Identify Policy and Procedure Gaps

    Step 1.1: Review and right-size the existing policy set

    This step will walk you through the following activities:

    • Identify gaps in your existing policy suite
    • Document challenges to core Infrastructure & Operations processes
    • Identify documentation that can close gaps
    • Prioritize your documentation effort

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors

    Results & Insights

    • Results: A review of the existing policy suite and identification of opportunities for improvement.
    • Insights: Not all gaps necessarily require a fresh policy. Repurpose, refresh, or supplement existing documentation wherever appropriate.

    Conduct a policy review

    Associated Activity icon 1(a) 30 minutes per policy

    You’ve got time to review your policy suite. Make the most of it.

    1. Start with organizational requirements.
      • What initiatives are on the go? What policies or procedures do you have a mandate to create?
    2. Weed out expired and dated policies.
      • Gather your existing policies. Identify when each one was published or last reviewed.
      • Decide whether to retire, merge, or update expired or obviously dated policy.
    3. Review policy statements.
      • Check that the organization is adequately supporting policy statements with SOPs, standards, and guidelines. Ensure role-related information is up to date.
    4. Document and bring any gaps forward to the next activity. If no action is required, indicate that you have completed a review and submit the findings for approval.

    But they just want one policy...

    A review of your policy suite is good practice, especially when it hasn’t been done for a while. Why?
    • Existing policies may address what you’re trying to do with a new policy. Using or modifying an existing policy avoids overlap and contradiction and saves you the effort required to create, communicate, approve, and maintain a new policy.
    • Review the suite to validate that you’re addressing the most important challenges first.

    Brainstorm improvements for core Infrastructure & Operations processes

    Associated Activity icon 1(b) 1 hour

    Supplement the list of gaps from your policy review with process challenges.

    1. Write out key Infra & Ops–related processes – one piece of flipchart paper per process. You can work through all of these processes or cherry-pick the processes you want to improve first.
    2. With participants, write out in point form how you currently execute on these processes (e.g. for Asset Management, you might be tagging hardware, tracking licenses, etc.)
    3. Work through a “Start – Stop – Continue” exercise. Ask participants: What should we start doing? What must we stop doing? What do we do currently that’s valuable and must continue? Write ideas on sticky notes.
    4. Once you’ve worked through the “Start – Stop – Continue” exercise for all processes, group similar suggestions for improvements.

    Asset Management: Manage hardware and software assets across their lifecycle to protect assets and manage costs.

    Availability and Capacity Management: Balance current and future availability, capacity, and performance needs with cost-to-serve.

    Business Continuity Management: Continue operation of critical business processes and IT services.

    Change Management: Deliver technical changes in a controlled manner.

    Configuration Management: Define and maintain relationships between technical components.

    Problem Management: Identify incident root cause.

    Operations Management: Coordinate operations.

    Release and Patch Management: Deliver updates and manage vulnerabilities in a controlled manner.

    Service Desk: Respond to user requests and all incidents.

    PHASE 1: Identify Policy and Procedure Gaps

    Step 1.2: Create an action plan to address policy gaps

    This step will walk you through the following activities:

    • Identify challenges and gaps that can be addressed via documentation
    • Prioritize high-value, high-risk gaps

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors

    Results & Insights

    • Results: An action plan to tackle policy and procedures gaps, aligned with business requirements and business value.
    • Insights: Not all documentation is equally valuable. Prioritize documentation that delivers value and mitigates risk.

    Support policies with procedures, standards, and guidelines

    Use a working definition for each type of document.

    Policy: Directives, rules, and mandates that support the overarching, long-term goals of the organization.

    • Standards: Prescriptive, uniform requirements.
    • Procedures: Specific, detailed, step-by-step instructions for completing a task.
    • Guidelines: Non-enforceable, recommended best practices.

    Info-Tech Best Practice

    Take advantage of your Info-Tech advisory membership by scheduling review sessions with an analyst. We provide high-level feedback to ensure your documentation is clear, concise, and consistent and aligns with the governance objectives you’ve identified.

    Answer the following questions to decide if governance documentation can help close gaps

    Associated Activity icon 1(c) 30 minutes

    Documentation supports knowledge sharing, process consistency, compliance, and transparency. Ask the following questions:

    1. What is the purpose of the documentation?
      Procedures support task completion. Policies set direction and manage organizational risk.
    2. Should it be enforceable?
      Policies and standards are enforceable; guidelines are not. Procedures are enforceable in that they should support policy enforcement.
    3. What is the scope?
      To document a task, create a procedure. Set overarching rules with policies. Use standards and guidelines to set detailed rules and best practices.
    4. What’s the expected cadence for updates?
      Policies should be revisited and revised less frequently than procedures.

    Info-Tech Best Practice

    Reinvent the wheel? I don’t think so!

    Always check to see if a gap can be addressed with existing tools before drafting a new policy

    • Is there an existing policy that could be supported with new or updated procedures, technical standards, or guidelines?
    • Is there a technical control you can deploy that would enforce the terms of an existing, approved policy?
    • It may be simpler to amend an existing policy instead of creating a new one.

    Some problems can’t be solved by better documentation (or by documentation alone). Consider additional strategies that address people, process, and technology.

    Tackle high-value, high-risk gaps first

    Associated Activity icon 1(d) 30 minutes

    Prioritize your documentation effort.

    1. List each proposed piece of documentation on the board.
    2. Assign a score to the risk posed to the business by the lack of documentation and to the expected benefit of completing the documentation. Use a scoring scale between 1 and 3 such as the one on the right.
    3. Prioritize documentation that mitigates risks and maximizes benefits.
    4. If you need to break ties, consider effort required to develop, implement, and enforce policies or procedures.

    Example Scoring Scale

    Score Business risk of missing documentation Business benefit of value of documentation

    1

    Low: Affects ad hoc activities or non-critical data. Low: Minimal impact.

    2

    Moderate: Impacts productivity or internal goodwill. Moderate: Required periodically; some cross-training opportunities.

    3

    High: Impacts revenue, safety, or external goodwill. High: Save time for common or ongoing processes; extensive improvement to training/knowledge transfer.

    Info-Tech Insight

    Documentation pulls resources away from other important programs and projects, so ultimately it must be a demonstrably higher priority than other work. This exercise is designed to align documentation efforts with business goals.

    Phase 1: Review accomplishments

    Policy pillars: Standards, Procedures, Guidelines

    Summary of Accomplishments

    • Identified gaps in the existing policy suite and identified pain points in existing Infra & Ops processes.
    • Developed a list of policies and procedures that can address existing gaps and prioritized the documentation effort.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 2

    Develop Policies

    PHASE 2: Develop Policies

    Step 2.1: Modify policy templates and gather feedback

    This step will walk you through the following activities:

    • Modify policy templates

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Technical Writer

    Results & Insights

    • Results: Your own COBIT-aligned policies built by modifying Info-Tech templates.
    • Insights: Effective policies are easy to read and navigate.

    Write Good-er: Be Clear, Consistent, and Concise

    Effective policies adhere to the three Cs of documentation.

    1. Be clear. Make it as easy as possible for a user to learn how to comply with your policy.
    2. Be consistent. Write policies that complement each other, not contradict each other.
    3. Be concise. Make it as quick and easy as possible to read and understand your policy.

    Info-Tech Best Practice

    To download the full suite of templates all at once, click the “Download Research” button on the research landing page on the website.

    Use the three Cs: Be Clear

    Understanding makes compliance possible. Create policy with the goal of making compliance as easy as possible. Use positive, simple language to convey your intentions and rationale to your audience. Staff will make an effort adhere to your policy when they understand the need and are able to comply with the terms.

    1. Choose a skilled writer. Select a writer who can write clearly and succinctly.
    2. Default to simple language and define key terms. Define scope and key terms upfront. Avoid using technical terms outside of technical documentation; if they’re necessary be sure to define them as well.
    3. Use active, positive language. Where possible, tell people what they can do, not what they can’t.
    4. Keep the structure simple. Complicated documents are less likely to be understood and read. Use short sentences and paragraphs. Lists are a helpful way to summarize important information. Guide your reader through the document with appropriately named section headers, tables of contents, and numeration.
    5. Add a process for handling exceptions. Refer to procedures, standards, and guidelines documentation. Try to keep these links as static as possible. Also, refer to a process for handling exceptions.
    6. Manage the integrity of electronic documents. When published electronically, the policy should have restricted editing access or should be published in a non-editable format. Access to the procedure and policy storage database for employees should be read-only.

    Info-Tech Insight

    Highly effective policies are easy to navigate. Your policies should be “skimmable.” Very few people will fully read a policy before accepting it. Make it easy to navigate so the reader can easily find the policy statements that apply to them.

    Use the three Cs: Be Consistent

    Ensure that policies are aligned with other organizational policies and procedures. It detracts from compliance if different policies prescribe different behavior in the same situation. Moreover, your policies should reflect the corporate culture and other company standards. Use your policies to communicate rules and get employees aligned with how your company works.

    1. Use standard sentences and paragraphs. Policies are usually expressed in short, standard sentences. Lists should also be used when necessary or appropriate.
    2. Remember the three Ws. When writing a policy, always be sure to clearly state what the rule is, when it should be applied, and who needs to follow it. Policies should clearly define their scope of application and whether directives are mandatory or recommended.
    3. Use an outline format. Using a numbered or outline format will make a document easier to read and will make content easier to look up when referring back to the document at a later time.
    4. Avoid amendments. Avoid the use of information that is quickly outdated and requires regular amendment (e.g. names of people).
    5. Reference a set of supplementary documents. Codify your tactics outside of the policy document, but make reference to them within the text. This makes it easier to ensure consistency in the behavior prescribed by your policies.

    "One of the issues is the perception that policies are rules and regulations. Instead, your policies should be used to say ‘this is the way we do things around here.’" (Mike Hughes CISA CGEIT CRISC, Principal Director, Haines-Watts GRC)

    Use the three Cs: Be Concise

    Reading and understanding policies shouldn’t be challenging, and it shouldn’t significantly detract from productive time. Long policies are more difficult to read and understand, increasing the work required for employees to comply with them. Put it this way: How often do you read the Terms and Conditions of software you’ve installed before accepting them?

    1. Be direct. The quicker you get to the point, the easier it is for the reader to interpret and comply with your policy.
    2. Your policy is a rule, not a recipe. Your policy should outline what needs to be accomplished and why – your standards, guidelines, and SOPs address the how.
    3. Keep policies short. Nobody wants to read a huge policy book, so keep your policies short.
    4. Use additional documentation where needed. In addition to making consistency easier, this shortens the length of your policies, making them easier to read.
    5. Policy still too large? Modularize it. If you have an extremely large policy, it’s likely that it’s too widely scoped or that you’re including statements that should be part of procedure documentation. Consider breaking your policy into smaller, focused, more digestible documents.

    "If the policy’s too large, people aren’t going to read it. Why read something that doesn’t apply to me?" (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    "I always try to strike a good balance between length and prescriptiveness when writing policy. Your policies … should be short and describe the problem and your approach to solving it. Below policies, you write standards, guidelines, and SOPs." (Michael Deskin, Policy and Technical Writer, Canadian Nuclear Safety Commission)

    Customize policy documents

    Associated Activity icon 2(a) 1-2 hours per policy

    Use the policies templates to support key Infrastructure & Operations programs.

    INPUT: List of prioritized policies

    OUTPUT: Written policy drafts ready for review

    Materials: Policy templates

    Participants: Policy writer, Signing authority

    No policy template will be a perfect fit for your organization. Use Info-Tech’s research to develop your organization’s program requirements. Customize the policy templates to support those requirements.

    1. Work through policies from highest to lowest priority as defined in Phase 1.
    2. Follow the instructions written in grey text to customize the policy. Follow the three Cs when you write your policy.
    3. When your draft is finished, prepare to request signoff from your signing authority by reviewing the draft with an Info-Tech analyst.
    4. Complete the highest ranked three or four draft policies. Review all these policies with relevant stakeholders and include all relevant signing authorities in the signoff process.
    5. Rinse and repeat. Iterate until all relevant polices are complete.

    Request, Incident, and Problem Management

    An effective, timely service desk correlates with higher overall end-user satisfaction across all other IT services. (Info-Tech Research Group, 2016 (N=25,998))

    An icon for the 'DSS02 Service Desk' template. An icon for the 'DSS03 Incident and Problem Management' template.

    Use the following template to create a policy that outlines the goals and mandate for your service and support organization:

    • IT Triage and Support Policy

    Support the program and associated policy statements using Info-Tech’s research:

    • Standardize the Service Desk
    • Incident and Problem Management
    • Design & Build a User-Facing Service Catalog

    Embrace Standardization

    • Outline the support and service mandate with the policy. Support the policy with the methodology in Info-Tech’s research.
    • Over time, organizations without standardized processes face confusion, redundancies, and cost overruns. Standardization avoids wasting energy and effort building new solutions to solved issues.
    • Standard processes for IT services define repeatable approaches to work and sandbox creative activities.
    • Create tickets for every task and categorize them using a standard classification system. Use the resulting data to support root-cause analysis and long-term trend management.
    • Create a single point of contact for users for all incidents and requests. Escalate and resolve tickets faster.
    • Empower end users and technicians with knowledge bases that help them solve problems without intervention.

    Change, Release, and Patch Management

    Slow turnaround, unauthorized changes, and change-related incidents are all too familiar to many managers.

    An icon for the 'BAI06 Change Management' template. An icon for the 'BAI07 Release Management' template.

    Use the following templates to create policies that define effective patch, release, and change management:

    • Change Management Policy
    • Release and Patch Management Policy
    • Change Control – Freezes & Risk Evaluation Policy

    Ensure the policy is supported by using the following Info-Tech research:

    • Optimize Change Management

    Embrace Change

    • IT system owners resist change management when they see it as slow and bureaucratic.
    • At the same time, an increasingly interlinked technical environment may cause issues to appear in unexpected places. Configuration management systems are often not kept up to date, so preventable conflicts get missed.
    • No process exists to support the identification and deployment of critical security patches. Tracking down users to find a maintenance window takes significant, dedicated effort and intervention from the management team.
    • Create a unified change management process that reduces risk and is balanced in its approach toward deploying changes, while also maintaining throughput of patches, fixes, enhancements, and innovation.

    IT Asset Management (ITAM)

    A proactive, dynamic ITAM program will pay dividends in support, contract management, appropriate provisioning, and more.

    An icon for the 'BAI09 Asset Management' template.

    Start by outlining the requirements for effective asset management:

    • Hardware Asset Management Policy
    • Software Asset Management Policy

    Support ITAM policies with the following Info-Tech research:

    • Implement IT Asset Management

    Leverage Asset Data

    • Create effective, directional policies for your asset management program that provide a mandate for action. Support the policies with robust procedures, capable staff, and right-fit technology solutions.
    • Poor management of assets generally leads to higher costs due to duplicated purchases, early replacement, loss, and so on.
    • Visibility into asset location and ownership improves security and accountability.
    • A centralized repository of asset data supports request fulfilment and incident management.
    • Asset management is an ongoing program, not a one-off project, and must be resourced accordingly. Organizations often implement an asset management program and let it stagnate.

    "Many of the large data breaches you hear about… nobody told the sysadmin the client data was on that server. So they weren’t protecting and monitoring it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    Business Continuity Management (BCM)

    Streamline the traditional approach to make BCM practical and repeatable.

    An icon for the 'DSS04 DR and Business Continuity' template.

    Set the direction and requirements for effective BCM:

    • Business Continuity Management Policy

    Support the BCM policy with the following Info-Tech research:

    • Create a Right-Sized Disaster Recovery Plan
    • Develop a Business Continuity Plan

    Build Organizational Resilience

    • Evidence of disaster recovery and business continuity planning is increasingly required to comply with regulations, mitigate business risk, and meet customer demands.
    • IT leaders are often asked to take the lead on business continuity, but overall accountability for business continuity rests with the board of directors, and each business unit must create and maintain its business continuity plan.
    • Set an organizational mandate for BCM with the policy.
    • Divide the business continuity mandate into manageable parcels of work. Follow Info-Tech’s practical methodology to tackle key disaster recovery and business continuity planning activities one at a time.

    Info-Tech Best Practice

    Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

    Availability, Capacity, and Operations Management

    What was old is new again. Use time-tested techniques to manage and plan cloud capacity and costs.

    An icon for the 'BAI04 Availability and Capacity Management' template. An icon for the 'DSS01 Operations Management' template. An icon for the 'BAI10 Configuration Management' template.

    Set the direction and requirements for effective availability and capacity management:

    • Availability and Capacity Management Policy
    • System Maintenance Policy – NIST

    Support the policy with the following Info-Tech research:

    • Develop an Availability and Capacity Management Plan
    • Improve IT Operations Management
    • Develop an IT Infrastructure Services Playbook

    Mature Service Delivery

    • Hybrid IT deployments – managing multiple locations, delivery models, and service providers – are the future of IT. Hybrid deployments significantly complicate capacity planning and operations management.
    • Effective operations management practices develop structured processes to automate activities and increase process consistency across the IT organization, ultimately improving IT efficiency.
    • Trying to add mature service delivery can feel like playing whack-a-mole. Systematically improve your service capabilities using the tactical, iterative approach outlined in Improve IT Operations Management.

    Enhance your overall security posture with a defensible, prescriptive policy suite

    Align your security policy suite with NIST Special Publication 800-171.

    Security policies support the organization’s larger security program. We’ve created a dedicated research blueprint and a set of templates that will help you build security policies around a robust framework.

    • Start with a security charter that aligns the security program with organizational objectives.
    • Prioritize security policies that address significant risks.
    • Work with technical and business stakeholders to adapt Info-Tech’s NIST SP 800-171–aligned policy templates (at right) to reflect your organizational objectives.

    A diagram listing all the different elements in a 'Security Charter': 'Access Control', 'Audit & Acc.', 'Awareness and Training', 'Config. Mgmt.', 'Identification and Auth.', 'Incident Response', 'Maintenance', 'Media Protection', 'Personnel Security', 'Physical Protection', 'Risk Assessment', 'Security Assessment', 'System and Comm. Protection', and 'System and Information Integrity'.

    Review and download Info-Tech's blueprint Develop and Deploy Security Policies.

    Info-Tech Best Practice

    Customize Info-Tech’s policy framework to align your policy suite to NIST SP 800-171. Given NIST’s requirements for the control of confidential information, organizations that align their policies to NIST standards will be in a strong governance position.

    PHASE 2: Develop Policies

    Step 2.2: Implement, enforce, measure, and maintain new policies

    This step will walk you through the following activities:

    • Gather stakeholder feedback
    • Identify preventive and detective controls
    • Identify required supports
    • Seek policy approval
    • Establish roles and responsibilities for policy maintenance

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors
    • Technical Writer
    • Policy Stakeholders

    Results & Insights

    • Results: Well-supported policies that have received signoff.
    • Insights: If you’re not prepared to enforce the policy, you might not actually need a policy. Use the policy statements as guidelines or standards, create and implement procedures, and build a culture of compliance. Once you can confidently execute on required controls, seek signoff.

    Gather feedback from users to assess the feasibility of the new policies

    Associated Activity icon 2(b) Review period: 1-2 weeks

    Once the policies are drafted, roundtable the drafts with stakeholders.

    INPUT: Draft policies

    OUTPUT: Reviewed policy drafts ready for approval

    Materials: Policy drafts

    Participants: Policy stakeholders

    1. Form a test group of users who will be affected by the policy in different ways. Keep the group to around five staff.
    2. Present new policies to the testers. Allow them to read the documents and attempt to comply with the new policies in their daily routines.
    3. Collect feedback from the group.
      • Consider using interviews, email surveys, chat channels, or group discussions.
      • Solicit ideas on how policy statements could be improved or streamlined.
    4. Make reasonable changes to the first draft of the policies before submitting them for approval. Policies will only be followed if they’re realistic and user friendly.

    Info-Tech Best Practice

    Allow staff the opportunity to provide input on policy development. Giving employees a say in policy development helps avoid obstacles down the road. This is especially true if you’re trying to change behavior rather than lock it in.

    Develop mechanisms for monitoring and enforcement

    Associated Activity icon 2(c) 20 minutes per policy

    Brainstorm preventive and detective controls.

    INPUT: Draft policies

    OUTPUT: Reviewed policy drafts ready for approval

    Materials: Policy drafts

    Participants: Policy stakeholders

    Preventive controls are designed to discourage or pre-empt policy breaches before they occur. Training, approvals processes, and segregation of duties are examples of preventive controls. (Ohio University)

    Detective controls help enforce the policy by identifying breaches after they occur. Forensic analysis and event log auditing are examples of detective controls. (Ohio University)

    Not all policies require the same level of enforcement. Policies that are required by law or regulation generally require stricter enforcement than policies that outline best practices or organizational values.

    Identify controls and enforcement mechanisms that are in line with policy requirements. Build control and enforcement into procedure documentation as needed.

    Suggestions:

    1. Have staff sign off on policies. Disclose any monitoring/surveillance.
    2. Ensure consequences match the severity of the infraction. Document infractions and ensure that enforcement is applied consistently across all infractions.
    3. Automatic controls shouldn’t get in the way of people’s ability to do their jobs. Test controls with users before you roll them out widely.

    Support the policy before seeking approval

    A policy is only as strong as its supporting pillars.

    Create Standards

    Standards are requirements that support policy adherence. Server builds and images, purchase approval criteria, and vulnerability severity definitions can all be examples of standards that improve policy adherence.

    Where reasonable, use automated controls to enforce standards. If you automate the control, consider how you’ll handle exceptions.

    Create Guidelines

    If no standards exist – or best practices can’t be monitored and enforced, as standards require – write guidelines to help users remain in compliance with the policy.

    Create Procedures: We’ll cover procedure development and documentation in Phase 3.

    Info-Tech Insight

    In general, failing to follow or strictly enforce a policy creates a risk for the business. If you’re not confident a policy will be followed or enforced, consider using policy statements as guidelines or standards as an interim measure as you update procedures and communicate and roll out changes that support adherence and enforcement.

    Seek approval and communicate the policy

    Policies ultimately need to be accepted by the business.

    • Once the drafts are completed, identify who is in charge of approving the policies.
    • Ensure all stakeholders understand the importance, context, and repercussions of the policies.
    • The approvals process is about appropriate oversight of the drafted policies. For example:
      • Do the policies satisfy compliance and regulatory requirements?
      • Do the policies work with the corporate culture?
      • Do the policies address the underlying need?

    If the draft is rejected:

    • Acquire feedback and make revisions.
    • Resubmit for approval.

    If the draft is approved:

    • Set the effective date and a review date.
    • Begin communication, training, and implementation.
    • Employees must know that there are new policies and understand the steps they must take to comply with the policies in their work.
    • Employees must be able to interpret, understand, and know how to act upon the information they find in the policies.
    • Employees must be informed on where to get help or ask questions and from whom to request policy exceptions.

    "A lot of board members and executive management teams… don’t understand the technology and the risks posed by it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    Identify policy management roles and responsibilities

    Associated Activity icon 2(d) 30 minutes

    Discuss and assign roles and responsibilities for ongoing policy management.

    Role

    Responsibilities

    Executive sponsor

  • Supports the program at the highest levels of the business, as needed
  • Program lead

  • Leads the Infrastructure & Operations policy management program
  • Identifies and communicates status updates to the executive sponsor and the project team
  • Coordinates business demands and interviews and organizes stakeholders to identify requirements
  • Manages the work team and coordinates policy rollout
  • Policy writer

  • Authors and updates policies based on requirements
  • Coordinates with outsourced editor for completion of written documents
  • IT infrastructure SMEs

  • Provide technical insight into capabilities and limitations of infrastructure systems
  • Provide advice on possible controls that can aid policy rollout, monitoring, and enforcement
  • Legal expert

  • Provides legal advice on the policy’s legal terms and enforceability
  • "Whether at the level of a government, a department, or a sub-organization: technology and policy expertise complement one another and must be part of the conversation." (Peter Sheingold, Portfolio Manager, Cybersecurity, MITRE Corporation)

    Phase 2: Review accomplishments

    Effective Policies: Clear, Consistent, and Concise

    An icon for the 'DSS02 Service Desk' template.

    An icon for the 'DSS03 Incident and Problem Management' template.

    An icon for the 'BAI06 Change Management' template.

    An icon for the 'BAI07 Release Management' template.

    An icon for the 'BAI09 Asset Management' template.

    An icon for the 'DSS04 DR and Business Continuity' template.

    An icon for the 'BAI04 Availability and Capacity Management' template.

    An icon for the 'DSS01 Operations Management' template.

    An icon for the 'BAI10 Configuration Management' template.

    Summary of Accomplishments

    • Built priority policies based on templates aligned with the IT Management & Governance Framework and COBIT 5.
    • Reviewed controls and policy supports.
    • Assigned roles and responsibilities for ongoing policy maintenance.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 3

    Document Effective Procedures

    PHASE 3: Document Effective Procedures

    Step 3.1: Scope and outline procedures

    This step will walk you through the following activities:

    • Prioritize SOP documentation
    • Draft workflows using a tabletop exercise
    • Modify templates, as applicable

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Technical Writer
    • Infrastructure Supervisors

    Results & Insights

    • Results: An action plan for SOP documentation and an outline of procedure workflows.
    • Insights: Don’t let tools get in the way of documentation – low-tech solutions are often the most effective way to build and analyze workflows.

    Prioritize your SOP documentation effort

    Associated Activity icon 3(a) 1-2 hours

    Build SOP documentation that gets used and doesn’t just check a box.

    1. Review the list of procedure gaps from Phase 1. Are any other procedures needed? Are some of the procedures now redundant?
    2. Establish the scope of the proposed procedures. Who are the stakeholders? What policies do they support?
    3. Run a basic prioritization exercise using a three-point scale. Higher scores mean greater risks or greater benefits. Score the risk of the undocumented procedure to the business (e.g. potential effect on data, productivity, goodwill, health and safety, or compliance). Score the benefit to the business of documenting the procedure (e.g. throughput improvements or knowledge transfer).
    4. Different procedures require different formats. Decide on one or more formats that can help you effectively document the procedure:
      • Flowcharts: Depict workflows and decision points. Provide an at-a-glance view that is easy to follow. Can be supported by checklists and diagrams where more detail is required.
      • Checklists: A reminder of what to do, rather than how to do it. Keep instructions brief.
      • Diagrams: Visualize objects, topologies, and connections for reference purposes.
      • Tables: Establish relationships between related categories.
      • Prose: Use full-text instructions where other documentation strategies are insufficient.

    Modify the following Info-Tech templates for larger SOPs

    Support these processes...

    ...with these blueprints...

    ...to create SOPs using these templates.

    An icon for the 'DSS04 DR and Business Continuity' template. Create a Right-Sized Disaster Recovery Plan DRP Summary
    An icon for the 'BAI09 Asset Management' template. Implement IT Asset Management HAM SOP and SAM SOP
    An icon for the 'BAI06 Change Management' template. An icon for the 'BAI07 Release Management' template. Optimize Change Management Change Management SOP
    An icon for the 'DSS02 Service Desk' template. An icon for the 'DSS03 Incident and Problem Management' template. Standardize the Service Desk Service Desk SOP

    Use tabletop planning or whiteboards to draft workflows

    Associated Activity icon 3(b) 30 minutes

    Tabletop planning is a paper-based exercise in which your team walks through a particular process and maps out what happens at each stage.

    OUTPUT: Steps in the current process for one SOP

    Materials: Tabletop, pen, and cue cards

    Participants: Process owners, SMEs

    1. For this exercise, choose one particular process to document.
    2. Document each step of the process on cue cards, which can be arranged on the table in sequence.
    3. Be sure to include task ownership in your steps.
    4. Map out the process as it currently happens – we’ll think about how to improve it later.
    5. Keep focused. Stay on task and on time.

    Example:

    • Step 3: PM reviews new defects daily
    • Step 4: PM assigns defects to tech leads
    • Step 5: Assigned resource updates status – frequency is based on ticket priority

    Info-Tech Insight

    Don’t get weighed down by tools. Relying on software or other technological tools can detract from the exercise. Use simple tools such as cue cards to record steps so that you can easily rearrange steps or insert steps based on input from the group.

    Collaborate to optimize the SOP

    Associated Activity icon 3(c) 30 minutes

    Review the tabletop exercise. What gaps exist in current processes?
    How can the processes be made better? What are the outputs and checkpoints?

    OUTPUT: Identify steps to optimize the SOP

    Materials: Tabletop, pen, and cue cards

    Participants: Process owners, SMEs

    Example:

    • Step 3: PM reviews new defects daily
    • NEW STEP: Schedule 10-minute daily defect reviews with PM and tech leads to evaluate ticket priority
    • Step 4: PM assigns defects to tech leads
    • Step 5: Assigned resource updates status – frequency is based on ticket priority
      • Step 5 Subprocess: Ticket status update
      • Step 5 Output: Ticket status moved to OPEN by assigned resource – acknowledges receipt by assigned resource

    A note on colors: Use white cards to record steps. Record gaps on yellow cards (e.g. a process step not documented) and risks on red cards (e.g. only one person knows how to execute a step) to highlight your gaps/to-dos and risks to be mitigated or accepted.

    If it’s necessary to clarify complex process flows during the exercise, you can also use green cards for decision diamonds, purple for document/report outputs, and blue for subprocesses.

    PHASE 3: Document Effective Procedures

    Step 3.2: Document effective procedures

    This step will walk you through the following activities:

    • Document workflows, checklists, and diagrams
    • Establish a cadence for document review and updates

    This step involves the following participants:

    • Infrastructure Manager
    • Technical Writer

    Results & Insights

    • Results: Improved SOP documentation and document management practices.
    • Insights: It’s possible to keep up with changes if you put the right cues and accountabilities in place. Include document review in project and change management procedures and hold staff accountable for completion.

    Document workflows with flowcharting software

    Suggestions for workflow documentation

    • Whether you draft the workflow on a whiteboard or using cue cards, the first iteration is usually messy. Clean up the flow as you document the results of the exercise.
    • Make the workflow as simple as possible and no simpler. Eliminate any decision points that aren’t strictly necessary to complete the procedure.
    • Use standard flowchart shapes (see next slide).
    • Use links to connect to related documentation.
    • Review the documented workflow with participants.

    Download the following workflow examples:

    Establish flowcharting standards

    If you don’t have existing flowchart standards, then keep it simple and stick to basic flowcharting conventions as described below.

    Basic flowcharting convention: a circle can be used for 'Start, End, and Connector'. Start, End, and Connector: Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified Modeling Language (UML) also uses the circle for start and end points.
    Basic flowcharting convention: a rounded rectangle can be used for 'Start and End'. Start and End: Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes.
    Basic flowcharting convention: a rectangle can be used for 'Process Step'. Process Step: Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the subprocess symbol and flowchart the subprocess separately.
    Basic flowcharting convention: a rectangle with double-line on the ends can be used for 'Subprocess'. Subprocess: A series of steps. For example, a critical incident SOP might reference a recovery process as one of the possible actions. Marking it as a subprocess, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process).
    Basic flowcharting convention: a diamond can be used for 'Decision'. Decision: Represents decision points, typically with Yes/No branches, but you could have other branches depending on the question (e.g. a “Priority?” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues).
    Basic flowcharting convention: a rectangle with a wavy bottom can be used for 'Document/Report Output'. Document/Report Output: For example, the output from a backup process might include an error log.

    Support workflows with checklists and diagrams

    Diagrams

    • Diagrams are a visual representation of real-world phenomena and the connections between them.
    • Be sure to use standard shapes. Clearly label elements of the diagram. Use standard practices, including titles, dates, authorship, and versioning.
    • IT systems and interconnections are layered. Include physical, logical, protocol, and data flow connections.

    Examples:

    • XMPL Recovery Workflows
    • Workflow Library

    Checklists

    • Checklists are best used as short-form reminders on how to complete a particular task.
    • Remember the audience. If the process will be carried out by technical staff, there’s technical background material you won’t need to spell out in detail.

    Examples:

    • Employee Termination Process Checklist
    • XMPL Systems Recovery Playbook

    Establish a cadence for documentation review and maintenance

    Lock-in the work with strong document management practices.

    • Identify documentation requirements as part of project planning.
    • Require a manager or supervisor to review and approve SOPs.
    • Check documentation status as part of change management.
    • Hold staff accountable for documentation.

    "It isn’t unusual for us to see infrastructure or operations documentation that is wildly out of date. We’re talking months, even years. Often it was produced as one big effort and then not reliably maintained." (Gary Patterson, Consultant, Quorum Resources)

    Only a quarter of organizations update SOPs as needed

    A bar chart representing how often organizations update SOPs. Each option has two bars, one representing 'North America', the other representing 'Europe and Asia'. 'Never or rarely' is 11% in North America and 3% in Europe and Asia. 'Ad-hoc approach' is 38% in North America and 28% in Europe and Asia. 'For audits/annual reviews' is 33% in North America and 45% in Europe and Asia. 'As needed/via change management' is 18% in North America and 25% in Europe and Asia. Source: Info-Tech Research Group (N=104)

    Info-Tech Best Practice

    Use Info-Tech’s research Create Visual SOP Documents to further evaluate document management practices and toolsets.

    Phase 3: Review accomplishments

    Workflow documentation: Cue cards into flowcharts

    Summary of Accomplishments

    • Identified priority procedures for documentation activities.
    • Created procedure documentation in the appropriate format and level of granularity to support Infra & Ops policies.
    • Published and maintained procedure documentation.

    Research contributors and experts

    Carole Fennelly, Owner
    cFennelly Consulting

    Picture of Carole Fennelly, Owner, cFennelly Consulting.

    Carole Fennelly provides pragmatic cyber security expertise to help organizations bridge the gap between technical and business requirements. She authored the Center for Internet Security (CIS) Solaris and Red Hat benchmarks, which are used globally as configuration standards to secure IT systems. As a consultant, Carole has defined security strategies, and developed policies and procedures to implement them, at numerous Fortune 500 clients. Carole is a Certified Information Security Manager (CISM), Certified Security Compliance Specialist (CSCS), and Certified HIPAA Professional (CHP).

    Marko Diepold, IT Audit Manager
    audit2advise

    Picture of Marko Diepold, IT Audit Manager, audit2advise.

    Marko is an IT Audit Manager at audit2advise, where he delivers audit, risk advisory, and project management services. He has worked as a Security Officer, Quality Manager, and Consultant at some of Germany’s largest companies. He is a CISA and is ITIL v3 Intermediate and ITGCP certified.

    Research contributors and experts

    Martin Andenmatten, Founder & Managing Director
    Glenfis AG

    Picture of Martin Andenmatten, Founder and Managing Director, Glenfis AG.

    Martin is a digital transformation enabler who has been involved in various fields of IT for more than 30 years. At Glenfis, he leads large Governance and Service Management projects for various customers. Since 2002, he has been the course manager for ITIL® Foundation, ITIL® Service Management, and COBIT training. He has published two books on ISO 20000 and ITIL.

    Myles F. Suer, CIO Chat Facilitator
    CIO.com/Dell Boomi

    Picture of Myles F. Suer, CIO Chat Facilitator, CIO.com/Dell Boomi.

    Myles Suer, according to LeadTails, is the number 9 influencer of CIOs. He is also the facilitator for the CIOChat, which has executive-level participants from around the world in such industries as banking, insurance, education, and government. Myles is also the Industry Solutions Marketing Manager at Dell Boomi.

    Research contributors and experts

    Peter Sheingold, Portfolio Manager
    Cybersecurity, Homeland Security Center, The MITRE Corporation

    Picture of Peter Sheingold, Portfolio Manager, Cybersecurity, Homeland Security Center, The MITRE Corporation.

    Peter leads tasks that involve collaboration with the Department of Homeland Security (DHS) sponsors and MITRE colleagues and connect strategy, policy, organization, and technology. He brings a deep background in homeland security and strategic analysis to his work with DHS in the immigration, border security, and cyber mission spaces. Peter came to MITRE in 2005 but has worked with DHS from its inception.

    Robert D. Austin, Professor
    Ivey Business School

    Picture of Robert D. Austin, Professor, Ivey Business School.

    Dr. Austin is a professor of Information Systems at Ivey Business School and an affiliated faculty member at Harvard Medical School. Before his appointment at Ivey, he was a professor of Innovation and Digital Transformation at Copenhagen Business School, and, before that, a professor of Technology and Operations Management at the Harvard Business School.

    Research contributors and experts

    Ron Jones, Director of IT Infrastructure and Service Management
    DATA Communications

    Picture of Ron Jones, Director of IT Infrastructure and Service Management, DATA Communications.

    Ron is a senior IT leader with over 20 years of management experiences from engineering to IT Service Management and operations support. He is known for joining organizations and leading enhanced process efficiency and has improved software, hardware, infrastructure, and operations solution delivery and support. Ron has worked for global and Canadian firms including BlackBerry, DoubleClick, Cogeco, Infusion, Info-Tech Research Group, and Data Communications Management.

    Scott Genung, Executive Director of Networking, Infrastructure, and Service Operations
    University of Chicago

    Picture of Scott Genung, Executive Director of Networking, Infrastructure, and Service Operations, University of Chicago.

    Scott is an accomplished IT executive with 26 years of experience in technical and leadership roles. In his current role, Scott provides strategic leadership, vision, and oversight for an IT portfolio supporting 31,000 users consisting of services utilized by campuses located in North America, Asia, and Europe; oversees the University’s Command Center; and chairs the UC Cyberinfrastructure Alliance (UCCA), a group of research IT providers that collectively deliver services to the campus and partners.

    Research contributors and experts

    Steve Weil, CISSP, CISM, CRISC, Information Security Director, Cybersecurity Principal Consultant
    Point B

    Picture of Steve Weil, CISSP, CISM, CRISC, Information Security Director, Cybersecurity Principal Consultant, Point B.

    Steve has 20 years of experience in information security design, implementation, and assessment. He has provided information security services to a wide variety of organizations, including government agencies, hospitals, universities, small businesses, and large enterprises. With his background as a systems administrator, security consultant, security architect, and information security director, Steve has a strong understanding of both the strategic and tactical aspects of information security. Steve has significant hands-on experience with security controls, operating systems, and applications. Steve has a master's degree in Information Science from the University of Washington.

    Tony J. Read, Senior Program/Project Lead & Interim IT Executive
    Read & Associates

    Picture of Tony J. Read, Senior Program/Project Lead and Interim IT Executive, Read and Associates.

    Tony has over 25 years of international IT leadership experience, within high tech, computing, telecommunications, finance, banking, government, and retail industries. Throughout his career, Tony has led and successfully implemented key corporate initiatives, contributing millions of dollars to the top and bottom line. He established Read & Associates in 2002, an international IT management and program/project delivery consultancy practice whose aim is to provide IT value-based solutions, realizing stakeholder economic value and network advantage. These key concepts are presented in his new book: The IT Value Network: From IT Investment to Stakeholder Value, published by J. Wiley, NJ.

    Related Info-Tech research

    • Develop and Deploy Security Policies
    • Develop an Availability and Capacity Management Plan
    • Improve IT Operations Management
    • Develop an IT Infrastructure Services Playbook
    • Create a Right-Sized Disaster Recovery Plan
    • Develop a Business Continuity Plan
    • Implement IT Asset Management
    • Optimize Change Management
    • Standardize the Service Desk
    • Incident and Problem Management
    • Design & Build a User-Facing Service Catalog

    Bibliography

    “About Controls.” Ohio University, ND. Web. 2 Feb 2018.

    England, Rob. “How to implement ITIL for a client?” The IT Skeptic. Two Hills Ltd, 4 Feb. 2010. Web. 2018.

    “Global Corporate IT Security Risks: 2013.” Kaspersky Lab, May 2013. Web. 2018.

    “Information Security and Technology Policies.” City of Chicago, Department of Innovation and Technology, Oct. 2014. Web. 2018.

    ISACA. COBIT 5: Enabling Processes. International Systems Audit and Control Association. Rolling Meadows, IL.: 2012.

    “IT Policy & Governance.” NYC Information Technology & Telecommunications, ND. Web. 2018.

    King, Paula and Kent Wada. “IT Policy: An Essential Element of IT Infrastructure”. EDUCAUSE Review. May-June 2001. Web. 2018.

    Luebbe, Max. “Simplicity.” Site Reliability Engineering. O’Reilly Media. 2017. Web. 2018.

    Swartout, Shawn. “Risk assessment, acceptance, and exception with a process view.” ISACA Charlotte Chapter September Event, 2013. Web. 2018.

    “User Guide to Writing Policies.” Office of Policy and Efficiency, University of Colorado, ND. Web. 2018.

    “The Value of Policies and Procedures.” New Mexico Municipal League, ND. Web. 2018.

    Application Maintenance

    • Buy Link or Shortcode: {j2store}30|cart{/j2store}
    • Related Products: {j2store}30|crosssells{/j2store}
    • member rating overall impact: 10.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • If you work with application maintenance or operations teams that handle the "run" of your applications, you may find that the sheer volume and variety of requests create large backlogs.
    • Your business and product owners may want scrum or DevOps teams to work on new functionality rather than spend effort on lifecycle management.
    • Increasing complexity and increasing reliance on technology may create unrealistic expectations for your maintenance teams. Business applications must be available around the clock, and new feature roadmaps cannot be side-tracked by maintenance.

    Our advice

    Insight

    • Improving maintenance focus may mean doing less work but create more value. Your teams need to be realistic about what commitments they take—balance maintenance with business value and risk levels.
    • Treat maintenance the same as any other development practice. Use the same intake and prioritization practices. Uphold the same quality standards.

    Impact and results 

    • Justify the necessity of streamlined and regular maintenance. Understand each stakeholder's objectives and concerns, validate them against your staff's current state, processes, and technologies involved.
    • Maintenance and risk go hand in hand. And the business wants to move forward all the time as well. Strengthen your prioritization practice. Use a holistic view of the business and technical impacts, risks, urgencies across the maintenance needs and requests. That allows you to justify their respective positions in the overall development backlog. Identify opportunities to bring some requirements and features together.
    • Build a repeatable process with appropriate governance around it. Ensure that people know their roles and responsibilities and are held accountable.
    • Instill development best-practices into your maintenance processes.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand everyday struggles regarding application maintenance, the root causes, and our methodology to overcome these. We show you how we can support you.

    Understand your maintenance priorities

    Identify your stakeholders and understand their drivers.

    • Streamline Application Maintenance – Phase 1: Assess the Current Maintenance Landscape (ppt)
    • Application Maintenance Operating Model Template (doc)
    • Application Maintenance Resource Capacity Assessment (xls)
    • Application Maintenance Maturity Assessment (xls)

    Define and employ maintenance governance

    Identify the right level of governance appropriate to your company and business context for your application maintenance. That ensures that people uphold standards across maintenance practices.

    • Streamline Application Maintenance – Phase 2: Develop a Maintenance Release Schedule (ppt)

    Enhance your prioritization practices

    Most companies cannot do everything for all applications and systems. Build your maintenance triage and prioritization rules to safeguard your company, maximize business value generation and IT risks and requirements.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities (ppt)

    Streamline your maintenance delivery

    Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.

    • Streamline Application Maintenance – Phase 4: Streamline Maintenance Delivery (ppt)
    • Application Maintenance Business Case Presentation Document (ppt)

     

     

    Take Action on Service Desk Customer Feedback

    • Buy Link or Shortcode: {j2store}494|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $27,500 Average $ Saved
    • member rating average days saved: 110 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • IT leaders lack information to help inform and prioritize where improvements are most needed.
    • The service desk relies only on traditional metrics such as time to respond or percentage of SLAs met, but no measures of customer satisfaction with the service they receive.
    • There are signs of dissatisfied users, but no mechanism in place to formally capture those perceptions in order to address them.
    • Even if transactional (ticket) surveys are in use, often nothing is done with the data collected or there is a low response rate, and no broader satisfaction survey is in place.

    Our Advice

    Critical Insight

    • If customer satisfaction is not being measured, it’s often because service desk leaders don’t know how to design customer satisfaction surveys, don’t have a mechanism in place to collect feedback, or lack the resources to take accountability for a customer feedback program.
    • If customer satisfaction surveys are in place, it can be difficult to get full value out of them if there is a low response rate due to poor survey design or administration, or if leadership doesn’t understand the value of / know how to analyze the data.
    • It can actually be worse to ask your customers for feedback and do nothing with it than not asking for feedback at all. Customers may end up more dissatisfied if they take the time to provide value then see nothing done with it.

    Impact and Result

    • Understand how to ask the right questions to avoid survey fatigue.
    • Design and implement two complementary satisfaction surveys: a transactional survey to capture satisfaction with individual ticket experiences and inform immediate improvements, and a relationship survey to capture broader satisfaction among the entire user base and inform longer-term improvements.
    • Build a plan and assign accountability for customer feedback management, including analyzing feedback, prioritizing customer satisfaction insights and using them to improve performance, and communicating the results back to your users and stakeholders.

    Take Action on Service Desk Customer Feedback Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take Action on Service Desk Customer Feedback Deck – A step-by-step document that walks you through how to measure customer satisfaction, design and implement transactional and relationship surveys, and analyze and act on user feedback.

    Whether you have no Service Desk customer feedback program in place or you need to improve your existing process for gathering and responding to feedback, this deck will help you design your surveys and act on their results to improve CSAT scores.

    • Take Action on Service Desk Customer Feedback Storyboard

    2. Transactional Service Desk Survey Template – A template to design a ticket satisfaction survey.

    This template provides a sample transactional (ticket) satisfaction survey. If your ITSM tool or other survey mechanism allows you to design or write your own survey, use this template as a starting point.

    • Transactional Service Desk Survey Template

    3. Sample Size Calculator – A tool to calculate the sample size needed for your survey.

    Use the Sample Size Calculator to calculate your ideal sample size for your relationship surveys.

  • Desired confidence level
  • Acceptable margin of error
  • Company population size
  • Ideal sample size
    • Sample Size Calculator

    4. End-User Satisfaction Survey Review Workflows – Visio templates to map your review process for both transactional and relationship surveys

    This template will help you map out the step-by-step process to review collected feedback from your end-user satisfaction surveys, analyze the data, and act on it.

    • End-User Satisfaction Survey Review Workflows

    Infographic

    Further reading

    Take Action on Service Desk Customer Feedback

    Drive up CSAT scores by asking the right questions and effectively responding to user feedback.

    EXECUTIVE BRIEF

    Analyst Perspective

    Collecting feedback is only half the equation.

    The image contains a picture of Natalie Sansone.

    Natalie Sansone, PhD


    Research Director, Infrastructure & Operations

    Info-Tech Research Group

    Often when we ask service desk leaders where they need to improve and if they’re measuring customer satisfaction, they either aren’t measuring it at all, or their ticket surveys are turned on but they get very few responses (or only positive responses). They fail to see the value of collecting feedback when this is their experience with it.

    Feedback is important because traditional service desk metrics can only tell us so much. We often see what’s called the “watermelon effect”: metrics appear “green”, but under the surface they’re “red” because customers are in fact dissatisfied for reasons unmeasured by standard internal IT metrics. Customer satisfaction should always be the goal of service delivery, and directly measuring satisfaction in addition to traditional metrics will help you get a clearer picture of your strengths and weaknesses, and where to prioritize improvements.

    It’s not as simple as asking customers if they were satisfied with their ticket, however. There are two steps necessary for success. The first is collecting feedback, which should be done purposefully, with clear goals in mind in order to maximize the response rate and value of responses received. The second – and most critical – is acting on that feedback. Use it to inform improvements and communicate those improvements. Doing so will not only make your service desk better, increasing satisfaction through better service delivery, but also will make your customers feel heard and valued, which alone increases satisfaction.

    The image contains a picture of Emily Sugerman.

    Emily Sugerman, PhD


    Research Analyst, Infrastructure & Operations

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • The service desk relies only on traditional metrics such as time to respond, or percentage of SLAs met, but not on measures of customer satisfaction with the service they receive.
    • There are signs of dissatisfied users (e.g. shadow IT, users avoid the service desk, go only to their favorite technician) but no mechanism in place to formally capture those perceptions.
    • Transactional ticket surveys were turned on when the ITSM tool was implemented, but either nobody responds to them, or nobody does anything with the data received.
    • IT leaders lack information to help inform and prioritize where improvements are most needed.
    • Service desk leaders don’t know how to design survey questions to ask their users for feedback and/or they don’t have a mechanism in place to survey users.
    • If customer satisfaction surveys are in place, nothing is done with the results because service desk leaders either don’t understand the value of analyzing the data or don’t know how to analyze the data.
    • Executives only want a single satisfaction number to track and don’t understand the value of collecting more detailed feedback.
    • IT lacks the resources to take accountability for the feedback program, or existing resources don’t have time to do anything with the feedback they receive.
    • Understand how to ask the right questions to avoid survey fatigue (where users get overwhelmed and stop responding).
    • Design and implement a transactional survey to capture satisfaction with individual ticket experiences and use the results to inform immediate improvements.
    • Design and implement a relationship survey to capture broader satisfaction among the entire user base and use the results to inform longer-term improvements.
    • Build a plan and assign accountability for analyzing feedback, using it to prioritize and make actionable improvements to address feedback, and communicating the results back to your users and stakeholders.

    Info-Tech Insight

    Asking your customers for feedback then doing nothing with it is worse than not asking for feedback at all. Your customers may end up more dissatisfied than they were before, if their opinion is sought out and then ignored. It’s valuable to collect feedback, but the true value for both IT and its customers comes from acting on that feedback and communicating those actions back to your users.

    Traditional service desk metrics can be misleading

    The watermelon effect

    When a service desk appears to hit all its targets according to the metrics it tracks, but service delivery is poor and customer satisfaction is low, this is known as the “watermelon effect”. Service metrics appear green on the outside, but under the surface (unmeasured), they’re red because customers are dissatisfied.

    Traditional SLAs and service desk metrics (such as time to respond, average resolution time, percentage of SLAs met) can help you understand service desk performance internally to prioritize your work and identify process improvements. However, they don’t tell you how customers perceive the service or how satisfied they are.

    Providing good service to your customers should be your end goal. Failing to measure, monitor, and act on customer feedback means you don’t have the whole picture of how your service desk is performing and whether or where improvements are needed to maximize satisfaction.

    There is a shift in ITSM to focus more on customer experience metrics over traditional ones

    The Service Desk Institute (SDI) suggests that customer satisfaction is the most important indicator of service desk success, and that traditional metrics around SLA targets – currently the most common way to measure service desk performance – may become less valuable or even obsolete in the future as customer experience-focused targets become more popular. (Service Desk Institute, 2021)

    SDI conducted a Customer Experience survey of service desk professionals from a range of organizations, both public and private, from January to March 2018. The majority of respondents said that customer experience is more important than other metrics such as speed of service or adherence to SLAs, and that customer satisfaction is more valuable than traditional metrics. (SDI, 2018).

    The image contains a screenshot of two pie graphs. The graph on the left is labelled: which of these is most important to your service desk? Customer experience is first with 54%. The graph on the right is labelled: Which measures do you find more value in? Customer satisfaction is first with 65%.

    However, many service desk leaders aren’t effectively measuring customer feedback

    Not only is it important to measure customer experience and satisfaction levels, but it’s equally important to act on that data and feed it into a service improvement program. However, many IT leaders are neglecting either one or both of those components.

    Obstacles to collecting feedback

    Obstacles to acting on collected feedback

    • Don’t understand the value of measuring customer feedback.
    • Don’t have a good mechanism in place to collect feedback.
    • Don’t think that users would respond to a survey (either generally unresponsive or already inundated with surveys).
    • Worried that results would be negative or misleading.
    • Don’t know what questions to ask or how to design a survey.
    • Don’t understand the importance of analyzing and acting on feedback collected.
    • Don’t know how to analyze survey data.
    • Lack of resources to take accountability over customer feedback (including analyzing data, monitoring trends, communicating results).
    • Executives or stakeholders only want a satisfaction score.

    A strong customer feedback program brings many benefits to IT and the business

    Insight into customer experience

    Gather insight into both the overall customer relationship with the service desk and individual transactions to get a holistic picture of the customer experience.

    Data to inform decisions

    Collect data to inform decisions about where to spend limited resources or time on improvement, rather than guessing or wasting effort on the wrong thing.

    Identification of areas for improvement

    Better understand your strengths and weaknesses from the customer’s point of view to help you identify gaps and priorities for improvement.

    Customers feel valued

    Make customers feel heard and valued; this will improve your relationship and their satisfaction.

    Ability to monitor trends over time

    Use the same annual relationship survey to be able to monitor trends and progress in making improvements by comparing data year over year.

    Foresight to prevent problems from occurring

    Understand where potential problems may occur so you can address and prevent them, or who is at risk of becoming a detractor so you can repair the relationship.

    IT staff coaching and engagement opportunities

    Turn negative survey feedback into coaching and improvement opportunities and use positive feedback to boost morale and engagement.

    Take Action on Service Desk Customer Feedback

    The image contains a screenshot of a Thought Model titled: Take Action on Service Desk Customer Feedback.

    Info-Tech’s methodology for measuring and acting on service desk customer feedback

    Phase

    1. Understand how to measure customer satisfaction

    2. Design and implement transactional surveys

    3. Design and implement relationship surveys

    4. Analyze and act on feedback

    Phase outcomes

    Understand the main types of customer satisfaction surveys, principles for survey design, and best practices for surveying your users.

    Learn why and how to design a simple survey to assess satisfaction with individual service desk transactions (tickets) and a methodology for survey delivery that will improve response rates.

    Understand why and how to design a survey to assess overall satisfaction with the service desk across your organization, or use Info-Tech’s diagnostic.

    Measure and analyze the results of both surveys and build a plan to act on both positive and negative feedback and communicate the results with the organization.

    Insight Summary

    Key Insight:

    Asking your customers for feedback then doing nothing with it is worse than not asking for feedback at all. Your customers may end up more dissatisfied than they were before if they’re asked for their opinion then see nothing done with it. It’s valuable to collect feedback, but the true value for both IT and its customers comes from acting on that feedback and communicating those actions back to your users.

    Additional insights:

    Insight 1

    Take the time to define the goals of your transactional survey program before launching it – it’s not as simple as just deploying the default survey of your ITSM tool out of the box. The objectives of the survey – including whether you want to keep a pulse on average satisfaction or immediately act on any negative experiences – will influence a range of key decisions about the survey configuration.

    Insight 2

    While transactional surveys provide useful indicators of customer satisfaction with specific tickets and interactions, they tend to have low response rates and can leave out many users who may rarely or never contact the service desk, but still have helpful feedback. Include a relationship survey in your customer feedback program to capture a more holistic picture of what your overall user base thinks about the service desk and where you most need to improve.

    Insight 3

    Satisfaction scores provide valuable data about how your customers feel, but don’t tell you why they feel that way. Don’t neglect the qualitative data you can gather from open-ended comments and questions in both types of satisfaction surveys. Take the time to read through these responses and categorize them in at least a basic way to gain deeper insight and determine where to prioritize your efforts.

    Understand how to measure customer satisfaction

    Phase 1

    Understand the main types of customer satisfaction surveys, principles for survey design, and best practices for surveying your users.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    Three methods of surveying your customers

    Transactional

    Relationship

    One-off

    Also known as

    Ticket surveys, incident follow-up surveys, on-going surveys

    Annual, semi-annual, periodic, comprehensive, relational

    One-time, single, targeted

    Definition

    • Survey that is tied to a specific customer interaction with the service desk (i.e. a ticket).
    • Assesses how satisfied customers are with how the ticket was handled and resolved.
    • Sent immediately after ticket is closed.
    • Short – usually 1 to 3 questions.
    • Survey that is sent periodically (i.e. semi-annually or annually) to the entire customer base to measure overall relationship with the service desk.
    • Assesses customer satisfaction with their overall service experience over a longer time period.
    • Longer – around 15-20 questions.
    • One-time survey sent at a specific, targeted point in time to either all customers or a subset.
    • Often event-driven or project-related.
    • Assesses satisfaction at one time point, or about a specific change that was implemented, or to inform a specific initiative that will be implemented.

    Pros and cons of the three methods

    Transactional

    Relationship

    One-off

    Pros

    • Immediate feedback
    • Actionable insights to immediately improve service or experience
    • Feeds into team coaching
    • Multiple touchpoints allow for trending and monitoring
    • Comprehensive insight from broad user base to improve overall satisfaction
    • Reach users who don’t contact the service desk often or respond to ticket surveys
    • Identify unhappy customers and reasons for dissatisfaction
    • Monitor broader trends over time
    • Targeted insights to measure the impact of a specific change or perception at a specific point of time

    Cons

    • Customer may become frustrated being asked to fill out too many surveys
    • Can lead to survey fatigue and low response rates
    • Tend to only see responses for very positive or negative experiences
    • High volume of data to analyze
    • Feedback is at a high-level
    • Covers the entire customer journey, not a specific interaction
    • Users may not remember past interactions accurately
    • A lot of detailed data to analyze and more difficult to turn into immediate action
    • Not as valuable without multiple surveys to see trends or change

    Which survey method should you choose?

    Only relying on one type of survey will leave gaps in your understanding of customer satisfaction. Include both transactional and relationship surveys to provide a holistic picture of customer satisfaction with the service desk.

    If you can only start with one type, choose the type that best aligns with your goals and priorities:

    If your priority is to identify larger improvement initiatives the service desk can take to improve overall customer satisfaction and trust in the service desk:

    If your priority is to provide customers with the opportunity to let you know when transactions do not go well so you can take immediate action to make improvements:

    Start with a relationship survey

    Start with a transactional survey

    The image contains a screenshot of a bar graph on SDI's 2018 Customer Experience in ITSM report.

    Info-Tech Insight

    One-off surveys can be useful to assess whether a specific change has impacted satisfaction, or to inform a planned change/initiative. However, as they aren’t typically part of an on-going customer feedback program, the focus of this research will be on transactional and relationship surveys.

    3 common customer satisfaction measures

    The three most utilized measures of customer satisfaction include CSAT, CES, and NPS.

    CSAT CES NPS
    Name Customer Satisfaction Customer Effort Score Net Promoter score
    What it measures Customer happiness Customer effort Customer loyalty
    Description Measures satisfaction with a company overall, or a specific offering or interaction Measures how much effort a customer feels they need to put forth in order to accomplish what they wanted Single question that asks consumers how likely they are to recommend your product, service, or company to other people
    Survey question How satisfied are/were you with [company/service/interaction/product]? How easy was it to [solve your problem/interact with company/handle my issue]? Or: The [company] made it easy for me to handle my issue How likely are you to recommend [company/service/product] to a friend?
    Scale 5, 7, or 10 pt scale, or using images/emojis 5, 7, or 10 pt scale 10-pt scale from highly unlikely to highly likely
    Scoring Result is usually expressed as a percentage of satisfaction Result usually expressed as an average Responses are divided into 3 groups where 0-6 are detractors, 7-8 are passives, 9-10 are promoters
    Pros
    • Well-suited for specific transactions
    • Simple and able to compare scores
    • Simple number, easy to analyze
    • Effort tends to predict future behavior
    • Actionable data
    • Simple to run and analyze
    • Widely used and can compare to other organizations
    • Allows for targeting customer segments
    Cons
    • Need high response rate to have representative numberEasy to ask the wrong questions
    • Not as useful without qualitative questions
    • Only measures a small aspect of the interaction
    • Only useful for transactions
    • Not useful for improvement without qualitative follow-up questions
    • Not as applicable to a service desk as it measures brand loyalty

    When to use each satisfaction measure

    The image contains a screenshot of a diagram that demonstrates which measure to use based off of what you would like to access, and which surveys it aligns with.

    How to choose which measure(s) to incorporate in your surveys

    The best measures are the ones that align with your specific goals for collecting feedback.

    • Most companies will use multiple satisfaction measures. For example, NPS can be tracked to monitor the overall customer sentiment, and CSAT used for more targeted feedback.
    • For internal-facing IT departments, CSAT is the most popular of the three methods, and NPS may not be as useful.
    • Choose your measure and survey types based on what you are trying to achieve and what kind of information you need to make improvements.
    • Remember that one measure alone isn’t going to give you actionable feedback; you’ll need to follow up with additional measures (especially for NPS and CES).
    • For CSAT surveys, customize the satisfaction measures in as many ways as you need to target the questions toward the areas you’re most interested in.
    • Don’t stick to just these three measures or types of surveys – there are other ways to collect feedback. Experiment to find what works for you.
    • If you’re designing your own survey, keep in mind the principles on the next slide.

    Info-Tech Insight

    While we focus mainly on traditional survey-based approaches to measuring customer satisfaction in this blueprint, there’s no need to limit yourselves to surveys as your only method. Consider multiple techniques to capture a wider audience, including:

    • Customer journey mapping
    • Focus groups with stakeholders
    • Lunch and learns or workshop sessions
    • Interviews – phone, chat, in-person
    • Kiosks

    Principles for survey design

    As you design your satisfaction survey – whether transactional or relational – follow these guidelines to ensure the survey delivers value and gets responses.

    1. Focus on your goal
    2. Don’t include unnecessary questions that won’t give you actionable information; it will only waste respondents’ time.

    3. Be brief
    4. Keep each question as short as possible and limit the total number of survey questions to avoid survey fatigue.

    5. Include open-ended questions
    6. Most of your measures will be close-ended, but include at least one comment box to allow for qualitative feedback.

    7. Keep questions clear and concise
    8. Ensure that question wording is clear and specific so that all respondents interpret it the same way.

    9. Avoid biased or leading questions
    10. You won’t get accurate results if your question leads respondents into thinking or answering a certain way.

    11. Avoid double-barreled questions
    12. Don’t ask about two different things in the same question – it will confuse respondents and make your data hard to interpret.

    13. Don’t restrict responses
    14. Response options should include all possible opinions (including “don’t know”) to avoid frustrating respondents.

    15. Make the survey easy to complete
    16. Pre-populate information where possible (e.g. name, department) and ensure the survey is responsive on mobile devices.

    17. Keep questions optional
    18. If every question is mandatory, respondents may leave the survey altogether if they can’t or don’t want to answer one question.

    19. Test your survey
    20. Test your survey with your target audience before launching, and incorporate feedback - they may catch issues you didn’t notice.

    Prevent survey fatigue to increase response rates

    If it takes too much time or effort to complete your survey – whether transactional or relational – your respondents won’t bother. Balance your need to collect relevant data with users’ needs for a simple and worthwhile task in order to get the most value out of your surveys.

    There are two types of survey fatigue:

    1. Survey response fatigue
    2. Occurs when users are overwhelmed by too many requests for feedback and stop responding.

    3. Survey taking fatigue
    4. Occurs when the survey is too long or irrelevant to users, so they grow tired and abandon the survey.

    Fight survey fatigue:

    • Make it as easy as possible to answer your survey:
      • Keep the survey as short as possible.
      • For transactional surveys, allow respondents to answer directly from email without having to click a separate link if possible.
      • Don’t make all questions mandatory or users may abandon it if they get to a difficult or unapplicable question.
      • Test the survey experience across devices for mobile users.
    • Communicate the survey’s value so users will be more likely to donate their time.
    • Act on feedback: follow up on both positive and negative responses so users see the value in responding.
    • Consider attaching an incentive to responding (e.g. name entered in a monthly draw).

    Design and implement transactional surveys

    Phase 2

    Learn why and how to design a simple survey to assess satisfaction with individual service desk transactions (tickets) and a methodology for survey delivery that will improve response rates.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    Use transactional surveys to collect immediate and actionable feedback

    Recall the definition of a transactional survey:

    • Survey that is tied to a specific customer interaction with the service desk (i.e. a ticket).
    • Assesses how satisfied customers are with how the ticket was handled and resolved.
    • Sent immediately after ticket is closed.
    • Short – usually 1 to 3 questions.

    Info-Tech Insight

    While feedback on transactional surveys is specific to a single transaction, even one negative experience can impact the overall perception of the service desk. Pair your transactional surveys with an annual relationship survey to capture broader sentiment toward the service desk.

    Transactional surveys serve several purposes:

    • Gives end users a mechanism to provide feedback when they want to.
    • Provides continual insight into customer satisfaction throughout the year to monitor for trends or issues in between broader surveys.
    • Provides IT leaders with actionable insights into areas for improvement in their processes, knowledge and skills, or customer service.
    • Gives the service desk the opportunity to address any negative experiences or perceptions with customers, to repair the relationship.
    • Feeds into individual or team coaching for service desk staff.

    Make key decisions ahead of launching your transactional surveys

    If you want to get the most of your surveys, you need to do more than just click a button to enable out-of-the-box surveys through your ITSM tool. Make these decisions ahead of time:

    Decision Considerations For more guidance, see
    What are the goals of your survey? Are you hoping to get an accurate pulse of customer sentiment (if so, you may want to randomly send surveys) or give customers the ability to provide feedback any time they have some (if so, send a survey after every ticket)? Slide 25
    How many questions will you ask? Keep the survey as short as possible – ideally only one mandatory question. Slide 26
    What questions will you ask? Do you want a measure of NPS, CES, or CSAT? Do you want to measure overall satisfaction with the interaction or something more specific about the interaction? Slide 27
    What will be the response options/scale? Keep it simple and think about how you will use the data after. Slide 28
    How often will you send the survey? Will it be sent after every ticket, every third ticket, or randomly to a select percentage of tickets, etc.? Slide 29
    What conditions would apply? For example, is there a subset of users who you never want to receive a survey or who you always want to receive a survey? Slide 30
    What mechanism/tool will you use to send the survey? Will your ITSM tool allow you to make all the configurations you need, or will you need to use a separate survey tool? If so, can it integrate to your ITSM solution? Slide 30

    Key decisions, continued

    Decision Considerations For more guidance, see
    What will trigger the survey? Typically, marking the ticket as either ‘resolved’ or ‘closed’ will trigger the survey. Slide 31
    How long after the ticket is closed will you send the survey? You’ll want to leave enough time for the user to respond if the ticket wasn’t resolved properly before completing a survey, but not so much time that they don’t remember the ticket. Slide 31
    Will the survey be sent in a separate email or as part of the ticket resolution email? A separate email might feel like too many emails for the user, but a link within the ticket closure email may be less noticeable. Slide 32
    Will the survey be embedded in email or accessed through a link? If the survey can be embedded into the email, users will be more likely to respond. Slide 32
    How long will the survey link remain active, and will you send any reminders? Leave enough time for the user to respond if they are busy or away, but not so much time that the data would be irrelevant. Balance the need to remind busy end users with the possibility of overwhelming them with survey fatigue. Slide 32
    What other text will be in the main body of the survey email and/or thank you page? Keep messaging short and straightforward and remind users of the benefit to them. Slide 33
    Where will completed surveys be sent/who will have access? Will the technician assigned to the ticket have access or only the manager? What email address/DL will surveys be sent to? Slide 33

    Define the goals of your transactional survey program

    Every survey should have a goal in mind to ensure only relevant and useful data is collected.

    • Your survey program must be backed by clear and actionable goals that will inform all decisions about the survey.
    • Survey questions should be structured around that goal, with every question serving a distinct purpose.
    • If you don’t have a clear plan for how you will action the data from a particular question, exclude it.
    • Don’t run a survey just for the sake of it; wait until you have a clear plan. If customers respond and then see nothing is done with the data, they will learn to avoid your surveys.

    Your survey objectives will also determine how often to send the survey:

    If your objective is:

    Keep a continual pulse on average customer satisfaction

    Gain the opportunity to act on negative feedback for any poor experience

    Then:

    Send survey randomly

    Send survey after every ticket

    Rationale:

    Sending a survey less often will help avoid survey fatigue and increase the chances of users responding whether they have good, bad, or neutral feedback

    Always having a survey available means users can provide feedback every time they want to, including for any poor experience – giving you the chance to act on it.

    Info-Tech Insight

    Service Managers often get caught up in running a transactional survey program because they think it’s standard practice, or they need to report a satisfaction metric. If that’s your only objective, you will fail to derive value from the data and will only turn customers away from responding.

    Design survey content and length

    As you design your survey, keep in mind the following principles:

    1. Keep it short. Your customers won’t bother responding if they see a survey with multiple questions or long questions that require a lot of reading, effort, or time.
    2. Make it simple. This not only makes it easier for your customers to complete, but easier for you to track and monitor.
    3. Tie your survey to your goals. Remember that every question should have a clear and actionable purpose.
    4. Don’t measure anything you can’t control. If you won’t be able to make changes based on the feedback, there’s no value asking about it.
    5. Include an (optional) open-ended question. This will allow customers to provide more detailed feedback or suggestions.

    Q: How many questions should the survey contain?

    A: Ideally, your survey will have only one mandatory question that captures overall satisfaction with the interaction.

    This question can be followed up with an optional open-ended question prompting the respondent for more details. This will provide a lot more context to the overall rating.

    If there are additional questions you need to ask based on your goals, clearly make these questions optional so they don’t deter respondents from completing the survey. For example, they can appear only after the respondent has submitted their overall satisfaction response (i.e. on a separate, thank you page).

    Additional (optional) measures may include:

    • Customer effort score (how easy or difficult was it to get your issue resolved?)
    • Customer service skills of the service desk
    • Technical skills/knowledge of the agents
    • Speed or response or resolution

    Design question wording

    Tips for writing survey questions:

    • Be clear and concise
    • Keep questions as short as possible
    • Cut out any unnecessary words or phrasing
    • Avoid biasing, or leading respondents to select a certain answer
    • Don’t attempt to measure multiple constructs in a single question.

    Sample question wording:

    How satisfied are you with this support experience?

    How would you rate your support experience?

    Please rate your overall satisfaction with the way your issue was handled.

    Instead of this….

    Ask this….

    “We strive to provide excellent service with every interaction. Please rate how satisfied you are with this interaction.”

    “How satisfied were you with this interaction?”

    “How satisfied were you with the customer service skills, knowledge, and responsiveness of the technicians?”

    Choose only one to ask about.

    “How much do you agree that the service you received was excellent?”

    “Please rate the service you received.”

    “On a scale of 1-10, thinking about your most recent experience, how satisfied would you say that you were overall with the way that your ticket was resolved?”

    “How satisfied were you with your ticket resolution?”

    Choose response options

    Once you’ve written your survey question, you need to design the response options for the question. Put careful thought into balancing ease of responding for the user with what will give you the actionable data you need to meet your goals. Keep the following in mind:

    When planning your response options, remember to keep the survey as easy to respond to as possible – this means allowing a one-click response and a scale that’s intuitive and simple to interpret.

    Think about how you will use the responses and interpret the data. If you choose a 10-point scale, for example, what would you classify as a negative vs positive response? Would a 5-point scale suffice to get the same data?

    Again, use your goals to inform your response options. If you need a satisfaction metric, you may need a numerical scale. If your goal is just to capture negative responses, you may only need two response options: good vs bad.

    Common response options:

    • Numerical scale (e.g. very dissatisfied to very satisfied on a 5-point scale)
    • Star rating (E.g. rate the experience out of 5 stars)
    • Smiley face scale
    • 2 response options: Good vs Bad (or Satisfied vs Dissatisfied)

    Investigate the capabilities of your ITSM tool. It may only allow one built-in response option style. But if you have the choice, choose the simplest option that aligns with your goals.

    Decide how often to send surveys

    There are two common choices for when to send ticket satisfaction surveys:

    After random tickets

    After every ticket

    Pros

    • May increase response rate by avoiding survey fatigue.
    • May be more likely to capture a range of responses that more accurately reflect sentiment (versus only negative).
    • Gives you the opportunity to receive feedback whenever users have it.
    • If your goal is to act on negative feedback whenever it arises, that’s only possible if you send a survey after every ticket.

    Cons

    • Overrepresents frequent service desk users and underrepresents infrequent users.
    • Users who have feedback to give may not get the chance to give it/service desk can’t act on it.
    • Customers who frequently contact the service desk will be overwhelmed by surveys and may stop responding.
    • Customers may only reply if they have very negative or positive feedback.

    SDI’s 2018 Customer Experience in ITSM survey of service desk professionals found:

    Almost two-thirds (65%) send surveys after every ticket.

    One-third (33%) send surveys after randomly selected tickets are closed.

    Info-Tech Recommendation:

    Send a survey after every ticket so that anyone who has feedback gets the opportunity to provide it – and you always get the chance to act on negative feedback. But, limit how often any one customer receives a ticket to avoid over-surveying them – restrict to anywhere between one survey a week to one per month per customer.

    Plan detailed survey logistics

    Decision #1

    Decision #2

    What tool will you use to deliver the survey?

    What (if any) conditions apply to your survey?

    Considerations

    • How much configuration does your ITSM tool allow? Will it allow you to configure the survey according to your decisions? Many ITSM tools, especially mid-market, do not allow you to change the response options or how often the survey is sent.
    • How does the survey look and act on mobile devices? If a customer receives the survey on their phone, they need to be able to easily respond from there or they won’t bother at all.
    • If you wish to use a different survey tool, does it integrate with your ITSM solution? Would agents have to manually send the survey? If so, how would they choose who to send the survey to, and when?

    Considerations

    Is there a subset of users who you never want to receive a survey (e.g. a specific department, location, role, or title)?

    Is there a subset of users who you always want to receive a survey, no matter how often they contact the service desk (e.g. VIP users, a department that scored low on the annual satisfaction survey, etc.)?

    Are there certain times of the year that you don’t want surveys to go out (e.g. fiscal year end, holidays)?

    Are there times of the day that you don’t want surveys to be sent (e.g. only during business hours; not at the end of the day)?

    Recommendations

    The built-in functionality of your ITSM tool’s surveys will be easiest to send and track; use it if possible. However, if your tool’s survey module is limited and won’t give you the value you need, consider a third-party solution or survey tool that integrates with your ITSM solution and won’t require significant manual effort to send or review the surveys.

    Recommendations

    If your survey module allows you to apply conditions, think about whether any are necessary to apply to either maximize your response rate (e.g. don’t send a survey on a holiday), avoid annoying certain users, or seek extra feedback from dissatisfied users.

    Plan detailed survey logistics

    Decision #2

    Decision #1

    What will trigger the survey?

    When will the survey be sent?

    Considerations

    • Usually a change of ticket status triggers the survey, but you may have the option to send it after the ticket is marked ‘resolved’ or ‘closed’. The risk of sending the survey after the ticket is ‘resolved’ is the issue may not actually be resolved yet, but waiting until it’s ‘closed’ means the user may be less likely to respond as more time has passed.
    • Some tools allow for a survey to be sent after every agent reply.
    • Some have the option to manually generate a survey, which may be useful in some cases; those cases would need to be well defined.

    Considerations

    • Once you’ve decided the trigger for the survey, decide how much time should pass after that trigger before the survey is sent.
    • The amount of time you choose will be highly dependent on the trigger you choose. For example, if you want the ‘resolved’ status to send a survey, you may want to wait 24h to send the survey in case the user responds that their issue hasn’t been properly resolved.
    • If you choose ‘closed’ as your trigger, you may want the survey to be sent immediately, as waiting any longer could further reduce the response rate.
    • Your average resolution time may also impact the survey wait time.

    Recommendations

    Only send the survey once you’re sure the issue has actually been resolved; you could further upset the customer if you ask them how happy they are with the resolution if resolution wasn’t achieved. This means sending the survey once the user confirms resolution (which closes ticket) or the agent closes the ticket.

    Recommendations

    If you are sending the survey upon ticket status moving to ‘resolved’, wait at least 24 hours before sending the survey in case the user responds that their issue wasn’t actually resolved. However, if you are sending the survey after the ticket has been verified resolved and closed, you can send the survey immediately while the experience is still fresh in their memory.

    Plan detailed survey logistics

    Decision #1

    Decision #2

    How will the survey appear in email?

    How long will the survey remain active?

    Considerations

    • If the survey link is included within the ticket resolution email, it’s one less email to fatigue users, but users may not notice there is a survey in the email.
    • If the survey link is included in its own separate email, it will be more noticeable to users, but could risk overwhelming users with too many emails.
    • Can users view the entire survey in the email and respond directly within the email, or do they need to click on a link and respond to the survey elsewhere?

    Considerations

    • Leaving the survey open at least a week will give users who are out of office or busy more time to respond.
    • However, if users respond to the survey too long after their ticket was resolved, they may not remember the interaction well enough to give any meaningful response.
    • Will you send any reminders to users to complete the survey? It may improve response rate, or may lead to survey fatigue from reaching out too often.

    Recommendations

    Send the survey separately from the ticket resolution email or users will never notice it. However, if possible, have the entire survey embedded within the email so users can click to respond directly from their email without having to open a separate link. Reduce effort, to make users more likely to respond.

    Recommendations

    Leave enough time for the user to respond if they are busy or away, but not so much time that the data will be irrelevant. Balance the need to remind busy end users, with the possibility of overwhelming them with survey fatigue. About a week is typical.

    Plan detailed survey logistics

    Decision #1

    Decision #2

    What will the body of the email/messaging say?

    Where will completed surveys be sent?

    Considerations

    • Communicate the value of responding to the survey.
    • Remember, the survey should be as short and concise as possible. A lengthy body of text before the actual survey can deter respondents.
    • Depending on your survey configuration, you may have a ‘thank you’ page that appears after respondents complete the survey. Think about what messaging you can save for that page and what needs to be up front.
    • Ensure there is a clear reference to which ticket the survey is referencing (with the subject of the ticket, not just ticket number).

    Considerations

    • Depending on the complexity of your ITSM tool, you may designate email addresses to receive completed surveys, or configure entire dashboards to display results.
    • Decide who needs to receive all completed surveys in order to take action.
    • Decide whether the agent who resolved the ticket will have access to the full survey response. Note that if they see negative feedback, it may affect morale.
    • Are there any other stakeholders who should receive the immediate completed surveys, or can they view summary reports and dashboards of the results?

    Recommendations

    Most users won’t read a long message, especially if they see it multiple times, so keep the email short and simple. Tell users you value their feedback, indicate which interaction you’re asking about, and say how long the survey should take. Thank them after they submit and tell them you will act on their feedback.

    Recommendations

    Survey results should be sent to the Service Manager, Customer Experience Lead, or whoever is the person responsible for managing the survey feedback. They can choose how to share feedback with specific agents and the service desk team.

    Response rates for transactional surveys are typically low…

    Most IT organizations see transactional survey response rates of less than 20%.

    The image contains a screenshot of a SDI survey taken to demonstrate customer satisfaction respond rate.

    Source: SDI, 2018

    SDI’s 2018 Customer Experience in ITSM survey of service desk professionals found that 69% of respondents had survey response rates of 20% or less. However, they did not distinguish between transactional and relationship surveys.

    Reasons for low response rates:

    • Users tend to only respond if they had a very positive or very negative experience worth writing about, but don’t typically respond for interactions that go as expected or were average.
    • Survey is too long or complicated.
    • Users receive too many requests for feedback.
    • Too much time has passed since the ticket was submitted/resolved and the user doesn’t remember the interaction.
    • Users think their responses disappear into a black hole or aren’t acted upon so they don’t see the value in taking the time to respond. Or, they don’t trust the confidentiality of their responses.

    “In my experience, single digits are a sign of a problem. And a downward trend in response rate is also a sign of a problem. World-class survey response rates for brands with highly engaged customers can be as high as 60%. But I’ve never seen it that high for internal support teams. In my experience, if you get a response rate of 15-20% from your internal customers then you’re doing okay. That’s not to say you should be content with the status quo, you should always be looking for ways to increase it.”

    – David O’Reardon, Founder & CEO of Silversix

    … but there are steps you can take to maximize your response rate

    It is still difficult to achieve high response rates to transactional surveys, but you can at least increase your response rate with these strategies:

    1. Reduce frequency
    2. Don’t over-survey any one user or they will start to ignore the surveys.

    3. Send immediately
    4. Ask for feedback soon after the ticket was resolved so it’s fresh in the user’s memory.

    5. Make it short and simple
    6. Keep the survey short, concise, and simple to respond to.

    7. Make it easy to complete
    8. Minimize effort involved as much as possible. Allow users to respond directly from email and from any device.

    9. Change email messaging
    10. Experiment with your subject line or email messaging to draw more attention.

    11. Respond to feedback
    12. Respond to customers who provide feedback – especially negative – so they know you’re listening.

    13. Act on feedback
    14. Demonstrate that you are acting on feedback so users see the value in responding.

    Use Info-Tech’s survey template as a starting point

    Once you’ve worked through all the decisions in this step, you’re ready to configure your transactional survey in your ITSM solution or survey tool.

    As a starting point, you can leverage Info-Tech’s Transactional Service Desk Survey Templatee to design your templates and wording.

    Make adjustments to match your decisions or your configuration limitations as needed.

    Refer to the key decisions tables on slides 24 and 25 to ensure you’ve made all the configurations necessary as you set up your survey.

    The image contains a screenshot of Info-Tech's survey templates.

    Design and implement relationship surveys

    Phase 3

    Understand why and how to design a survey to assess overall satisfaction with the service desk across your organization, or use Info-Tech’s diagnostic.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    How can we evaluate overall Service Desk service quality?

    Evaluating service quality in any industry is challenging for both those seeking feedback and those consuming the service: “service quality is more difficult for the consumer to evaluate than goods quality.”

    You are in the position of trying to measure something intangible: customer perception, which “result[s] from a comparison of consumer expectations with actual service performance,” which includes both the service outcome and also “the process of service delivery”

    (Source: Parasuraman et al, 1985, 42).

    Your mission is to design a relationship survey that is:

    • Comprehensive but not too long.
    • Easy to understand but complex enough to capture enough detail.
    • Able to capture satisfaction with both the outcome and the experience of receiving the service.

    Use relationship surveys to measure overall service desk service quality

    Recall the definition of a relationship survey:

    • Survey that is sent periodically (i.e. semi-annually or annually) to the entire customer base to measure the overall relationship with the service desk.
    • Shows you where your customer experience is doing well and where it needs improving.
    • Asks customers to rate you based on their overall experience rather than on a specific product or interaction.
    • Longer and more comprehensive than transactional surveys, covering multiple dimensions/ topics.

    Relationship surveys serve several purposes:

    • Gives end users an opportunity to provide overall feedback on a wider range of experiences with IT.
    • Gives IT the opportunity to respond to feedback and show users their voices are heard.
    • Provides insight into year-over-year trends and customer satisfaction.
    • Provides IT leaders the opportunity to segment the results by demographic (e.g. by department, location, or seniority) and target improvements where needed most.
    • Feeds into strategic planning and annual reports on user experience and satisfaction

    Info-Tech Insight

    Annual relationship surveys provide great value in the form of year-over-year internal benchmarking data, which you can use to track improvements and validate the impact of your service improvement efforts.

    Understand the gaps that decrease service quality

    The Service Quality Model (Parasuraman, Zeithaml and Berry, 1985) shows how perceived service quality is negatively impacted by the gap between expectations for quality service and the perceptions of actual service delivery:

    Gap 1: Consumer expectation – Management perception gap:

    Are there differences between your assumptions about what users want from a service and what those users expect?

    Gap 2: Management perception – Service quality specification gap:

    Do you have challenges translating user expectations for service into standardized processes and guidelines that can meet those expectations?

    Gap 3: Service quality specifications – Service delivery gap:

    Do staff members struggle to carry out the service quality processes when delivering service?

    Gap 4: Service delivery – External communications gap:

    Have users been led to expect more than you can deliver? Alternatively, are users unaware of how the organization ensures quality service, and therefore unable to appreciate the quality of service they receive?

    Gap 5: Expected service – Perceived service gap:

    Is there a discrepancy between users’ expectations and their perception of the service they received (regardless of any user misunderstanding)?

    The image contains a screenshot of the Service Quality Model to demonstrate the consumer and consumers.

    Your survey questions about service and support should provide insight into where these gaps exist in your organization

    Make key decisions ahead of launch

    Decision/step Considerations
    Align the relationship survey with your goals Align what is motivating you to launch the survey at this time and the outcomes it is intended to feed into.
    Identify what you’re measuring Clarify the purpose of the questions. Are you measuring feedback on your service desk, specifically? On all of IT? Are you trying to capture user effort? User satisfaction? These decisions will affect how you word your questions.
    Determine a framework for your survey Reporting on results and tracking year-over-year changes will be easier if you design a basic framework that your survey questions fall into. Consider drawing on an existing service quality framework to match best practices in other industries.
    Cover logistical details Designing a relationship survey requires attention to many details that may initially be overlooked: the survey’s length and timing, who it should be sent to and how, what demographic info you need to collect to slice and dice the results, and if it will be possible to conduct the survey anonymously.
    Design question wording It is important to keep questions clear and concise and to avoid overly lengthy surveys.
    Select answer scales The answer scales you select will depend on how you have worded the questions. There is a wide range of answer scales available to you; decide which ones will produce the most meaningful data.
    Test the survey Testing the survey before widely distributing it is key. When collecting feedback, conduct at least a few in person observations of someone taking the survey to get their unvarnished first impressions.
    Monitor and maximize your response rate Ensure success by staying on top of the survey during the period it is open.

    Align the relationship survey with your goals

    What is motivating you to launch the survey at this time?

    Is there a renewed focus on customer service satisfaction? If so, this survey will track the initiative’s success, so its questions must align with the sponsors’ expectations.

    Are you surveying customer satisfaction in order to comply with legislation, or directives to measure customer service quality?

    What objectives/outcomes will this survey feed into?

    What do you need to report on to your stakeholders? Have they communicated any expectations regarding the data they expect to see?

    Does the CIO want the annual survey to measure end-user satisfaction with all of IT?

    • Or do you only want to measure satisfaction with one set of processes (e.g. Service Desk)?
    • Are you seeking feedback on a project (e.g. implementation of new ERP)?
    • Are you seeking feedback on the application portfolio?

    In 1993 the U.S. president issued an Executive Order requiring executive agencies to “survey customers to determine the kind and quality of services they want and their level of satisfaction with existing services” and “post service standards and measure results against them.” (Clinton, 1993)

    Identify what you’re measuring

    Examples of Measures

    Clarify the purpose of the questions

    Each question should measure something specific you want to track and be phrased accordingly.

    Are you measuring feedback on the service desk?

    Service desk professionalism

    Are you measuring user satisfaction?

    Service desk timeliness

    Your customers’ happiness with aspects of IT’s service offerings and customer service

    Trust in agents’ knowledge

    Users’ preferred ticket intake channel (e.g. portal vs phone)

    Satisfaction with self-serve features

    Are you measuring user effort?

    Are you measuring feedback on IT overall?

    Satisfaction with IT’s ability to enable the business

    How much effort your customer needs to put forth to accomplish what they wanted/how much friction your service causes or alleviates

    Satisfaction with company-issued devices

    Satisfaction with network/Wi-Fi

    Satisfaction with applications

    Info-Tech Insight

    As you compose survey questions, decide whether they are intended to capture user satisfaction or effort: this will influence how the question is worded. Include a mix of both.

    Determine a framework for your survey

    If your relationship survey covers satisfaction with service support, ensure the questions cover the major aspects of service quality. You may wish to align your questions on support with existing frameworks: for example, the SERVQUAL service quality measurement instrument identifies 5 dimensions of service quality: Reliability, Assurance, Tangibles, Empathy, and Responsiveness (see below). As you design the survey, consider if the questions relate to these five dimensions. If you have overlooked any of the dimensions, consider if you need to revise or add questions.

    Service dimension

    Definition

    Sample questions

    Reliability

    “Ability to perform the promised service dependably and accurately”1

    • How satisfied are you with the effectiveness of Service Desk’s ability to resolve reported issues?

    Assurance

    “Knowledge and courtesy of employees and their ability to convey trust and confidence”2

    • How satisfied are you with the technical knowledge of the Service Desk staff?
    • When you have an IT issue, how likely are you to contact Service Desk by phone?

    Tangibles

    “Appearance of physical facilities, equipment, personnel, and communication materials”3

    • How satisfied are you that employees in your department have all the necessary technology to ensure optimal job performance?
    • How satisfied are you with IT’s ability to communicate to you regarding the information you need to perform your job effectively?

    Empathy

    “Caring, individualized attention the firm provides its customers”4

    • How satisfied are you that IT staff interact with end users in a respectful and professional manner?

    Responsiveness

    “Willingness to help customers and provide prompt service”5

    • How satisfied are you with the timeliness of Service Desk’s resolution to reported issues?
    1-5. Arlen, Chris,2022. Paraphrasing Zeithaml, Parasuraman, and Berry, 1990.

    Cover logistical details of the survey

    Identify who you will send it to

    Will you survey your entire user base or a specific subsection? For example, a higher education institution may choose to survey students separately from staff and faculty. If you are gathering data on customer satisfaction with a specific implementation, only survey the affected stakeholders.

    Determine timing

    Avoid sending out the survey during known periods of time pressure or absence (e.g. financial year-end, summer vacation).

    Decide upon its length

    Consider what survey length your users can tolerate. Configure the survey to show the respondents’ progression or their percentage complete.

    Clearly introduce the survey

    The survey should begin with an introduction that thanks users for completing the survey, indicates its length and anonymity status, and conveys how the data will be used, along with who the participants should contact with any questions about the survey.

    Decide upon incentives

    Will you incentivize participation (e.g. by entering the participants in a draw or rewarding highest-participating department)?

    Collect demographic information

    Ensure your data can be “sliced and diced” to give you more granular insights into the results. Ask respondents for information such as department, location, seniority, and tenure to help with your trend analysis later.

    Clarify if anonymous

    Users may be more comfortable participating if they can do so anonymously (Quantisoft, n.d.). If you promise anonymity, ensure your survey software/ partner can support this claim. Note the difference between anonymity (identity of participant is not collected) and confidentiality (identifying data is collected but removed from the reported results).

    Decide how to deliver the survey

    Will you be distributing the survey yourself through your own licensed software (e.g. through Microsoft Forms if you are an MS shop)? Or, will you be partnering with a third-party provider? Is the survey optimized for mobile? Some find up to 1/3 of participants use mobile devices for their surveys (O’Reardon, 2018).

    Use the Sample Size Calculator to determine your ideal sample size

    Use Info-Tech’s Sample Size Calculator to calculate the number of people you need to complete your survey to have statistically representative results.

    The image contains a screenshot of the Sample Size Calculator.

    In the example above, the service desk supports 1000 total users (and sent the survey to each one). To be 95% confident that the survey results fall within 5% of the true value (if every user responded), they would need 278 respondents to complete their survey. In other words, to have a sample that is representative of the whole population, they would need 278 completed surveys.

    Explanation of terms:

    Confidence Level: A measure of how reliable your survey is. It represents the probability that your sample accurately reflects the true population (e.g. your entire user base). The industry standard is typically 95%. This means that 95 times out of 100, the true data value that you would get if you surveyed the entire population would fall within the margin of error.

    Margin of Error: A measure of how accurate the data is, also known as the confidence interval. It represents the degree of error around the data point, or the range of values above and below the actual results from a survey. A typical margin of error is 5%. This means that if your survey sample had a score of 70%, the true value if you sampled the entire population would be between 65% and 75%. To narrow the margin of error, you would need a bigger sample size.

    Population Size: The total set of people you want to study with your survey. For example, the total number of users you support.

    Sample Size: The number of people who participate in your survey (i.e. complete the survey) out of the total population.

    Info-Tech’s End-User Satisfaction Diagnostics

    If you choose to leverage a third-party partner, an Info-Tech satisfaction survey may already be part of your membership. There are two options, depending on your needs:

    I need to measure and report customer satisfaction with all of IT:

    • IT’s ability to enable the organization to meet its existing goals, innovate, adapt to business needs, and provide the necessary technology.
    • IT’s ability to provide training, respond to feedback, and behave professionally.
    • Satisfaction with IT services and applications.

    Both products measure end-user satisfaction

    One is more general to IT

    One is more specific to service desk

    I need to measure and report more granularly on Service Desk customer satisfaction:

    • Efficacy and timeliness of resolutions
    • Technical and communication skills
    • Ease of contacting the service desk
    • Effectiveness of portal/ website
    • Ability to collect and apply user feedback

    Choose Info-Tech's End User Satisfaction Survey

    Choose Info-Tech’s Service Desk Satisfaction Survey

    Design question wording

    Write accessible questions:

    Instead of this….

    Ask this….

    48% of US adults meet or exceed PIACC literacy level 3 and thus able to deal with texts that are “often dense or lengthy.”

    52% of US adults meet level 2 or lower.

    Keep questions clear and concise. Avoid overly lengthy surveys.

    Source: Highlights of the 2017 U.S. PIAAC Results Web Report
    1. How satisfied are you with the response times of the service desk?
    2. How satisfied are you with the timeliness of the service desk?

    Users will have difficulty perceiving the difference between these two questions.

    1. How satisfied are you with the time we take to acknowledge receipt of your ticket?
    2. How satisfied are you with the time we take to completely resolve your ticket?

    Tips for writing survey questions:

    “How satisfied are you with the customer service skills, knowledge, and responsiveness of the technicians?”

    This question measures too many things and the data will not be useful.

    Choose only one to ask about.

    • Cut out any unnecessary words or phrasing. Highlight/bold key words or phrases.
    • Avoid biasing or leading respondents to select a certain answer.
    • Don’t attempt to measure multiple constructs in a single question.

    “On a scale of 1-10, thinking about the past year, how satisfied would you say that you were overall with the way that your tickets were resolved?”

    This question is too wordy.

    “How satisfied were you with your ticket resolution?”

    Choose answer scales that best fit your questions and reporting needs

    Likert scale

    Respondents select from a range of statements the position with which they most agree:

    E.g. How satisfied are you with how long it generally takes to resolve your issue completely?

    E.g. Very dissatisfied/Somewhat dissatisfied/ Neutral/ Somewhat satisfied/ Very satisfied/ NA

    Frequency scale

    How often does the respondent have to do something, or how often do they encounter something?

    E.g. How frequently do you need to re-open tickets that have been closed without being satisfactorily resolved?

    E.g. Never/ Rarely/ Sometimes/ Often/ Always/ NA

    Numeric scale

    By asking users to rate their satisfaction on a numeric scale (e.g., 1-5, 1-10), you can facilitate reporting on averages:

    E.g. How satisfied are you with IS’s ability to provide services to allow the organization to meet its goals?

    E.g. 1 – Not at all Satisfied to 10 – Fully Satisfied / NA

    Forced ranking

    Learn more about your users’ priorities by asking them to rank answers from most to least important, or selecting their top choices (Sauro, 2018):

    E.g. From the following list, drag and drop the 3 aspects of our service that are most important to you into the box on the right.

    Info-Tech Insight

    Always include an optional open-ended question, which allows customers to provide more feedback or suggestions.

    Test the survey before launching

    Review your questions for repetition and ask for feedback on your survey draft to discover if readers interpret the questions differently than you intended.

    Test the survey with different stakeholder groups:

    • IT staff: To discover overlooked topics.
    • Representatives of your end-user population: To discover whether they understand the intention of the questions.
    • Executives: To validate whether you are capturing the data they are interested in reporting on.

    Testing methodology:

    • Ask your test subjects to take the survey in your presence so you can monitor their experience as they take it.
    • Ask them to narrate their experience as they take the survey.
    • Watch for:
      • The time it takes to complete the survey.
      • Moments when they struggle or are uncertain with the survey’s wording.
      • Questions they find repetitive or pointless.

    Info-Tech Insight

    In the survey testing phase, try to capture at least a few real-time responses to the survey. If you collect survey feedback only once the test is over, you may miss some key insights into the user experience of navigating the survey.

    “Follow the golden rule: think of your audience and what they may or may not know. Think about what kinds of outside pressures they may bring to the work you’re giving them. What time constraints do they have?”

    – Sally Colwell, Project Officer, Government of Canada Pension Centre

    Monitor and maximize your response rate

    Ensure success by staying on top of the survey during the period it is open.

    • When will your users complete the survey? You know your own organization’s culture best, but SurveyMonkey found that weekday survey responses peaked at mid-morning and mid-afternoon (Wronski). Ensure you send the communication at a time it will not be overlooked. For example, some studies found Mondays to have higher response rates; however, the data is not consistent (Amaresan, 2021). Send the survey at a time you believe your users are least likely to be inundated with other notifications.
    • Have a trusted leader send out the first communication informing the end-user base of the survey. Ensure the recipient understands your motivation and how their responses will be used to benefit them (O’Reardon, 2016). Remind them that participating in the survey benefits them: since IT is taking actions based on their feedback, it’s their chance to improve their employee experience of the IT services and tools they use to do their job.
    • In the introductory communication, test different email subject lines and email body content to learn which versions increase respondents’ rates of opening the survey link, and “keep it short and clear” (O’Reardon, 2016).
    • If your users tend to mistrust emailed links due to security training, tell them how to confirm the legitimacy of the survey.

    “[Send] one reminder to those who haven’t completed the survey after a few days. Don’t use the word ‘reminder’ because that’ll go straight in the bin, better to say something like, ‘Another chance to provide your feedback’”

    – David O’Reardon, Founder & CEO of Silversix

    Analyze and act on feedback

    Phase 4

    Measure and analyze the results of both surveys and build a plan to act on both positive and negative feedback and communicate the results with the organization.

    Phase 1:

    Phase 2:

    Phase 3:

    Phase 4:

    Understand how to measure customer satisfaction

    Design and implement transactional surveys

    Design and implement relationship surveys

    Analyze and act on feedback

    Leverage the service recovery paradox to improve customer satisfaction

    The image contains a screenshot of a graph to demonstrate the service recovery paradox.

    A service failure or a poor experience isn’t what determines customer satisfaction – it’s how you respond to the issue and take steps to fix it that really matters.

    This means one poor experience with the service desk doesn’t necessarily lead to an unhappy user; if you quickly and effectively respond to negative feedback to repair the relationship, the customer may be even happier afterwards because you demonstrated that you value them.

    “Every complaint becomes an opportunity to turn a bad IT customer experience into a great one.”

    – David O’Reardon, Founder & CEO of Silversix

    Collecting feedback is only the first step in the customer feedback loop

    Closing the feedback loop is one of the most important yet forgotten steps in the process.

    1. Collect Feedback
    • Send transactional surveys after every ticket is resolved.
    • Send a broader annual relationship survey to all users.
  • Analyze Feedback
    • Calculate satisfaction scores.
    • Read open-ended comments.
    • Analyze for trends, categories, common issues and priorities.
  • Act on Feedback
    • Respond to users who provided feedback.
    • Make improvements based on feedback.
  • Communicate Results
    • Communicate feedback results and improvements made to respondents and to service desk staff.
    • Summarize results and actions to key stakeholders and business leaders.

    Act on feedback to get the true value of your satisfaction program

    • SDI (2018) survey data shows that the majority of service desk professionals are using their customer satisfaction data to feed into service improvements. However, 30% still aren’t doing anything with the feedback they collect.
    • Collecting feedback is only one half of a good customer feedback program. Acting on that feedback is critical to the success of the program.
    • Using feedback to make improvements not only benefits the service desk but shows users the value of responding and will increase future response rates.
    The image contains a screenshot of a bar graph that demonstrates SDI: What do service desk professionals do with customer satisfaction data?

    “Your IT service desk’s CSAT survey should be the means of improving your service (and the employee experience), and something that encourages people to provide even more feedback, not just the means for understanding how well it’s doing”

    – Joe the IT Guy, SysAid

    Assign responsibility for acting on feedback

    If collecting and analyzing customer feedback is something that happens off the side of your desk, it either won’t get done or won’t get done well.

    • Formalize the customer satisfaction program. It’s not a one-time task, but an ongoing initiative that requires significant time and dedication.
    • Be clear on who is accountable for the program and who is responsible for all the tasks involved for both transactional and relationship survey data collection, analysis, and communication.

    Assign accountability for the customer feedback program to one person (i.e. Service Desk Manager, Service Manager, Infrastructure & Operations Lead, IT Director), who may take on or assign responsibilities such as:

    • Designing surveys, including survey questions and response options.
    • Configuring survey(s) in ITSM or survey tool.
    • Sending relationship surveys and subsequent reminders to the organization.
    • Communicating results of both surveys to internal staff, business leaders, and end users.
    • Analyzing results.
    • Feeding results into improvement plans, coaching, and training.
    • Creating reports and dashboards to monitor scores and trends.

    Info-Tech Insight

    While feedback can feed into internal coaching and training, the goal should never be to place blame or use metrics to punish agents with poor results. The focus should always be on improving the experience for end users.

    Determine how and how often to analyze feedback data

    • Analyze and report scores from both transactional and relationship surveys to get a more holistic picture of satisfaction across the organization.
    • Determine how you will calculate and present satisfaction ratings/scores, both overall and for individual questions. See tips on the right for calculating and presenting NPS and CSAT scores.
    • A single satisfaction score doesn’t tell the full story; calculate satisfaction scores at multiple levels to determine where improvements are most needed.
      • For example, satisfaction by service desk tier, team or location, by business department or location, by customer group, etc.
    • Analyze survey data regularly to ensure you communicate and act on feedback promptly and avoid further alienating dissatisfied users. Transactional survey feedback should be reviewed at least weekly, but ideally in real time, as resources allow.

    Calculating NPS Scores

    Categorize respondents into 3 groups:

    • 9-10 = Promoters, 7-8 = Neutral, 1-6 = Detractors

    Calculate overall NPS score:

    • % Promoters - % Detractors

    Calculating CSAT Scores

    • CSAT is usually presented as a percentage representing the average score.
    • To calculate, take the total of all scores, divide by the maximum possible score, then multiply by 100. For example, a satisfaction rating of 80% means on average, users gave a rating of 4/5 or 8/10.
    • Note that some organizations present CSAT as the percentage of “satisfied” users, with satisfied being defined as either “yes” on a two-point scale or a score of 4 or 5 on a 5-point scale. Be clear how you are defining your satisfaction rating.

    Don’t neglect qualitative feedback

    While it may be more difficult and time-consuming to analyze, the reward is also greater in terms of value derived from the data.

    Why analyze qualitative data

    How to analyze qualitative data

    • Quantitative data (i.e. numerical satisfaction scores) tells you how many people are satisfied vs dissatisfied, but it doesn’t tell you why they feel that way.
    • If you limit your data analysis to only reporting numerical scores, you will miss out on key insights that can be derived from open-ended feedback.
    • Qualitative data from open-ended survey questions provides:
      • Explanations for the numbers
      • More detailed insight into why respondents feel a certain way
      • More honest and open feedback
      • Insight into areas you may not have thought to ask about
      • New ideas and recommendations

    Methods range in sophistication; choose a technique depending on your tools available and goals of your program.

    1. Manual 2. Semi-automated 3. AI & Analysis Tools
    • Read all comments.
    • Sort into positive vs negative groups.
    • Add tags to categorize comments (e.g. by theme, keyword, service).
    • Look for trends and priorities, differences across groups.
    • Run a script to search for specific keywords.
    • Use a word cloud generator to visualize the most commonly mentioned words (e.g. laptop, email).
    • Due to limitations, manual analysis will still be necessary.
    • Use a feedback analysis/text analysis tool to mine feedback.
    • Software will present reports and data visualizations of common themes.
    • AI-powered tools can automatically detect sentiment or emotion in comments or run a topic analysis.

    Define a process to respond to both negative and positive feedback

    Successful customer satisfaction programs respond effectively to both positive and negative outcomes. Late or lack of responses to negative comments may increase customer frustration, while not responding at all to the positive comments may give the perception of indifference.

    1. Define what qualifies as a positive vs negative score
    2. E.g. Scores of 1 to 2 out of 5 are negative, scores of 4 to 5 out of 5 are positive.

    3. Define process to respond to negative feedback
    • Negative responses should go directly to the Service Desk Manager or whoever is accountable for feedback.
    • Set an SLO for when the user will be contacted. It should be within 24h but ideally much sooner.
    • Investigate the issue to understand exactly what happened and get to the root cause.
    • Identify remediation steps to ensure the issue does not occur again.
    • Communicate to the customer the action you have taken to improve.
  • Define process to respond to positive feedback
    • Positive responses should also be reviewed by the person accountable for feedback, but the timeline to respond may be longer.
    • Show respondents that you value their time by thanking them for responding. Showing appreciate helps to build a long-term relationship with the user.
    • Share positive results with the team to improve morale, and as a coaching/training mechanism.
    • Consider how to use positive feedback as an incentive or reward.

    Build a plan to communicate results to various stakeholders

    Regular communication about your feedback results and action plan tied to those results is critical to the success of your feedback program. Build your communication plan around these questions:

    1. Who should receive communication?

    Each audience will require different messaging, so start by identifying who those audiences are. At a minimum, you should communicate to your end users who provided feedback, your service desk/IT team, and business leaders or stakeholders.

    2. What information do they need?

    End users: Thank them for providing feedback. Demonstrate what you will do with that feedback.

    IT team: Share results and what you need them to do differently as a result.

    Business leaders: Share results, highlight successes, share action plan for improvement.

    3. Who is responsible for communication?

    Typically, this will be the person who is accountable for the customer feedback program, but you may have different people responsible for communicating to different audiences.

    4. When will you communicate?

    Frequency of communication will depend on the survey type – relationship or transactional – as well as the audience, with internal communication being much more frequent than end-user communication.

    5. How will you communicate?

    Again, cater your approach to the audience and choose a method that will resonate with them. End users may view an email, an update on the portal, a video, or update in a company meeting; your internal IT team can view results on a dashboard and have regular meetings.

    Communication to your users impacts both response rates and satisfaction

    Based on the Customer Communication Cycle by David O’Reardon, 2018
    1. Ask users to provide feedback through transactional and relationship surveys.
    2. Thank them for completing the survey – show that you value their time, regardless of the type of feedback they submitted.
    3. Be transparent and summarize the results of the survey(s). Make it easy to digest with simple satisfaction scores and a summary of the main insights or priorities revealed.
    4. Before asking for feedback, explain how you will use feedback to improve the service. After collecting feedback, share your plan for making improvements based on what the data told you.
    5. After you’ve made changes, communicate again to share the results with respondents. Make it clear that their feedback had a direct result on the service they receive. Communicating this before running another survey will also increase the likelihood of respondents providing feedback again.

    Info-Tech Insight

    Focus your communications to users around them, not you. Demonstrate that you need feedback to improve their experience, not just for you to collect data.

    Translate feedback into actionable improvements

    Taking action on feedback is arguably the most important step of the whole customer feedback program.

    Prioritize improvements

    Prioritize improvements based on low scores and most commonly received feedback, then build into an action plan.

    Take immediate action on negative feedback

    Investigate the issue, diagnose the root cause, and repair both the relationship and issue – just like you would an incident.

    Apply lessons learned from positive feedback

    Don’t neglect actions you can take from positive feedback – identify how you can expand upon or leverage the things you’re doing well.

    Use feedback in coaching and training

    Share positive experiences with the team as lessons learned, and use negative feedback as an input to coaching and training.

    Make the change stick

    After making a change, train and communicate it to your team to ensure the change sticks and any negative experiences don’t happen again.

    “Without converting feedback into actions, surveys can become just a pointless exercise in number watching.”

    – David O’Reardon, Founder & CEO of Silversix

    Info-Tech Insight

    Outline exactly what you plan to do to address customer feedback in an action plan, and regularly review that action plan to select and prioritize initiatives and monitor progress.

    For more guidance on tracking and prioritizing ongoing improvement initiatives, see the blueprints Optimize the Service Desk with a Shift Left Strategy and Build a Continual Improvement Plan for the Service Desk.

    Leverage Info-Tech resources to guide your improvement efforts

    Map your identified improvements to the relevant resource that can help:

    Improve service desk processes:

    Improve end-user self-service options:

    Assess and optimize service desk staffing:

    Improve ease of contacting the service desk:

    Standardize the Service Desk Optimize the Service Desk With a Shift-Left Strategy Staff the Service Desk to Meet Demand Improve Service Desk Ticket Intake

    Improve service desk processes:

    Improve end-user self-service options:

    Assess and optimize service desk staffing:

    Improve ease of contacting the service desk::

    Improve Incident and Problem Management Improve Incident and Problem Management Deliver a Customer Service Training Program to Your IT Department Modernize and Transform Your End-User Computing Strategy

    Map process for acting on relationship survey feedback

    Use Info-Tech’s Relationship Satisfaction Survey Review Process workflow as a template to define your own process.

    The image contains a screenshot of the Relationship Satisfaction Survey Review Process.

    Map process for acting on transactional survey feedback

    Use Info-Tech’s Transactional Satisfaction Survey Review Process workflow as a template to define your own process.

    The image contains a screenshot of the Transactional Satisfaction Survey Review Process.

    Related Info-Tech Research

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management to create a sustainable service desk.

    Optimize the Service Desk With a Shift-Left Strategy

    This project will help you build a strategy to shift service support left to optimize your service desk operations and increase end-user satisfaction.

    Build a Continual Improvement Plan

    This project will help you build a continual improvement plan for the service desk to review key processes and services and manage the progress of improvement initiatives.

    Deliver a Customer Service Training Program to Your IT Department

    This project will help you deliver a targeted customer service training program to your IT team to enhance their customer service skills when dealing with end users, improve overall service delivery and increase customer satisfaction.

    Sources Cited

    Amaresan, Swetha. “The best time to send a survey, according to 5 studies.” Hubspot. 15 Jun 2021. Accessed October 2022.
    Arlen, Chris. “The 5 Service Dimensions All Customers Care About.” Service Performance Inc. n.d. Accessed October 2022.
    Clinton, William Jefferson. “Setting Customer Service Standards.” (1993). Federal Register, 58(176).
    “Understanding Confidentiality and Anonymity.” The Evergreen State College. 2022. Accessed October 2022.
    "Highlights of the 2017 U.S. PIAAC Results Web Report" (NCES 2020-777). U.S. Department of Education. Institute of Education Sciences, National Center for Education Statistics.
    Joe the IT Guy. “Are IT Support’s Customer Satisfaction Surveys Their Own Worst Enemy?” Joe the IT Guy. 29 August 2018. Accessed October 2022.
    O’Reardon, David. “10 Ways to Get the Most out of your ITSM Ticket Surveys.” LinkedIn. 2 July 2019. Accessed October 2022.
    O'Reardon, David. "13 Ways to increase the response rate of your Service Desk surveys".LinkedIn. 8 June 2016. Accessed October 2022.
    O’Reardon, David. “IT Customer Feedback Management – A Why & How Q&A with an Expert.” LinkedIn. 13 March 2018. Accessed October 2022.
    Parasuraman, A., Zeithaml, V. A., & Berry, L. L. (1985). "A Conceptual Model of Service Quality and Its Implications for Future Research." Journal of Marketing, 49(4), 41–50.
    Quantisoft. "How to Increase IT Help Desk Customer Satisfaction and IT Help Desk Performance.“ Quantisoft. n.d. Accessed November 2022.
    Rumberg, Jeff. “Metric of the Month: Customer Effort.” HDI. 26 Mar 2020. Accessed September 2022.
    Sauro, Jeff. “15 Common Rating Scales Explained.” MeasuringU. 15 August 2018. Accessed October 2022.
    SDI. “Customer Experience in ITSM.” SDI. 2018. Accessed October 2022.
    SDI. “CX: Delivering Happiness – The Series, Part 1.” SDI. 12 January 2021. Accessed October 2022.
    Wronski, Laura. “Who responds to online surveys at each hour of the day?” SurveyMonkey. n.d. Accessed October 2022.

    Research contributors

    Sally Colwell

    Project Officer

    Government of Canada Pension Centre

    Prepare an Actionable Roadmap for Your PMO

    • Buy Link or Shortcode: {j2store}358|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $103,124 Average $ Saved
    • member rating average days saved: 55 Average Days Saved
    • Parent Category Name: Project Management Office
    • Parent Category Link: /project-management-office
    • Problems with project management offices (PMOs) often start with a lack of a clear definition of what the PMO is actually about and what the organization does.
    • Few organizations provide the minimum required services, and many are not using their PMOs effectively. Many people see the PMO as nothing more than the “project document police,” i.e. a source of red tape rather than a helpful support system. This impacts staffing and hiring.
    • The PMO is often misunderstood as a center for project management governance when it also needs to facilitate the communication of project data from project teams to decision makers to ensure that appropriate decisions get made around resourcing, approval of new projects, etc.
    • Accountability is something that is not clearly defined for many activities that flow through the PMO. Business leaders, project workers, and project managers are rarely as aligned as they need to be.

    Our Advice

    Critical Insight

    • There is a gap in the perception of the actual role of the PMO in many organizations by different stakeholder groups. Many people see the PMO as police that produce red tape rather than a helpful support system. Those that need to present a coherent plan to leadership to champion the need for a PMO often have an uphill battle.
    • Determine the PMO’s role and needs and then determine your staff needs based on that PMO.
    • Staff the PMO according to its actual role and needs. Don’t rush to the assumption that PMO staff starts with accomplished project managers.
    • The difference in a winning PMO is determined by a roadmap or plan created at the beginning.

    Impact and Result

    • Define a PMO with functions that work for you based on the needs of your organization and the gaps in services. A “fit-for-purpose” PMO is the right kind of PMO for your organization.
    • Determine your PMO staffing needs. Our approach to building a PMO starts by analyzing the staffing requirements of your PMO mandate.
    • Create purpose-built role descriptions. Once you understand the staff and skills you’ll need to succeed, we have job description aids you’ll need to fill the roles.

    Prepare an Actionable Roadmap for Your PMO Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare and Actionable Roadmap for Your PMO – An actionable deck to help you establish a valuable PMO.

    Before setting up or re-structuring a PMO, organizational need should not only be taken into consideration but used as a foundation. Phase 1 of this blueprint will help you define the services that your PMO should provide to your organization, instead of the one-size-fits-all approach that doesn’t work.

    • Prepare an Actionable Roadmap for Your PMO – Phases 1-3

    2. PMO Role Definition Tool – An Excel tool to help you define the services of your PMO.

    Use the PMO Role Definition Tool to establish your PMO current state and the service gaps you may have. Use the results to determine the role your PMO should play within your organization.

    • PMO Role Definition Tool

    3. PMO Project Charter – A template to formalize your PMO and make sure everyone is on the same page.

    The PMO Project Charter shares the vision to achieve consensus between stakeholders and projects and initiatives of the PMO. Use this template to jump-start your PMO project.

    • PMO Project Charter

    4. Blank Job Description Template – A template to create different job descriptions from.

    Use this template to create your job descriptions from scratch.

    • Blank Job Description Template

    5. Portfolio Manager Job Description – A clear and realistic job description template for a Portfolio Manager.

    The Portfolio Manager will oversee the business of discovering unsatisfied needs, articulating them as project demand, and organizing appropriate responses. Your customers are the people who approve projects, and you will service them.

    • Portfolio Manager

    6. PMO Job Description Builder Workbook – An Excel tool to help you access PMO staffing requirements.

    This tool will help you assess staffing requirements to facilitate project management, business analysis, and organizational change management outcomes.

    • PMO Job Description Builder Workbook

    7. PMO Strategic Plan – A template to help you compose a PMO strategy.

    This template will help you compose a PMO strategy. Follow the steps in the blueprint to complete the strategy.

    • PMO Strategic Plan

    8. Organizational Change Impact Analysis Tool – An Excel tool to analyze the impact of change to the organization.

    Use the Organizational Change Impact Analysis Tool to analyze the effects of a change across the organization, and to assess the likelihood of adoption to right-size your OCM efforts.

    • Organizational Change Impact Analysis Tool

    9. PMO MS Project Plan – A template to map out timeline for completing the tasks to create your PMO.

    Use this tool to determine the next steps and assign tasks to the appropriate people.

    • PMO MS Project Plan Sample

    Infographic

    Workshop: Prepare an Actionable Roadmap for Your PMO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define

    The Purpose

    Get a common understanding of your PMO options.

    Determine where you are and engage leadership.

    Key Benefits Achieved

    A clear vision for your PMO and an articulated reason for establishing it.

    An understanding of you PMO goals and which challenges it sets to address.

    Activities

    1.1 PPM Current State Scorecard

    1.2 SWOT Analysis

    1.3 Current State and Leadership Engagement

    1.4 PMO Mandate and Vision

    Outputs

    PPM Current State Scorecard Results

    SWOT Results

    PMO Role Development Tool

    PMO Charter

    2 Staff

    The Purpose

    Identify organizational design.

    Build job descriptions.

    Key Benefits Achieved

    An analysis of staffing requirements of your PMO that aligns with your mandate from phase 1.

    Job description aids to fill the necessary roles.

    Activities

    2.1 Right, Wrong, Missing, Confusing

    2.2 PMO Function, Roles, and Responsibilities

    2.3 Job Descriptions

    Outputs

    Right, Wrong, Missing, Confusing Results

    Job Description Survey Tool

    Job Description Templates

    3 Plan

    The Purpose

    Create a roadmap.

    Key Benefits Achieved

    An actionable roadmap that can be presented to leadership and implemented.

    Activities

    3.1 Roadmap Hierarchy and Staffing and Sizing

    3.2 Governance and Authority

    Outputs

    PMO Roadmap Draft

    Governance Authority

    4 Change

    The Purpose

    Set up governance and OCM.

    Key Benefits Achieved

    An introduction to the concept of governance and tools for a change impact analysis.

    Activities

    4.1 Analyze the impact of the change across multiple dimensions and stakeholder groups.

    4.2 Gain sponsorship.

    Outputs

    Organizational Change Impact Analysis Tool

    Sponsor Template

    Further reading

    Prepare an Actionable Roadmap for Your PMO

    Turn planning into action with a realistic PMO timeline.

    EXECUTIVE BRIEF

    Analyst Perspective

    Prepare an actionable roadmap for your PMO.

    Photo of Ugbad Farah, PMP, Senior Research Analyst, PPM, Info-Tech Research Group

    We all have junk drawers somewhere in our homes, and we probably try not to think about what’s going on in there. We’re just happy that they close and that the contents are concealed from anyone living in or passing through the house.

    What goes in these junk drawers? Things that don’t have a home, things you don’t know what to do with, and things you don’t have the time or desire to deal with. Eventually, the drawer gets full, and it doesn’t serve you anymore because you can’t add anything else to it. Instead of cleaning the drawer and keeping the things you need, you throw everything away in one sweep. One day you will start the process again.

    The junk drawer is like your project management office (PMO). The PMO is given projects that are barely scoped, projects that don’t have clear sponsors, and ad hoc administrative tasks you don’t have the time or desire to deal with. Inevitably, your PMO is out of capacity. This happens rather quickly, since it’s understaffed. You question its purpose because you made it a junk drawer. You even think about closing it. One day you will start the process again.

    Use this blueprint to stop the madness. Learn how to properly define, staff, and plan a roadmap of a PMO that will actually serve your organization.

    Ugbad Farah, PMP
    Senior Research Analyst, PPM
    Info-Tech Research Group

    Your challenge

    This research is designed to help organizations that are facing these challenges:

    • No visibility into projects
    • The organization views the PMO as unnecessary overhead
    • The PMO is not properly staffed to support the organization’s needs
    • Project managers/staff aren’t providing information or following processes
    • Leadership and sponsors are disengaged

    Pie chart of 'IT Time Allocation by Area'. The grey section on the bottom left represents 'Projects and Project Portfolio Management, 11.5%'.
    IT is responsible for many different business services. The data from Info-Tech’s IT Staffing diagnostic shows that 11.5% of staff time is spent on projects and project portfolio management. (Source: Info-Tech IT Staffing Benchmark Report)

    PMOs can’t do everything and be all things to all people. Define limits with a strong mandate and effective staffing. Make sure you have the skills and capacity to support required PMO functions.

    Project management chaos

    PMOs get pulled into the day-to-day project and resourcing issues, making it difficult to focus on running a portfolio:

    1. Teammates seem unphased by overdue tasks and missed milestones.
    2. Fire drills may happen more often than planned projects.
    3. Resources are allocated and then redirected to something more urgent.
    4. Communication that’s stuck in silos, leading to confusion about priorities.
    5. Due dates mysteriously shift without explanation.
    6. Project teams are more focused on the due date than adoption and outcomes.

    Common obstacles

    IT and PMO leaders face several challenges.

    • Many people see the PMO as nothing more than the “project document police,” i.e. a source of red tape rather than a helpful support system. This impacts staffing and hiring.
    • The PMO is often misunderstood as a center for project management governance, when it also needs to facilitate the communication of project data from project teams to decision makers to ensure that appropriate decisions get made around resourcing, approval of new projects, etc.
    • Accountability is something that is not clearly defined for many activities that flow through the PMO. Business leaders, project workers, and project managers are rarely as aligned as they need to be.

    The Reality

    68% — Sixty-eight percent of stakeholders see their PMOs as sources of unnecessary bureaucratic red tape. (Source: KeyedIn, 2014)

    50% — Fifty percent of PMOs close within the first three years due to such things as poorly defined mandates and poor leadership. (Source: KeyedIn, 2014)

    Info-Tech’s approach

    Prepare an Actionable Roadmap for Your PMO

    The Info-Tech difference:

    1. Get a departmental job description first. Defining your PMO may not be as simple as it seems. Explore the boundaries of portfolio, project, resource, and organizational change management before jumping ahead with processes and tools.
    2. The staffing plan should come before your long-term plan. Get buy-in around your definition of the roles needed to run your PMO before articulating a long-term plan. Too often, plans have been accepted without the commensurate level of staffing. Our approach gives you a chance to put hiring on the roadmap as a predecessor to accountability.
    3. Keep your eye on the ball. Build your PMO around the operational imperative to recognize completed projects as an early milestone in broader changes. In other words, projects exist to create change.

    Prepare an Actionable Roadmap for your PMO

    Turn planning into action with a realistic PMO timeline.

    50% of PMOs close within the first 3 years.

    Logo for Info-Tech.


    Logo for ITRG.

    01 Define

    DEFINE THE RIGHT KIND OF PMO

    Establish the purpose of your PMO. Identify organizational needs to fill in gaps instead of duplicating efforts.

    LOGICAL FALLACY
    “If we approve more work, we'll get more done.”

    A properly run portfolio reconciles demand (project requests) to supply (available people) and drives throughput by approving the amount of projects that can get done.

    02 Staff

    STAFF THE PMO FOR RESILIENCE

    Analyze the staffing requirements for your PMOs mandate. Create purpose-built role descriptions.

    FALSE ASSUMPTION
    “Our best project manager should run the PMO.”

    Your best project manager should be running projects and, no, they shouldn't do both.

    03 Plan

    PREPARE AN ACTIONABLE ROADMAP

    The difference in a winning PMO is determined by a roadmap or plan created at the beginning. Leaders should understand the full scope of the plan before committing their teams to the project.

    COMMON MISTAKE
    “We'll get great at project management now and worry about portfolio management later.”

    Too often, PMOs focus on project management rigor and plan to do portfolio management after that's done. But few successfully maintain the process long enough to get there. If you start with portfolio management, leadership might soften their demands for project management rigor.

    04 Execute

    ALIGN TO STRATEGIC PLAN

    Use the power of organizational change management to ensure success and adoption. Iterate through the finer points of planning and execution to deploy the kind of PMO defined in step 1, with the people described in step 2, and the strategic roadmap articulated in step 3.

    PROJECT MYOPIA
    “Let's focus on delivering the project on time so we can move on to our next project.”

    Don't forget why the idea got approved in the first place. The goal is to sustain beneficial business outcomes well beyond the completion of your project.

    Info-Tech’s methodology for Preparing an Actionable Roadmap for Your PMO

    1. Define the PMO 2. Staff the PMO 3. Prepare a Roadmap
    Phase Steps
    1. Get a Common Understanding of Your PMO Options
    2. Determine Where You Are and Engage Leadership
    1. Identify Organizational Design
    2. Build Job Descriptions
    1. Create Roadmap
    2. Governance and OCM
    Phase Outcomes A clear vision for your PMO and an articulated reason for establishing it.
    An understanding of your PMO goals and which challenges it sets to address.
    An analysis of staffing requirements of your PMO that aligns with your mandate from phase 1. Job descriptions help to fill the necessary roles. An actionable roadmap that can be presented to leadership and implemented. An introduction to the concept of governance and tools for a change impact analysis.

    Insight summary

    Overarching insight

    There is a gap in the perception of the actual role of the PMO in many organizations by different stakeholder groups. Many people see the PMO police that produce red tape rather than a helpful support system. Those that need to present a coherent plan to leadership championing the need for a PMO often have an uphill battle.

    Phase 1 insight

    Determine the PMO’s role and needs and then determine your staff needs based on that PMO.

    PMO leaders are all too often set up to fail, left to make successes out of PMOs that:

    1. have poorly defined mandates;
    2. lack the proper resourcing to support the services the organization requires; or
    3. lack executive leadership, vision, and backing.

    Phase 2 insight

    Staff the PMO according to its actual role and needs. Don’t rush to the assumption that PMO staff starts with accomplished project managers.

    Many organizations have PMOs of one person, and it is simply not a long-term recipe for success. People in this situation have a lot of weight on their shoulders and feel like they are being set up to fail. It is very challenging for anyone to run a PMO alone without support or administrative help.

    Phase 3 insight

    The difference in a winning PMO is determined by a roadmap or plan created at the beginning.

    When you are determining what your PMO will provide in the future, it is important to align the ambition of the PMO with the maturity of the business. Too often, a lot of effort is spent trying to convince businesses of the value of a PMO.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    PMO Role Definition Tool Sample of the PMO Role Definition Tool deliverable. PMO Project Charter Template Sample of the PMO Project Charter Template deliverable.
    Blank Job Description Template
    Sample of the Blank Job Description Template deliverable.
    Sample Job Descriptions
    Sample of the Sample Job Descriptions deliverable.
    PMO Job Description Builder Workbook
    Sample of the PMO Job Description Builder Workbook deliverable.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    PMO Strategic Plan
    Sample of the PMO Strategic Plan deliverable.
    PMO MS Project Plan Sample
    Sample of the PMO MS Project Plan Sample deliverable.
    Organizational Change Impact Analysis Tool
    Sample of the Organizational Change Impact Analysis Tool deliverable.

    Benefits

    IT Benefits

    • Determine how you can fill gaps and not duplicate efforts to bring value to your organization.
    • Ensure that key PMO capabilities like portfolio management, project management, and organizational change management are in balance.
    • Staffing is purpose-driven. Avoid putting good people in the wrong role.

    Business Benefits

    • Intake and governance have a primary focus and are not merely afterthoughts of someone primarily focused on project management methodology.
    • Avoid unrealistic commitments by ensuring better upfront analysis of ability to execute.
    • Ensure appropriately mandated sponsor management.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

      Phase 1

    • Call #1: Scope requirements, objectives, and your specific challenges.
    • Call #2: Assess current state and determine PMO role/type.
    • Call #3: Complete job description survey.
    • Phase 2

    • Call #4: Analyze survey results and complete FTE analysis.
    • Call #5: Discuss necessary roles and create job descriptions.
    • Phase 3

    • Call #6: Discuss business goals and priorities.
    • Call #7: Identify and prioritize initiatives on roadmap.
    • Call #8: Discuss governance and organizational change.
    • Call #9: Summarize results in strategic plan and discuss next steps.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Define

    1.1 Review PPM Current State Scorecard Results

    1.2 Get a Common Understanding of Your PMO Options

    1.3 Conduct SWOT Analysis

    1.4 Current State and Leadership Engagement

    1.5 PMO Mandate and Vision

    Staff

    2.1 Identify Organizational Design

    2.2 Right, Wrong, Missing, Confusing

    2.3 PMO Function, Roles, and Responsibilities

    2.4 Job Descriptions

    Plan

    3.1 Roadmap Top-Level Hierarchy

    3.2 Roadmap Second-Level Hierarchy

    3.2 Staffing and Sizing

    3.3 Reconcile and Finalize Roadmap

    3.4 Governance and Authority

    Change

    4.1 Importance of OCM

    4.2 Sponsorship

    4.3 Analyze the Impact of the Change Across Multiple Dimensions and Stakeholder Groups

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. PPM Current State Scorecard
    2. SWOT Results
    3. PMO Role Development Tool
    4. PMO Charter
    1. Right, Wrong, Missing, Confusing Results
    2. Job Description Survey Tool
    3. Job Description Templates
    1. PMO Roadmap Draft
    2. Governance and Authority Activity
    1. Organizational Change Impact Analysis Tool
    2. Sponsor Template
    1. Completed PMO Roadmap draft
    2. PMO Strategic Plan draft

    Prepare an Actionable Roadmap for Your PMO

    Phase 1

    Define the Right Kind of PMO

    Phase 1

    • 1.1 Get a Common Understanding of Your PMO Options
    • 1.2 Determine Where You Are and Engage Your Leadership

    Phase 2

    • 2.1 Identify Organizational Design
    • 2.2. Build Job Descriptions

    Phase 3

    • 3.1 Create Roadmap
    • 3.2 Governance and OCM

    A PMO may not simply be an office of project managers

    Project management offices are evolving and taking on activities that differ from company to company.

    1915 1930s 1950s 1980s 1990s
    Frederick Taylor introduces the PMO with the implementation of the scientific management method and the increase in the number and complexity of projects. The US Air Corps creates a Project Office function to monitor aircraft development (probably the first record of the term being used). The US military starts developing complex missile systems. Each weapon system was composed of several sub-projects grouped together in system program offices (SPOs). This built the structures underlying the traditional PMO. The Project Office concept exported to construction and IT. The PMO gains a lot of momentum with professional associations and project management certifications becoming recognized industry standards.

    Organizations are confused about what a PMO is, whether they should have one, and what it should do

    PMBOK

    The responsibilities of a PMO can range from providing project management support functions to the direct management of one or more projects. The PMO is an organizational body assigned with various responsibilities related to the centralized and coordinated management of those projects under its domain.

    The PMO may play a role in supporting strategic alignment and delivering organizational value, integrating data and information for organizational strategic projects, and evaluating how higher-level strategic objectives are being fulfilled.

    COBIT

    The PMO can be responsible for portfolio maintenance, setting a standard approach for project and program and portfolio management.

    OPM

    The PMO is an organizational body assigned with various responsibilities related to the centralized and coordinated management of those projects under its domain.

    In an effort to set a standard, the governance frameworks have over complicated it for most of us.

    Use Info-Tech’s framework to create the PMO that works for your organization

    Determine the Services Your PMO Will Provide
    Manage your PMO services in alignment with your mandate and your organization’s needs.

    Establish Your PMO’s Mandate
    Figure out the purpose of your PMO and write it down so it’s clear to your leadership. Align your mandate to the organization’s needs.

    Ensure Organizational Needs Are Being Met
    Before you can decide on what your PMO will do, find out who’s doing what in your organization so you can fill gaps instead of duplicating efforts.

    Hierarchy of PMO Needs
    Hierarchy of PMO needs with 'Organizational Needs' as the base, 'PMO Mandate' in the middle, and 'PMO Services' at the top.

    Info-Tech Insight

    Consider the principles of Maslow’s Hierarchy of Needs, which view the lower tiers of the hierarchy as fundamentally required to validate the pursuit of the higher tiers.

    Step 1.1

    Get a Common Understanding of Your PMO Options

    Activities
    • 1.1.1 Review PMO Types
    • 1.1.2 SWOT Analysis

    This step will walk you through the following activities:

    • Review Info-Tech’s PMO Types
    • Complete a Strengths, Weaknesses, Opportunities, and Threats Analysis

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • Current state analysis
    Define the Right Kind of PMO
    Step 1.1 Step 1.2

    People mistake the PMO as only an office with project managers

    It sounded simple enough, but no one could really explain what it meant.

    PMOs are often born out of necessity or desperation. A traumatic event happens, and leadership decides that it wouldn’t have happened had there been a “Project Management Office.” The phrase itself is often quite reassuring and offers the hope of some sort of sanity and order.

    People may not really be able to explain what a PMO is, but they do have a common understanding that it should solve all project management issues. But simply prescribing the “PMO” as a remedy for every organizational alignment is not going to be sufficient. There are different types of PMOs and more importantly there are different types of organizations.

    Screenshot of a Google search for 'what is a project management office'.
    Google and the Google logo are trademarks of Google LLC.

    The PMI has described what a PMO could be

    The PMI does not have a standard for PMOs like it does for things like project, program, and portfolio management. Its PMO definitions should be used as more of a reference point than a best practice.

    But what should it do?

    • Supportive: Provides a consultative role to projects by supplying templates, best practices, training, access to information, and lessons learned from previous projects.
    • Controlling: Provides support and requires compliance through various means.
    • Directive: Takes control of the projects by directly executing them.

    The PMI described three types of PMOs. These three types are well known in the industry, but they are essentially characteristics and do little to help people understand the functions and services of a PMO. There continue to be questions about the role a PMO should play in an organization and how it’s supposed to add value.

    Stock photo of two sticky notes reading 'project' and 'management'.

    Thousands of practitioners came together at the 2012 PMI Symposium and expanded upon PMBOK’s PMO types

    1. Managing
      Manages the work in projects and programs.
    2. Consulting
      Serves as an experience-based consultative body to project managers.
    3. Project Repository
      Repository of previous project documentation, lessons learned, etc.
    4. Enterprise PMO
      Provides PMO services to the organization.
    5. Center of Excellence
      Creates the standard and methodologies and provides tools.
    6. Managerial
      Manages the project and program managers, and eventually, other project resources.
    7. Delivery
      Manages the project and programs.

    1.1.1 Leverage Info-Tech’s PMO types to anchor yourself

    We have narrowed it down to five types of PMOs.

    ePMO
    Icon for ePMO.
    IT PMO
    Icon for IT PMO.
    PMO
    Icon for PMO.
    CMO
    Icon for CMO.
    CoE
    Icon for CoE.
    Enterprise
    Highest level PMO, typically responsible to align project and program work to strategy-significant projects or programs for the entire organization. Could include both IT and business units.
    IT
    IT PMOs provide project-related support for IT project portfolios. For many organizations PMOs originate in IT departments because of the structure required for technology-related projects.
    Project/Program
    Provides project-related tactical service as an entity to support a specific project or program. Can be dismantled when program is done.
    Change
    Change management offices (CMO) help build change management capabilities and enable change readiness in organizations.
    Excellence
    These centers differ in size and mode of organization, depending on their subject and scope. They support project work by providing the organizations with standard methodologies and tools.

    What is your definition of a PMO?

    Use this model to clearly show what is in and out of scope.

    ePMO IT PMO PMO CMO CoE
    PPM Reporting for enterprise portfolio and the financial/human resources needed to deliver them X
    PPM Finance for project/portfolio capital and expense X X
    PPM Customer Management – the customers, sponsors of the project X X
    PPM Strategy Management – projects and programs relate to corporate X X X
    PPM Program Management – related projects in the portfolio X X X
    PPM Time Accounting X X x
    PPM Business Relationship Management (BRM) X X
    PPM Project Information System (PMIS) – organization of project information X X
    PPM Administrative Support – general assistance with Portfolio X
    PPM Record Keeping – Enterprise Information X X
    RM Forecasting X
    PM Quality Assurance X X
    PM Procurement and Vendor Management X X X
    PM Project Status Reporting X X
    PM PM Services X X X
    PM Training X
    PM PM SOP X
    OCM Adoption X X
    OCM Change Management X X
    OCM Benefits Attainment X X
    OCM Forecast Benefits X X
    OCM Track Benefits X X
    GOV Intake X
    GOV Governance X X
    GOV Reporting X X X X

    Use Info-Tech’s PMO function matrix to help provide role definitions for your PMO

    Info-Tech’s potential PMO capabilities are in the header of the table below. These are the services a PMO may (or may not) provide depending on the needs of the organization.

    Portfolio Management Resource Management Project Management Organizational Change Management PMO Governance
    Recordkeeping and bookkeeping Strategy management Assessment of available supply of people and their time Project status reporting PM SOP
    (e.g. feed the portfolio, project planning, task managing)
    Benefits management Technology and infrastructure
    Reporting Financial management HR Security
    PMIS Intake Matching supply to demand based on time, cost, scope, and skill set requirements Procurement and vendor management Legal Financial
    CRM/RM/BRM Program management
    Tracking of utilization based on the allocations Quality Intake
    Time Accounting PM services
    (e.g. staffing project managers or coordinators)
    Quality assurance Organizational change management Project progress, visibility, and process
    Forecasting of utilization via supply-demand reconciliation Closure and lessons learned
    Administrative support PM Training

    The rest of this blueprint will help you choose the right capabilities and accompanying job functions for your PMO.

    Various options for specific PMO job functions are listed below each capability. PMO leaders need to decide which of these functions are required for their organization.

    1.1.2 SWOT analysis

    45-60 minutes

    Input: Current PMO governance documents and SOPs

    Output: An assessment of current strengths, opportunities, threats, and weaknesses of capabilities in previous slide

    Materials: Whiteboard/flip charts, Sticky notes

    Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers

    Perform a SWOT analysis to assess the current state of PMO capabilities covered on the previous slide.

    The purpose of the SWOT is to begin to define the goals of this implementation by assessing your project management, portfolio management, resource management, organizational change management, and governance capabilities and cultivating alignment around the most critical opportunities and challenges.

    Follow these steps to complete the SWOT analysis:

    1. Have participants discuss and identify strengths, weaknesses, opportunities, and threats.
    2. Spend roughly 60 minutes on this. Use a whiteboard, flip chart, or PowerPoint slide to document results of the discussion as points are made.
    3. Make sure results are recorded and saved either using the template provided in the next slide or by taking a picture of the whiteboard or flip chart.

    1.1.2 Sample SWOT analysis

    Strengths

    • Knowledge, skills, and talent of project staff.
    • We have fairly effective project management processes.
    • Motivation to get things done when priorities, goals, and action plans are clear.

    Weaknesses

    • IT-business communication and alignment.
    • No standards are currently in place across departments. Staff are unsure which templates to use and how/when/why to use them.
    • There are no formal intake structures in place. Projects are approved and it’s up to us to “figure it out.”
    • We have no prioritization practices to keep up with constantly changing priorities and shifts in the marketplace.

    Opportunities

    • Establish portfolio discipline to improve IT-business communication through more effective and efficient project coordination.
    • Stronger initiation processes should translate to smoother project execution.
    • Establish more disciplined and efficient weekly/monthly project reporting practices that should facilitate more effective communication with senior leaders.

    Threats

    • Risk of introducing burdensome processes and documentation that takes more time away from getting things done.
    • We tried to formalize a PMO in the past and it failed after eight months.
    • We have no insight into project resourcing.

    Step 1.2

    Determine Where You Are and Engage Your Leadership

    Activities
    • 1.2.1 Assess Current State
    • 1.2.2 Gap Analysis
    • 1.2.3 Vision Exercise
    • 1.2.4 PMO Charter
    • 1.2.5 Strategic Planning

    This step will walk you through the following activities:

    • Assess the current state of your PPM/PM services using the PMO Role Definition Tool
    • Determine current gaps in your services and processes using the PMO Role Definition Tool
    • Discuss the vison for your PMO
    • Start creating your PMO charter

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • Results of PMO Role Definition Tool
    • PMO vision
    • PMO charter

    Define the Right Kind of PMO

    Step 1.1 Step 1.2

    Why do organizations need a PMO?

    Stock image of a man thinking.

    “If a company is not a project-oriented organization, there’s less of a need for a PMO. If they are project-focused though, they should have one. Otherwise, who’s driving the delivery of their projects? Who’s establishing their methodology? How are they managing resources efficiently?” (Mary Hubbard, PMP, director of the PMO at Siemens Government Technologies Inc., A PMI Global Executive Council Member)

    Signs you might need a PMO:

    • A lack of project transparency.
    • Significant discrepancies in project results.
    • Poor customer satisfaction rates.
    • An inability to cost projects accurately.
    • A high percentage of delayed or cancelled projects.
    • High project failure rates.
    • Poor alignment of project activity and business strategy investments.
    • Inconsistent project management processes and methodologies.
    • A lack of collaboration and knowledge sharing.
    • Little to no resource training to meet IT and business needs.
    • A lack of resource management for utilization and capacity.
    • Little to no visibility into project, program, and portfolio-level status.

    Why does your organization need a PMO?

    Observe the needs of your organization before deciding on services to support it.
    • Observe what is and what is not in place. Look for existing processes, tools, and systems and evidence that they are being followed. You might already have some pieces in place; the question becomes what to keep and what not to keep.
    • What does your organization look like?
      • Name
      • Population
      • Current Project Lifecycle
      • IT Services Team
      • # of Unique Applications
      • Annual Budget
    • Gather a list of potential areas for improvement where a PMO can add value. Once a list is established, convert it to a prioritized queue of initiatives. A key item on your list should be how projects go from beginning to end so you can understand the potential issues and opportunities with your current project delivery.
    Stock image of a hierarchy mapped out over a birds eye view of people.

    Ideally, we wouldn’t invest in project, portfolio, or OCM because they’re overhead processes without any direct value…

    …but you need to spend just enough to demonstrate you are a diligent steward of the assets under your administration.

    Organizational Change Management

    • Well-run projects can fail without OCM.
    • More than anyone else, it’s up to the sponsor to pursue outcomes.

    Project Management

    • Determine the current project management standards and methodologies.
    • Uncover any forms and templates that are currently in use.
    • If there is a lack of project management knowledge among current or future staff, you will need to do some training.

    Portfolio Management

    • Who currently approves projects and who will be approving them in the future?
    • Who is accountable for approving too many projects?
    • What roles does resource capacity play? Is it constrained or do you approve everything?
    • Are the resources in your PMO full-time?
    • How big is your portfolio?
    • How much do you spend on resources (hours or months)?

    Governance

    • Governance can mean many different things: intake, finance, over-sight of existing projects, resource management, technology and architecture, and process.
    • Don’t try to introduce governance without considering the people who may already be governing different areas.
    • Consider what things can be done without getting executive approval.

    Define your PMO’s role in the organization

    Use Info-Tech’s PMO Role Definition Tool to help establish your PMO’s future state.

    • Use Info-Tech’s PMO Role Definition Tool to figure out the functions your PMO should provide.
    • The current-state analysis uses specific questions to assess how you are doing things now and provide you with some situational awareness.
    • The gap analysis uses another set of specific questions to uncover the holes in your organization and the services that are not being provided.
    • Based on the answers you gave to the questions, the tool will populate the functions that your PMO should provide to your organization: the services your organization needs.
    • Use the outputs to start looking into missing functions and ultimately start building or re-establishing the responsibilities of your PMO.
    • Consider having multiple team members answer all the questions to establish alignment and get realistic data.

    Sample of the PMO Role Definition Tool.

    Download the PMO Role Definition Tool

    Hey, you don’t to have to spend anything on portfolio, project, and organizational change management! Assuming of course…

    • You have enough people to do all your projects
    • All projects are getting done on time
    • Your customers and employees are happy
    • You have complete visibility into the portfolio
    • Your projects align with your corporate strategy
    • Your projects align with your operational needs
    • Your strategic and operational needs are in harmony
    • You have the right skills
    • You are using all resources provided to you
    • People self-identify the right work and independently do that work
    • Time is not wasted
    • The work is production-ready (i.e. high quality)
    • Vendors honor their commitments
    • The sponsor is confident they’re getting what was committed
    • You have sufficient reports for the portfolio
    • Stakeholders make it through transitions with minimal resistance
    • The organization is prepared to adopt the outcomes of projects
    • The sponsors’ forecasted benefits are realized
    • Stakeholders are aware of the need for change
    • Stakeholders transition well from current to future state

    Use the tool on the next slide to see where you may need to spend.

    1.2.1 Assess the current state of your project environment

    20-30 minutes

    Input: Understanding of current project portfolio environment

    Output: Completed current state survey

    Materials: Tab 1 of Info-Tech’s PMO Role Definition Tool

    Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers

    Screenshot from tab 1 of Info-Tech’s PMO Role Definition Tool.

    Screenshot from tab 1 of Info-Tech’s PMO Role Definition Tool. There are three columns: '#', 'Question', and 'Answer'.

    There are 20 current-state questions in column C. Together, the questions address the five capabilities in Info-Tech’s PMO function matrix (slide 28).

    Use the drop-down menu in column D to answer Agree, Somewhat Agree, Neutral, Somewhat Disagree, or Disagree to each question in column C.

    The questions are broad by design. Answer them honestly and select “neutral” if anything is not applicable.

    1.2.2 Set your target state needs to identify gaps

    15-30 minutes

    Input: Reflection on the question, “If I/We do nothing, someone in the organization is…”

    Output: Completed target state survey

    Materials: Tab 2 of Info-Tech’s PMO Role Definition Tool

    Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers

    Screenshot from tab 2 of Info-Tech’s PMO Role Definition Tool.

    Screenshot from tab 2 of Info-Tech’s PMO Role Definition Tool. There are four columns: '#', 'Question', 'Answer', and 'Department'.

    Each question in column C of tab 2 should be answered in the context of, “If I do nothing, someone in the organization is…”

    Answer each question by using the drop-down menu in column D to select “Yes,” “No,” “I don’t know,” or “N/A.”

    If “Yes” include the department or area that is responsible.

    Hierarchy of PMO needs with 'Organizational Needs' highlighted. 'Organizational Needs' at the base, 'PMO Mandate' in the middle, and 'PMO Services' at the top.

    Review the preliminary list of your potential PMO functions

    Tab 3 of the PMO Role Definition Tool contains a customized version of Info-Tech’s PMO definition matrix, based upon your inputs in the previous two tabs.

    Screenshot from tab 3 of Info-Tech’s PMO Role Definition Tool. It is titled 'PMO Functions and Groups' and contains a table with five columns: 'Portfolio Management', 'Resource Management', 'Project Management', 'Organizational Change Management', and 'Governance'. Each column contains high level recommendations, and at the bottom of the columns are outputs.

    The name of the box is the group the function belongs to.

    These outputs are based on the answers to the questions on the previous 2 tabs.

    In each group’s box are high-level recommendations.

    Consider your stakeholders

    Who benefits from the new or updated PMO structure?

    In a matrix environment, understanding the challenges other teams are facing is a core requirement of an effective PMO. The best way to understand this is through direct engagement like conducting interviews and taking surveys with management and members of other teams.

    Ask yourself these questions about your PMO:

    • Are we doing the right things?
    • Do we know the current status of projects?
    • Are we managing, escalating, and resolving project issues?
    • Do PMs have the right training?
    • What is our overall utilization?

    A PMO should be structured to provide service to the organization. View it as a business, serving the stakeholders.

    1.2.3 Complete this vision exercise to produce an initial mandate for a new/improved PMO

    45-60 minutes

    Input: Outputs from SWOT analysis

    Output: An initial PMO mandate

    Materials: Whiteboard/flip charts, Sticky notes

    Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers

    Now that you have an idea of the services your organization needs from steps 1.1 and 1.2 of this blueprint, you can discuss the target state of your PMO.

    Follow these steps to complete the SWOT analysis:

    1. Each person writes one aspect of a future state that would solve the issues described in the SWOT analysis (activity 1.1.1). Use sticky notes and post them on the whiteboard.
    2. As a group, identify which of these aspects would be good candidates for embodying the “core element” of your PMO’s new mandate.
    3. From the aspects gathered, have everyone individually come up with a statement of one to two sentences they think captures the overall theme and vision of this PMO.
    4. Collectively choose the best statement to use as the working mandate for your new project management office. This mandate can be modified as needed in the time leading up the creation and launch of your PMO.

    Hierarchy of PMO needs with 'PMO Mandate' highlighted. 'Organizational Needs' at the base, 'PMO Mandate' in the middle, and 'PMO Services' at the top.

    1.2.4 Use Info-Tech’s PMO Project Charter template to help capture your mandate and obtain approval

    3-4 hours

    Input: Activity 1.2.3, Logical considerations for PMO deployment (see bulleted list on this slide)

    Output: An assessment of current strengths, opportunities, threats, and weaknesses of capabilities in previous slide

    Materials: Whiteboard/flip charts, Sticky notes

    Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers

    A successful PMO will offer a range of services which business units can rely on. The aim of the PMO charter is to outline what is in scope for the PMO and what services it will initially offer.

    A project charter serves several important functions. It organizes the project so you can make efficient and effective resource allocation decisions. It also communicates important details about the project purpose, scope definition, and project parameters.

    To use this template, simply modify or delete all information in grey text and convert the remaining text to black before printing or sending. Sections within the Template include:

    1. PMO Mandate
    2. Goals & Benefits
    3. Scope Definition
    4. Key PMO Stakeholders
    5. Projected Timeline for Implementation
    6. Project Roles and Responsibilities
    7. High-Level Budget
    8. High-Level Risk Assessment

    Sample of the PMO Project Charter Template.

    Download the PMO Project Charter Template

    Engage leadership to refine target-state expectations

    Stock image of a person with a megaphone. ?
    Will project managers be included in the PMO? Which projects and programs will be in the PMO’s mandate?
    ?
    Will the PMO have decision-making authority? If so, how much and on what issues?
    ?
    Where in the organizational structure will the PMO report?

    “Changing the perception of project management from ‘busy work’ to ‘valued efforts’ is easier when the PMO is properly aligned.” (Project Management Institute, October 2009)

    Don’t assume your PMO is merely tactical

    It can help drive strategy instead of just being a technical arm.

    Strategic

    Stock image of a business person.

    Tactical

    Strategic Alignment
    Leadership assumes that your presence will optimize the alignment of projects to corporate strategy.
    Process Adherence
    Leadership assumes you’re all about process.
    Portfolio Thinking
    Leadership assumes that you’re thinking about the overall throughput of projects through the portfolio.
    Project Thinking
    Leadership assumes you’re not thinking beyond the boundaries of a single project at any given time.
    Outcomes Focused
    Leadership assumes that you’re focused on the outcomes forecast by sponsors.
    Timeline Focused
    Leadership assumes you’re focused on delivering projects on time.

    Info-Tech Insight

    A key success factor for a PMO is to take part of strategic conversations; when they are left out, it creates a barrier. The PMO is the connective tissue between strategy and tactics. Don’t risk your benefits by not having the PMO Director at the table before you make decisions.

    Avoid the disconnect

    Create a strategic plan with project professionals at the table.

    • Strategic plans should guide organizations to future states, yet many don’t ever get used. This is because there is a disconnect between the people creating the strategic plan and the people being asked to implement it. Strategic planners don’t often develop their plans with the help of project managers who can ensure the plan is transferred into a working operational plan.
    • Strategic planners are broad thinkers with high-level plans whereas project professionals often work in the trenches. The disconnect between the two can often result in cost overruns, delays in implementation, low worker morale, and an overall chaotic work environment.
    • By putting strategic planners and project managers together to work on the strategic planning process, they can see what the other sees and plan accordingly.
    • Twenty-seven percent more projects are executed successfully when a company’s structure and resources align with their strategy (KPMG, 2017).

    “The failure to build a bridge between the strategic planning process and project management’s planning process is a major reason strategic plans don’t work.” (Bruce McGraw, Project/Programme Manager)

    1.2.5 Strategic planning

    1 hour

    To create a strategic plan that provides value, recognize that the strategic plan for the PMO is not the PMO charter.

    • The PMO charter is the organizational mandate for the PMO. It defines the role, purpose and functions of the PMO. It articulates who the PMO's sponsors and customers are, the services that it offers, and the staffing and support structures required to deliver those services. And, it assumes that a decision to have a PMO has already been made.
    • A strategic plan enables the PMO to play an essential role in achieving a company’s business goals, setting out clear objectives and then providing a roadmap on how to achieve them. A strategic plan maps the tools and resources necessary to achieve successful project outcomes.

    To create a results-driven strategic plan for your PMO, it is helpful to follow a top-down format:

    • Start by going through the list on the right and update the strategic plan.
    • What are the top project-related issues and opportunities you want your PMO to address and what’s the value to the business of trusting them?

    Vision: this needs to be a vivid and common image
    Mission: this is the special assignment that is given to a group
    Goals: these are broad statements of future conditions
    Objectives: these are operational statements that indicate how much and by when (e.g. deliverables or intangible objectives like productivity)
    Strategies: these are the set of actions that need to take place
    Needs: these are the things required to carry out the strategy
    Critical Success Factors: these are the key areas of activity in which favorable results are necessary to reach the goal

    Download the PMO Strategic Plan

    Prepare an Actionable Roadmap for Your PMO

    Phase 2

    Staff Your PMO for Resilience

    Phase 1

    • 1.1 Get a Common Understanding of Your PMO Options
    • 1.2 Determine Where You Are and Engage Your Leadership

    Phase 2

    • 2.1 Identify Organizational Design
    • 2.2. Build Job Descriptions

    Phase 3

    • 3.1 Create Roadmap
    • 3.2 Governance and OCM

    Info-Tech’s approach

    Follow our two-step approach to successfully staff your PMO.

    1. Determine your PMO staffing needs.
      Our approach to building a PMO starts by analyzing the staffing requirements of your PMO mandate.
    2. Create purpose-built role descriptions.
      Once you have an understanding of the staff and skills you’ll need to succeed, we have job description aids you’ll need to fill the roles.

    The Info-Tech difference:

    1. Save time developing a purpose-built approach. There is no one-size-fits-all approach to PMO staffing. The advice and tools in this research will help you quickly determine your unique staffing needs and guide your next steps to get the staffing you need.
    2. Leverage insider research. We’ve worked with thousands of PMOs and have seen the good, the bad, and the ugly of PMO staffing. The approach in this research is informed by client successes and will help you avoid the common mistakes that drive PMO failure.

    IT staff allocation for project work

    Projects and Project Portfolio Management

    58.3% — 58% of respondents feel they have the appropriate staffing level to execute project management effectively. (Source: Info-Tech IT Staffing Benchmark Report)

    59.8% — 59% feel they have the appropriate staffing level to execute requirements gathering effectively. (Source: Info-Tech IT Staffing Benchmark Report)

    The GDP contributions from project-oriented industries are forecasted to reach $20.2 trillion over the next 20 years. (Source: “Project Management: Job Growth and Talent Gap” Project Management Institute, 2017)

    Info-Tech Insight

    Project work is only going to increase, and in general, people are dissatisfied with their current staffing levels.

    Step 2.1

    Identify Organizational Design

    Activities
    • 2.1.1 Right, Wrong, Missing, Confusing
    • 2.1.2 Map Your Current Structure
    • 2.1.3 Inventory Assessment
    • 2.1.4 Job Description Survey

    This step will walk you through the following activities:

    • Complete a Right, Wrong, Missing, Confusing analysis
    • Determine your current organizational/PMO structure
    • Assess your current inventory
    • Complete the job description survey

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • Current-state analysis
    • Job description survey results

    Staff Your PMO for Resilience

    Step 2.1 Step 2.2

    2.1.1 Right, wrong, missing, confusing

    30-45 minutes

    Input: Current PMO process, Current PMO org. chart

    Output: An assessment of current things that are being done right and wrong and what is currently missing and confusing

    Materials: Whiteboard/flip charts, Sticky notes

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    Perform a right, wrong, missing, confusing analysis to assess the current state of your PMO and its staff.

    The purpose of this exercise is to begin to define the goals of this implementation by assessing your staffing capabilities and cultivating alignment around the most critical opportunities and challenges.

    Follow these steps to complete the analysis:

    1. Have participants discuss what is wrong, right, missing, and confusing.
    2. Spend roughly 45 minutes on this. Use a whiteboard, flip chart, or PowerPoint slide to document results of the discussion as points are made.
    3. Make sure results are recorded and saved by taking a picture of the whiteboard or flip chart.

    Organizational types

    1. Functional
      Functional organizations are structured around the functions the organization needs to be performed.
    2. Projectized
      Projectized organizations are organized around projects for maximal project management effectiveness.
    3. Matrix
      Matrix organizations have structures that blend the characteristics of functional and projectized organizations.

    Functional organization

    The traditional hierarchical organizational structure.

    A functional hierarchical structure with 'Functional Managers' highlighted and the note 'Project coordination'. 'Chief Executive' at the top, 'Functional Managers' in the middle, and 'Staff' at the bottom.
    Adapted from ProjectEngineer, 2019
    1. Employees are organized by specialties like human resources, information technology, sales, marketing, administration, etc.
    2. The project management role will be performed by a team member of a functional area under the management of a functional manager.
    3. Resources for the project will need to be negotiated for with the functional managers, and the accessibility of those resources will be based on business conditions. Any escalations of issues would need to be taken to the functional manager.
    4. The project management role would act more like a project coordinator who does not usually carry the title of project manager.
    5. Project management is considered a part-time responsibility. Of all the organizational types, this one tends to be the most difficult for the project manager. The project manager lacks the authority to assign resources and must acquire people and other resources from multiple functional managers.
    6. Because the project manager has little to no authority, the project can take longer to complete than in other organizational structures, and there is generally no recognized project management methodology or best practices.

    Projectized organization

    The majority of project resources are involved in project work.

    A projectized hierarchical structure with a single project hierarchy highlighted and the note 'Project coordination'. 'Chief Executive' at the top, 'Project Managers' in the middle, and 'Staff' at the bottom.
    Adapted from ProjectEngineer, 2019
    1. The project manager has increased independence and authority and is a full-time member of a project organization. They have project resources available to them, such as project coordinators, project schedulers, business analysts, and plan administrators.
    2. The project manager is responsible to the sponsor and/or senior management. The project manager has authority and control of the budget, and any escalation of issues would be taken to the sponsor.
    3. Given that the project resources report to the project manager versus the functional area, there may be a decrease in the subject matter expertise of the team members.
    4. Team members are usually co-located within the same office or virtually co-located to maximize communication effectiveness.
    5. There can be some functional units within the organization; however, those units play a supportive role, without authority over the project manager.
    6. There is no defined hierarchy. Resources are brought together specifically for the purpose of a project. At the end of each project, resources are either reassigned to another project or returned to a resource pool.

    Matrix organization

    A combination of functional and projectized.

    A matrix hierarchical structure with the lowest row highlighted and the note 'Project coordination'. 'Chief Executive' at the top, 'Functional Managers' in the middle, mainly 'Staff' at the bottom, except one 'Project Manager' who coordinates across functions.
    Adapted from ProjectEngineer, 2019
    1. A matrix organization is a blended organizational structure. Although a functional hierarchy is still in place, the project manager is recognized as a valuable position and is given more authority to manage the project and assign resources.
    2. Matrix organizations can be classified as weak, balanced, or strong based on the relative authority of the functional manager and project manager. If the project manager is given more of a project coordinator role, then the organization is considered a weak matrix. If the project manager is given much more authority on resources and budget spending, the organization is considered a strong matrix.
    3. Matrix structures evolve in response to the rise of large-scale projects in contemporary organizations. These projects require efficient processing of large amounts of information.
    4. Working in a matrix organization is challenging and structurally complex. Employees have dual reporting relationships – generally to both a functional manager and a project and/or product manager. However, if done well, it offers the best of both worlds.
    5. The matrix organization structure usually exists in large and multi-project organizations. Here they can move employees whenever and wherever their services are needed. The matrix structure has the flexibility to transfer the organization’s talent by considering employees to be shared resources.

    The project management office

    The vast majority of PMOs are understaffed and underequipped.

    • They are often born out of necessity or desperation.
    • They have no long-terms goals; they tend to go from year to year trying to meet the organization’s needs.
    • They don’t have clear mandates, so it is difficult to determine how they are providing value.
    • Over time (and sometimes even from day one), project management offices find that other tasks fall into their area of responsibility. This often happens when the work has nowhere else to go.
    • Resource management is the challenge, both in terms of being able to allocate skilled resources to projects and within the PMO itself. Staffing gaps within the PMO are often met by individuals wearing more than one hat.

    A stock photo of a circle of chairs in a field being occupied by only two people.

    2.1.2 Map your current structure

    30 minutes to 1 hour

    Input: Current org. charts and PMO structures, Info-Tech’s PMO Function Matrix

    Output: Structure chart

    Materials: Whiteboard/flip charts

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    1. As a group, review your current organizational and PMO structure.
    2. Map out both, or if your PMO is small, map out how it fits into the overall structure.
      • Make sure to think about your process, reporting structures, and escalation hierarchies.
      • Consider the capabilities on slide 59 as you work.
      • Use the sample structure on the next page as a guide.

    Stock image of a business hierarchy.

    Sample PMO structure

    Sample PMO structure with 'PMO Director' at the top. 'Portfolio Administrator' below, but not directly in charge of others. Then 'Program Manager', 'Change Manager', 'Resource Management Analyst', 'Business Relationship Manager', and 'Business Analyst' all report to the PMO Director. Below 'Program Manager' are two 'Project Managers' then 'Project Coordinator'. Stock photo of a hand placing a puzzle piece of a business person on it into a puzzle.

    Info-Tech’s PMO Function Matrix

    Info-Tech’s potential PMO capabilities are in the header of the table below.

    Portfolio Management Resource Management Project Management Organizational Change Management PMO Governance
    Recordkeeping and bookkeeping Strategy management Assessment of available supply of people and their time Project status reporting PM SOP
    (e.g. feed the portfolio, project planning, task managing)
    Benefits management Technology and infrastructure
    Reporting Financial management HR Security
    PMIS Intake Matching supply to demand based on time, cost, scope, and skill set requirements Procurement and vendor management Legal Financial
    CRM/RM/BRM Program management
    Tracking of utilization based on the allocations Quality Intake
    Time Accounting PM services
    (e.g. staffing project managers or coordinators)
    Quality assurance Organizational change management Project progress, visibility, and process
    Forecasting of utilization via supply-demand reconciliation Closure and lessons learned
    Administrative support PM Training

    2.1.3 Inventory assessment

    30-45 minutes

    Input: Understanding of your current situation regarding project intake and process

    Output: Survey results

    Materials: Whiteboard/flip charts

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    When staffing your PMO, it is important to understand your current situation regarding project intake and process.

    Answer the following questions, and be as detailed as possible:

    • What is your project intake process?
    • How many projects do you currently have?
    • How many people lead projects?
    • Are those who lead projects distributed (federated) or centralized?
    • What tools do you use to manage your portfolio, projects, and resources?

    Stock image of a magnifying glass over an idea lightbulb surrounded by the six classic question words.

    2.1.4 Job description survey

    45 minutes to 1 hour

    Input: Tab 1 of the PMO Job Description Builder Workbook

    Output: List of current projects, processes, and tools

    Materials: PMO Job Description Builder Workbook

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    On tab 1 of the PMO Job Description Builder Workbook, use the survey to help determine potential role requirements across various project portfolio management, project management, business analysis, and organizational change management activities.

    Follow these steps to complete the survey:

    1. Consider the role that you are trying to fill.
    2. Read each question carefully and use the drop-down menu to answer whether the activity in column C is a core, ancillary, or out-of-scope job duty.

    Download the PMO Job Description Builder Workbook

    2.1.4 Job description survey continued

    Sample of the Job Description Survey with questions and responses.

    Step 2.2

    Build Job Descriptions

    Activities
    • 2.2.1 Analyze Survey Results
    • 2.2.2 FTE Analysis
    • 2.2.3 Create Your Job Descriptions

    This step will walk you through the following activities:

    • Complete the PMO Job Description Builder Workbook
    • Create job descriptions

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • PMO org. chart
    • Completed job descriptions

    Staff Your PMO for Resilience

    Step 2.1 Step 2.2

    2.2.1 Analyze survey results

    30 minutes

    Tab 2 of the PMO Job Description Builder Workbook shows the survey results from tab 1.

    The job activities are ranked in a prioritized list. The analysis will help you determine if you require a portfolio manager, program manager, project manager, business analyst, organizational change manager, or a combination.

    Follow these steps to analyze your results:

    • Digest the prioritized ranking. The job activities are ranked in a prioritized list (from most essential to the role to least essential) in column D. The core process or capability that corresponds to each activity is listed in column C.
    • Use the drop-down menu in column F to decide if the core job duties and ancillary job duties will or will not be included in the role description. Out-of-scope activities will automatically be removed.

    Screenshot of the 'Job Description Survey Results' from the PMO Job Description Builder Workbook.

    Download the PMO Job Description Builder Workbook

    2.2.2 FTE analysis

    30 minutes

    Input: Tab 3 of the PMO Job Description Builder Workbook

    Output: Total estimated monthly time commitments, Preliminary FTE analysis

    Materials: PMO Job Description Builder Workbook

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    Tab 3 of the PMO Job Description Builder Workbook is used to complete the FTE analysis.

    Download the PMO Job Description Builder Workbook

    2.2.2 FTE analysis continued

    Screenshot of the 'FTE analysis' on tab 3 of the PMO Job Description Builder Workbook. It has a table with columns for 'Rank', 'Process', 'Activity', and 'Est. Monthly Time Commitments (aka Column E)' with note 'Base these initial estimates on the number of projects and project teams, as well as the number of internal and external customers and stakeholders'. There is also a table of totals with a pie chart of the 'Distribution of Role Responsibilities'. The value for 'Total Estimated Monthly Timing Commitment' is in cell J5, and the note for the value of 'Preliminary FTE Analysis' is 'If your preliminary FTE analysis comes out to be more than 1 FTE, you may want to revisit your analysis on tabs 1 and 2 to further limit this role, or to further delineate it across multiple roles and FTEs'.

    On tab 3, use column E to estimate the monthly time commitments required for each activity in the role.

    Tip: Base estimates on the number of projects and project teams as well as the number of internal and external stakeholders across the portfolio(s) of projects and programs.

    Cell J5 will provide a preliminary recommended FTE count for the role.

    Job description content

    Screenshot of the 'Job Description Content' section of the PMO Job Description Builder Workbook.

    This is an output tab based on your analysis in tabs 1 and 2. Copy and paste the content and add it under the relevant heading in Info-Tech's Blank Job Description Template later in this blueprint.

    Screenshot of the 'Blank Job Description Template' section of the PMO Job Description Builder Workbook.

    For each capability you are including in your job description, there is a list of common certifications. These can also be copied and pasted into the Blank Job Description Template.

    Download the PMO Job Description Builder Workbook

    How to determine the roles in your PMO

    It’s not black and white.

    While your PMO should have someone to lead the team, aside from that it’s hard to be specific about the exact roles your PMO needs without understanding the needs of your organization.

    This is why it’s important to define your PMO first. Your team members should best support the function and capabilities of your PMO.

    For example:

    • If you want to provide a training program to project managers, you’ll need your PMO to have people with experience delivering training and with experience having done the job before.
    • If your PMO provides management information and deep portfolio analysis, you’ll need someone on the team who knows their way around data analysis tools.

    You should have a mix of skills in the PMO team, each complementing the others. You may have administrators and coordinators, data analysts and software experts, trainers, coaches, and senior managers.

    “If you want to go fast, go alone. If you want to go far, go together.” (African proverb)

    Managing projects and building PMOs are not the same thing

    Your best project manager should be running projects, and, no, they can’t do both.

    • Your new PMO needs a leader to get it off the ground, but don’t assume that the best project manager is best suited to build the PMO. The goal-oriented passion of a successful project manager may prove to be antithetical to the forward-looking finesse and political acumen needed to develop and staff the PMO as an organizational unit. Avoid the common mistake of promoting effective people into positions where they become ineffective, a concept often referred to as “The Peter Principle.”
    • You can’t determine if your best project manager fits the PMO leadership role if the PMO’s role isn’t clearly defined. Carefully define and clearly articulate the PMO’s role to understand the skill set needed to develop and lead your PMO.
    • Project managers often propose to create a PMO without considering the fit with project portfolio management and organizational change management. If the leadership doesn’t understand the magnitude of what is being requested, they may well think a project manager is best suited to run the PMO. The prestige and/or compensation is attractive, but project managers will often spin their wheels and naturally focus on what they know how to do: manage projects. Start with a PMO design to align with business expectations.

    The Peter Principle

    The Peter Principle was first introduced by Canadian sociologist Laurence Johnston Peter describing the pitfalls of bureaucratic organizations. The original principle states that "in a hierarchically structured administration, people tend to be promoted up to their level of incompetence.” The principle is based on the observation that whenever someone succeeds at their job, the organizational response is to promote them, thus people will continue to be promoted until they reach a point where they’re no longer excelling at their job. At that point, they would no longer be promoted. Followed to its logical conclusion, organizations will continue to take successful people and rotate them to new positions until they are no longer effective.

    PMO Director/Lead

    Job overviews for different kinds of PMO directors.

    The job descriptions on the next few pages are associated with the descriptive headings, but it is important to recognize that these diverse roles can all fall under the job title of PMO director.

    Portfolio Management

    As PMO director, you will oversee the throughput of IT projects using portfolio management, project management, and organizational change management disciplines.

    You and your team will directly manage the intake of new project requests, the preparation of evaluation-ready project proposals, and the handoff of approved project initiation documents to project managers in other departments. You will forecast and track the availability of people to do the project work throughout the project life cycle. You will publish monthly and annual portfolio reporting based on information collected from the project teams, and you will oversee the closure of projects with follow-up reporting to those who approved them.

    From time to time, the PMO may be required to identify projects that should be frozen or canceled based on criteria set forth by the leadership and/or industry best practices.

    While currently out of scope, successful candidates should be comfortable with the possibility that the PMO may required to develop full life cycle organizational change management in the future. As well, experienced project managers in the PMO may be required to manage high-risk, high-visibility projects from time to time.

    PMO Director/Lead

    Job overviews for different kinds of PMO directors.

    Project Management

    As PMO director, you will oversee a team of professional project managers who are responsible for the company’s high-risk, high-visibility, and strategic projects.

    You and your team will receive initiation documents and assigned resourcing for approved projects from the company’s authorized decision makers. You will manage the fulfillment of the project requirements, providing regular status updates to project and portfolio stakeholders and escalating concerns when projects are struggling to meet their commitments for scope, cost, and timelines.

    Over time, the PMO will take on an increasing role in organizational change management. The PMO will transition its focus from project delivery to business outcomes. Over time, the PMO will transition project sponsors from articulating requirements to delivering results.

    Project Policy

    As PMO director, you will oversee the establishment, support, and promotion of company-wide standards for project management.

    You and your team will modernize and maintain the company policy manuals and processes for everything related to project management. You will adapt our legacy PMBOK-based standards to cover iterative project management approaches as well as the more formal approaches required for construction projects, outsourced projects, and a wide variety of non-IT projects.

    PMO Director/Lead

    Job overviews for different kinds of PMO directors.

    Project Governance

    As PMO director, you will oversee the governance of project spending, delivery, and impact.

    You and your team will ensure that project proposals address the broad needs of the organization via strategic alignment, operational alignment, appropriateness of timing, identification and management of risk, and ability to execute. You will represent the needs and interests of the shareholder, ratepayer, or constituent by validating adherence to the organization’s published policies for project, portfolio, and organizational change management.

    The PMO is independent from the broader information technology division and will retain a mandate to ensure transparency and disclosure relative to the consumption of the organization’s scarce resources in the pursuit of high-risk IT projects.

    Stock photo of a compass pointing in the direction of leadership.

    Info-Tech sample job descriptions

    Use the sample job descriptions available with this blueprint as a guide when creating your descriptions.

    1. PMO Director
    2. Portfolio Manager
    3. Portfolio Administrator
    4. Project Manager
    5. Project Coordinator
    6. Resource Management Analyst
    1. Program Manager
    2. Change Manager
    3. Business Analyst
    4. Business Relationship Manager
    5. Product Owner
    6. Scrum Master

    Stock photo of a pen resting on a 'job duties' section of a job description.

    2.2.3 Create your job descriptions

    30 minutes

    Input: PMO Job Description Builder Workbook

    Output: Job descriptions

    Materials: Blank Job Description Template

    Participants: PMO director and/or portfolio manager, PMO staff, Project managers

    When you’ve determined the roles you need, you can start creating your job descriptions. If none of our out-of-the-box, pre-populated job description templates suit your needs, use the results of Info-Tech’s PMO Job Description Builder Workbook and the Blank Job Description Template to create your purpose-built job description.

    Follow these steps to create your job description:

    1. Copy the content from tab 4 of the PMO Job Description Builder Workbook and paste it under the relevant headings in the “Responsibilities” section of the Blank Job Description Template. Delete any unused headings if they are not relevant to your role. Additionally, use the list of common certifications on tab 4 of the Workbook to inform that section of the Blank Job Description Template.
    2. Use the sample job descriptions on the blueprint landing page as a guide for filling out the remaining sections of the document.

    Download the Blank Job Description Template

    2.2.3 Create your job descriptions continued

    Screenshot of the Blank Job Description Template.

    Prepare an Actionable Roadmap for Your PMO

    Phase 3

    Prepare an Actionable Roadmap for Your PMO

    Phase 1

    • 1.1 Get a Common Understanding of Your PMO Options
    • 1.2 Determine Where You Are and Engage Your Leadership

    Phase 2

    • 2.1 Identify Organizational Design
    • 2.2. Build Job Descriptions

    Phase 3

    • 3.1 Create Roadmap
    • 3.2 Governance and OCM

    Having a strategy is essential but real value and benefits are delivered through projects

    9.9% of every dollar is wasted due to poor project performance

    52% of projects are delivered to stakeholder satisfaction

    51% of projects are likely to meet original the goal and business intent
    (Source: Project Management Institute, 2018)

    You’re always going to have troubled projects

    Have the organizational discipline to step away from the mess and develop a plan.

    • The world of modern project management has been in place for over 50 years and yet business leaders still seem to put the pressure on troubled projects instead of broken processes.
    • With higher portfolio maturity comes higher performance, warranting investment in the PMO.
    • Instead of alternative cost-reduction measures, such as stopping an individual project, we find that PMO resources (or the entire PMO) are being cut. In most cases, this demonstrates a lack of understanding of the value of portfolio management processes and related impacts.
    • Plan for a series of improvements over time so you’re not continually using your PMO resources on troubled projects. Instead, maintain an ongoing focus on improvement.

    Stock photo of an axe stuck in a piece of wood.
    “If I had six hours to chop down a tree, I’d spend the first four hours sharpening the axe.” (Anonymous woodsman)

    All improvements cannot be done at once

    • The difference in a winning PMO is determined by a roadmap or plan created at the beginning.
    • Leaders should understand the full scope of the plan before committing their teams to the project.
    • All improvements cannot be done at once. The best PMOs create an approach of overall governance and strictly adhere to it. After the approach is defined, a roadmap can be plotted, executed, and delivered effectively.
    • The exercise of creating a roadmap is less about the plan and more about raising the level of understanding for stakeholders.
    • We often find that the PMO is ahead of the business's views of how the PMO can support and add value to the business. A lot of effort is spent trying to convince businesses of the value of a PMO, usually without complete success.
    • The PMO needs to align to the strategic goals of the business, providing the business understands or accepts that alignment. By aligning your roadmap activities to business drivers, you are more likely to get ownership from the business for the initiatives.
    Stock image of a winding path between two map markers.

    A PMO can benefit your business and organization as a whole

    Your PMO can:

    1. Help to align the project or portfolio with a focus on the future strategy of the organization.
    2. Be a mechanism to deliver projects successfully, keep them on track, and report when scheduling, budget, and other scope issues could derail the project.
    3. Create a portfolio of projects and understand the links and dependencies between the projects. This provides you with a bird's-eye view to make better decisions based on changes as they arise.
    4. Facilitate better communications with customers and stakeholders.
    5. Enforce project management governance and ensure consistent standards throughout the organization.
    6. Strategize on how to best use shared resources and best use them productively.

    “If you run projects and the projects have a significant level of cost or have significant level of impact, then you can really benefit from a PMO. Certainly, the larger the projects, the bigger the budget, the more there are projects, then the more you can benefit from a PMO.” (Michael Fritsch, Vice President PMO, Confoe)

    “PMOs are there to ensure project and program success and that’s critical because organizations deliver value through projects and programs.” (Brian Weiss, Vice President, Practitioner Career Development, Project Management Institute)

    Step 3.1

    Create Roadmap

    Activities
    • 3.1.1 Business Goals
    • 3.1.2 Roadmap
    • 3.1.3 Resources

    This step will walk you through the following activities:

    • Determine business goals
    • Create roadmap
    • Establish resources

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • PMO roadmap aligned to business goals

    Prepare an Actionable Roadmap for Your PMO

    Step 3.1 Step 3.2

    3.1.1 Business goals and priorities

    30 minutes

    Input: Business strategies and goals, Current PMO org. chart

    Output: An initial short, medium, long-term roadmap of initiatives

    Materials: Whiteboard/flip charts, Sticky notes, Slide 83

    Participants: IT leaders/CIO, PMO director and/or portfolio manager, PMO staff, Project managers

    When you are determining what your PMO will provide in the future, it is important to align the ambition of the PMO with the maturity of the business. Too often, a lot of effort is spent trying to convince businesses of the value of a PMO.

    Before you develop your roadmap, try to seek out the key strategies that the business is currently driving to get the proper ownership for the proposed initiatives.

    • What does leadership want to accomplish?
    • What are the key strategies the business is currently driving?
    • What are the current pain points?

    Once you’ve established the business strategies, start mapping out your initiatives:

    • For each initiative, consider the activities you think will work best to take you from your current to future state. It’s okay to keep this high level, we will break them down later in the blueprint.
    • Don’t place activities on a roadmap with dates yet. Use the table on the next slide to record the activities against each initiative at a high level.
    Current State Business Strategies PMO Initiatives Future State Business Strategies
    Short Term Medium Term Long Term
    Portfolio Management Project Intake Process
    Triage Process
    Project Levelling
    Book of Record
    Approval
    Prioritization
    Reporting
    Resource Allocation
    Resource Management
    Project Management Standardize Project Management
    Methodologies
    PM Training
    Organizational Change Management Benefits
    Governance Project progress, visibility, and process
    Documentation

    3.1.2 Create your roadmap

    1-2 hours

    Services should be introduced gradually and your PMO roadmap should clearly highlight this and explain when key deliverables will be achieved.

    Consider the below top-level tasks and add any others that pertain to your organization:

    • Enable Transition
    • Establish Governance
    • Organizational Chart
    • Technology and Infrastructure
    • Develop Portfolio Management Capabilities and Guidelines
    • Standardize Project Management Methodology
    • Organizational Change Management
    • Strategy Management

    Download Info-Tech’s PMO MS Project Plan Sample to see a full list of top-level tasks and second-level tasks. Once done, you can visually plot the tasks on a roadmap. See the next few slides for roadmap visuals.

    Stock photo of median lines on a road with the years 2021-2023 painted between them.

    Download the PMO MS Project Plan Sample

    Screenshot of PMO MS Project Plan Sample

    Screenshot of PMO MS Project Plan Sample with notes point out the headings as 'Top-level hierarchy' and the list contents as 'Second-level-hierarchy'.

    Sample roadmap

    A sample roadmap with column headers 'Task' and 'Q1', 'Q2', 'Q3', 'Q4', and 'Q1' with 3 months beneath each quarter. Under 'Task' are 'Establish Tradition', 'Establish Governance', 'Organizational Chart', and 'Technology and Infrastructure'; these are the 'Top-level-hierarchy'. There are arrows laid out in the table cross section with different steps; these are the 'Second-level hierarchy'.

    Sample roadmap

    A sample roadmap with monthly column headers 'Jan' through 'Jun'. Rows are 'Develop Portfolio Management Capabilities and Guidelines', 'Standardize Project Management Methodology', and 'Design Resource Management Process'. There are processes laid out in the table cross section that are color-coded as 'Completed', 'In progress', and 'Planned'.

    Consider the resources you will need

    Use these Info-Tech resources to make sure your roadmap will be successful.

    Finances – Understand and be transparent about the real costs of your project.

    People – Strategize according to skill sets and availability. Use the org. chart in phase 2 of this blueprint as a starting place (slide 58).

    Assets – Determine the tangible resources you may buy like software and licenses.

    Stock photo of a thinking man.

    3.1.3 Define resources

    30 minutes

    Input: Project documentation, Current resources

    Output: List of resources for your PMO

    Materials: Whiteboard/flip charts

    Participants: IT leaders/CIO, PMO director and/or portfolio manager, PMO staff, Project managers

    Resources for your projects include staff, equipment, and materials. Resource management at the PMO level will help you manage those resources, get visibility into projects, and keep them moving forward. Be sure to consider the resources that will get your PMO off the ground.

    Determine the resources you currently have and the resources your PMO will need and add them to your strategic plan:

    1. Finances — It’s essential that you know, and are transparent about, the real cost of creating your PMO and new process. Don’t forget to consider post deployment costs as well.
    2. People — Every project depends on the skill sets that individual team members bring to the table. Strategize according to these skill sets and their availability for the duration of a project. Some team members may have other work responsibilities and limited time for the project, so you need to accommodate this.
    3. Assets — These include the tangible resources you may have to buy, lease, or arrange for, such as workspace, software and licenses, computer hardware, testing equipment, and so on.

    Step 3.2

    Governance and OCM

    Activities
    • 3.2.1 Governance
    • 3.2.2 OCM
    • 3.2.3 Perform a Change Impact Analysis
    • 3.2.4 Determine Dimensions of Change
    • 3.2.5 Determine Depth of Impact

    This step will walk you through the following activities:

    • Assess/understand governance
    • Conduct impact analysis

    This step involves the following participants:

    • PMO director and/or portfolio manager
    • PMO staff/stakeholders
    • Project managers

    Outcomes of this step

    • Governance Structures
    • Organizational Change Management Impact Analysis Tool

    Prepare an Actionable Roadmap for Your PMO

    Step 3.1 Step 3.2

    Clearly define the authority your PMO will have

    The following section includes slides from Info-Tech’s Make Governance Adaptable blueprint. Download the blueprint to dive deeper into IT governance.

    Governance is an important part of building a strong PMO. A PMO governance framework defines the authority and the support it requires to maximize portfolio and project management capabilities throughout the business. It should sit within your overall governance framework and as the PMO matures, its roles and responsibilities will also change to adapt with business demands and additional capabilities.

    Your framework can:

    • Specify PMO authority
    • Introduce and apply process standards, polices, and directives as it pertains to project and portfolio management
    • Facilitate executive and leadership involvement
    • Foster a collaborative environment between the PMO and the business

    A PMO governance framework enables PMO leaders to establish the common guidelines and manage the distribution of authority given to the PMO.

    Visit Make Your IT Governance Adaptable

    Stock photo of a group working together.

    Common causes of poor governance

    Key causes of poor or misaligned governance
    1. Governance and its value to your organization is not well understood, often being confused or integrated with more granular management activities.
    2. Business executives fail to understand that IT governance is a function of the business and not the IT department.
    3. Poor past experiences have made “governance” a bad word in the organization – a constraint and barrier that must be circumvented to get work done.
    4. There is misalignment between accountability and authority throughout the organization, and the wrong people are involved in governance practices.
    5. There is an unwillingness to change a governance approach that has served the organization well in the past, leading to challenges when the organization starts to change practices and speed of delivery.
    6. There is a lack of data and data-related capabilities required to support good decision making and the automation of governing decisions.
    7. The goals and strategy of the organization are not known or understood, leaving nothing for IT governance to orient around.
    Five key symptoms of ineffective governance committees
    1. No actions or decisions are generated – The committee produces no value and makes no decisions after it meets. The lack of value output makes the usefulness of the committee questionable.
    2. Overallocation of resources – There is a lack of clear understanding of capacity and value in work to be done, leading to consistent underestimation of required resources and resource overallocation.
    3. Decisions are changed outside of committee – Decisions that are made or initiatives that are approved are changed when the proper decision makers are involved or the right information becomes available.
    4. Decisions conflict with organizational direction – Governance decisions conflict with organizational needs, showing a visible lack of alignment and behavioral disconnects that work against organizational success. Often due to power that’s not accounted for within the structure.
    5. Consistently poor outcomes are produced from governance direction – Lack of business acumen in members and relevant data or understanding of organizational goals drives poor measured outcomes from the decisions made in the committee.

    IT PMO

    Chair:
    Updated:

    Mandate

    Ensure business value is achieved through information and technology (IT) investments by aligning strategic objectives and client needs with IT initiatives and their outcomes.

    Committee Goals

    • Maximize throughput of the most valuable projects
    • Ensure visibility of current and pending projects
    • Minimize resource waste and optimize of alignment of skills to assignments
    • Clarify accountability for post-project benefits attainment and facilitate the tracking/reporting of those benefits
    • Drive approval and prioritization of IT initiatives based on their alignment with business goals and strategy
    • Establish a consistent process for handling intake/demand

    Committee Metrics

    • % of approved IT initiatives that measure benefit achievement upon completion
    • % of IT initiatives with direct alignment to organizational strategic direction
    • % of initiatives approved by exception

    Decisions and responsibilities by purpose

    Responsibilities
    STRATEGIC ALIGNMENT

    Ensure initiatives align with organizational objectives
    Embed strategic goals and prioritization approach within process
    Define intake approach

    VALUE DELIVERY
    • Ensure all IT initiatives have a defined value expectation (excepting innovation activities)
    • Approve and prioritize IT initiatives based on value
    RISK MANAGEMENT

    Assess risk as a factor of prioritizing and approving initiatives

    RESOURCE MANAGEMENT

    Decide on the allocation of IT resources

    PERFORMANCE MEASUREMENT

    Ensure process is in place to measure and validate performance of IT initiatives

    Committee Membership
    Role

    CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO

    Individual

    IT Steering Committee

    Chair:
    Updated:

    Mandate

    Ensure business value is achieved through information and technology (IT) investments by aligning strategic objectives and client needs with IT initiatives and their outcomes.

    Committee Goals

    • Align IT initiatives with organizational goals
    • Evaluate, approve, and prioritize IT initiatives
    • Approve IT strategy
    • Reinforce (if provided) or establish risk appetite and threshold
    • Confirm value achievement of approved initiatives
    • Set target investment mix and optimize IT resource utilization

    Committee Metrics

    • % of approved IT initiatives that meet or exceed value expectation
    • % of IT initiatives with direct alignment to organizational strategic direction
    • Level of satisfaction with IT decision making
    • % of initiatives approved by exception

    Committee Overview

    Committee Name Committee Membership Mandate
    Executive Leadership Committee CEO, CFO, CTO, CDO, CISO/CRO, CIO, Enterprise Architect/Chief Architect, CPO Provide strategic and operational leadership to the company by establishing goals, developing strategy, and directing/validating strategic execution.
    Enterprise Risk Committee CISO/CRO, CPO, Enterprise Risk Manager, BU Leaders, CFO, CTO, CDO Govern enterprise risks to ensure that risk information is available and integrated to support governance decision making. Ensure the definition of the organizational risk posture and that an enterprise risk approach is in place.
    IT Steering Committee CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO Ensure business value is achieved through information and technology (IT) investments by aligning strategic objectives and client needs with IT initiatives and their outcomes.
    IT Risk Council IT Risk Manager, CISO, IT Directors Govern IT risks within the context of business strategy and objectives to align the decision-making processes towards the achievement of performance goals. It will also ensure that a risk management framework is in place and risk posture (risk appetite/threshold) is defined.
    PPM Portfolio Manager, Project Managers, BRMs Ensure the best alignment of IT initiatives and program activity to meet the goals of the business.
    Architectural Review Board Service/Product Owners, Enterprise Architects, Chief Architect, Domain Architects Ensure enterprise and related architectures are managed and applied enterprise-wise. Ensure the alignment of IT initiatives to business strategy and architecture and compliance to regulatory standards. Establish architectural standards and guidelines. Review and recommend initiatives.
    Change Advisory Board Service/Product Owner, Change Manager, IT Directors or Managers Ensure changes are assessed, prioritized, and approved to support the change management purpose of optimizing the throughput of successful changes with a minimum of disruption to business function.

    Decisions and responsibilities by purpose

    Responsibilities
    STRATEGIC ALIGNMENT
    • Ensure initiatives align with organizational objectives
    • Approve strategies and policies that ensure the organization benefits from IT
    • Propose innovative uses of IT to enable the business to compete and perform better
    • Make decisions that account for human preferences and behavior
    VALUE DELIVERY
    • Validate the achievement of benefits from IT initiatives
    • Ensure all IT initiatives have a defined value expectation (excepting innovation activities)
    • Ensure stakeholder value and value drivers are understood
    • Prioritize IT work based on value
    • Define a prioritization approach with stakeholders
    RISK MANAGEMENT
    • Ensure creation, maintenance, and observation of policies and procedures, ensuring conformance where needed
    • Ensure ethical behavior in IT
    • Ensure IT meets the requirements of laws, regulations, and contracts
    • Develop or reinforce the risk appetite and threshold
    • Ensure risk management framework is in place
    RESOURCE MANAGEMENT
    • Identify the target investment mix
    • Decide on the allocation of IT resources
    • Define required IT capabilities
    PERFORMANCE MEASUREMENT
    • Confirm that IT supports business processes with the right capabilities and capacity
    • Ensure data is up to date and secure
    • Monitor the extent to which prioritization of IT resources matches organizational objectives
    • Measure extent to which IT supports the business
    • Measure adherence to regulations
    Committee Membership
    Role

    CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO

    Individual

    Sample Governance Model

    A sample governance model with four levels and roles dispersed throughout the levels with arrows indicating hierarchy. The levels are 'Enterprise: Defines organizational goals. Directs or regulates the performance and behavior of the enterprise, ensuring it has the structure and capabilities to achieve its goals', 'Strategic: Ensures IT initiatives, products, and services are aligned to organizational goals and strategy and provide expected value. Ensure adherence to key principles', 'Tactical: Ensures key activities and planning are in place to execute strategic initiatives', and 'Operational: Ensures effective execution of day-to-day functions and practices to meet their key objectives'. Roles in Enterprise are 'Board', 'Executive Leadership Committee', and 'Enterprise Risk Committee'. Roles in Strategic are 'IT Steering Committee', plus three half in Strategic, 'IT PMO', 'Architectural Review Board', and 'IT Risk Council'. One role is half in Strategic and half in Tactical, 'Change Advisory Board'.

    3.2.1 Governance and authority

    1-3 hours

    Input: List of key tasks

    Output: Initial Authority Map

    Materials: Whiteboard/flip charts, Sticky notes, Strategic Plan

    Participants: IT leadership, Portfolio Manager (PMO Director), PMO Admin Team, Project Managers

    Now that you’ve determined the activities on your roadmap, it’s important to determine who is going to be responsible for the following:

    • Intake Scoring
    • Project Approvals
    • Staffing and Resource Management
    • Portfolio Reporting
    • Communications and Organizational Change Management
    • Benefits Attainment
    • Formalized Project Closure
    1. For each task have participants discuss who is ultimately accountable for the decision and who has the ultimate authority to make that decision.
    2. Place the sticky notes on the swim lanes in the strategic plan to represent the area or person has authority over it.
    3. Add all initiatives to your PMO governance framework.

    Download the PMO Strategic Plan

    Governance and Authority

    Committee Name Committee Membership
    Executive Leadership Committee CEO, CFO, CTO, CDO, CISO/CRO, CIO, Enterprise Architect/Chief Architect, CPO
    Enterprise Risk Committee CISO/CRO, CPO, Enterprise Risk Manager, BU Leaders, CFO, CTO, CDO
    IT Steering Committee CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO
    IT Risk Council IT Risk Manager, CISO, IT Directors,
    PPM Portfolio Manager, Project Managers, BRMs
    Architectural Review Board Service/Product Owners, Enterprise Architects, Chief Architect, Domain Architects
    Change Advisory Board Service/Product Owner, Change Manager, IT Directors or Managers

    PMO Governance Framework

    PMO Authority
    • Resource Management
    • Customer Relationship
    • Vendor & Contractor Relationships
    • Intake and Scoring
    • Project Approvals
    • Organizational Change Management
    Standards and Policies
    • Portfolio Management Process
    • Project Governance
    Guidelines
    • Project Classification Guidelines
    Executive Oversight
    • Establish Steering Committees
    • Sponsorship
    • Spending Authorization
    • Execution Oversight
    • Spending Cessation
    • Benefits Attainment
    • Organizational Change Management

    Customize groupings as appropriate.

    Document key achievements governance initiatives.

    Completed projects aren’t necessarily successful projects

    The constraints that drive project management (time, scope, and budget) are insufficient for driving the overall success of project efforts.

    For instance, a project may come in on time, on budget, and in scope, but…

    • …if users and stakeholders fail to adopt…
    • …and the intended benefits are not achieved...

    …then that “successful project” represents a massive waste of the organization’s time and resources.

    Organizational change management (OCM) is a supplement to project management that is needed to ensure the intended value is realized. It is the practice through which the PMO or other body can improve user adoption rates and maximize project benefits. Without it, IT might finish the project but the business might fail to recognize the intended benefits.

    Start with next step and refer to Info-Tech research on OCM for a deeper dive. Impact analysis is the cornerstone of any OCM strategy. By shining a light on considerations that might have otherwise escaped project planners and decision makers, an impact analysis is an essential component to change management and project success.

    Change Impact Analysis

    1. It is important to establish a process for analyzing how the change of your PMO roadmap processes will impact different areas of the business and how to manage these impacts. Analyze change impacts across multiple dimensions to ensure nothing is overlooked.
    2. A thorough analysis of change impacts will help the PMO processes:
      • Bypass avoidable problems.
      • Remove non-fixed barriers to success.
      • Acknowledge and minimize the impacts of unavoidable barriers.
      • Identify and leverage potential benefits.
      • Measure the success of the change.

    3.2.2 Perform a change impact analysis to make your planning more complete

    Use Info-Tech’s Organizational Change Impact Analysis Tool to weigh all the factors involved in the change.

    Info-Tech’s Organizational Change Impact Analysis Tool helps to document the change impact across multiple dimensions, enabling you to review the analysis with others to ensure that the most important impacts are captured. The tool also helps to effectively monitor each impact throughout project execution.

    • Change impact considerations can include products, services, states, provinces, cultures, time zones, legal jurisdictions, languages, colors, brands, subsidiaries, competitors, departments, jobs, stores, locations, etc.
    • Each of these dimensions is an MECE (Mutually Exclusive, Collectively Exhaustive) list of considerations that could be impacted by the change. For example, a North American retail chain might consider “Time Zones” as a key dimension, which could break down as Newfoundland, Atlantic, Eastern, Central, Mountain, and Pacific.

    Sample of the Organizational Change Impact Analysis Tool.

    Download the Organizational Change Impact Analysis Tool

    3.2.3 Assess the current state of your project environment

    15 minutes

    The “2. Set Up” tab of the Impact Tool is where you enter project-specific data pertaining to the change initiative.

    The inputs on this tab are used to auto-populate fields and drop-down menus on subsequent tabs of the analysis.

    Document the stakeholders (by individual or group) associated with the project who will be subject to the impacts.

    You are allowed up to 15 entries. Try to make this list comprehensive. Missing any key stakeholders will threaten the value of this activity as a whole.

    If you find that you have more than 15 individual stakeholders, you can group individuals into stakeholder groups.

    Sample of the Impact Analysis Tool Set-Up Tab. There is a space for 'Project Name' and a list of 'Project Stakeholders'.
    Keep in mind…

    An impact analysis is not a stakeholder management exercise.

    Impact assessments cover:

    • How the change will affect the organization.
    • How individual impacts might influence the likelihood of adoption.

    Stakeholder management covers:

    • Resistance/objections handling.
    • Engagement strategies to promote adoption.

    We will cover the latter in the next step.

    3.2.4 Determine the relevant considerations for analyzing the change impacts

    15-30 minutes

    Use the survey on tab 3 of the Impact Analysis Tool to determine the dimensions of change that are relevant.

    The impact analysis is fueled by the 13-question survey on tab 3 of the tool.

    This survey addresses a comprehensive assortment of change dimensions, ranging from customer-facing considerations to employee concerns, to resourcing, logistical, and technological questions.

    Once you have determined the dimensions that are impacted by the change, you can go on to assess how individual stakeholders and stakeholder groups are affected by the change.

    Sample of the Change Impact Survey on tab 3 of the Impact Analysis Tool.
    Screenshot of tab “3. Impact Survey,” showing the 13-question survey that drives the impact analysis.

    Ideally, the survey should be performed by a group of project stakeholders together. Use the drop-down menus in column K to record your responses.

    Impacts will be felt differently by different stakeholders and stakeholder groups

    As you assess change impacts, keep in mind that no impact will be felt the same across the organization. Depth of impact can vary depending on the frequency (will the impact be felt daily, weekly, monthly?), the actions necessitated by it (e.g. will it change the way the job is done or is it simply a minor process tweak?), and the anticipated response of the stakeholder (support, resistance, indifference?).

    Use the Organizational Change Depth Scale below to help visualize various depths of impact. The deeper the impact, the tougher the job of managing change will be.

    Procedural
    Behavioral
    Interpersonal
    Vocational
    Cultural
    Procedural change involves changes to explicit procedures, rules, policies, processes, etc. Behavioral change is similar to procedural change, but goes deeper to involve the changing tacit or unconscious habits. Interpersonal change goes beyond behavioral change to involve changing relationships, teams, locations, reporting structures, and other social interactions. Vocational change requires acquiring new knowledge and skills and accepting the loss or decline in the value or relevance of previously acquired knowledge and skills. Cultural change goes beyond interpersonal and vocational change to involve changing personal values, social norms, and assumptions about the meaning of good vs. bad or right vs. wrong.
    Example: providing sales reps with mobile access to the CRM application to let them update records from the field. Example: requiring sales reps to use tablets equipped with a custom mobile application for placing orders from the field. Example: migrating sales reps to work 100% remotely. Example: migrating technical support staff to field service and sales support roles. Example: changing the operating model to a more service-based value proposition or focus.

    3.2.5 Determine the depth of each impact for each stakeholder group

    1-3 hours

    Tab “4. Impact Analysis” of the Analysis Tool contains the meat of the impact analysis activity.

    1. The “Impact Analysis” tab is made up of 13 change impact tables (see next slide for a screenshot of one of these tables).
      • You may not need to use all 13 tables. The number of tables you use coincides with the number of “yes” responses you gave in the previous tab.
      • If you do not need all 13 impact tables (i.e. if you do not answer “yes” to all thirteen questions in tab 2) the unused/unnecessary tables will not auto-populate.
    2. Use one table per change impact. Each of your “yes” responses from tab 3 will auto-populate at the top of each change impact table. You should go through each of your “yes” responses in turn.
    3. Analyze how each impact will affect each stakeholder or stakeholder group touched by the project.
      • Column B in each table will auto-populate with the stakeholder groups from the Set-Up tab.
    4. Use the drop-down menus in columns C, D, and E to rate the frequency of each impact, the actions necessitated by each impact, and the anticipated response of each stakeholder group.
      • Each of the options in these drop-down menus is tied to a ranking table that informs the ratings on the two subsequent tabs.
    5. If warranted, you can use the “Comments” cells in column F to note the specifics of each impact for each stakeholder/group.

    See the next slide for an accompanying screenshot of a change impact table from tab 4 of the Analysis Tool.

    Screenshot of “Impact Analysis” tab

    Screenshot of the Impact analysis tab of the Analysis Tool.

    The stakeholder groups entered on the Set Up tab will auto-populate in column B of each table.

    Your “yes” responses from the survey tab will auto-populate in the cells to the right of the “Change Impact” cells.

    Use the drop-down menus in this column to select how often the impact will be felt for each group (e.g. daily, weekly, periodically, one time, or never).

    “Actions” include “change to core job duties,” “change to how time is spent,” “confirm awareness of change,” etc.

    Use the drop-down menus to hypothesize what the stakeholder response might be. For the purpose of this impact analysis, a guess is fine. A more detailed communication plan can be created later.

    Review your overall impact rating to help assess the likelihood of change adoption

    Use the “Overall Impact Rating” on tab 5 to help right-size your OCM efforts.

    Based upon your assessment of each individual impact, the Analysis Tool will provide you with an “Overall Impact Rating” in tab 5.

    • This rating is an aggregate of each of the individual change impact tables used during the analysis and the rankings assigned to each stakeholder group across the frequency, required actions, and anticipated response columns.
    Projects in the red zone should have maximum change governance, applying a full suite of OCM tools and templates as well as revisiting the impact analysis exercise regularly to help monitor progress.

    Increased communication and training efforts, as well as cross-functional partnerships, will also be key for success.

    Projects in the yellow zone also require a high level of change governance.
    Screenshot of 'Overall Impact Rating' scale on tab 5 of the Analysis Tool.
    To free up resources for those OCM initiatives that require more discipline, projects in the green zone can ease up in their OCM efforts somewhat. With a high likelihood of adoption as is, stakeholder engagement and communication efforts can be minimized somewhat for these projects, so long as the PMO is in regular contact with key stakeholders.

    Use the other outputs on tab 5 to help structure your OCM efforts

    In addition to the overall impact rating, tab 5 has other outputs that will help you assess specific impacts and how the overall change will be received by stakeholders.

    Screenshot of the Impact Analysis Outputs on tab 5 of the Analysis Tool. There are tables ranking risk impacts and stakeholders, as well as an impact zone map.

    This table displays the highest risk impacts based on frequency and action inputs on tab 4.

    Here you’ll find the stakeholders, ranked again based on frequency and action, who will be most impacted by the proposed changes.

    These are the five stakeholders most likely to support changes, based on the Anticipated Response column on tab 4.

    The stakeholder groups entered on the Set Up tab will auto-populate in column B of each table.

    In addition to these outputs, this tab also lists top five change resistors and has an impact register and list of potential impacts to watch out for (i.e. your “maybe” responses from tab 3).

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    • A strong PMO is one than can link performance to the overall goals of the organization.
    • Use these examples of KPIs to measure success.
    Metric KPI
    Portfolio Performance Return on Investment (ROI) for projects and programs
    Alignment of spend with objectives
    Resource Utilization Rate (hours allocated to projects actual vs. allocation)
    Customer/Stakeholder Satisfaction
    # of strategic projects approved vs. completed
    Project/Program Performance % of completed projects (planned vs. actual)
    % of projects completed on time (based on original due date)
    % of projects completed on budget
    % of projects delivering their expected business outcomes
    Actual delivery of benefits vs. planned benefits
    % of customer satisfaction
    Project manager satisfaction rating
    PMO % of approved IT initiatives that measure benefit achievement upon completion
    % of IT initiatives with direct alignment to organizational strategic direction

    Summary of Accomplishment

    Problem Solved

    Knowledge Gained
    • PMO Options and “Best Practices”
    • PMO Types
    • Key PMO Functions/Services

    The PMO staffing model that you use will depend on many different factors. It is in your hands to create and define what your staffing needs are for your organization.

    The success of your PMO is linked to the plan you create before executing on it.

    Processes Optimized
    • Establishing organizational need.
    • Getting situational awareness to build a solid foundation for the PMO.
    • Identifying organizational design and establishing PMO structure and staffing needs.
    • Creating an actionable roadmap.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Summary of Accomplishment

    Problem Solved

    Deliverables Completed
    • PMO Role Development Tool
    • Initial PMO Mandate
    • PMO Job Description Builder Workbook
    • PMO job descriptions
    • PMO Strategic Plan
    • Organizational Change Impact Analysis Tool

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Photo of Ugbad Farah.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of the Job Description Survey activity.
    Job Description Survey
    Use the survey to help determine potential role requirements across various project portfolio management, project management, business analysis, and organizational change management activities.
    Sample of the Job Descriptions builder activity.
    Create Your Job Descriptions
    Use the job descriptions as a guide when creating your own job descriptions based on the outputs from the tool.

    Related Info-Tech Research

    Stock photo of two people looking over their finances. Develop a Project Portfolio Management Strategy
    Time is money; spend it wisely.
    Stock photo of a hand with a pen resting on paper. Establish Realistic IT Resource Management Practices
    Holistically balance IT supply and demand to avoid overallocation.
    Stock photo of light bending through a tunnel. Tailor Project Management Processes to Fit Your Projects
    Spend less time managing processes and more time delivering results.

    Related Info-Tech Research

    Stock photo of a group working on a project. Optimize IT Project Intake, Approval, and Prioritization
    Decide which IT projects to approve and when to start them.
    Stock photo of a round table silhouetted in front of a window. Master Organizational Change Management Practices
    PMOs, if you don’t know who is responsible for org change, it’s you.
    Stock photo of the nose of a fighter jet. Set a Strategic Course of Action for the PMO in 100 Days
    Use your first 100 days as PMO leader to define a mandate for long-term success.

    Bibliography

    Alexander, Moira. “How to Develop a PMO Strategic Plan.” CIO, 11 July 2018. Web.

    Barlow, Gina, Andrew Tubb, and Grant Riley. “Driving Business Performance. Project Management Survey 2017.” KPMG, 2017. Accessed 11 Jan. 2022.

    Brennan, M. V., and G. Heerkens. “How we went from zero project management to PMO implementation—a real life story.” Paper presented at PMI® Global Congress 2009—North America, Orlando, FL. Project Management Institute, 13 October 2009. Web.

    Casey, W., and W. Peck. “Choosing the right PMO setup.” PM Network, vol. 15, no. 2, 2001, pp. 40-47. Web.

    “COBIT 2019 Framework Governance and Management Objectives.” ISACA, 2019. PDF.

    Crawford, J. K. “Staffing your strategic project office: seven keys to success.” Paper presented at Project Management Institute Annual Seminars & Symposium, San Antonio, TX. Project Management Institute, 2002. Web.

    Davis, Stanley M., and Paul R. Lawrence. “Problems of Matrix Organizations.” Harvard Business Review, May 1978. Web.

    Dow, William D. “Chapter 6: The Tactical Guide for Building a PMO.” Dow Publishing, 2012. PDF.

    Giraudo, L., and E. Monaldi. “PMO evolution: from the origin to the future.” Paper presented at PMI® Global Congress 2015—EMEA, London, England. Project Management Institute, 11 May 2015. Web.

    Greengard, S. “No PMO? Know when you need one.” PM Network, vol. 27, no. 12, 2013, pp. 44-49. Web.

    Hobbs, J. B., and M. Aubry. “What research is telling us about PMOs.” Paper presented at PMI® Global Congress 2009—EMEA, Amsterdam, North Holland, The Netherlands. Project Management Institute, May 2009. Web.

    Jordan, Andy. “Staffing the Strategic PMO.” ProjectManagement.com, 24 October 2016. Web.

    Lang, Greg. “5 Questions to Answer When Building a Roadmap.” LinkedIn, 2 October 2016. Accessed 15 Apr. 2021.

    Manello, Carl. “Establish a PMO Roadmap.” LinkedIn, 10 February 2021. Accessed 29 Mar. 2021.

    Martin, Ken. “5 Steps to Set Up a Successful Project Management Office.” BrightWork, 9 July 2018. Accessed 29 Mar. 2021.

    Miller, Jen A. “What Is a Project Management Office (PMO) and Do You Need One?” CIO, 19 October 2017. Accessed 16 Apr. 2021.

    Needs, Ian. “Why PMOs Fail: 5 Shocking PMO Statistics.” KeyedIn, 6 January 2014. Web.

    Ovans, Andrea. “Overcoming the Peter Principle.” Harvard Business Review, 22 December 2014. Web.

    PMI®. “A Guide to the Project Management Body of Knowledge.” 6th Ed. Project Management Institute, 2017.

    PMI®. “Ahead of the Curve: Forging a Future-Focused Culture.” Pulse of the Profession. Project Management Institute, 11 February 2020. Accessed 21 April 2021.

    PMI®. “Project Management: Job Growth and Talent Gap.” Project Management Institute, 2017. Web.

    PMI®. “Pulse of the Profession: Success in Disruptive Times.” Project Management Institute, 2018. Web.

    PMI®.“The Project Management Office: In Sync with Strategy.” Project Management Institute, March 2012. Web.

    “Project Management Organizational Structures.” PM4Dev, 2016. Web.

    Rincon, I. “Building a PMO from the ground up: Three stories, one result.” Paper presented at PMI® Global Congress 2014—North America, Phoenix, AZ. Project Management Institute, 26 October 2014. Web.

    Roseke, Bernie. “The 4 Types of Project Organizational Structure.” ProjectEngineer, 16 August 2019. Web.

    Sexton, Peter. “Project Delivery Performance: AIPM and KPMG Project Management Survey 2020 - KPMG Australia.” KPMG, 9 November 2020. Web.

    The Change Management Office (CMO). Prosci, n.d. Accessed 7 July 2021.

    “The New Face of Strategic Planning.” Project Smart, 27 March 2009. Accessed 29 Mar. 2021.

    “The State of Project Management Annual Survey.” Wellington PPM Intelligence, 2018. Web.

    “The State of the Project Management Office : Enabling Strategy Execution Excellence.” PM Solutions Research, 2016. Web.

    Wagner, Rodd. “New Evidence The Peter Principle Is Real - And What To Do About It.” Forbes, 10 April 2018. Accessed 14 Apr. 2021.

    Wright, David. “Developing Your PMO Roadmap.” Paper presented at PMI® Global Congress 2012—North America, Vancouver, British Columbia, Canada. Project Management Institute, 2012. Accessed 29 March 2021.

    Get the Best Discount Possible With a Data-Driven Negotiation Approach

    • Buy Link or Shortcode: {j2store}610|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Vendors have well-honed negotiation strategies that don’t prioritize the customer’s best interest, and they will take advantage of your weaknesses to extract as much money as they can from the deal.
    • IT teams are often working with time pressure and limited resources or experience in negotiation. Even those with an experienced procurement team aren’t evenly matched with the vendor when it comes to the ins and outs of the product.
    • As a result, many have a poor negotiation experience and fail to get the discount they wanted, ultimately leading to dissatisfaction with the vendor.

    Our Advice

    Critical Insight

    • Requirements should always come first, but IT leaders are under pressure to get discounts and cost ends up playing a big role in decision making.
    • Cost is one of the top factors influencing satisfaction with software and the decision to leave a vendor.
    • The majority of software customers are receiving a discount. If you’re in the minority who are not, there are strategies you can and should be using to improve your negotiating skills. Discounts of up to 40% off list price are available to those who enter negotiations prepared.

    Impact and Result

    • SoftwareReviews data shows that there are multiple benefits to taking a concerted approach to negotiating a discount on your software.
    • The most common ways of getting a discount (e.g. volume purchasing) aren’t necessarily the best methods. Choose a strategy that is appropriate for your organization and vendor relationship and that focuses on maximizing the value of your investment for the long term. Optimizing usage or licenses as a discount strategy leads to the highest software satisfaction.
    • Using a vendor negotiation service or advisory group was one of the most successful strategies for receiving a discount. If your team doesn’t have the right negotiation expertise, Info-Tech can help.

    Get the Best Discount Possible With a Data-Driven Negotiation Approach Research & Tools

    Prepare to negotiate

    Leverage insights from SoftwareReviews data to best position yourself to receive a discount through your software negotiations.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Get the Best Discount Possible with a Data-Driven Negotiation Approach Storyboard
    [infographic]

    Build Your Data Practice and Platform

    • Buy Link or Shortcode: {j2store}347|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    The complex nature of data investment leads to de-scoping and delivery of data services that do not meet business needs or give value to the business. Subject matter experts are hired to resolve the problem, but their success is impacted by absent architecture, technology, and organizational alignment.

    Our Advice

    Critical Insight

    Walking through a book of architecture building plans with a personal guide is cheaper and faster than employing an architect to build and design your home.

    Impact and Result

    Info-Tech's approach provides a proven methodology that includes the following:

    • Business-aligned data initiatives and capabilities that address data challenges and realize business strategic objectives.
    • Comprehensive data practice designed based on the required business and data capabilities.
    • Data platform design based on Info-Tech data architecture reference patterns and prioritized data initiatives and capabilities.

    Build Your Data Practice and Platform Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Data Practice and Platform Storyboard – A step-by-step document that leverages road-tested patterns and frameworks to properly build your data practice and pattern in continuous alignment with the business landscape.

    Info-Tech's approach provides a proven methodology that includes following:   

  • Business-aligned data initiatives and capabilities that address data challenges and realize business strategic objectives.
  • Comprehensive data practices designed based on the required business and data capabilities.
    • Build Your Data Practice and Platform Storyboard

    2. Data Practice and Platform Models – Leveraging best-of-breed frameworks to help you build a clear, concise, and compelling data practice and platform.

    Data practice & platform pre-build pattern templates based on Info-Tech data reference patterns and data platform design best practices.

    • Data Practice and Platform Models

    Infographic

    Workshop: Build Your Data Practice and Platform

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Context and Value

    The Purpose

    Establish business context and value.

    Key Benefits Achieved

    Business context and strategic driver.

    Activities

    1.1 Understand/confirm the organization's strategic goals

    1.2 Classify the strategic goals and map to business drivers

    1.3 Identify the business capabilities that the strategy focuses on

    1.4 Identify the business processes realizing the strategy

    Outputs

    Business context and strategic drivers

    Prioritized business capabilities and processes

    Data culture survey results analysis

    2 Identify Your Top Initiatives

    The Purpose

    Identify your top initiatives.

    Key Benefits Achieved

    High-value business-aligned data initiative.

    Activities

    2.1 Highlight data-related outcomes/goals to realize to fulfill the business goal

    2.2 Map business data initiatives to the business strategic goals

    2.3 Prioritize data initiatives

    Outputs

    High-value, business-aligned data initiatives

    3 Analyze Data Challenges

    The Purpose

    Analyze data challenges.

    Key Benefits Achieved

    Clear understanding of the data challenges.

    Activities

    3.1 Map data challenges to Info-Tech data challenges

    3.2 Review Info-Tech data capabilities based on prioritized initiatives

    3.3 Discuss data platform and practice next steps

    Outputs

    List of data challenges preventing data maturation with the organization

    4 Map Data Capability

    The Purpose

    Map data capability.

    Key Benefits Achieved

    Prioritized data capability.

    Activities

    4.1 Map data challenges to Info-Tech data challenges

    4.2 Review Info-Tech data capabilities based on prioritized initiatives

    4.3 Discuss data platform and practice next steps

    Outputs

    Required data capabilities

    Data platform and practice – plan

    Initialized data management RACI 

    Further reading

    Build Your Data Practice and Platform

    Construct a scalable data foundation

    Analyst Perspective

    Build a data practice and platform that delivers value to your organization.

    The build or optimization of your data practice and data platform must be predicated on a thorough understanding of the organization’s goals, objectives, and priorities and the business capabilities and process they are meant to support and enable.

    Formalizing your practice or constructing your platform just for the sake of doing so often results in an initiative that is lengthy, costly, fizzles out, does not deliver business value, and ends up being considered a failure.

    Leverage Info-Tech’s approach and incorporate our pre-built models and patterns to effectively navigate that crucial and often difficult phase upfront of comprehensively defining business data needs so you can ultimately realize faster time-to-delivery of your overall data practice and platform.

    Photo of Rajesh Parab, Director, Research & Advisory, Data & Analytics Practice, Info-Tech Research Group.

    Rajesh Parab
    Director, Research & Advisory, Data & Analytics Practice
    Info-Tech Research Group

    Photo of Crystal Singh, Director, Research & Advisory, Data & Analytics Practice, Info-Tech Research Group.

    Crystal Singh
    Director, Research & Advisory, Data & Analytics Practice
    Info-Tech Research Group

    Attempting to Solve Data Problems?

    Situation
    • Lack of data centric leadership results in downstream issues such as integration, quality, and accessibility.
    • The complex nature of the data and lack of understanding leads to de-scoping delivery of data services that does not meet business needs or add value.
    • Poorly designed practice and siloed platforms result in an initiative that is lengthy, costly, fizzles out, does not deliver business value, and ends up being considered a failure.
    Complication
    • Data problem: When the data problem is diagnosed, the organization adopts a tactical approach.
    • Confirmation bias: Subject matter experts (SME) are hired to resolve the poorly defined problem, but the success of the SME is impacted by lack of architecture, technology, and organizational alignment.
    • Still no value: The selected tactical approach does not provide a solid foundation or solve your data problem.
    • Strategy for sake of strategy: Implementing a strategic approach for the sake of being strategic but this becomes overwhelming.
    • Fall back to tactical and operational: The data services are now potentially exposed and vulnerable, which strains business continuity and increases data debt.
    • Increased complexity and risk: Data silos, poor understanding, and high complexity results in an unmanageable data environment.
    Resolution
    • Requirements: Define and align your data requirement to business.
    • Capabilities: Discover data, identify data capabilities, and map your requirements.
    • Practices: Design and select fit-for-purpose data practices.
    • Platform: Optimize your data platform investments though sound architecture.

    Info-Tech Insight

    The true value of data comes from defining intentional relationships between the business and the data through a well thought out data platform and practice.

    Situation – Perpetual Data Problem

    Diagram of a head with gears around it and speech bubbles with notes titled 'Data Problem'. The surrounding gears, clockwise from bottom left, say 'Accessibility', 'Trust', 'Data Breach', 'Ambiguity', 'Ownership', 'Duplication', 'System Failure', and 'Manual Manipulation'. The speech bubbles notes, clockwise from bottom left, say 'Value-Add: How do I translate business needs to data capabilities?', 'Practice Organization: How do I organize resources and roles assignment challenges?', 'Platform: How do I organize data flows with no conceptual view of the environment?', and 'Break Down Silos: How do I break down silos?'
    I can’t access the data.
    I don’t trust the data in the report.
    It takes too long to get to the data for decision making
    • Lack of data-centric leadership results in downstream issues: integration, quality, accessibility
    • The organization’s data is too complex to manage without a cohesive plan.
    • The complex nature of the data and a lack of understanding leads to de-scoping delivery of data services that does not meet business needs or add value.
    • Poorly designed practice and siloed platforms result in an initiative that is lengthy, costly, fizzles out, does not deliver business value, and ends up being considered a failure.

    Complication – Data Initiative Fizzles Out

    • Data problem: When the data problem is diagnosed the organization adopts a tactical approach.
    • Confirmation bias: Subject matter experts (SME) are hired to resolve the poorly defined problem, but the success of the SME is impacted by lack of architecture, technology, and organizational alignment.
    • Still no value: the selected tactical approach does not provide a solid foundation or solve your data problem.
    • Strategy for sake of strategy: Implementing a strategic approach for sake of being strategic but this becomes overwhelming.
    • Fall back to tactical and operational: The data services are now potentially exposed and vulnerable, which strains business continuity and increases data debt.
    • Increased complexity and risk: Data silos, poor understanding, and high complexity result in an unmanageable data environment.
    Flowchart beginning with 'Data Symptom Exhibited' and 'Data Problem Diagnosed', then splitting into two paths 'Solve Data Problem as a point solution' or 'Attempt Strategic approach without culture, capacity, and business leadership'. Each approach ends with 'Data too complex, and initiative fizzles out...' and cycles back to the beginning.
    Use the road-tested patterns and frameworks in our blueprint to break the perpetual data solution cycle. Focus on the value that a data and analytics platform will bring rather than focusing on the data problems alone.

    Build Your Data Practice and Platform

    Bring Your Data Strategy to Life

    Logo for Info-Tech.
    Logo for #iTRG.
    CONVENTIONAL WISDOM

    Attempting to Solve Your Data Problems

    DATA SYMPTOM EXHIBITED

    Mismatch report, data quality issue, or similar symptom of a data problem.

    DATA PROBLEM DIAGNOSED

    Data expert identifies it as a data problem.

    COMPLEX STRATEGIC APPROACH ATTEMPTED

    Recognized need to attempt it strategically, but don't have capacity or culture to execute.

    Cycle diagram titled 'Data Problems' with numbers connected to surrounding steps, and a break after Step 3 where one can 'BREAK THE CYCLE'. In the middle are a list of data problems: 'Accessibility’, ‘Data Breach', 'Manual Manipulation', 'System Failure', 'Ambiguity', 'Duplication', 'Ownership', and 'Trust'.
    SOLUTION FAILS

    The tactical solution fails to solve the root cause of the data problem, and the data symptoms persist.

    TACTICAL SOLUTION FALLBACK

    A quick and dirty solution is attempted in order to fix the data problem.

    THE COMPLEX APPROACH FIZZLES OUT

    Attempted strategic approach takes too long, fizzles out.

    BREAK THE CYCLE

    Solving Your Data Problems

    1. DEFINE YOUR DATA REQUIREMENTS Incorporate a Business to Data Approach by utilizing Info-Tech's business capability templates for identifying data needs. BUSINESS-ALIGNED DATA REQUIREMENTS
    2. CONDUCT YOUR DATA DISCOVERY Understand the data behind your business problem. Identify the required data capabilities and domains as required by your business processes. RECOMMENDED DATA CAPABILITIES
    3. DESIGN YOUR DATA PRACTICES Build your custom data practices based on the predefined reusable models. CUSTOMIZED DATA PRACTICE
    4. ARCHITECT YOUR DATA PLATFORM Build your custom data platform based on the redefined reusable architecture patterns. CUSTOMIZED DATA PLATFORM
    CONTINUOUS PHASE: ROADMAP, SPONSORSHIP FEEDBACK AND DELIVERY

    Develop a roadmap to establish the practice and implement the architecture as designed. Ensure continuous alignment of the practice and architecture with the business landscape.

    Phase-by-Phase Approach to Build Your Data Practice and Platform

    Flowchart detailing the path to take through the four phases of this blueprint beginning with the 'Inputs' and 'People' involved and incorporating 'Deliverables' along the way. Phase-by-Phase Approach
    • Phase 1: Step 1 – Define Your Data Requirement
    • Phase 1: Step 2 – Conduct Your Data Discovery
    • Phase 2 – Design Your Data Practice
    • Phase 3 – Architect Your Data Platform

    Measure value when building your data practice and platform

    Sample Data Management Metrics

    Lists of data management metrics in different categories.

    • Refine the metrics for the overall Data Management practice and every initiative therein.
    • Refine the metrics at each platform and practice component to show business value against implementation effort.

    Understand and Build Data Culture

    See your Info-Tech Account Representative for more details on our Data Culture Diagnostic

    Only 14.29% of Transportation and Logistics respondents agree BI and Analytics Process and Technology are sufficient What is a diagnostic?

    Our diagnostics are the simplest way to collect the data you need, turn it into actionable insights, and communicate with stakeholders across the organization.

    52.54% of respondents from the healthcare industry are unaware of their organization’s data security policy
    Ask the Right Questions

    Use our low-effort surveys to get the data you need from stakeholders across the organization.

    Use Our Diagnostic Engine

    Our diagnostic engine does all the heavy lifting and analysis, turning your data into usable information.

    Communicate & Take Action

    Wow your executives with the incredible insights you've uncovered. Then, get to action: make IT better.

    On average only 40% agree that they have the reporting when needed


    (Source: Info-Tech’s Data Culture Diagnostic, 53 Organizations, 3138 Responses)

    35% of respondents feel that a governance body is in place looking at strategic data

    Build a Data-Driven Strategy Using Info-Tech Diagnostic Programs

    Make informed IT decisions by starting your diagnostic program today. Your account manager is waiting to help you.
    Sample of Info-Tech's 'Data Culture Scorecard'.

    Use Our Predefined Data and Analytics Patterns to Build Your DnA Landscape

    Walking through a book of architecture building plans with a personal guide is cheaper and faster than employing an architect to build and design your home

    Two books titled 'The Everything Homebuilding Book' and 'Architecture 101'. An open book with a finger pointing to a diagram.

    The first step is to align business strategy with data strategy and then start building your data practice and data platform

    Flowchart starting with business strategy focuses, then to data strategy focuses, and eventually to 'Data Metrics'.

    Insights

    The true value of data comes from defining intentional relationships between the business and the data through a well-thought-out data platform and practice.

    • Phase 1
      • Some organizations are low maturity so using the traditional Capability Maturity Model Integration (CMMI) would not make sense. A great alternative is to leverage existing models and methodologies to get going off the bat.
      • The Data Strategy is an input into the platform and practice. This is considered the Why; Data Practice and Platform is the How.
    • Phase 2
      • Info-Tech’s approach is business-goal driven and it leverages patterns, which enable the implementation of critical and foundational components and subsequently facilitates the evolution and development of the practice over time.
      • Systems should not be designed in isolation. Cross-functional collaboration throughout the design is critical to ensure all types of issues are revealed early. Otherwise, crucial tests are omitted, deployments fail, and end-users are dissatisfied.
    • Phase 3
      • Build your conceptual data architecture based on well-thought-out formulated patterns that align with your organization’s needs and environment.
      • Functional needs often take precedence over quality architecture. Quality must be baked into design, execution, and decision-making practices to ensure the right trade-offs are made.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Info-Tech’s Methodology for Building Your Data Practice and Platform

    Phase 1 –
    Define Your Data Requirements and Conduct Your Data Discovery
    Phase 2 –
    Design Your Data Practices
    Phase 3 –
    Architect Your Data Platform
    Phase Steps
    1. Identify your top initiatives
    2. Map your data initiatives to data capabilities
    1. Understand the practices value statement
    2. Review the Info-Tech practice pattern
    3. Initiate your practice design and setup
    1. Identify your data component
    2. Refine your data platform architecture
    3. Design your data platform
    4. Identify your new components and capabilities
    5. Initiative platform build and rollout
    Phase Outcomes Business-aligned data initiatives and capabilities that address data challenges and realize business strategic objectives Comprehensive data practice design based on the required business and data capabilities Data platform design based on Info-Tech data architecture reference pattern and prioritized data initiatives and capabilities

    Data Platform and Practice Implementation Plan

    Example timeline for data platform and practice implementation plan with 'Fiscal Years' across the top, and below they're broken down into quarters. Along the left side 'Phase 1: Step 1...', 'Phase 1: Step 2...', 'Phase 2...' and 'Phase 3'. Tasks are mapped onto the timeline in each phase with a short explanation.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Info-Tech’s Workshop support for Build Your Data Practice and Platform. 'Build Your Data Practice and Platform' slide from earlier.
    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Workshop 1

    Data Needs and Discovery

    Workshop 2

    Data Practice Design

    Workshop 3

    Data Platform Design

    Workshop 1:
    Data Needs and Discovery

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4
    Establish Business Context and Value
    Identify Your Top Initiatives
    Analyze Data Challenges
    Map Data Capability
    Activities

    1.1 Understand/confirm your organization’s strategic goals

    1.2 Classify the strategic goals and map to business drivers

    1.3 Identify the business capabilities that the strategy focus is on

    1.4 Identify the business processes realizing the strategy

    2.1 Highlight data-related outcomes /goals to realize to fulfill the business goal

    2.2 Map business data initiatives to the business strategic goals

    2.3 Prioritize Data initiatives

    3.1 Understand data management capabilities and framework

    3.2 Classify business data requirements using Info-Tech’s classification approach

    3.3 Highlight data challenges in your current environment

    4.1 Map data challenges to Info-Tech data challenges

    4.2 Review Info-Tech data capabilities based on prioritized initiative

    4.3 Discuss Data Platform and Practice Next Steps

    Deliverables
    • Business context and strategic drivers
    • Prioritized business capabilities and processes
    • Data Culture Survey results analysis
    • High-value business-aligned data initiative
    • List of data challenges preventing data maturation with the organization
    • Required data capabilities
    • Data platform and practice – plan
    • Initialized data management RACI
    Participants Business stakeholder, Business leader Business Subject Matter Expert, Data IT sponsor (CIO), Head of Data, Data Architect Business stakeholder, Business leader Business Subject Matter Expert, Data IT sponsor (CIO), Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect

    Workshop 2:
    Data Practice Design

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1 Day 2 Day 3 Day 4
    Plan Your Data Practices
    Design Your Data Practices 1
    Design Your Data Practices 2
    Design Your Data Practices 3
    Activities

    Prerequisite: Business context, business data requirement, and data capabilities

    1.1 Understand data practice framework

    1.2 Define your practice implementation approach

    1.3 Review and update data management RACI

    2.1 Understand Info-Tech data practice patterns for each prioritized practice

    2.2 Define your practice setup for each prioritized practice

    2.3 Highlight critical processes for each practice

    3.1 Understand Info-Tech data practice patterns for each prioritized practice

    3.2 Define your practice setup for each prioritized practice

    3.3 Highlight critical processes for each practice

    4.1 Understand Info-Tech data practice patterns for each prioritized practice

    4.2 Define your practice setup for each prioritized practice

    4.3 Highlight critical processes for each practice

    4.4 Discuss data platform and practice next steps

    Deliverables
    • Data practice implementation approach
    • Data management RACI
    • Data practice setup pattern for your organization
    • Data practice process pattern for your organization
    • Data practice setup pattern for your organization
    • Data practice process pattern for your organization
    • Data practice setup pattern for your organization
    • Data practice process pattern for your organization
    • Data platform and practice – plan
    Participants Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect Data experts, Business Subject Matter Expert, Head of Data, Data Architect

    Workshop 3:
    Data Platform Design

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889
    Day 1Day 2Day 3Day 4
    Data Platform Overview
    Update Data Platform Reference Architecture
    Design Your Data Platform
    Design Your Data Practices 4
    Activities

    Prerequisite: Business context, business data requirement, and data capabilities

    1.1 Understand data platform framework and data capabilities

    1.2 Understand key data architecture principles and best practices

    1.3 Shortlist data platform patterns

    2.1 Map and identify data capabilities to data platform components

    2.2 Build data platform architecture using Info-Tech data platform reference architecture

    2.3 Highlight critical processes for each practice

    3.1 Design your target data platform using Info-Tech’s data platform template

    3.2 Identify new capabilities and components in your platform design

    4.1 Identify new capabilities and component in your platform design

    4.2 Discuss data platform initiatives

    Deliverables
    • Shortlisted data platform patterns
    • Data platform reference architecture for your organization
    • Data platform design for your organization
    • Data platform plan
    ParticipantsData experts, Business Subject Matter Expert, Head of Data, Data ArchitectData experts, Business Subject Matter Expert, Head of Data, Data ArchitectData experts, Business Subject Matter Expert, Head of Data, Data ArchitectData experts, Business Subject Matter Expert, Head of Data, Data Architect

    Build Your Data Practice and Platform

    Phase 1

    Phase 1: Step 1 – Define Your Data Requirements
    Phase 1: Step 2 – Conduct Your Data Discovery

    Phase 1

    1.1 Define Your Data Requirements
    1.2 Conduct Your Data Discovery

    Phase 2 Phase 3

    Phase 1: Step 1 – Define Your Data Requirements will walk you through the following activities:

    • Confirm the organizational strategic goals, business drivers, business capabilities, and processes driving the Data Practice and Platform effort.
    • Identify the data related outcomes, goals, and ideal environment needed to fulfill the business goals.

    This phase involves the following participants:

    A blend of business leaders and business SMEs together with the Data Strategy team.

    Phase 1: Step 2 – Conduct Your Data Discovery will walk you through the following activities:

    • Identify and highlight the data challenges faced in achieving the desired outcome.
    • Map the data challenges to the data capabilities required to realize the desired data outcome.

    This phase involves the following participants:

    Key personnel from IT/Data team: (Data Architect, Data Engineers, Head of Head of Reporting and Analytics)

    Mentoring for Agile Teams

    • Buy Link or Shortcode: {j2store}154|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $187,599 Average $ Saved
    • member rating average days saved: 27 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Today’s realities are driving organizations to digitize faster and become more Agile.
    • Most hierarchical, command and control–style organizations are not yet well adapted to using Agile.
    • So-called textbook Agile practices often clash with traditional processes and practices.
    • Members must adapt their Agile practices to accommodate their organizational realities.

    Our Advice

    Critical Insight

    • There is no one-size-fits-all approach to Agile. Agile practices need to be adjusted to work in your organization based on a thoughtful diagnosis of the challenges and solutions tailored to the nature of your organization.

    Impact and Result

    • Identify your Agile challenges and success factors (both organization-wide and team-specific).
    • Leverage the power of research and experience to solve key Agile challenges and gain immediate benefits for your project.
    • Your Agile playbook will capture your findings so future projects can benefit from them.

    Mentoring for Agile Teams Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand how a Agile Mentoring can help your organization to successfully establish Agile practices within your context.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take the Info-Tech Agile Challenges and Success Factors Survey

    This tool will help you identify where your Agile teams are experiencing the most pain so you can create your Agile challenges hit list.

    • Agile Challenges and Success Factors Survey

    2. Review typical challenges and findings

    While each organization/team will struggle with its own individual challenges, many members find they face similar organizational/systemic challenges when adopting Agile. Review these typical challenges and learn from what other members have discovered.

    • Mentoring for Agile Teams – Typical Findings

    Infographic

    Workshop: Mentoring for Agile Teams

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Take the Agile Challenges and Success Factors Survey

    The Purpose

    Determine whether an Agile playbook is right for you.

    Broadly survey your teams to identify Agile challenges and success factors in your organization.

    Key Benefits Achieved

    Better understanding of common Agile challenges and success factors

    Identification of common Agile challenges and success factors are prevalent in your organization

    Activities

    1.1 Distribute survey and gather results.

    1.2 Consolidate survey results.

    Outputs

    Completed survey responses from across teams/organization

    Consolidated heat map of your Agile challenges and success factors

    2 Identify Your Agile Challenges Hit List

    The Purpose

    Examine consolidated survey results.

    Identify your most pressing challenges.

    Create a hit list of challenges to be resolved.

    Key Benefits Achieved

    Identification of the most serious challenges to your Agile transformation

    Attention focused on those challenge areas that are most impacting your Agile teams

    Activities

    2.1 Analyze and discuss your consolidated heat map.

    2.2 Prioritize identified challenges.

    2.3 Select your hit list of challenges to address.

    Outputs

    Your Agile challenges hit list

    3 Problem Solve

    The Purpose

    Address each challenge in your hit list to eliminate or improve it.

    Key Benefits Achieved

    Better Agile team performance and effectiveness

    Activities

    3.1 Work with Agile mentor to problem solve each challenge in your hit list.

    3.2 Apply these to your project in real time.

    Outputs

    4 Create Your Agile Playbook

    The Purpose

    Capture the findings and lessons learned while problem solving your hit list.

    Key Benefits Achieved

    Strategies and tactics for being successful with Agile in your organization which can be applied to future projects

    Activities

    4.1 For each hit list item, capture the findings and lessons learned in Module 3.

    4.2 Document these in your Agile Playbook.

    Outputs

    Your Agile Playbook deliverable

    Improve Security Governance With a Security Steering Committee

    • Buy Link or Shortcode: {j2store}373|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Security is still seen as an IT problem rather than a business risk, resulting in security governance being relegated to the existing IT steering committee.
    • Security is also often positioned in the organization where they are not privy to the details of the organization’s overall strategy. Security leaders struggle to get the full enterprise picture.

    Our Advice

    Critical Insight

    • Work to separate the Information Security Steering Committee (ISSC) from the IT Steering Committee (ITSC). Security transcends the boundaries of IT and needs an independent, eclectic approach to make strategic decisions.
    • Be the lawyer, not the cop. Ground your communications in business terminology to facilitate a solution that makes sense to the entire organization.
    • Develop and stick to the agenda. Continued engagement from business stakeholders requires sticking to a strategic level-focused agenda. Dilution of purpose will lead to dilution in attendance.

    Impact and Result

    • Define a clear scope of purpose and responsibilities for the ISSC to gain buy-in and consensus for security governance receiving independent agenda time from the broader IT organization.
    • Model the information flows necessary to provide the steering committee with the intelligence to make strategic decisions for the enterprise.
    • Determine membership and responsibilities that shift with the evolving security landscape to ensure participation reflects interested parties and that money being spent on security mitigates risk across the enterprise.
    • Create clear presentation material and strategically oriented meeting agendas to drive continued participation from business stakeholders and executive management.

    Improve Security Governance With a Security Steering Committee Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to improve your security governance with a security steering committee, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define committee purpose and responsibilities

    Identify the purpose of your committee, determine the capabilities of the committee, and define roles and responsibilities.

    • Improve Security Governance With a Security Steering Committee – Phase 1: Define Committee Purpose and Responsibilities
    • Information Security Steering Committee Charter

    2. Determine information flows, membership & accountabilities

    Determine how information will flow and the process behind that.

    • Improve Security Governance With a Security Steering Committee – Phase 2: Determine Information Flows, Membership & Accountabilities

    3. Operate the Information Security Steering Committee

    Define your meeting agendas and the procedures to support those meetings. Hold your kick-off meeting. Identify metrics to measure the committee’s success.

    • Improve Security Governance With a Security Steering Committee – Phase 3: Operate the Information Security Steering Committee
    • Security Metrics Summary Document
    • Information Security Steering Committee Stakeholder Presentation
    [infographic]

    Further reading

    Improve Security Governance With a Security Steering Committee

    Build an inclusive committee to enable holistic strategic decision making.

    ANALYST PERSPECTIVE

    "Having your security organization’s steering committee subsumed under the IT steering committee is an anachronistic framework for today’s security challenges. Conflicts in perspective and interest prevent holistic solutions from being reached while the two permanently share a center stage.

    At the end of the day, security is about existential risks to the business, not just information technology risk. This focus requires its own set of business considerations, information requirements, and delegated authorities. Without an objective and independent security governance body, organizations are doomed to miss the enterprise-wide nature of their security problems."

    – Daniel Black, Research Manager, Security Practice, Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • CIOs
    • CISOs
    • IT/Security Leaders

    This Research Will Help You:

    • Develop an effective information security steering committee (ISSC) that ensures the right people are involved in critical decision making.
    • Ensure that business and IT strategic direction are incorporated into security decisions.

    This Research Will Also Assist:

    • Information Security Steering Committee (ISSC) members

    This Research Will Help Them:

    • Formalize roles and responsibilities.
    • Define effective security metrics.
    • Develop a communication plan to engage executive management in the organization’s security planning.

    Executive summary

    Situation

    • Successful information security governance requires a venue to address security concerns with participation from across the entire business.
    • Without access to requisite details of the organization – where we are going, what we are trying to do, how the business expects to use its technology – security can not govern its strategic direction.

    Complication

    • Security is still seen as an IT problem rather than a business risk, resulting in security governance being relegated to the existing IT steering committee.
    • Security is also often positioned in the organization where they are not privy to the details of the organization’s overall strategy. Security leaders struggle to get the full enterprise picture.

    Resolution

    • Define a clear scope of purpose and responsibilities for the Information Security Steering Committee to gain buy-in and consensus for security governance receiving independent agenda time from the broader IT organization.
    • Model the information flows necessary to provide the steering committee with the intelligence to make strategic decisions for the enterprise.
    • Determine membership and responsibilities that shift with the evolving security landscape to ensure participation reflects interested parties and that money being spent on security mitigates risk across the enterprise.
    • Create security metrics that are aligned with committee members’ operational goals to incentivize participation.
    • Create clear presentation material and strategically oriented meeting agendas to drive continued participation from business stakeholders and executive management.

    Info-Tech Insight

    1. Work to separate the ISSC from the IT Steering Committee (ITSC). Security transcends the boundaries of IT and needs an independent, eclectic approach to make strategic decisions.
    2. Be the lawyer, not the cop. Ground your communications in business terminology to facilitate a solution that make sense to the entire organization.
    3. Develop and stick to the agenda. Continued engagement from business stakeholders requires sticking to a strategic level-focused agenda. Dilution of purpose will lead to dilution in attendance.

    Empower your security team to act strategically with an ISSC

    Establishing an Information Security Steering Committee (ISSC)

    Even though security is a vital consideration of any IT governance program, information security has increasingly become an important component of the business, moving beyond the boundaries of just the IT department.

    This requires security to have its own form of steering, beyond the existing IT Steering Committee, that ensures continual alignment of the organization’s security strategy with both IT and business strategy.

    An ISSC should have three primary objectives:

    • Direct Strategic Planning The ISSC formalizes organizational commitments to strategic planning, bringing visibility to key issues and facilitating the integration of security controls that align with IT and business strategy.
    • Institute Clear Accountability The ISSC facilitates the involvement and commitment of executive management through clearly defined roles and accountabilities for security decisions, ensuring consistency in participation as the organization’s strategies evolve.
    • Optimize Security Resourcing The ISSC maximizes security by monitoring the implementation of the security strategic plan, making recommendations on prioritization of effort, and securing necessary resources through the planning and budgeting processes, as necessary.

    What does the typical ISSC do?

    Ensuring proper governance over your security program is a complex task that requires ongoing care and feeding from executive management to succeed.

    Your ISSC should aim to provide the following core governance functions for your security program:

    1. Define Clarity of Intent and Direction How does the organization’s security strategy support the attainment of the business and IT strategies? The ISSC should clearly define and communicate strategic linkage and provide direction for aligning security initiatives with desired outcomes.
    2. Establish Clear Lines of Authority Security programs contain many important elements that need to be coordinated. There needs to be clear and unambiguous authority, accountability, and responsibility defined for each element so lines of reporting/escalation are clear and conflicting objectives can be mediated.
    3. Provide Unbiased Oversight The ISSC should vet the organization’s systematic monitoring processes to make certain there is adherence to defined risk tolerance levels and ensure that monitoring is appropriately independent from the personnel responsible for implementing and managing the security program.
    4. Optimize Security Value Delivery Optimized value delivery occurs when strategic objectives for security are achieved and the organization’s acceptable risk posture is attained at the lowest possible cost. This requires constant attention to ensure controls are commensurate with any changes in risk level or appetite.

    Formalize the most important governance functions for your organization

    Creation of an ISSC is deemed the most important governance and oversight practice that a CISO can implement, based on polling of IT security leaders analyzing the evolving role of the CISO.

    Relatedly, other key governance practices reported – status updates, upstream communications, and executive-level sponsorship – are within the scope of what organizations traditionally formalize when establishing their ISSC.

    Vertical bar chart highlighting the most important governance functions according to respondents. The y axis is labelled 'Percentage of Respondents' with the values 0%-60%, and the x axis is labelled 'Governance and Oversight Practices'. Bars are organized from highest percentage to lowest with 'Creation of cross-functional committee to oversee security strategy' at 56%, 'Regularly scheduled reporting on the state of security to stakeholders' at 55%, 'Upstream communication channel from security leadership to CEO' at 46%, and 'Creation of program charter approved by executive-level sponsor' at 37%. Source: Ponemon Institute, 2017; N=184 organizations; 660 respondents.

    Despite the clear benefits of an ISSC, organizations are still falling short

    83% of organizations have not established formal steering committees to evaluate the business impact and risks associated with security decisions. (Source: 2017 State of Cybersecurity Metrics Report)

    70% of organizations have delegated cybersecurity oversight to other existing committees, providing security limited agenda time. (Source: PwC 2017 Annual Corporate Director Survey)

    "This is a group of risk managers an institution would bring together to deal with a response anyway. Having them in place to do preventive discussions and formulate policy to mitigate the liability sets and understand compliance obligations is just powerful." (Kirk Bailey, CISO, University of Washington)

    Prevent the missteps that make 9 out of 10 steering committees unsuccessful

    Why Do Steering Committees Fail?

    1. A lack of appetite for a steering committee from business partners. An effective ISSC requires participation from core members of the organization’s leadership team. The challenge is that most business partners don’t understand the benefits of an ISSC and the responsibilities aren’t tailored to participants’ needs or interests. It’s the CISO’s (or senior IT/security leader’s) responsibility to make this case to stakeholders and right-size the committee responsibilities and membership.
    2. ISSC committees are given inappropriate responsibilities. The steering committee is fundamentally about decision making; it’s not a working committee. Security leadership typically struggles with clarifying these responsibilities on two fronts: either the responsibilities are too vague and there is no clear way to execute on them within a meeting or responsibilities are too tactical and require knowledge that participants do not have. Responsibilities should determine who is on the ISSC, not the other way around.
    3. Lack of process around execution. An ISSC is only valuable if members are able to successfully execute on its mandate. Without well-defined processes it becomes nearly impossible for the ISSC to be actionable. As a result, participants lack the information they need to make critical decisions, agendas are unmet, and meetings are seen as a waste of time.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Improve Security Governance With a Security Steering Committee – project overview

    1. Define Committee Purpose and Responsibilities

    2. Determine Information Flows, Membership & Accountabilities

    3. Operate the Information Security Steering Committee

    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Tailor Info-Tech’s Information Security Steering Committee Charter Template to define terms of reference for the ISSC

    1.2 Conduct a SWOT analysis of your information security governance capabilities

    1.3 Identify the responsibilities and duties of the ISSC

    1.4 Draft the committee purpose statement of your ISSC

    2.1 Define your SIPOC model for each of the ISSC responsibilities

    2.2 Identify committee participants and responsibility cadence

    2.3 Define ISSC participant RACI for each of the responsibilities

    3.1 Define the ISSC meeting agendas and procedures

    3.2 Define which metrics you will report to the ISSC

    3.3 Hold a kick-off meeting with your ISSC members to explain the process, responsibilities, and goals

    3.4 Tailor the Information Security Steering Committee Stakeholder Presentation template

    3.5 Present the information to the security leadership team

    3.6 Schedule your first meeting of the ISSC

    Guided Implementations

    • Identify the responsibilities and duties of the ISSC.
    • Draft the committee purpose of the ISSC.
    • Determine SIPOC modeling of information flows.
    • Determine accountabilities and responsibilities.
    • Set operational standards.
    • Determine effectiveness metrics.
    • Steering committee best practices.
    Associated Activity icon

    Onsite Workshop

    This blueprint can be combined with other content for onsite engagements, but is not a standalone workshop.
    Phase 1 Outcome:
    • Determine the purpose and responsibilities of your information security steering committee.
    Phase 2 Outcome:
    • Determine membership, accountabilities, and information flows to enable operational excellence.
    Phase 3 Outcome:
    • Define agendas and standard procedures to operate your committee.
    • Design an impactful stakeholder presentation.

    Improve Security Governance With a Security Steering Committee

    PHASE 1

    Define Committee Purpose and Responsibilities

    Phase 1: Define Committee Purpose and Responsibilities

    ACTIVITIES:

    • 1.1 Tailor Info-Tech’s Information Security Steering Committee Charter Template to define terms of reference for the ISSC
    • 1.2 Conduct a SWOT analysis of your information security governance capabilities
    • 1.3 Identify the responsibilities and duties of the ISSC
    • 1.4 Draft the committee purpose statement for your ISSC

    OUTCOMES:

    • Conduct an analysis of your current information security governance capabilities and identify opportunities and weaknesses.
    • Define a clear scope of purpose and responsibilities for your ISSC.
    • Begin to customize your ISSC charter.

    Info-Tech Insight

    Balance vision with direction. Purpose and responsibilities should be defined so that they encompass your mission and objectives to the enterprise in clear terms, but provide enough detail that you can translate the charter into operational plans for the security team.

    Tailor Info-Tech’s Information Security Steering Committee Charter Template to define terms of reference for the ISSC

    Supporting Tool icon 1.1

    A charter is the organizational mandate that outlines the purpose, scope, and authority of the ISSC. Without a charter, the steering committee’s value, scope, and success criteria are unclear to participants, resulting in unrealistic stakeholder expectations and poor organizational acceptance.

    Start by reviewing Info-Tech’s template. Throughout the next two sections we will help you to tailor its contents.

    • Committee Purpose: The rationale, benefits of, and overall function of the committee.
    • Organization and Membership: Who is on the committee and how is participation measured against organizational need.
    • Responsibilities and Duties: What tasks/decisions the accountable committee is making.
    • RACI: Who is accountable, responsible, consulted, and informed regarding each responsibility.
    • Committee Procedures and Agendas: Includes how the committee will be organized and how the committee will interact and communicate with interested parties.
    Sample of the Info-Tech deliverable 'Information Security Steering Committee Charter Template'.

    Download the Information Security Steering Committee Charter to customize your organization’s charter

    Conduct a SWOT analysis of your information security governance capabilities

    Associated Activity icon 1.2

    INPUT: Survey outcomes, Governance overview handouts

    OUTPUT: SWOT analysis, Top identified challenges and opportunities

    1. Hold a meeting with your IT leadership team to conduct a SWOT analysis on your current information security governance capabilities.
    2. In small groups, or individually, have each group complete a SWOT analysis for one of the governance areas. For each consider:
      • Strengths: What is currently working well in this area?
      • Weaknesses: What could you improve? What are some of the challenges you’re experiencing?
      • Opportunities: What are some organizational trends that you can leverage? Consider whether your strengths or weaknesses could create opportunities.
      • Threats: What are some key obstacles across people, process, and technology?
    3. Have each team or individual rotate until each person has contributed to each SWOT. Add comments from the stakeholder survey to the SWOT.
    4. As a group, rank the inputs from each group and highlight the top five challenges and the top five opportunities you see for improvement.

    Identify the responsibilities and duties of the ISSC

    Associated Activity icon 1.3

    INPUT: SWOT analysis, Survey reports

    OUTPUT: Defined ISSC responsibilities

    1. With your security leadership team, review the typical responsibilities of the ISSC on the following slides (also included in the templated text of the charter linked below).
    2. Print off the following two slides, and in small teams or individually, identify which responsibilities the ISSC should have in your organization, brainstorm any additional responsibilities, and document reasoning.
    3. Have each team present to the larger group, track the similarities and differences between each of the groups, and come to consensus on the list of categories and responsibilities.
    4. Complete a sanity check: review your SWOT analysis. Do the responsibilities you’ve identified resolve the critical challenges or weaknesses?
    5. As a group, consider the responsibilities and whether you can reasonably implement those in one year or if there are any that will need to wait until year two of the committee.

    Add or modify responsibilities in Info-Tech’s Information Security Steering Committee Charter.

    Typical ISSC responsibilities and duties

    Use the following list of responsibilities to customize the list of responsibilities your ISSC may take on. These should link directly to the Responsibilities and Duties section of your ISSC charter.

    Strategic Oversight

    • Provide oversight and ensure alignment between information security strategy and company objectives.
    • Assess the adequacy of resources and funding to sustain and advance successful security programs and practices for identifying, assessing, and mitigating cybersecurity risks across all business functions.
    • Review controls to prevent, detect, and respond to cyber-attacks or information or data breaches involving company electronic information, intellectual property, data, or connected devices.
    • Review the company’s cyberinsurance policies to ensure appropriate coverage.
    • Provide recommendations, based on security best practices, for significant technology investments.

    Policy Governance

    • Review company policies pertaining to information security and cyberthreats, taking into account the potential for external threats, internal threats, and threats arising from transactions with trusted third parties and vendors.
    • Review privacy and information security policies and standards and the ramifications of updates to policies and standards.
    • Establish standards and procedures for escalating significant security incidents to the ISSC, board, other steering committees, government agencies, and law enforcement, as appropriate.

    Typical ISSC responsibilities and duties (continued)

    Use the following list of responsibilities to customize the list of responsibilities your ISSC may take on. These should link directly to the Responsibilities and Duties section of your ISSC charter.

    Risk Governance

    • Review and approve the company’s information risk governance structure and key risk management processes and capabilities.
    • Assess the company’s high-risk information assets and coordinate planning to address information privacy and security needs.
    • Provide input to executive management regarding the enterprise’s information risk appetite and tolerance.
    • Review the company’s cyber-response preparedness, incident response plans, and disaster recovery capabilities as applicable to the organization’s information security strategy.
    • Promote an open discussion regarding information risk and integrate information risk management into the enterprise’s objectives.

    Monitoring & Reporting

    • Receive periodic reports and coordinate with management on the metrics used to measure, monitor, and manage cyber and IT risks posed to the company and to review periodic reports on selected risk topics as the Committee deems appropriate.
    • Review reports provided by the IT organization regarding the status of and plans for the security of the company’s data stored on internal resources and with third-party providers.
    • Monitor and evaluate the quality and effectiveness of the company’s technology security, capabilities for disaster recovery, data protection, cyberthreat detection and cyber incident response, and management of technology-related compliance risks.

    Review the organization’s security strategy to solidify understanding of the ISSC’s purpose

    The ISSC should consistently evolve to reflect the strategic purpose of the security program. If you completed Info-Tech’s Security Strategy methodology, review the results to inform the scope of your committee. If you have not completed Info-Tech’s methodology, determining these details should be achieved through iterative stakeholder consultations.

    Strategy Components

    ISSC Considerations

    Security Pressure Analysis

    Review the ten security domains and your organization’s pressure levels to review the requisite maturity level of your security program. Consider how this may impact the focus of your ISSC.

    Security Drivers/Obligations

    Review how your security program supports the attainment of the organization’s business objectives. By what means should the ISSC support these objectives? This should inform the rationale, benefits, and overall function of the committee.

    Security Strategy Scope and Boundaries

    Consider the scope and boundaries of your security program to reflect on what the program is responsible for securing. Is this reflected adequately in the language of the committee’s purpose? Should components be added or redacted?

    Draft the committee purpose statement of your ISSC

    Associated Activity icon 1.4

    INPUT: SWOT Analysis, Security Strategy

    OUTPUT: ISSC Committee Purpose

    1. In a meeting with your IT leadership team – and considering the organization’s security strategy, defined responsibilities, and opportunities and threats identified – review the example goal statement in the Information Security Steering Committee Charter, and identify whether any of these statements apply to your organization. Select the statements that apply and collaboratively make any changes needed.
    2. Define unique goal statements by considering the following questions:
      • What three things would you realistically list for the ISSC to achieve?
      • If you were to accomplish three things in the next year, what would those be?
    3. With those goal statements in mind, consider the overall purpose of the committee. The purpose statement should be a reflection of what the committee does, why, and the goals.
    4. Have each individual review the example purpose statement and draft what they think a good purpose statement would be.
    5. Present each statement, and work together to determine a best-of-breed statement.

    Alter the Committee Purpose section in the Information Security Steering Committee Charter.

    Deliver on Your Digital Product Vision

    • Buy Link or Shortcode: {j2store}351|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $133,318 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Product organizations are under pressure to align the value they provide to the organization’s goals and overall company vision.
    • You need to clearly convey your direction, strategy, and tactics to gain alignment, support, and funding from your organization.
    • Products require continuous additions and enhancements to sustain their value. This requires detailed, yet simple communication to a variety of stakeholders.

    Our Advice

    Critical Insight

    • A vision without tactics is an unsubstantiated dream, while tactics without a vision is working without a purpose. You need to have a handle on both to achieve outcomes that are aligned with the needs of your organization.

    Impact and Result

    • Recognize that a vision is only as good as the data that backs it up – lay out a comprehensive backlog with quality built-in that can be effectively communicated and understood through roadmaps.
    • Your intent is only a dream if it cannot be implemented – define what goes into a release plan via the release canvas.
    • Define a communication approach that lets everyone know where you are heading.

    Deliver on Your Digital Product Vision Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a digital product vision that you can stand behind. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a digital product vision

    Define a digital product vision that takes into account your objectives, business value, stakeholders, customers, and metrics.

    • Deliver on Your Digital Product Vision – Phase 1: Define a Digital Product Vision
    • Digital Product Strategy Template
    • Digital Product Strategy Supporting Workbook

    2. Build a better backlog

    Build a structure for your backlog that supports your product vision.

    • Deliver on Your Digital Product Vision – Phase 2: Build a Better Backlog
    • Product Backlog Item Prioritization Tool

    3. Build a product roadmap

    Define standards, ownership for your backlog to effectively communicate your strategy in support of your digital product vision.

    • Deliver on Your Digital Product Vision – Phase 3: Build a Product Roadmap
    • Product Roadmap Tool

    4. Release and deliver value

    Understand what to consider when planning your next release.

    • Deliver on Your Digital Product Vision – Phase 4: Release and Deliver Value

    5. Communicate the strategy – make it happen

    Build a plan for communicating and updating your strategy and where to go next.

    • Deliver on Your Digital Product Vision – Phase 5: Communicate the Strategy – Make It Happen!

    Infographic

    Workshop: Deliver on Your Digital Product Vision

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define a Digital Product Vision

    The Purpose

    Understand the elements of a good product vision and the pieces that back it up.

    Key Benefits Achieved

    Provide a great foundation for an actionable vision and goals people can align to.

    Activities

    1.1 Build out the elements of an effective digital product vision

    Outputs

    Completed product vision definition for a familiar product via the product canvas

    2 Build a Better Backlog

    The Purpose

    Define the standards and approaches to populate your product backlog that support your vision and overall strategy.

    Key Benefits Achieved

    A prioritized backlog with quality throughout that enables alignment and the operationalization of the overall strategy.

    Activities

    2.1 Introduction to key activities required to support your digital product vision

    2.2 What do we mean by a quality backlog?

    2.3 Explore backlog structure and standards

    2.4 Define backlog data, content, and quality filters

    Outputs

    Articulate the activities required to support the population and validation of your backlog

    An understanding of what it means to create a quality backlog (quality filters)

    Defining the structural elements of your backlog that need to be considered

    Defining the content of your backlog and quality standards

    3 Build a Product Roadmap

    The Purpose

    Define standards and procedures for creating and updating your roadmap.

    Key Benefits Achieved

    Enable your team to create a product roadmap to communicate your product strategy in support of your digital product vision.

    Activities

    3.1 Disambiguating backlogs vs. roadmaps

    3.2 Defining audiences, accountability, and roadmap communications

    3.3 Exploring roadmap visualizations

    Outputs

    Understand the difference between a roadmap and a backlog

    Roadmap standards and agreed-to accountability for roadmaps

    Understand the different ways to visualize your roadmap and select what is relevant to your context

    4 Define Your Release, Communication, and Next Steps

    The Purpose

    Build a release plan aligned to your roadmap.

    Key Benefits Achieved

    Understand what goes into defining a release via the release canvas.

    Considerations in communication of your strategy.

    Understand how to frame your vision to enable the communication of your strategy (via an executive summary).

    Activities

    4.1 Lay out your release plan

    4.2 How to introduce your product vision

    4.3 Communicate changes to your strategy

    4.4 Where do we get started?

    Outputs

    Release canvas

    An executive summary used to introduce other parties to your product vision

    Specifics on communication of the changes to your roadmap

    Your first step to getting started

    Define Your Virtual and Hybrid Event Requirements

    • Buy Link or Shortcode: {j2store}64|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    Your organization is considering holding an event online, or has been, but:

    • The organization (both on the business and IT sides) may not have extensive experience hosting events online.
    • It is not immediately clear how your formerly in-person event’s activities translate to a virtual environment.
    • Like the work-from-home transformation, bringing events online instantly expands IT’s role and responsibilities.

    Our Advice

    Critical Insight

    If you don't begin with strategy, you will fit your event to technology, instead of the other way around.

    Impact and Result

    To determine your requirements:

    • Determine the scope of the event.
    • Narrow down your list of technical requirements.
    • Use Info-Tech’s Rapid Application Selection Framework to select the right software solution.

    Define Your Virtual and Hybrid Event Requirements Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define Your Virtual and Hybrid Event Requirements Storyboard – Use this storyboard to work through key decision points involved in creating digital events.

    This deck walks you through key decision points in creating virtual or hybrid events. Then, begin the process of selecting the right software by putting together the first draft of your requirements for a virtual event software solution.

    • Define Your Virtual and Hybrid Event Requirements Storyboard

    2. Virtual Events Requirements Tool – Use this tool to begin selecting your requirements for a digital event solution.

    The business should review the list of features and select which ones are mandatory and which are nice to have or optional. Add any features not included.

    • Virtual/Hybrid Event Software Feature Analysis Tool
    [infographic]

    Further reading

    Define Your Virtual and Hybrid Event Requirements

    Accelerate your event scoping and software selection process.

    Analyst Perspective

    When events go virtual, IT needs to cover its bases.

    The COVID-19 pandemic imposed a dramatic digital transformation on the events industry. Though event ticket and registration software, mobile event apps, and onsite audio/visual technology were already important pieces of live events, the total transformation of events into online experiences presented major challenges to organizations whose regular business operations involve at least one annual mid-sized to large event (association meetings, conferences, trade shows, and more).

    Many organizations worked to shift to online, or virtual events, in order to maintain business continuity. As time went on, and public gatherings began to restart, a shift to “hybrid” events began to emerge—events that accommodate both in-person and virtual attendance. Regardless of event type, this pivot to using virtual event software, or digital event technology, brings events more closely into IT’s areas of responsibility. If you don't begin with strategy, you risk fitting your event to technology, instead of the other way around.

    If virtual and hybrid events are becoming standard forms of delivering content in your organization, use Info-Tech’s material to help define the scope of the event and your requirements, and to support your software selection process.

    Photo of Emily Sugerman
    Emily Sugerman
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The organization (both on the business and IT sides) may not have extensive experience hosting events online.

    It is not immediately clear how a formerly in-person event’s activities translate to a virtual environment.

    Like the work-from-home transformation, bringing events online expands IT’s role and responsibilities.

    Common Obstacles

    It is not clear what technological capabilities are needed for the event, which capabilities you already own, and what you may need to purchase.

    Though virtual events remove some barriers to attendance (distance, travel), it introduces new complications and considerations for planners.

    Hybrid events introduce another level of complexity.

    Info-Tech’s Approach

    In order to determine your requirements:

    Determine the scope of the event.

    Narrow down your list of technical requirements.

    Use Info-Tech’s Rapid Application Selection Framework to select the right software solution.

    Info-Tech Insight

    If you don't begin with strategy, you will fit your event to technology, instead of the other way around.

    Your challenge

    The solution you have been using for online events does not meet your needs.

    Though you do have some tools that support large meetings, it is not clear if you require a larger and more comprehensive virtual event solution. There is a need to determine what type of technology you might need to purchase versus leveraging what you already have.

    It is difficult to quickly and practically identify core event requirements and how they translate into technical capabilities.

    Maintaining or improving audience engagement is a perpetual challenge for virtual events.

    38%
    of event professionals consider virtual event technology “a tool for reaching a wider audience as part of a hybrid strategy.”

    21%
    consider it “a necessary platform for virtual events, which remain my go-to event strategy.”

    40%
    prioritize “mid-budget all-in-one event tech solution that will prevent remote attendees from feeling like second-class participants.”

    Source: Virtual Event Tech Guide, 2022

    Common obstacles

    These barriers make this challenge difficult to address for many organizations.

    Events with networking objectives are not always well served by webinars, which are traditionally more limited in their interactive elements.

    Events that include the conducting of organizational/association business (like voting) may have bylaws that make selecting a virtual solution more challenging.

    Maintaining attendee engagement is more challenging in a virtual environment.

    Prior to the pandemic, your organization may not have been as experienced in putting on fully virtual events, putting more responsibility in your corner as IT. Navigating virtual events can also require technological competencies that your attendee userbase may not universally possess.

    Technological limitations and barriers to access can exclude potential attendees just as much as bringing events online can open up attendance to new audiences.

    Opportunity: Virtual events can significantly increase an event’s reach

    Events held virtually during the pandemic noted significant increases in attendees.

    “We had 19,000 registrations from all over the world, almost 50 times the number of people we had expected to host in Amsterdam. . . . Most of this year’s [2020] attendees would not have been able to participate in a physical GrafanaCon in Amsterdam. That was a huge win.” – Raj Dutt, Grafana Labs CEO[5]

    Event In-person Online 2022
    Microsoft Build 2019: 6,000 attendees 2020: 230,000+ registrants[1] The 2022 conference was also held virtually[3]
    Stanford Institute for Human-Centered Artificial Intelligence A few hundred attendees expected for the original (cancelled) 2020 in-person conference 2020: 30,000 attendees attended the “COVID-19 and AI” virtual conference[2] The 2022 Spring Conference was a hybrid event[4]

    [1] Kelly, 2020; [2] Price, 2020; [3] Stanford Digital Economy Lab, 2022; [4] Warren, 2022; [5] Fast Company, 2020

    Info-Tech’s methodology for defining virtual/hybrid event requirements

    A diagram that shows defining event scope, creating list of requirements, and selecting software.

    Event planning phases

    Apply project management principles to your virtual/hybrid event planning process.

    Online event planning should follow the same established principles as in-person event planning.
    Align the event’s concept and objectives with organizational goals.

    A diagram of event planning phases
    Source: Adapted from Event Management Body of Knowledge, CC BY 4.0

    Gather inputs to the planning processes

    Acquire as much of this information as possible before you being the planning process.

    Budget: Determine your organization’s budget for this event to help decide the scope of the event and the purchasing decisions you make as you plan.

    Internal human resources: Identify who in your organization is usually involved in the organization of this event and if they are available to organize this one.

    List of communication and collaboration tools: Acquire the list of the existing communication and collaboration tools you are currently licensed for. Ensure you know the following information about each tool:

    • Type of license
    • License limitations (maximum number of users)
    • Internal or external-facing tool (or capable of both)
    • Level of internal training and competency on the tool

    Decision point: Relate event goals to organizational goals

    What is driving the event?

    Your organization may hold a variety of in-person events that you now wish, for various reasons, to hold fully or partially online. Each event likely has a slightly different set of goals.

    Before getting into the details of how to transition your event online, return to the business/organizational goals the event is serving.

    Ensure each event (and each component of each event) maps back to an organizational goal.

    If a component of the event does not align to an organizational goal, assess whether it should remain as part of the event.

    Common organizational goals

    • Increase revenue
    • Increase productivity
    • Attract and retain talent
    • Improve change management
    • Carry out organizational mission
    • Identify new markets
    • Increase market share
    • Improve customer service
    • Launch new product/service

    Common event goals

    • Education/training
    • Knowledge transfer
    • Decision making
    • Professional development
    • Sales/lead generation
    • Fundraising
    • Entertainment
    • Morale boosting
    • Recognition of achievement

    Decision point: Identify your organization’s digital event vision

    What do you want the outcome of this event to be?

    Attendee goals: Who are your attendees? Why do they attend this event? What attendee needs does your event serve? What is your event’s value proposition? Are they intrinsically or extrinsically motivated to attend?

    Event goals: From the organizer perspective, why do you usually hold this event? Who are your stakeholders?

    Organizational goals: How do the event goals map to your organizational goals? Is there a clear understanding of what the event’s larger strategic purpose is.

    Common attendee goals

    Education: our attendees need to learn something new that they cannot learn on their own.
    Networking: our attendees need to meet people and make new professional connections.
    Professional development: our attendees have certain obligations to keep credentials updated or to present their work publicly to advance their careers.
    Entertainment: our attendees need to have fun.
    Commerce: our attendees need to buy and sell things.

    Decision point: Level of external event production

    Will you be completely self-managed, reliant on external event production services, or somewhere in the middle?

    You can review this after working through the other decision points and the scope becomes clearer.

    A diagram that shows Level of external event production, comparing Completely self-managed vs Fully externally-managed.

    Decision point: Assign event planning roles

    Who will be involved in planning the event? Fill/combine these roles as needed.

    Planning roles Description
    Project manager Shepherd event planning until completion while ensuring project remains on schedule and on budget.
    Event manager Correspond with presenters during leadup to event, communicate how to use online event tools/platform, perform tests with presenters/exhibitors, coordinate digital event staff/volunteers.
    Program planner Select the topics, speakers, activity types, content, streams.
    Designer and copywriter Design the event graphics; compose copy for event website.
    Digital event technologist Determine event technology requirements; determine how event technology fits together; prepare RFP, if necessary, for new hardware/software.
    Platform administrator Set up registration system/integrate registrations into platform(s) of choice; upload video files and collateral; add livestream links; add/delete staff roles and set controls and permissions; collect statistics and recordings after event.
    Commercial partner liaison Recruit sponsors and exhibitors (offer sponsorship packages); facilitate agreement/contract between commercial partners and organization; train commercial partners on how to use event technology; retrieve lead data.
    Marketing/social media Plan and execute promotional campaigns (email, social media) in the lead up to, and during, the event. Post-event, send follow-up communications, recording files, and surveys.

    Decision point: Assign event production roles

    Who will be involved in running the event?

    Event production roles Description
    Hosts/MCs Address attendees at beginning and end of event, and in-between sessions
    Provide continuity throughout event
    Introduce sessions
    Producers Prepare presenters for performance
    Begin and end sessions
    Use controls to share screens, switch between feeds
    Send backchannel messages to presenters (e.g., "Up next," "Look into webcam")
    Moderators Admit attendees from waiting room
    Moderate incoming questions from attendees
    Manage slides
    Pass questions to host/panelists to answer
    Moderate chat
    IT support Manage event technology stack
    Respond to attendee technical issues
    Troubleshoot network connectivity problems
    Ensure audio and video operational
    Start and stop session recording
    Save session recordings and files (chat, Q&As)

    Decision point: Map attendee goals to event goals to organizational goals

    Input: List of attendee benefits, List of event goals, List of organizational goals
    Output: Ranked list of event goals as they relate to attendee needs and organizational goals
    Materials: Whiteboard/flip charts
    Participants: Planning team

    1. Define attendee benefits:
      1. List the attendee benefits derived from your event (as many as possible).
      2. Rank attendee benefits from most to least important.
    2. Define event goals:
      1. List your event goals (as many as possible).
      2. Draw a connecting line to your ranked list of attendee benefits.
      3. Identify if any event goals exist with no clear relationship to attendee benefits. Discuss whether this event goal needs to be re-envisioned. If it connects to no discernible attendee benefits, consider removing it. Otherwise, figure out what attendee benefits the event goal provides.
    3. Define organizational goals:
      1. Acquire a list of your organization’s main strategic goals.
      2. Draw a connecting line from each event goal to the organizational goal it supports.
      3. If most of your event goals do not immediately seem to support an organizational goal, discuss why this is. Try to find the connection. If you cannot, discuss whether the event should proceed or be rethought.

    Decision point: Break down your event into its constituent components

    Identify your event archetype

    Decompose the event into its component parts

    Identify technical requirements that help meet event goals

    Benefits:

    • Clarify how formerly in-person events map to virtual archetypes.
    • Ensure your virtual event planning is anchored to organizational goals from the outset.
    • Streamline your virtual event tech stack planning later.

    Decision point: Determine your event archetype

    Analyze your event’s:

    • Main goals.
    • The components and activities that support those goals.
    • How these components and activities fall into people- vs. content-centric activities, and real-time vs. asynchronous activities.
    1. Conference
    2. Trade show
    3. Annual general meeting
    4. Department meeting
    5. Town hall
    6. Workshop

    A diagram that shows people- vs. content-centric activities, and real-time vs. asynchronous activities

    Info-Tech Insight

    Begin the digital event planning process by understanding how your event’s content is typically consumed. This will help you make decisions later about how best to deliver the content virtually.

    Conference

    Goals: Education/knowledge transfer; professional advancement; networking.

    Major content

    • Call for proposals/circulation of abstracts
    • Keynotes or plenary address: key talk addressed to large audience
    • Panel sessions: multiple panelists deliver address on common theme
    • Poster sessions: staffed/unstaffed booths demonstrate visualization of major research on a poster
    • Association meetings (see also AGM archetype): professional associations hold AGM as one part of a larger conference agenda

    Community

    • Formal networking (happy hours, social outings)
    • Informal networking (hallway track, peer introductions)
    • Business card exchange
    • Pre- and post-event correspondence

    Commercial Partners

    • Booth reps: Publishing or industry representatives exhibit products/discuss collaboration

    A quadrants matrix of conference

    Trade show

    Objectives: Information transfer; sales; lead generation.

    Major content

    • Live booth reps answer questions
    • Product information displayed
    • Promotional/information material distributed
    • Product demonstrations at booths or onstage
    • Product samples distributed to attendees

    Community interactions

    • Statements of intent to buy
    • Lead generation (badge scanning) of booth visitors
    • Business card exchange
    • Pre- and post-event correspondence

    A quadrants matrix of Trade show

    Annual general meeting

    Objectives: Transparently update members; establish governance and alignment.

    Meeting events

    • Updates provided to members on organization’s activities/finances
    • Decisions made regarding organization’s direction
    • Governance over organization established (elections)
    • Speakers addressing large audience from stage
    • In-camera sessions
    • Translation of proceedings
    • Real-time weighted voting
    • Minutes taken during meeting

    Administration

    • Notice given of meeting within mandated time period
    • Agenda circulated prior to meeting
    • Distribution of proxy material
    • Minutes distributed

    A quadrants matrix of Annual general meeting

    Department meeting

    Objectives: Information transfer of company agenda/initiatives; group decision making.

    Major content

    • Agenda circulated prior to meeting
    • Updates provided from senior management/leadership to employees on organization’s initiatives and direction
    • Employee questions and feedback addressed
    • Group decision making
    • Minutes taken during meeting
    • Minutes or follow-up circulated

    A quadrants matrix of department meeting

    Town hall meeting

    Objectives: Update public; answer questions; solicit feedback.

    Major content

    • Public notice of meeting announced
    • Agenda circulated prior to meeting
    • Speakers addressing large audience from stage
    • Presentation of information pertinent to public interest
    • Audience members line up to ask questions/provide feedback
    • Translation of proceedings
    • Recording of meeting archived

    A quadrants matrix of Town hall meeting

    Workshop

    Objectives: Make progress on objective; achieve consensus; knowledge transfer.

    Major content

    • Scheduling of workshop
    • Agenda circulated prior to meeting
    • Facilitator leads group activities
    • Participants develop alignment on project
    • Progress achieved on workshop project
    • Feedback on workshop shared with facilitator

    A quadrants matrix of Workshop

    Decision point: Analyze your event’s purpose and value

    Use the event archetypes to help you identify your event’s core components and value proposition.

    1. Attendee types: Who typically attends your event? Exclusively internal participants? External participants? A mix of the two?
    2. Communication: How do participants usually communicate with each other during this event? How do they communicate with the event organizers? Include both formal types of communication (listening to panel sessions) and informal (serendipitous conversations in the hallway).
    3. Connection: What types of connections do your attendees need to experience? (networking with peers; interactions with booth reps; consensus building with colleagues).
    4. Exchange of material: What kind of material is usually exchanged at this event and between whom? (Pamphlets, brochures, business cards, booth swag).
    5. Engagement: How do you usually retain attendees' attention and make sure they remain engaged throughout the event?
    6. Length: How long does the event typically last?
    7. Location and setup: Where does the event usually take place and who is involved in its setup?
    8. Success metrics: How do you usually measure your event's success?

    Info-Tech Insight

    Avoid trying to exactly reproduce the formerly in-person event online. Instead, identify the value proposition of each event component, then determine what its virtual expression could be.

    Example: Trade show

    Goals: Information transfer; sales; lead generation.

    1. Identify event component(s)
    2. Document its face-to-face expression(s)
    3. Identify the expression’s value proposition
    4. Translate the value proposition to a virtual component that facilitates overall event goal

    Event component

    Face-to-face expression

    Value proposition of component

    Virtual expression

    Attendee types Paying attendees Revenue for event organizer; sales and lead generation for booth rep Access to virtual event space
    Attendee types Booth rep Revenue for event organizer; information source for paying attendees Access to virtual event space
    Communication/connection Conversation between booth rep and attendee Lead generation for booth rep; information to inform decision making for attendee Ability to enter open video breakout session staffed by booth reps OR

    Ability to schedule meeting times with booth rep

    Multiple booth reps on hand to monitor different elements of the booth (one person to facilitate the discussion over video, another to monitor chat and Q&A)
    Communication/connection Serendipitous conversation between attendees Increased attendee contacts; fun Multiple attendees can attend the booth’s breakout session simultaneously and participate in web conferencing, meeting chat, or submit questions to Q&A
    Communication/connection Badges scanned at booth/email sign-up sheets filled out at table Lead generation for exhibitors List of visitors to booth shared with exhibitor (if consent given by attendees)

    Ability for attendees to request to be contacted for more information
    Exchange of material Catering (complimentary coffee, pastries) Obviate the need for attendees to leave the event for refreshments N/A: not included in virtual event
    Exchange of material Pamphlets, product literature, swag Portable information for attendee decision making Downloadable files (pdf)
    Location Responsibility of both the organizers (tables, chairs, venue) and booth reps (posters, handouts) Booth reps need a dedicated space where they can be easily found by attendees and advertise themselves Booth reps need access to virtual platform to upload files, images, provide booth description
    Engagement Attendees able to visit all booths by strolling through space Event organizers have a captive audience who is present in the immediacy of the event site Attendees motivated to stay in the event space and attend booths through gamification strategies (points awarded for number of booths visited or appointments booked)
    Length of event 2 full days Attendees travel to event site and spend the entire 2 days at the event, allowing them to be immersed in the event and absorb as much information in as little time as possible Exhibitors’ visiting hours will be scheduled so they work for both attendees attending in Eastern Standard Time and Pacific Time
    Metrics for success -Positive word of mouth
    -Number of registrations
    These metrics can be used to advertise to future exhibitors and attendees Number of virtual booths visited

    Number of file downloads

    Survey sent to attendees after event (favorite booths, preferred way to interact with exhibitors, suggestions for improvement, most valuable part of experience)

    Plan your metrics

    Use the analytics and reporting features available in your event technology toolset to capture the data you want to measure. Decide how each metric will impact your planning process for the next event.

    Examples of metrics:

    • Number of overall participants/registrants: Did you have more or fewer registrants/attendees than previous iterations of the event? What is the difference between number of registrants and number of real attendees?
    • Locations of participants: Where are people participating from? How many are attending for the first time? Are there new audiences you can pursue next time?
    • Most/least popular sessions: How long did people stay in the sessions and the event overall?
    • Most/least popular breakout rooms and discussion boards: Which topics should be repeated/skipped next time?
    • Social media mentions: Which topics received the most engagement on social media?
    • Surveys: What do participants report enjoying most? Least?
    • Technical failures: Can your software report on failures? Identify what technical problems arose and prepare a plan to mitigate them next time.

    Ensure the data you capture feeds into better planning for the next event

    Determine compliance requirements

    A greater event reach also means new data privacy considerations, depending on the location of your guests.

    General Data Protection Regulation (GDPR)

    Concerns over the collection of personal electronic data may not have previously been a part of your event planning considerations. However, now that your event is online, it’s wise to explore which data protection regulations apply to you. Remember, even if your organization is not located in the EU, if any of your attendees are European data subjects you may still be required to comply with GDPR, which involves the notification of data collected, allowing for opt-out options and the right to have data purged. The data must be collected for a specific purpose; if that purpose is expired, it can no longer be retained. You also have an obligation to report any breaches.

    Accessibility requirements

    What kind of accessibility laws are you subject to (AODA, WCAG2)? Regardless of compliance requirements, it is a good idea to ensure the online event follows accessibility best practices.

    Decision point: Set event policies

    What event policies need to be documented?
    How will you communicate them to attendees?

    Code of conduct

    One trend in the large event and conference space in recent years has been the development of codes of conduct that attendees are required to abide by to continue participating in the event.
    Now that your event is online, consider whether your code of conduct requires updating. Are there new types of appropriate/inappropriate online behavior that you need to define for your attendees?

    Harassment reporting

    If your organization has an event harassment reporting process, determine how this process will transfer over to the digital event.
    Ensure the reporting process has an owner and a clear methodology to follow to deal with complaints, as well as a digital reporting channel (a dedicated email or form) that is only accessed by approved staff to protect sensitive information.

    Develop a risk management plan

    Plan for how you will mitigate technical risks during your virtual event
    Provide presenters with a process to follow if technical problems arise.

    • Presenter’s internet connection cuts out
    • Attendees cannot log in to event platform
    • Attendees cannot hear/see video feed
    • What process will be followed when technical problems occur: ticketing system; chatbot; generic email accessible by all IT support assigned

    Testing/Rehearsal

    Test audio hardware: Ensure speakers use headphones/earbuds and mics (they do not have to be fancy/expensive). Relying on the computer/laptop mic can lead to more ambient noise and potential feedback problems.

    Check lighting: Avoid backlighting. Reposition speakers so they are not behind windows. Ask them to open/close shades. Add lamps as needed.

    Prevent interruptions: Before the event, ask panelists to turn phone and computer notifications to silent. Put a sign on the door saying Do not Disturb.

    Control audience view of screenshare: If your presenters will be sharing their screens, teach them how this works on the platform they are using. Advise them to exit out of any other application that is not part of their presentation, so they do not share the wrong screen unintentionally. Advise them to remove anything from the desktop that they do not want the audience to see, in case their desktop becomes visible at any point.

    Control audience view of physical environment: Before the event, advise participants to turn their cameras on and examine their backgrounds. Remove anything the audience should not be able to see.

    Test network connectivity: Send the presenters a link to a speed test and check their internet speed.

    Emergency contact: Exchange cell phone numbers for emergency backchannel conversations if problems arise on the day of the event.

    Set expectations: Presenting to an online audience feels very different to a live crowd. Prepare presenters for a lack of applause and lack of ability to see their audience, and that this does not mean the presentation was unsuccessful.

    Identify requirements

    To determine what kind of technical requirements you need to build the virtual expression of your event, consult the Virtual Event Platform Requirements Tool.

    1. If you have determined that the requirements you wish to use for the event exceed the capabilities of your existing communication and collaboration toolset, identify whether these gaps tip the scale toward purchasing a new tool. Use the requirement gaps to make the business case for purchasing a new tool.
    2. Use the Virtual Event Platform Requirements Tool to create a list of requirements.
    3. Consult the Software Reviews category for Virtual Event Platform Data Quadrant and Emotional Footprint reports.
    4. Assemble your documentation for approvals and the Rapid Application Selection Process.

    A photo of Detailed Feature Analysis Worksheet.

    Download the Virtual/Hybrid Event Software Feature Analysis Tool

    Rapid Application Selection Framework and Contract Review

    A photo of Rapid Application Selection Framework
    Launch Info-Tech’s Rapid Application Selection Framework.

    Using the requirements you’ve just gathered as a base, use Info-Tech’s complete framework to improve the efficiency and effectiveness of software selection.

    Once you’ve selected a vendor(s), review the contract. Does it define an exit strategy? Does it define when your data will be deleted? Does it set service-level agreements that you find acceptable? Leverage Info-Tech’s contract review service once you have selected the virtual event solution and have received a contract from the vendor.

    Further research

    Photo of Run Better Meetings
    Run Better Meetings

    Bibliography

    Dutt, Raj. “7 Lessons from This Company’s First-Ever Virtual Conference.” Fast Company, 29 Jul 2020. Web.

    Kelly, Samantha Murphy. “Microsoft Build Proves Splashy Tech Events Can Thrive Online.” CNN, 21 May 2020. Web.

    “Phases.” Event Management Body of Knowledge (EMBOK), n.d. Web.

    Price, Michael. “As COVID-19 Forces Conferences Online, Scientists Discover Upsides of Virtual Format.” Science, 28 Apr 2020. Web.

    “Stanford HAI Spring Conference - Key Advances in Artificial Intelligence.” Stanford Digital Economy Lab, 2022. Web.

    “Virtual Event Tech Guide 2022.” Skift Meetings, April 2022. Web.

    Warren, Tom. “Microsoft Build 2022 Will Take Place May 24th–26th.” The Verge, 30 March 2022. Web.

    Contributors

    6 anonymous contributors

    Combine Security Risk Management Components Into One Program

    • Buy Link or Shortcode: {j2store}376|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $37,798 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Companies are aware of the need to discuss and assess risk, but many struggle to do so in a systematic and repeatable way.
    • Rarely are security risks analyzed in a consistent manner, let alone in a systematic and repeatable method to determine project risk as well as overall organizational risk exposure.

    Our Advice

    Critical Insight

    • The best security programs are built upon defensible risk management. With an appropriate risk management program in place, you can ensure that security decisions are made strategically instead of based on frameworks and gut feelings. This will optimize any security planning and budgeting.
    • All risks can be quantified. Security, compliance, legal, or other risks can be quantified using our methodology.

    Impact and Result

    • Develop a security risk management program to create a standardized methodology for assessing and managing the risk that information systems face.
    • Build a risk governance structure that makes it clear how security risks can be escalated within the organization and who makes the final decision on certain risks.
    • Use Info-Tech’s risk assessment methodology to quantifiably evaluate the threat severity for any new or existing project or initiative.
    • Tie together all aspects of your risk management program, including your information security risk tolerance level, threat and risk assessments, and mitigation effectiveness models.

    Combine Security Risk Management Components Into One Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop and implement a security risk management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish the risk environment

    Lay down the foundations for security risk management, including roles and responsibilities and a defined risk tolerance level.

    • Combine Security Risk Management Components Into One Program – Phase 1: Establish the Risk Environment
    • Security Risk Governance Responsibilities and RACI Template
    • Risk Tolerance Determination Tool
    • Risk Weighting Determination Tool

    2. Conduct threat and risk assessments

    Define frequency and impact rankings then assess the risk of your project.

    • Combine Security Risk Management Components Into One Program – Phase 2: Conduct Threat and Risk Assessments
    • Threat and Risk Assessment Process Template
    • Threat and Risk Assessment Tool

    3. Build the security risk register

    Catalog an inventory of individual risks to create an overall risk profile.

    • Combine Security Risk Management Components Into One Program – Phase 3: Build the Security Risk Register
    • Security Risk Register Tool

    4. Communicate the risk management program

    Communicate the risk-based conclusions and leverage these in security decision making.

    • Combine Security Risk Management Components Into One Program – Phase 4: Communicate the Risk Management Program
    • Security Risk Management Presentation Template
    • Security Risk Management Summary Template
    [infographic]

    Workshop: Combine Security Risk Management Components Into One Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Risk Environment

    The Purpose

    Build the foundation needed for a security risk management program.

    Define roles and responsibilities of the risk executive.

    Define an information security risk tolerance level.

    Key Benefits Achieved

    Clearly defined roles and responsibilities.

    Defined risk tolerance level.

    Activities

    1.1 Define the security executive function RACI chart.

    1.2 Assess business context for security risk management.

    1.3 Standardize risk terminology assumptions.

    1.4 Conduct preliminary evaluation of risk scenarios to determine your risk tolerance level.

    1.5 Decide on a custom risk factor weighting.

    1.6 Finalize the risk tolerance level.

    1.7 Begin threat and risk assessment.

    Outputs

    Defined risk executive functions

    Risk governance RACI chart

    Defined quantified risk tolerance and risk factor weightings

    2 Conduct Threat and Risk Assessments

    The Purpose

    Determine when and how to conduct threat and risk assessments (TRAs).

    Complete one or two TRAs, as time permits during the workshop.

    Key Benefits Achieved

    Developed process for how to conduct threat and risk assessments.

    Deep risk analysis for one or two IT projects/initiatives.

    Activities

    2.1 Determine when to initiate a risk assessment.

    2.2 Review appropriate data classification scheme.

    2.3 Identify system elements and perform data discovery.

    2.4 Map data types to the elements.

    2.5 Identify STRIDE threats and assess risk factors.

    2.6 Determine risk actions taking place and assign countermeasures.

    2.7 Calculate mitigated risk severity based on actions.

    2.8 If necessary, revisit risk tolerance.

    2.9 Document threat and risk assessment methodology.

    Outputs

    Define scope of system elements and data within assessment

    Mapping of data to different system elements

    Threat identification and associated risk severity

    Defined risk actions to take place in threat and risk assessment process

    3 Continue to Conduct Threat and Risk Assessments

    The Purpose

    Complete one or two TRAs, as time permits during the workshop.

    Key Benefits Achieved

    Deep risk analysis for one or two IT projects/initiatives, as time permits.

    Activities

    3.1 Continue threat and risk assessment activities.

    3.2 As time permits, one to two threat and risk assessment activities will be performed as part of the workshop.

    3.3 Review risk assessment results and compare to risk tolerance level.

    Outputs

    One to two threat and risk assessment activities performed

    Validation of the risk tolerance level

    4 Establish a Risk Register and Communicate Risk

    The Purpose

    Collect, analyze, and aggregate all individual risks into the security risk register.

    Plan for the future of risk management.

    Key Benefits Achieved

    Established risk register to provide overview of the organizational aggregate risk profile.

    Ability to communicate risk to other stakeholders as needed.

    Activities

    4.1 Begin building a risk register.

    4.2 Identify individual risks and threats that exist in the organization.

    4.3 Decide risk responses, depending on the risk level as it relates to the risk tolerance.

    4.4 If necessary, revisit risk tolerance.

    4.5 Identify which stakeholders sign off on each risk.

    4.6 Plan for the future of risk management.

    4.7 Determine how to present risk to senior management.

    Outputs

    Risk register, with an inventory of risks and a macro view of the organization’s risk

    Defined risk-based initiatives to complete

    Plan for securing and managing the risk register

    Enter Into Mobile Development Without Confusion and Frustration

    • Buy Link or Shortcode: {j2store}282|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Mobile Development
    • Parent Category Link: /mobile-development
    • IT managers don’t know where to start when initiating a mobile program.
    • IT has tried mobile development in the past but didn't achieve success.
    • IT must initiate a mobile program quickly based on business priorities and needs a roadmap based on best practices.

    Our Advice

    Critical Insight

    • Form factors and mobile devices won't drive success – business alignment and user experience will. Don't get caught up with the latest features in mobile devices.
    • Software emulation testing is not true testing. Get on the device and run your tests.
    • Cross form-factor testing cannot be optimized to run in parallel. Therefore, anticipate longer testing cycles for cross form-factor testing.

    Impact and Result

    • Prepare your development, testing, and deployment teams for mobile development.
    • Get a realistic assessment of ROI for the launch of a mobile program.

    Enter Into Mobile Development Without Confusion and Frustration Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for a Mobile Program

    Understand the current mobile ecosystem. Use this toolkit to help you initiate a mobile development program.

    • Storyboard: Enter Into Mobile Development Without Confusion and Frustration

    2. Assess Your Dev Process for Readiness

    Review and evaluate your current application development process.

    3. Prepare to Execute Your Mobile Program

    Prioritize your mobile program based on your organization’s prioritization profile.

    • Mobile Program Tool

    4. Communicate with Stakeholders

    Summarize the execution of the mobile program.

    • Project Status Communication Worksheet
    [infographic]

    Workshop: Enter Into Mobile Development Without Confusion and Frustration

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build your Future Mobile Development State

    The Purpose

    Understand the alignment of stakeholder objectives and priorities to mobile dev IT drivers.

    Assess readiness of your organization for mobile dev.

    Understand how to build your ideal mobile dev process.

    Key Benefits Achieved

    Identify and address the gaps in your existing app dev process.

    Build your future mobile dev state.

    Activities

    1.1 Getting started

    1.2 Assess your current state

    1.3 Establish your future state

    Outputs

    List of key stakeholders

    Stakeholder and IT driver mapping and assessment of current app dev process

    List of practices to accommodate mobile dev

    2 Prepare and Execute your Mobile Program

    The Purpose

    Assess the impact of mobile dev on your existing app dev process.

    Prioritize your mobile program.

    Understand the dev practice metrics to gauge success.

    Key Benefits Achieved

    Properly prepare for the execution of your mobile program.

    Calculate the ROI of your mobile program.

    Prioritize your mobile program with dependencies in mind.

    Build a communication plan with stakeholders.

    Activities

    2.1 Conduct an impact analysis

    2.2 Prepare to execute

    2.3 Communicate with stakeholders

    Outputs

    Impact analysis of your mobile program and expected ROI

    Mobile program order of execution and project dependencies mapping

    List of dev practice metrics

    Build a Data Classification MVP for M365

    • Buy Link or Shortcode: {j2store}67|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications
    • Resources are the primary obstacle to getting a foot hold in O365 governance, whether it is funding or FTE resources.
    • Data is segmented and is difficult to analyze when you can’t see it or manage the relationships between sources.
    • Organizations expect results early and quickly and a common obstacle is that building a proper data classification framework can take more than two years and the business can't wait that long.

    Our Advice

    Critical Insight

    • Data classification is the lynchpin to ANY effective governance of O/M365 and your objective is to navigate through this easily and effectively and build a robust, secure, and viable governance model.
    • Start your journey by identifying what and where your data is and how much data you have. You need to understand what sensitive data you have and where it is stored before you can protect it or govern that data.
    • Ensure there is a high-level leader who is the champion of the governance objective.

    Impact and Result

    • Using least complex sensitivity labels in your classification are your building blocks to compliance and security in your data management schema; they are your foundational steps.

    Build a Data Classification MVP for M365 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a Data Classification MVP for M365 Deck – A guide for how to build a minimum-viable product for data classification that end users will actually use.

    Discover where your data resides, what governance helps you do, and what types of data you're classifying. Then build your data and security protection baselines for your retention policy, sensitivity labels, workload containers, and both forced and unforced policies.

    • Build a Data Classification MVP for M365 Storyboard
    [infographic]

    Further reading

    Build a Data Classification MVP for M365

    Kickstart your governance with data classification users will actually use!

    Executive Summary

    Info-Tech Insight

    • Creating an MVP gets you started in data governance
      Information protection and governance are not something you do once and then you are done. It is a constant process where you start with the basics (a minimum-viable product or MVP) and enhance your schema over time. The objective of the MVP is reducing obstacles to establishing an initial governance position, and then enabling rapid development of the solution to address a variety of real risks, including data loss prevention (DLP), data retention, legal holds, and data labeling.
    • Define your information and protection strategy
      The initial strategy is to start looking across your organization and identifying your customer data, regulatory data, and sensitive information. To have a successful data protection strategy you will include lifecycle management, risk management, data protection policies, and DLP. All key stakeholders need to be kept in the loop. Ensure you keep track of all available data and conduct a risk analysis early. Remember, data is your highest valued intangible asset.
    • Planning and resourcing are central to getting started on MVP
      A governance plan and governance decisions are your initial focus. Create a team of stakeholders that include IT and business leaders (including Legal, Finance, HR, and Risk), and ensure there is a top-level leader who is the champion of the governance objective, which is to ensure your data is safe, secure, and not prone to leakage or theft, and maintain confidentiality where it is warranted.

    Executive Summary

    Your Challenge
    • Today, the amount of data companies are gathering is growing at an explosive rate. New tools are enabling unforeseen channels and ways of collaborating.
    • Combined with increased regulatory oversight and reporting obligations, this makes the discovery and management of data a massive undertaking. IT can’t find and protect the data when the business has difficulty defining its data.
    • The challenge is to build a framework that can easily categorize and classify data yet allows for sufficient regulatory compliance and granularity to be useful. Also, to do it now because tomorrow is too late.
    Common Obstacles

    Data governance has several obstacles that impact a successful launch, especially if governing M365 is not a planned strategy. Below are some of the more common obstacles:

    • Resources are the primary obstacle to starting O365 governance, whether it is funding or people.
    • Data is segmented and is difficult to analyze when you can’t see it or manage the relationships between sources.
    • Organizations expect results early and quickly and a common obstacle is that building a "proper data classification framework” is a 2+ year project and the business can't wait that long.
    Info-Tech’s Approach
    • Start with the basics: build a minimum-viable product (MVP) to get started on the path to sustainable governance.
    • Identify what and where your data resides, how much data you have, and understand what sensitive data needs to be protected.
    • Create your team of stakeholders, including Legal, records managers, and privacy officers. Remember, they own the data and should manage it.
    • Categorization comes before classification, and discovery comes before categorization. Use easy-to-understand terms like high, medium, or low risk.

    Info-Tech Insight

    Data classification is the lynchpin to any effective governance of O/M365 and your objective is to navigate through this easily and effectively and build a robust, secure, and viable governance model. Start your journey by identifying what and where your data is and how much data do you have. You need to understand what sensitive data you have and where it is stored before you can protect or govern it. Ensure there is a high-level leader who is the champion of the governance objectives. Data classification fulfills the governance objectives of risk mitigation, governance and compliance, efficiency and optimization, and analytics.

    Questions you need to ask

    Four key questions to kick off your MVP.

    1

    Know Your Data

    Do you know where your critical and sensitive data resides and what is being done with it?

    Trying to understand where your information is can be a significant project.

    2

    Protect Your Data

    Do you have control of your data as it traverses across the organization and externally to partners?

    You want to protect information wherever it goes through encryption, etc.

    3

    Prevent Data Loss

    Are you able to detect unsafe activities that prevent sharing of sensitive information?

    Data loss prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data.

    4

    Govern Your Data

    Are you using multiple solutions (or any) to classify, label, and protect sensitive data?

    Many organizations use more than one solution to protect and govern their data, making it difficult to determine if there are any coverage gaps.

    Classification tiers

    Build your schema.

    Pyramid visualization for classification tiers. The top represents 'Simplicity', and the bottom 'Complexity' with the length of the sides at each level representing the '# of policies' and '# of labels'. At the top level is 'MVP (Minimum-Viable Product) - Confidential, Internal (Subcategory: Personal), Public'. At the middle level is 'Regulated - Highly Confidential, Confidential, Sensitive, General, Internal, Restricted, Personal, Sub-Private, Public'. And a the bottom level is 'Government (DOD) - Top Secret (TS), Secret, Confidential, Restricted, Official, Unclassified, Clearance'

    Info-Tech Insight

    Deciding on how granular you go into data classification will chiefly be governed by what industry you are in and your regulatory obligations – the more highly regulated your industry, the more classification levels you will be mandated to enforce. The more complexity you introduce into your organization, the more operational overhead both in cost and resources you will have to endure and build.

    Microsoft MIP Topology

    Microsoft Information Protection (MIP), which is Microsoft’s Data Classification Services, is the key to achieving your governance goals. Without an MVP, data classification will be overwhelming; simplifying is the first step in achieving governance.

    A diagram of multiple offerings all connected to 'MIP Data Classification Service'. Circled is 'Sensitivity Labels' with an arrow pointing back to 'MIP' at the center.
    (Source: Microsoft, “Microsoft Purview compliance portal”)

    Info-Tech Insight

    Using least-complex sensitivity labels in your classification are your building blocks to compliance and security in your data management schema; they are your foundational steps.

    MVP RACI Chart

    Data governance is a "takes a whole village" kind of effort.

    Clarify who is expected to do what with a RACI chart.

    End User M365 Administrator Security/ Compliance Data Owner
    Define classification divisions R A
    Appy classification label to data – at point of creation A R
    Apply classification label to data – legacy items R A
    Map classification divisions to relevant policies R A
    Define governance objectives R A
    Backup R A
    Retention R A
    Establish minimum baseline A R

    What and where your data resides

    Data types that require classification.

    Logos for 'Microsoft', 'Office 365', and icons for each program included in that package.
    M365 Workload Containers
    Icon for MS Exchange. Icon for MS SharePoint.Icon for MS Teams. Icon for MS OneDrive. Icon for MS Project Online.
    Email
    • Attachments
    Site Collections, Sites Sites Project Databases
    Contacts Teams and Group Site Collections, Sites Libraries and Lists Sites
    Metadata Libraries and Lists Documents
    • Versions
    Libraries and Lists
    Teams Conversations Documents
    • Versions
    Metadata Documents
    • Versions
    Teams Chats Metadata Permissions
    • Internal Sharing
    • External Sharing
    Metadata
    Permissions
    • Internal Sharing
    • External Sharing
    Files Shared via Teams Chats Permissions
    • Internal Sharing
    • External Sharing

    Info-Tech Insight

    Knowing where your data resides will ensure you do not miss any applicable data that needs to be classified. These are examples of the workload containers; you may have others.

    Discover and classify on- premises files using AIP

    AIP helps you manage sensitive data prior to migrating to Office 365:
    • Use discover mode to identify and report on files containing sensitive data.
    • Use enforce mode to automatically classify, label, and protect files with sensitive data.
    Can be configured to scan:
    • SMB files
    • SharePoint Server 2016, 2013
    Stock image of a laptop uploading to the cloud with a padlock and key in front of it.
    • Map your network and find over-exposed file shares.
    • Protect files using MIP encryption.
    • Inspect the content in file repositories and discover sensitive information.
    • Classify and label file per MIP policy.
    Azure Information Protection scanner helps discover, classify, label, and protect sensitive information in on-premises file servers. You can run the scanner and get immediate insight into risks with on-premises data. Discover mode helps you identify and report on files containing sensitive data (Microsoft Inside Track and CIAOPS, 2022). Enforce mode automatically classifies, labels, and protects files with sensitive data.

    Info-Tech Insight

    Any asset deployed to the cloud must have approved data classification. Enforcing this policy is a must to control your data.

    Understanding governance

    Microsoft Information Governance

    Information Governance
    • Retention policies for workloads
    • Inactive and archive mailboxes

    Arrow pointing down-right

    Records Management
    • Retention labels for items
    • Disposition review

    Arrow pointing down-left

    Retention and Deletion

    ‹——— Connectors for Third-Party Data ———›

    Information governance manages your content lifecycle using solutions to import, store, and classify business-critical data so you can keep what you need and delete what you do not. Backup should not be used as a retention methodology since information governance is managed as a “living entity” and backup is a stored information block that is “suspended in time.” Records management uses intelligent classification to automate and simplify the retention schedule for regulatory, legal, and business-critical records in your organization. It is for that discrete set of content that needs to be immutable.
    (Source: Microsoft, “Microsoft Purview compliance portal”)

    Retention and backup policy decision

    Retention is not backup.

    Info-Tech Insight

    Retention is not backup. Retention means something different: “the content must be available for discovery and legal document production while being able to defend its provenance, chain of custody, and its deletion or destruction” (AvePoint Blog, 2021).

    Microsoft Responsibility (Microsoft Protection) Weeks to Months Customer Responsibility (DLP, Backup, Retention Policy) Months to Years
    Loss of service due to natural disaster or data center outage Loss of data due to departing employees or deactivated accounts
    Loss of service due to hardware or infrastructure failure Loss of data due to malicious insiders or hackers deleting content
    Short-term (30 days) user error with recycle bin/ version history (including OneDrive “File Restore”) Loss of data due to malware or ransomware
    Short-term (14 days) administrative error with soft- delete for groups, mailboxes, or service-led rollback Recovery from prolonged outages
    Long-term accidental deletion coverage with selective rollback

    Understand retention policy

    What are retention policies used for? Why you need them as part of your MVP?

    Do not confuse retention labels and policies with backup.

    Remember: “retention [policies are] auto-applied whereas retention label policies are only applied if the content is tagged with the associated retention label” (AvePoint Blog, 2021).

    E-discovery tool retention policies are not turned on automatically.

    Retention policies are not a backup tool – when you activate this feature you are unable to delete anyone.

    “Data retention policy tools enable a business to:

    • “Decide proactively whether to retain content, delete content, or retain and then delete the content when needed.
    • “Apply a policy to all content or just content meeting certain conditions, such as items with specific keywords or specific types of sensitive information.
    • “Apply a single policy to the entire organization or specific locations or users.
    • “Maintain discoverability of content for lawyers and auditors, while protecting it from change or access by other users. […] ‘Retention Policies’ are different than ‘Retention Label Policies’ – they do the same thing – but a retention policy is auto-applied, whereas retention label policies are only applied if the content is tagged with the associated retention label.

    “It is also important to remember that ‘Retention Label Policies’ do not move a copy of the content to the ‘Preservation Holds’ folder until the content under policy is changed next.” (Source: AvePoint Blog, 2021)

    Definitions

    Data classification is a focused term used in the fields of cybersecurity and information governance to describe the process of identifying, categorizing, and protecting content according to its sensitivity or impact level. In its most basic form, data classification is a means of protecting your data from unauthorized disclosure, alteration, or destruction based on how sensitive or impactful it is.

    Once data is classified, you can then create policies; sensitive data types, trainable classifiers, and sensitivity labels function as inputs to policies. Policies define behaviors, like if there will be a default label, if labeling is mandatory, what locations the label will be applied to, and under what conditions. A policy is created when you configure Microsoft 365 to publish or automatically apply sensitive information types, trainable classifiers, or labels.

    Sensitivity label policies show one or more labels to Office apps (like Outlook and Word), SharePoint sites, and Office 365 groups. Once published, users can apply the labels to protect their content.

    Data loss prevention (DLP) policies help identify and protect your organization's sensitive info (Microsoft Docs, April 2022). For example, you can set up policies to help make sure information in email and documents is not shared with the wrong people. DLP policies can use sensitive information types and retention labels to identify content containing information that might need protection.

    Retention policies and retention label policies help you keep what you want and get rid of what you do not. They also play a significant role in records management.

    Data examples for MVP classification

    • Examples of the type of data you consider to be Confidential, Internal, or Public.
    • This will help you determine what to classify and where it is.
    Internal Personal, Employment, and Job Performance Data
    • Social Security Number
    • Date of birth
    • Marital status
    • Job application data
    • Mailing address
    • Resume
    • Background checks
    • Interview notes
    • Employment contract
    • Pay rate
    • Bonuses
    • Benefits
    • Performance reviews
    • Disciplinary notes or warnings
    Confidential Information
    • Business and marketing plans
    • Company initiatives
    • Customer information and lists
    • Information relating to intellectual property
    • Invention or patent
    • Research data
    • Passwords and IT-related information
    • Information received from third parties
    • Company financial account information
    • Social Security Number
    • Payroll and personnel records
    • Health information
    • Self-restricted personal data
    • Credit card information
    Internal Data
    • Sales data
    • Website data
    • Customer information
    • Job application data
    • Financial data
    • Marketing data
    • Resource data
    Public Data
    • Press releases
    • Job descriptions
    • Marketing material intended for general public
    • Research publications

    New container sensitivity labels (MIP)

    New container sensitivity labels

    Public Private
    Privacy
    1. Membership to group is open; anyone can join
    2. “Everyone except external guest” ACL onsite; content available in search to all tenants
    1. Only owner can add members
    2. No access beyond the group membership until someone shares it or changes permissions
    Allowed Not Allowed
    External guest policy
    1. Membership to group is open; anyone can join
    2. “Everyone except external guest” ACL onsite; content available in search to all tenants
    1. Only owner can add members
    2. No access beyond the group membership until someone shares it or changes permissions

    What users will see when they create or label a Team/Group/Site

    Table of what users will see when they create or label a team/group/site highlighting 'External guest policy' and 'Privacy policy options' as referenced above.
    (Source: Microsoft, “Microsoft Purview compliance portal”)

    Info-Tech Insights

    Why you need sensitivity container labels:
    • Manage privacy of Teams Sites and M365 Groups
    • Manage external user access to SPO sites and teams
    • Manage external sharing from SPO sites
    • Manage access from unmanaged devices

    Data protection and security baselines

    Data Protection Baseline

    “Microsoft provides a default assessment in Compliance Manager for the Microsoft 365 data protection baseline" (Microsoft Docs, June 2022). This baseline assessment has a set of controls for key regulations and standards for data protection and general data governance. This baseline draws elements primarily from NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) and ISO (International Organization for Standardization) as well as from FedRAMP (Federal Risk and Authorization Management Program) and GDPR (General Data Protection Regulation of the European Union).

    Security Baseline

    The final stage in M365 governance is security. You need to implement a governance policy that clearly defines storage locations for certain types of data and who has permission to access it. You need to record and track who accesses content and how they share it externally. “Part of your process should involve monitoring unusual external sharing to ensure staff only share documents that they are allowed to” (Rencore, 2021).

    Info-Tech Insights

    • Controls are already in place to set data protection policy. This assists in the MVP activities.
    • Finally, you need to set your security baseline to ensure proper permissions are in place.

    Prerequisite baseline

    Icon of crosshairs.
    Security

    MFA or SSO to access from anywhere, any device

    Banned password list

    BYOD sync with corporate network

    Icon of a group.
    Users

    Sign out inactive users automatically

    Enable guest users

    External sharing

    Block client forwarding rules

    Icon of a database.
    Resources

    Account lockout threshold

    OneDrive

    SharePoint

    Icon of gears.
    Controls

    Sensitivity labels, retention labels and policies, DLP

    Mobile application management policy

    Building baselines

    Sensitivity Profiles: Public, Internal, Confidential; Subcategory: Highly Confidential

    Microsoft 365 Collaboration Protection Profiles

    Sensitivity Public External Collaboration Internal Highly Confidential
    Description Data that is specifically prepared for public consumption Not approved for public consumption, but OK for external collaboration External collaboration highly discouraged and must be justified Data of the highest sensitivity: avoid oversharing, internal collaboration only
    Label details
    • No content marking
    • No encryption
    • Public site
    • External collaboration allowed
    • Unmanaged devices: allow full access
    • No content marking
    • No encryption
    • Private site
    • External collaboration allowed
    • Unmanaged devices: allow full access
    • Content marking
    • Encryption
    • Private site
    • External collaboration allowed but monitored
    • Unmanaged devices: limited web access
    • Content marking
    • Encryption
    • Private site
    • External collaboration disabled
    • Unmanaged devices: block access
    Teams or Site details Public Team or Site open discovery, guests are allowed Private Team or Site members are invited, guests are allowed Private Team or Site members are invited, guests are not allowed
    DLP None Warn Block

    Please Note: Global/Compliance Admins go to the 365 Groups platform, the compliance center (Purview), and Teams services (Source: Microsoft Documentation, “Microsoft Purview compliance documentation”)

    Info-Tech Insights

    • Building baseline profiles will be a part of your MVP. You will understand what type of information you are addressing and label it accordingly.
    • Sensitivity labels are a way to classify your organization's data in a way that specifies how sensitive the data is. This helps you decrease risks in sharing information that shouldn't be accessible to anyone outside your organization or department. Applying sensitivity labels allows you to protect all your data easily.

    MVP activities

    PRIMARY
    ACTIVITIES
    Define Your Governance
    The objective of the MVP is reducing barriers to establishing an initial governance position, and then enabling rapid progression of the solution to address a variety of tangible risks, including DLP, data retention, legal holds, and labeling.
    Decide on your classification labels early.

    CATEGORIZATION





    CLASSIFICATION

    MVP
    Data Discovery and Management
    AIP (Azure Information Protection) scanner helps discover, classify, label, and protect sensitive information in on-premises file servers. You can run the scanner and get immediate insight into risks with on-premises data.
    Baseline Setup
    Building baseline profiles will be a part of your MVP. You will understand what type of information you are addressing and label it accordingly. Microsoft provides a default assessment in Compliance Manager for the Microsoft 365 data protection baseline.
    Default M365 settings
    Microsoft provides a default assessment in Compliance Manager for the Microsoft 365 data protection baseline. This baseline assessment has a set of controls for key regulations and standards for data protection and general data governance.
    SUPPORT
    ACTIVITIES
    Retention Policy
    Retention policy is auto-applied. Decide whether to retain content, delete content, or retain and then delete the content.
    Sensitivity Labels
    Automatically enforce policies on groups through labels; classify groups.
    Workload Containers
    M365: SharePoint, Teams, OneDrive, and Exchange, where your data is stored for labels and policies.
    Unforced Policies
    Written policies that are not enforceable by controls in Compliance Manager such as acceptable use policy.
    Forced Policies
    Restrict sharing controls to outside organizations. Enforce prefix or suffix to group or team names.

    ACME Company MVP for M/O365

    PRIMARY
    ACTIVITIES
    Define Your Governance


    Focus on ability to use legal hold and GDPR compliance.

    CATEGORIZATION





    CLASSIFICATION

    MVP
    Data Discovery and Management


    Three classification levels (public, internal, confidential), which are applied by the user when data is created. Same three levels are used for AIP to scan legacy sources.

    Baseline Setup


    All data must at least be classified before it is uploaded to an M/O365 cloud service.

    Default M365 settings


    Turn on templates 1 8 the letter q and the number z

    SUPPORT
    ACTIVITIES
    Retention Policy


    Retention policy is auto-applied. Decide whether to retain content, delete content, or retain and then delete the content.

    Sensitivity Labels


    Automatically enforce policies on groups through labels; classify groups.

    Workload Containers


    M365: SharePoint, Teams, OneDrive, and Exchange, where your data is stored for labels and policies.

    Unforced Policies


    Written policies that are not enforceable by controls in Compliance Manager such as acceptable use policy.

    Forced Policies


    Restrict sharing controls to outside organizations. Enforce prefix or suffix to group or team names.

    Related Blueprints

    Govern Office 365

    Office 365 is as difficult to wrangle as it is valuable. Leverage best practices to produce governance outcomes aligned with your goals.

    Map your organizational goals to the administration features available in the Office 365 console. Your governance should reflect your requirements.

    Migrate to Office 365 Now

    Jumping into an Office 365 migration project without careful thought of the risks of a cloud migration will lead to project halt and interruption. Intentionally plan in order to expose risk and to develop project foresight for a smooth migration.

    Microsoft Teams Cookbook

    Remote work calls for leveraging your Office 365 license to use Microsoft Teams – but IT is unsure about best practices for governance and permissions. Moreover, IT has few resources to help train end users with Teams best practices

    IT Governance, Risk & Compliance

    Several blueprints are available on a broader topic of governance, from Make Your IT Governance Adaptable to Improve IT Governance to Drive Business Results and Build an IT Risk Management Program.

    Bibliography

    “Best practices for sharing files and folders with unauthenticated users.” Microsoft Build, 28 April 2022. Accessed 2 April 2022.

    “Build and manage assessments in Compliance Manager.” Microsoft Docs, 15 June 2022. Web.

    “Building a modern workplace with Microsoft 365.” Microsoft Inside Track, n.d. Web.

    Crane, Robert. “June 2020 Microsoft 365 Need to Know Webinar.” CIAOPS, SlideShare, 26 June 2020. Web.

    “Data Classification: Overview, Types, and Examples.” Simplilearn, 27 Dec. 2021. Accessed 11 April 2022.

    “Data loss prevention in Exchange Online.” Microsoft Docs, 19 April 2022. Web.

    Davies, Nahla. “5 Common Data Governance Challenges (and How to Overcome Them).” Dataversity. 25 October 2021. Accessed 5 April 2022.

    “Default labels and policies to protect your data.” Microsoft Build, April 2022. Accessed 3 April 2022.

    M., Peter. "Guide: The difference between Microsoft Backup and Retention." AvePoint Blog, 9 Oct. 2021. Accessed 4 April 2022.

    Meyer, Guillaume. “Sensitivity Labels: What They Are, Why You Need Them, and How to Apply Them.” nBold, 6 October 2021. Accessed 2 April 2022.

    “Microsoft 365 guidance for security & compliance.” Microsoft, 27 April 2022. Accessed 28 April 2022.

    “Microsoft Purview compliance portal.” Microsoft, 19 April 2022. Accessed 22 April 2022.

    “Microsoft Purview compliance documentation.” Microsoft, n.d. Accessed 22 April 2022.

    “Microsoft Trust Center: Products and services that run on trust.” Microsoft, 2022. Accessed 3 April 2022.

    “Protect your sensitive data with Microsoft Purview.” Microsoft Build, April 2022. Accessed 3 April 2022.

    Zimmergren, Tobias. “4 steps to successful cloud governance in Office 365.” Rencore, 9 Sept. 2021. Accessed 5 April 2022.

    Position and Agree on ROI to Maximize the Impact of Data and Analytics

    • Buy Link or Shortcode: {j2store}341|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Because ROI is a financial concept, it can be difficult to apply ROI to anything that produces intangible value.
    • It is a lot harder to apply ROI to functions like data and analytics than it is to apply it to functions like sales without misrepresenting its true purpose.

    Our Advice

    Critical Insight

    • The standard ROI formula cannot be easily applied to data and analytics and other critical functions across the organization.
    • Data and analytics ROI strategy is based on the business problem being solved.
    • The ROI score itself doesn’t have to be perfect. Key decision makers need to agree on the parameters and measures of success.

    Impact and Result

    • Agreed-upon ROI parameters
    • Defined measures of success
    • Optimized ROI program effectiveness by establishing an appropriate cadence between key stakeholders

    Position and Agree on ROI to Maximize the Impact of Data and Analytics Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data and Analytics ROI Strategy Deck – A guide for positioning ROI to maximize the value of data and analytics.

    This research is meant to ensure that data and analytics executives are aligned with the key business decision makers. Focus on the value you are trying to achieve rather than perfecting the ROI score.

    • Position and Agree on ROI to Maximize the Impact of Data and Analytics Storyboard

    2. Data and Analytics Service to Business ROI Map – An aligned ROI approach between key decision makers and data and analytics.

    A tool to be used by business and data and analytics decision makers to facilitate discussions about how to approach ROI for data and analytics.

    • Data and Analytics Service to Business ROI Map
    [infographic]

    Further reading

    Position and Agree on ROI to Maximize the Impact of Data and Analytics

    Data and analytics ROI strategy is based on the business problem being solved and agreed-upon value being generated.

    Analyst Perspective

    Missing out on a significant opportunity for returns could be the biggest cost to the project and its sponsor.

    This research is directed to the key decision makers tasked with addressing business problems. It also informs stakeholders that have any interest in ROI, especially when applying it to a data and analytics platform and practice.

    While organizations typically use ROI to measure the performance of their investments, the key to determining what investment makes sense is opportunity cost. Missing out on a significant opportunity for return could be the biggest cost to the project and its sponsor. By making sure you appropriately estimate costs and value returned for all data and analytics activities, you can prioritize the ones that bring in the greatest returns.

    Ibrahim Abdel-Kader
    Research Analyst,
    Data & Analytics Practice
    Info-Tech Research Group
    Ben Abrishami-Shirazi
    Technical Counselor
    Info-Tech Research Group

    Executive Summary – ROI on Data and Analytics

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    Return on investment (ROI) is a financial term, making it difficult to articulate value when trying to incorporate anything that produces something intangible.

    The more financial aspects there are to a professional function (e.g. sales and commodity-related functions), the easier it is to properly assess the ROI.

    However, for functions that primarily enable or support business functions (such as IT and data and analytics), it is a lot harder to apply ROI without misrepresenting its true purpose.

    • Apples and oranges – There is no simple way to apply the standard ROI formula to data and analytics among other critical functions across the organization.
    • Boiling the ocean – Obsession with finding a way to calculate a perfect ROI on data and analytics.
    • Not getting the big picture – Data and analytics teams suffer a skill set deficit when it comes to commercial acumen.
    • Not seeing eye to eye – ROI does not account for time in its calculation, making it prone to misalignment between stakeholders.

    Approach ROI for data and analytics appropriately:

    • Answer the following questions:
      • What is the business problem?
      • Whose business problem is it?
      • What is the objective?
    • Define measures of success based on the answers to the questions above.
    • Determine an appropriate cadence to continuously optimize the ROI program for data and analytics in collaboration with business problem owners.

    Info-Tech Insight

    ROI doesn’t have to be perfect. Parameters and measures of success need to be agreed upon with the key decision makers.

    Glossary

    Return on Investment (ROI): A financial term used to determine how much value has been or will be gained or lost based on the total cost of investment. It is typically expressed as a percentage and is supported by the following formula:

    Payback: How quickly money is paid back (or returned) on the initial investment.
    Business Problem Owner (BPO): A leader in the organization who is accountable and is the key decision maker tasked with addressing a business problem through a series of investments. BPOs may use ROI as a reference for how their financial investments have performed and to influence future investment decisions.
    Problem Solver: A key stakeholder tasked with collaborating with the BPO in addressing the business problem at hand. One of the problem solver’s responsibilities is to ensure that there is an improved return on the BPO’s investments.
    Return Enhancers: A category for capabilities that directly or indirectly enhance the return of an investment.
    Cost Savers: A category for capabilities that directly or indirectly save costs in relation of an investment.
    Investment Opportunity Enablers: A category for capabilities that create or enable a new investment opportunity that may yield a potential return.
    Game Changing Components: The components of a capability that directly yield value in solving a business problem.

    ROI strategy on data and analytics

    The image contains a screenshot of a diagram that demonstrates the ROI strategy on data and analytics.

    ROI roles

    Typical roles involved in the ROI strategy across the organization

    CDOs and CAOs typically have their budget allocated from both IT and business units.

    This is evidenced by the “State of the CIO Survey 2023” reporting that up to 63% of CDOs and CAOs have some budget allocated from within IT; therefore, up to 37% of budgets are entirely funded by business executives.

    This signifies the need to be aligned with peer executives and to use mechanisms like ROI to maximize the performance of investments.

    Source: Foundry, “State of the CIO Survey 2023.”

    Prepare for Cognitive Service Management

    • Buy Link or Shortcode: {j2store}335|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 10 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • The evolution of natural language processing and machine learning applications has led to specialized AI-assisted toolsets that promise to improve the efficiency and timeliness of IT operations.

    Our Advice

    Critical Insight

    • These are early days. These AI-assisted toolsets are generating a considerable amount of media attention, but most of them are relatively untested. Early adopters willing to absorb experimentation costs are in the process of deploying the first use cases. Initial lessons are showing that IT operations in most organizations are not yet mature enough to take advantage of AI-assisted toolsets.
    • Focus on the problem, not the tool. Explicit AI questions should be at the end of the list. Start by asking what business problem you want to solve.
    • Get your house in order. The performance of AI-assisted tools depends on mature IT operations processes and reliable data sets. Standardize service management processes and build a knowledgebase of structured content to prepare for AI-assisted IT operations.

    Impact and Result

    • Don’t fall prey to the AI-bandwagon effect. AI-assisted innovations will support shift-left service support strategies through natural language processing and machine learning applications. However, the return on your AI investment will depend on whether it helps you meet an actual business goal.
    • AI-assisted tools presuppose the existence of mature IT operations functions, including standardized processes, high-quality structured content focused on the incidents and requests that matter, and a well-functioning ITSM web portal.
    • The success of AI ITSM projects hinges on adoption. If your vision is to power end-user interactions with chatbots and deploy intelligent agents on tickets coming through the web portal, be sure to develop a self-service culture that empowers end users to help themselves and experiment with new tools and technologies. Without end-user adoption, the promised benefits of AI projects will not materialize.

    Prepare for Cognitive Service Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should prepare for cognitive service management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review emerging AI technology

    Get an overview of emerging AI applications to understand how they will strengthen a shift-left service support strategy.

    2. Sort potential IT operations AI use cases

    Review potential use cases for AI applications to prioritize improvement initiatives and align them to organizational goals.

    • Disruptive Technology Shortlisting Tool
    • Disruptive Technology Value-Readiness and SWOT Analysis Tool

    3. Prepare for a cognitive service management project

    Develop an ITSM AI strategy to prepare your organization for the coming of cognitive service management, and build a roadmap for implementation.

    • Customer Journey Map (PDF)
    • Customer Journey Map (Visio)
    • Infrastructure Roadmap Technology Assessment Tool
    • Strategic Infrastructure Roadmap Tool
    [infographic]

    Sprint Toward Data-Driven Culture Using DataOps

    • Buy Link or Shortcode: {j2store}199|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $10,399 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Data teams do not have a mechanism to integrate with operations teams and operate in a silo.
    • Significant delays in the operationalization of analytical/algorithms due to lack of standards and a clear path to production.
    • Raw data is shared with end users and data scientists due to poor management of data, resulting in more time spent on integration and less on insight generation and analytics.

    Our Advice

    Critical Insight

    • Data and analytics teams need a clear mechanism to separate data exploratory work and repetitive data insights generation. Lack of such separation is the main cause of significant delays, inefficiencies, and frustration for data initiatives.
    • Access to data and exploratory data analytics is critical. However, the organization must learn to share insights and reuse analytics.
    • Once analytics finds wider use in the organization, they need to adopt a disciplined approach to ensure its quality and continuous integration in the production environment.

    Impact and Result

    • Use a metrics-driven approach and common framework across silos to enable the rapid development of data initiatives using Agile principles.
    • Implement an approach that allows business, data, and operation teams to collaboratively work together to provide a better customer experience.
    • Align DataOps to an overall data management and governance program that promotes collaboration, transparency, and empathy across teams, establishes the appropriate roles and responsibilities, and ensures alignment to a common set of goals.
    • Assess the current maturity of the data operations teams and implement a roadmap that considers the necessary competencies and capabilities and their dependencies in moving towards the desired DataOps target state.

    Sprint Toward Data-Driven Culture Using DataOps Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the operational challenges associated with productizing the organization's data-related initiative. Review Info-Tech’s methodology for enabling the improved practice to operationalize data analytics and how we will support you in creating an agile data environment.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Discover benefits of DataOps

    Understand the benefits of DataOps and why organizations are looking to establish agile principles in their data practice, the challenges associated with doing so, and what the new DataOps strategy needs to be successful.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 1: Discover Benefits of DataOps

    2. Assess your data practice for DataOps

    Analyze DataOps using Info-Tech’s DataOps use case framework, to help you identify the gaps in your data practices that need to be matured to truly realize DataOps benefits including data integration, data security, data quality, data engineering, and data science.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 2: Assess Your Data Practice for DataOps
    • DataOps Roadmap Tool

    3. Mature your DataOps practice

    Mature your data practice by putting in the right people in the right roles and establishing DataOps metrics, communication plan, DataOps best practices, and data principles.

    • Sprint Toward Data-Driven Culture Using DataOps – Phase 3: Mature Your DataOps Practice
    [infographic]

    Workshop: Sprint Toward Data-Driven Culture Using DataOps

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Drivers of the Business for DataOps

    The Purpose

    Understand the DataOps approach and value proposition.

    Key Benefits Achieved

    A clear understanding of organization data priorities and metrics along with a simplified view of data using Info-Tech’s Onion framework.

    Activities

    1.1 Explain DataOps approach and value proposition.

    1.2 Review the common business drivers and how the organization is driving a need for DataOps.

    1.3 Understand Info-Tech’s DataOps Framework.

    Outputs

    Organization's data priorities and metrics

    Data Onion framework

    2 Assess DataOps Maturity in Your Organization

    The Purpose

    Assess the DataOps maturity of the organization.

    Key Benefits Achieved

    Define clear understanding of organization’s DataOps capabilities.

    Activities

    2.1 Assess current state.

    2.2 Develop target state summary.

    2.3 Define DataOps improvement initiatives.

    Outputs

    Current state summary

    Target state summary

    3 Develop Action Items and Roadmap to Establish DataOps

    The Purpose

    Establish clear action items and roadmap.

    Key Benefits Achieved

    Define clear and measurable roadmap to mature DataOps within the organization.

    Activities

    3.1 Continue DataOps improvement initiatives.

    3.2 Document the improvement initiatives.

    3.3 Develop a roadmap for DataOps practice.

    Outputs

    DataOps initiatives roadmap

    4 Plan for Continuous Improvement

    The Purpose

    Define a plan for continuous improvements.

    Key Benefits Achieved

    Continue to improve DataOps practice.

    Activities

    4.1 Create target cross-functional team structures.

    4.2 Define DataOps metrics for continuous monitoring.

    4.3 Create a communication plan.

    Outputs

    DataOps cross-functional team structure

    DataOps metrics

    Your Company is an Economy: Why This is Your Secret Weapon for Resilience

    • Large vertical image:
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    IT specialists often instinctively focus on technical issues, such as server failures or network problems, because they are trained to address the broken parts. However, it's important to consider the context in which these occur. But what if the real problem isn't just the part but the entire system it operates in?

    I want you to take a step back and to stop thinking about your company as a collection of departments and IT systems. Start seeing it for what it truly is: a complex, living, breathing economic system. This isn't some academic analogy. It’s a powerful model that will change how you approach resilience.

    An economic system involves production, resource allocation, and distribution of goods and services, which parallels how a company operates internally. It includes the combination of various departments, the people doing things, the business units, and even the decision-making steps that make up the economic structure of your company. Once you see this, you can never unsee it.

    What is an economic system?

    Let’s quickly demystify this. Forget textbooks and complex theories for a moment. Think about a national economy. It does three basic things:

    1. Production: It makes things. Factories build cars, farms grow food, and programmers write software. This is the creation of value.

    2. Resource Allocation: This process decides who gets what to make those things. Who gets the steel for the cars? The land for the farms? The funding for the software developers? These are all decisions about how to use scarce resources. 

    3. Distribution: This process gets the finished products to the people who need them. Cars go to importers, then dealerships then the customers, food goes to grocery stores, and software gets deployed to servers and then used by clients (in the general sense).

    That's it. Production, allocation, distribution. Every economy, from a simple bartering tribe to the global financial market, operates on these principles. And so does your company.

    So, how is your company an economy?

    Your company doesn't just “do work.” It produces, allocates, and distributes services in its own internal market (and eventually sells outside, otherwise… trouble).

    The production is everywhere. The human resources department produces a “payroll service.” The sales department produces “revenue contracts.” And the IT department? It produces a vast array of services: “compute cycles,” “data storage,” “network connectivity,” and “application uptime.” These are the goods and services that every other part of the company consumes to do their jobs.

    Resource allocation is the lifeblood of your corporate economy. It's the annual budgeting process, the project prioritization meetings, and the daily decisions managers make about where to assign their people. In IT, you are equally part of the allocation process. Most people get to decide at least what they will give priority to that day. Perhaps via the daily scrum or stand-up meetings. Perhaps during the review process. As a manager, when you approve a request for a new high-powered virtual machine for one team, you are making an economic choice. You are allocating a scarce resource that another team can no longer use. As a developer, when you decide that task X is now a higher priority than task Y, you make an economic decision to allocate yourself to task X. It's important to understand that there is an opportunity cost to every decision, whether you label it that way or not. 

    And distribution? That's how these services get to their “consumers.” It’s the internal platforms, the APIs that connect applications, the service desk that fulfills requests, the operations teams that update data via forms into databases, and even the reporting dashboards that deliver information. These are the supply chains and logistics networks of your company’s economy. The consumers are your clients, of course, but also every department that uses a service provided by another department.

    The IT department plays a central role in the company's economy, akin to a central bank and infrastructure provider, by managing essential digital resources like compute, storage, and bandwidth. You control its supply and, through your decisions, influence its value. You also build and maintain the “roads” and “power grid”—the networks and platforms—that the entire corporate economy depends on to function.

    Why This Perspective Is Important for Resilience

    This is where I feel it gets fascinating. When you start seeing your company as an economic system, your understanding of resilience deepens dramatically. You move beyond simply fixing broken things and start thinking about stabilizing a complex, interconnected market.

    It helps you understand true systemic risk.

    When a core database goes down, an engineer sees a technical failure. An economist sees a supply chain collapse. That database isn't just a box with blinking lights; it's a critical supplier of a raw material, namely data. Every single business process, application, and team that creates, updates or consumes that data is now starved of a resource they need to produce their own services. The failure cascades not just through technical dependencies but through economic dependencies. Seeing it this way forces you to ask better questions: Who are the biggest “consumers” of this data supplier? What is the total economic impact of this outage, not just the technical impact? This changes the incident's priority and your response strategy.

    You move beyond simple redundancy.

    The traditional engineering approach to resilience is redundancy. If one server is important, have two. This is like a town having two power plants. It's a good start, but it's not true economic resilience. An economist would ask different questions. Can we diversify our suppliers? Can we re-route via another path? If our primary database provider fails, can we switch to a secondary one, even if it's slower or pricier for a short time? This is the principle of substitution. Can a business process continue to function in a degraded mode, producing a lower-quality “good” for a while instead of stopping completely? This is about economic adaptability, not just technical duplication.

    You could take this even further and move into the realm of business continuity. Can your process work when your primary resource (the database) is not available? How would you redesign your process to work with an alternative solution? This thinking is at the heart of modern operational resilience regulations worldwide. Authorities are no longer just asking if your backups work; they're asking if your firm can fulfill its economic function in the face of severe adversity. They demand a clear grasp of your entire supply chain and a testable exit plan for critical suppliers, including cloud providers.

    You see that this goes way beyond a failing-part view. It goes to the heart of the economic function of your company.

    Incident response becomes economic intervention.

    During a major incident, the incident commander is now no longer just a technical coordinator. You are the head of the “central bank” during a "market crash". Your job is to prevent a localized failure from causing a full-blown corporate recession. Think about your actions:

    • You allocate scarce capital (your top engineers' time) to the most critical problem. The economic cost is the non-delivery of any other product by those people.

    • You implement fiscal policy by prioritizing certain fixes over others to stimulate the quickest “economic” recovery.

    • You manage market confidence through clear, calm, and regular communication to stakeholders, preventing panic from spreading.

    Each decision is an economic intervention designed to restore stability to the system. (If that is not the job description of a central banker, then I eat my hat.)

    Side Note: I often see teams who are obsessed with their own service's uptime, their own local metrics. They proudly report “five nines” of availability, but they do not report on how their service is actually consumed or how critical it is to the company's overall economic output. They've optimized their own factory but don't disclose their output's need level to the company or that their occasional one-hour outage brings the entire company's main assembly line to a halt. Resilience is not about local optimization; it is about the stability of the entire economic system. A dashboard that lists teams in order of availability or whatever other metric is fine, but these numbers must be mapped against their economic relevance. Without the economic relevance weighting, you may be misallocating resources in areas that are not critical or sufficiently important.

    How to Start Thinking Like an Economist in Your Resilience Practice

    This isn't just a theoretical exercise. You can apply this model today to make your organization stronger and yourself more effective to any employer or client.

    First, map your economic flows. Go beyond standard architecture diagrams. Create maps that show how value and services are produced, distributed, and consumed across departments. Identify your most important “supply chains.” Ask business units what IT services are essential for their “production lines” and what the financial impact is when those services are unavailable. This gives you a heat map of economic risk.

    Second, identify your single points of economic failure. In every economy, there are institutions that are “too big to fail.” What are yours? Is it a single authentication service? A legacy mainframe? A specific team of two people who know how a critical system works? These are the areas where a failure will cause a systemic crisis. They require more than just technical redundancy; they need deep, thoughtful resilience planning, including succession plans for people and substitution options for technology.

    Finally, reframe your post-incident reviews. Stop just asking, “What broke and why?” Start asking, “Which economic activity was disrupted?” and “How did the disruption flow through the system?” This shifts the conversation from blaming a component or a team to understanding systemic weaknesses in your company's economy. The goal is not to find a guilty party but to identify where your internal market is fragile and how you can strengthen it with better “monetary policy” (resource allocation) or “infrastructure” (more robust platforms).

    The vicious cycle of a failing economy

    In another article, I mentioned that resilience is a mindset.
     Resilience mindset graphic 

    So what happens when this economic system becomes unstable?

    These issues are typically considered failures and they manifest as irritations, perceived slowness and bugs, all the way to (regular) failures of a process or whole system.

    If this broken economic system is allowed to remain unstable, people will adopt negative behaviors.

    When “the government” (IT) fails to deliver, business teams take matters into their hands and start shadow IT. They may even purchase their own subscriptions.

    In a stable economy, participants trust that resources will be available when needed, but in a broken system, that trust is gone and leads to the hoarding of assets. This may be visible in the requested need for time or even budget allocation. And that leads into protectionism where teams build walls around their data and systems.

    When failures are common, the focus shifts from resolving the systemic problems to assigning blame for the specific symptom. This is akin to the breakdown of trade relations. The applications team blames the infrastructure team for slow servers. The infrastructure team blames the network team for latency. The network team blames the applications team for inefficient code. And around we go.

    Taking it just that little step further: If people live in a failing state long enough, they lose hope. This is learned helplessness. Your most valuable “citizens”—your engineers and business users—become disengaged. They stop reporting bugs because they assume they will never be fixed. They stop suggesting process improvements because they believe their voice doesn't matter.

    And lastly: In a functional system, there are clear processes for requesting services. In your broken economy, these official channels are considered worthless. The only way to get anything done is to generate a crisis. Escalation becomes the primary currency. People learn to bypass the ticketing system and send direct messages to senior leaders because they perceive that's the only way to get a response.

    How to Break the Cycle: Start Small

    To break this cycle, you need to start small and use mechanisms that turn the negative effects of problems into positive effects, like seeing opportunities.

    • Opportunities to correct irritations
    • Opportunities to enhance processes
    • Opportunities to perhaps redesign a service

    Proposing a grand vision will get you polite nods and zero action. I recommend you pick one irritation and fix it. Repeat multiple times until staff starts to perceive a change. Don't try to move the mountain. Remove the first obstacle and make your way up from there. This can be solving an issue, reducing an uncertainty, or actually spotting a way forward. 

    It will go easier as you continue this. Accept that on day one, your credibility is zero. It doesn’t matter whether you're a new manager or a seasoned expert. Trust is earned on the factory floor. Fix one small, nagging irritation for one person. Then another. This is how you build the political and social capital needed to tackle the mountain. It takes time.

    But what will happen next is crucial. There will be a reduction of the negative behaviors. And when you work it efficiently with enough time, you will eliminate those behaviors. And yes, there will be many ifs and buts, and each of the broken elements of a larger chain may require their own solutions. But it is this act of seeing the bigger picture through the constituent parts that will allow you to assign priorities and move closer to the solution in a structural way.
    Seeing step by step results feeds positivism and higher stability. Which in turn again feeds more positivism. 

     

    When you view your company through the lens of an economic system, it elevates the practice of resilience from a purely technical discipline to a value function. It gives you a language to communicate impact and risk to leadership in terms they understand: production, supply, and cost.

    It forces you to see the interconnectedness of everything you do and to appreciate that the failure of a single, seemingly minor component can have large, cascading effects across the entire organization. By thinking like an economist, you stop being just a firefighter, putting out isolated blazes. You become the architect of a more stable, more robust, and ultimately more resilient economy.

    You become the architect of a more stable, more robust, and ultimately more resilient economy. Now, go manage it.

    Always ready for a chat.

    Build Effective Enterprise Integration on the Back of Business Process

    • Buy Link or Shortcode: {j2store}360|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • Organizations undergoing growth, either organically or through M&A, tend to develop integration capabilities in a piecemeal and short-sighted fashion to preserve their view of agility.
    • Integration strategies that are focused solely on technological solutions are likely to complicate rather than simplify, as not enough consideration is given to how other systems and processes will be impacted.

    Our Advice

    Critical Insight

    • Define a path for your EI strategy. Establish the more pressing goal of enterprise integration: improving operational integrity or adding business intelligence/predictive analytics capability.
    • Combine multiple views of integration for a comprehensive EI strategy. Assess business process, applications, and data in tandem to understand where enterprise integration will fit in your organization.
    • Don’t start by boiling the ocean and get bogged down in mapping out the entire organization. For the purposes of the strategy, narrow your focus to a set of related high-value processes to identify ways to improve integration.

    Impact and Result

    • Begin your enterprise strategy formation by identifying if your organization places emphasis on enabling operational excellence or predictive modeling/analytics.
    • Enterprise integration needs to bring together business process, applications, and data, in that order. Kick-start the process of identifying opportunities for improvement by creating business process maps that incorporate how applications and data are coordinated to support business activities.
    • Revisit the corporate drivers after integration mapping activities to identify the primary use cases for improvement.
    • Prepare for the next steps of carrying out the strategy by reviewing a variety of solution options.
    • Develop a compelling business case by consolidating the outputs of your mapping activities, establishing metrics for a specific process (or set of processes), and quantifying the benefits.

    Build Effective Enterprise Integration on the Back of Business Process Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create an enterprise integration strategy; review Info-Tech’s methodology that encompasses business process, applications, and data; and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Position enterprise integration within the organization

    Begin strategy development by assigning roles and responsibilities for the team and establishing the initial direction for the strategy.

    • Build Effective Enterprise Integration on the Back of Business Process – Phase 1: Position Enterprise Integration Within Your Organization
    • Chief Enterprise Integration Officer
    • Enterprise Integration Strategy Drivers Assessment

    2. Explore the lenses of enterprise integration

    Create business process maps that incorporate how applications and data are coordinated to support business activities.

    • Build Effective Enterprise Integration on the Back of Business Process – Phase 2: Explore the Lenses of Enterprise Integration
    • Enterprise Integration Process Mapping Tool

    3. Develop the enterprise integration strategy

    Review your integration map to identify improvement opportunities, explore integration solutions, and consolidate activity outputs into a strategy presentation.

    • Build Effective Enterprise Integration on the Back of Business Process – Phase 3: Develop the Enterprise Integration Strategy
    • Enterprise Integration Strategy Presentation Template
    [infographic]

    Workshop: Build Effective Enterprise Integration on the Back of Business Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Position Enterprise Integration

    The Purpose

    Discuss the general approach for creating a holistic enterprise integration strategy.

    Define the initial direction and drivers.

    Key Benefits Achieved

    Strategy development team with responsibilities identified.

    Clear initial direction for the strategy based on senior stakeholder input.

    Activities

    1.1 Define the driving statements for your EI strategy.

    1.2 Develop a RACI chart.

    1.3 Discuss the current state of enterprise integration.

    1.4 Establish the initial direction of your strategy by surveying senior stakeholders.

    Outputs

    Vision, mission, and values for enterprise integration

    RACI chart for strategy development

    Documentation of past integration projects

    Chief Enterprise Integration Officer job description template

    2 Explore the Lenses of Enterprise Integration

    The Purpose

    Build a comprehensive map of what integration looks like for your target business processes.

    Key Benefits Achieved

    Clear documentation of the integration environment, encompassing process, data, and applications.

    Activities

    2.1 Develop level-0 and level-1 business capability diagrams.

    2.2 Identify the business processes of focus, based on relevance to overall corporate drivers.

    2.3 Complete process flow diagrams.

    2.4 Begin identifying the applications that are involved in each step of your process.

    2.5 Detail the connections/interactions between the applications in your business processes.

    2.6 Draw a current state diagram for application integration.

    2.7 Identify the data elements created, used, and stored throughout the processes, as well as systems of record.

    Outputs

    Business capability maps

    Business process flow diagrams

    Current state integration diagram

    Completed integration map

    3 Develop the Enterprise Integration Strategy

    The Purpose

    Review the outputs of the integration mapping activities.

    Educate strategy team on the potential integration solutions.

    Consolidate the findings of the activities into a compelling strategy presentation.

    Key Benefits Achieved

    Integration improvement opportunities are identified.

    Direction and drivers for enterprise integration are finalized.

    Understanding of the benefits and limitations of some integration solutions.

    Activities

    3.1 Discuss the observations/challenges and opportunities for improvement.

    3.2 Refine the focus of the strategy by conducting a more detailed stakeholder survey.

    3.3 Review the most common integration solutions for process, applications, and data.

    3.4 Create a future state integration architecture diagram.

    3.5 Define the IT and business critical success factors for EI.

    3.6 Articulate the risks with pursuing (and not pursuing) an EI strategy.

    3.7 Quantify the monetary benefits of the EI strategy.

    3.8 Discuss best practices for presenting the strategy and organize the presentation content.

    Outputs

    Critical success factors and risks for enterprise integration

    Monetary benefits of enterprise integration

    Completed enterprise integration strategy presentation

    Voka 2025 Resilience Scores

     

    Test uw digitale slagkracht!

    Jammer! U bent te laat.

    De VOKA Bedrijven Contact Dagen 2025 zijn voorbij en onze winnaars zijn bekend!

    Liguris: 80 points
    Keiretsu: 71 points
    Staffler: 69 points
    Xpo group: 67 points
    Actief: 66 points

    Continue reading

    Adapt Your Customer Experience Strategy to Successfully Weather COVID-19

    • Buy Link or Shortcode: {j2store}536|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • COVID-19 is an unprecedented global pandemic. It’s creating significant challenges across every sector.
    • Collapse of financial markets and a steep decline in consumer confidence has most firms nervous about revenue shortfalls and cash burn rates.
    • The economic impact of COVID-19 is freezing IT budgets and sharply changing IT priorities.
    • The human impact of COVID-19 is likely to lead to staffing shortfalls and knowledge gaps.
    • COVID-19 may be in play for up to two years.

    Our Advice

    Critical Insight

    The challenges posed by the virus are compounded by the fact that consumer expectations for strong service delivery remain high:

    • Customers still expect timely, on-demand service from the businesses they engage with.
    • There is uncertainty about how to maintain strong, revenue-driving experiences when faced with the operational challenges posed by the virus.
    • COVID-19 is changing how organizations prioritize spending priorities within their CXM strategies.

    Impact and Result

    • Info-Tech recommends rapidly updating your strategy for customer experience management to ensure it can rise to the occasion.
    • Start by assessing the risk COVID-19 poses to your CXM approach and how it’ll impact marketing, sales, and customer service functions.
    • Implement actionable measures to blunt the threat of COVID-19 while protecting revenue, maintaining consistent product and service delivery, and improving the integrity of your brand. We’ll dive into five proven techniques in this brief!

    Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Research & Tools

    Start here

    Read our concise Executive Brief to find out why you should examine the impact of COVID-19 on customer experience strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Storyboard

    1. Assess the impact of COVID-19 on your CXM strategy

    Create a consolidated, updated view of your current customer experience management strategy and identify which elements can be capitalized on to dampen the impact of COVID-19 and which elements are vulnerabilities that the pandemic may threaten to exacerbate.

    2. Blunt the damage of COVID-19 with new CXM tactics

    Create a roadmap of business and technology initiatives through the lens of customer experience management that can be used to help your organization protect its revenue, maintain customer engagement, and enhance its brand integrity.

    [infographic]

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}220|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Access to information about companies is more available to consumers than ever. Organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.

    A negative event could impact your organization's reputation at any given time. Make sure you understand where such events may come from and have a plan to manage the inevitable consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand.
    • Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals.

    Impact and Result

    • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Reputational Risk Impacts on Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your brand reputation.

    Use this research to identify and quantify the potential reputational impacts caused by vendors. Use Info-Tech's approach to look at the reputational impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Reputational Risk Impacts on Your Organization Storyboard

    2. Reputational Risk Impact Tool – Use this tool to help identify and quantify the reputational impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate - possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Reputational Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Reputational Risk Impacts on Your Organization

    Brand reputation is the most valuable asset an organization can protect.

    Analyst Perspective

    Organizations must diligently assess and protect their reputations, both in the market and internally.

    Social media, unprecedented access to good and bad information, and consumer reliance on others’ online opinions force organizations to dedicate more resources to protecting their brand reputation than ever before. Perceptions matter, and you should monitor and protect the perception of your organization with as much rigor as possible to ensure your brand remains recognizable and trusted.

    Photo of Frank Sewell, Research Director, Vendor Management, Info-Tech Research Group.

    Frank Sewell
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Access to information about companies is more available to consumers than ever. A negative event could impact your organizational reputation at any time. As a result, organizations must implement mechanisms to monitor and manage how information is perceived to avoid potentially disastrous consequences to their brand reputation.

    Make sure you understand where negative events may come from and have a plan to manage the inevitable consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential impact on your organization’s reputation requires efforts from multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how social media can affect your brand.

    Organizational leadership is often caught unaware during crises, and their response plans lack the flexibility to adjust to significant market upheavals.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to rapid changes in online media. Ongoing monitoring of social media and the vendors tied to their company is imperative to achieving success and avoiding reputational disasters.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    Cube with each multiple colors on each face, similar to a Rubix cube, and individual components of vendor risk branching off of it: 'Financial', 'Reputational', 'Operational', 'Strategic', 'Security', and 'Regulatory & Compliance'.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Reputational risk impacts

    Potential losses to the organization due to risks to its reputation and brand

    In this blueprint, we’ll explore reputational risks (risks to the brand reputation of the organization) and their impacts.

    Identify potentially negative events to assess the overall impact on your organization and implement adaptive measures to respond and correct.

    Cube with each multiple colors on each face, similar to a Rubix cube, and the vendor risk component 'Reputational' highlighted.

    Protect your most valuable asset: your brand

    25%

    of a company’s market value is due to reputation (Transmission Private, 2021)

    94%

    of consumers say that a bad review has convinced them to avoid a business (ReviewTrackers, 2022)

    14 hours

    is the average time it takes for a false claim to be corrected on social media (Risk Analysis, 2018)
    Image of an umbrella covering the word 'BRAND' and three arrows approaching from above.

    What is brand recognition?

    And the cost of rebranding

    Brand recognition is the ability of consumers to recognize an identifying characteristic of one company versus a competitor.” (Investopedia)

    Most trademark valuation is based directly on its projected future earning power, based on income history. For a new brand with no history, evaluators must apply experience and common sense to predict the brand's earning potential. They can also use feedback from industry experts, market surveys, and other studies.” (UpCounsel)

    The cost of rebranding for small to medium businesses is about 10 to 20% of the recommended overall marketing budget and can take six to eight months (Ignyte).

    Stock image of a house with a money sign chimney.

    "All we are at our core is our reputation and our brand, and they are intertwined." (Phil Bode, Principal Research Director, Info-Tech Research Group)

    What your vendor associations say about you

    Arrows of multiple colors coalescing in an Earth labelled 'Your Brand', and then a red arrow that reads 'Reputation' points to the terms on the right.

    Bad Customer Reviews

    Breach of Data

    Poor Security Posture

    Negative News Articles

    Public Lawsuits

    Poor Performance

    How a major vendor protects its brand

    An ideal state
    • There is a dedicated brand protection department.
    • All employees are educated annually on brand protection policies and procedures.
    • Brand protection is tied to cybersecurity.
    • The organization actively monitors its brand and reputation through various media formats.
    • The organization has criteria for assessing x-party vendors and holds them accountable through ongoing monitoring and validation of their activities.

    Brand Protection
    Done Right

    Sticker for a '5 Star Rating'.

    Never underestimate the power of local media on your profits

    Info-Tech Insight

    Keep in mind that too much exposure to media can be a negative in that it heightens the awareness of your organization to outside actors. If you do go through a period of increased exposure, make sure to advance your monitoring practices and vigilance.

    Story: Restaurant data breach

    Losing customer faith

    A popular local restaurant’s point of service (POS) machines were breached and the credit card data of their customers over a two-week period was stolen. The restaurant did the right thing: they privately notified the affected people, helped them set up credit monitoring services, and replaced their compromised POS system.

    Unfortunately, the local newspaper got wind of the breach. It published the story, leaving out that the restaurant had already notified affected customers and had replaced their POS machines.

    In response, the restaurant launched a campaign in the local paper and on social media to repair their reputation in the community and reassure people that they could safely transact at their business.

    For at least a month, the restaurant experienced a drastic decrease in revenue as customers either refused to come in to eat or paid only in cash. During this same period the restaurant was spending outside their budget on the advertising.
    Broken trust.

    Story: Monitor your subcontractors

    Trust but verify

    A successful general contractor with a reputation for fairness in their dealings needed a specialist to perform some expert carpentry work for a few of their clients.

    The contractor gave the specialist the clients’ contact information and trusted them to arrange the work.

    Weeks later, the contractor checked in with the clients and received a ton of negative feedback:

    • The specialist called them once and never called back.
    • The specialist refused to do the work as described and wanted to charge extra.
    • The specialist performed work to “fix” the issue but cut corners to lessen their costs.

    As a result, the contractor took extreme measures to regain the clients’ confidence and trust and lost other opportunities in the process.

    Stock image of a sad construction site supervisor.

    You work hard for your reputation. Don’t let others ruin it.

    Don’t forget to look within as well as without

    Stock image of a frustrated desk worker.

    Story: Internal reputation is vital

    Trust works both ways

    An organization’s relatively new IT and InfoSec department leadership have been upgrading the organization's systems and policies as fast as resources allow when the organization encounters a major breach of security.

    Trust in the developing IT and InfoSec departments' leadership wanes throughout the organization as people search for the root cause and blame the systems. This degradation of trust limits the effectiveness of the newly implemented process, procedures, and tools of the departments.

    The new leaders' abilities are called into question, and they must now rigorously defend and justify their decisions and positions to the executives and board.

    It will be some time before the two departments gain their prior trust and respect, and the new leaders face some tough times ahead regaining the organization's confidence.

    How could the new leaders approach the situation to mend their reputations in the wake of this (perhaps unfair) reputational hit?

    It is not enough to identify the potential risks; there must also be adequate controls in place to monitor and manage them

    Stock image of a fingerprint on a computer chip under a blacklight.

    Identify, manage, and monitor reputational risks

    Global markets
    • Organizations need to learn how to assess the likelihood of potential risks in the changing global markets and recognize how their partnerships and subcontracts affect their brand.
    • Now more than ever, organizations need to be mindful of the larger global landscape and how their interactions within various regions can impact their reputation.
    Social media
    • Understanding how to monitor social media activity and online content will give you an edge in the current environment.
    • Changes in social media generally happen faster than companies can recognize them. If you are not actively monitoring those risks, the damage could set in before you even have a chance to respond.
    Global shortages
    • Organizations need to accept that shortages will recur periodically and that preparing for them will significantly increase the success potential of long-term plans.
    • Customers don’t always understand what is happening in the global supply chain and may blame you for poor service if you cannot meet demands as you have in the past.

    Which way is your reputation heading?

    • Do you understand and track items that might affect your reputation?
    • Do you understand the impact they may have on your business?

    Visualization of a Newton's Cradle perpetual motion device, aka clacky balls. The lifted ball is colored green with a smiley face and is labelled 'Your Brand Reputation'. The other four balls are red with a frowny face and are labelled 'Data Breach/ Lawsuit', 'Service Disruption', 'Customer Complaint', and 'Poor Delivery'.

    Identifying and understanding potential risks is essential to adapting to the ever-changing online landscape

    Info-Tech Insight

    Few organizations are good at identifying risks. As a result, almost none realistically plan to monitor, manage, and adapt their plans to mitigate those risks.

    Reputational risks

    Not protecting your brand can have disastrous consequences to your organization

    • Data breaches & lawsuits
    • Poor vendor performance
    • Service disruptions
    • Negative reviews

    Stock image of a smiling person on their phone rating something five stars.

    What to look for in vendors

    Identify potential reputational risk impacts
    • Check online reviews from both customers and employees.
    • Check news sites:
      • Has the vendor been affected by a breach?
      • Is the vendor frequently in the news – good or bad? Greater exposure can cause an uptick in hostile attacks, so make sure the vendor has adequate protections in line with its exposure.
    • Review its financials. Is it prime for an acquisition/bankruptcy or other significant change?
    • Review your contractual protections to ensure that you are made whole in the event something goes wrong. Has anything changed with the vendor that requires you to increase your protections?
    • Has anything changed in the vendor’s market? Is a competitor taking its business, or are its resources stretched on multiple projects due to increased demand?
    Illustration of business people in a city above various icons.

    Assessing Reputational Risk Impacts

    Zigzagging icons and numbers one through 7 alternating sides downward. Review Organizational Strategy
    Understand the organizational strategy to prepare for the “what if” game exercise.
    Identify & Understand Potential Risks
    Play the “what if” game with the right people at the table.
    Create a Risk Profile Packet for Leadership
    Pull all the information together in a presentation document.
    Validate the Risks
    Work with leadership to ensure that the proposed risks are in line with their thoughts.
    Plan to Manage the Risks
    Lower the overall risk potential by putting mitigations in place.
    Communicate the Plan
    It is important not only to have a plan but also to socialize it in the organization for awareness.
    Enact the Plan
    Once the plan is finalized and socialized put it in place with continued monitoring for success.
    (Adapted from Harvard Law School Forum on Corporate Governance)

    Insight Summary

    Reputational risk impacts are often unanticipated, causing catastrophic downstream effects. Continuously monitoring your vendors’ actions in the market can help organizations head off brand disasters before they occur.

    Insight 1

    Understanding how to monitor social media activity and online content will give you an edge in the current environment.

    Do you have dedicated individuals or teams to monitor your organization's online presence? Most organizations review and approve the online content, but many forget the need to have analysts reviewing what others are saying about them.

    Insight 2

    Organizations need to learn how to assess the likelihood of potential risks in the rapidly changing online environments and recognize how their partnerships and subcontractors’ actions can affect their brand.

    For example, do you understand how a simple news article raises your profile for short-term and long-term adverse events?

    Insight 3

    Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the company’s reputation.

    Do you include a social media and brand protection policy in your annual education?

    Identify reputational risk

    Who should be included in the discussion?
    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make INFORMED decisions.
    • Getting input from your organization's marketing experts will enhance your brand's long-term protection.
    • Involving those who directly manage vendors and understand the market will aid in determining the forward path for relationships with your current vendors and identifying new emerging potential partners.
    • Organizations have a wealth of experience in their marketing departments that can help identify real-world negative scenarios.
    • Include vendor relationship managers to help track what is happening in the media for those vendors.
    Keep in mind: (R=L*I)
    Risk = Likelihood x Impact

    Impact tends to remain the same, while likelihood is a very flexible variable.

    Stock image of a flowchart asking 'Risk?', 'Yes', 'No'.

    Manage and monitor reputational risk impacts

    What can we realistically do about the risks?
    • Re-evaluate corporate policies frequently.
    • Ensure proper protections in contracts:
      • Limit the use of your brand name in the publicity and trademark clauses.
      • Make sure to include security protections for your data in the event of a breach; understand that reputation can rarely be made whole again once trust is breached.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time and adjust your strategy based on the lessons.
    • Monitor your company’s and associated vendors’ online presence.
    • Track similar companies’ brand reputations to see how yours compares in the market.

    Social media is driving the need for perpetual diligence.

    Organizations need to monitor their brand reputation considering the pace of incidents in the modern age.

    Stock image of a person on a phone that is connected to other people.

    The “what if” game

    1-3 hours

    Input: List of identified potential risk scenarios scored by likelihood and financial impact, List of potential management of the scenarios to reduce the risk

    Output: Comprehensive reputational risk profile on the specific vendor solution

    Materials: Whiteboard/flip charts, Reputational Risk Impact Tool to help drive discussion

    Participants: Vendor Management Coordinator, Organizational Leadership, Operations Experts (SMEs), Legal/Compliance/Risk Manager, Marketing

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Reputational Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potential risk but manage the overall process to keep the discussion on track.
    3. Collect the outputs and ask the subject matter experts for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Reputational Risk Impact Tool

    Example: Low reputational risk

    We can see clearly in this example that the contractor suffered minimal impact from the specialist's behavior. Though they did take a hit to their overall reputation with a few customers, they should be able to course-correct with a minimal outlay of effort and almost no loss of revenue.

    Stock image of construction workers.

    Sample table of 'Sample Questions to Ask to Identify Reputational Impacts'. Column headers are 'Score', 'Weight', 'Question', and 'Comments or Notes'. At the bottom the 'Reputational Score' row has a low average score of '1.3' and '%100' total weight in their respective columns.

    Example: High reputational risk

    Note in the example how the tool can represent different weights for each of the criteria depending on your needs.

    Stock image of an older person looking out a window.

    Sample table of 'Sample Questions to Ask to Identify Reputational Impacts'. Column headers are 'Score', 'Weight', 'Question', and 'Comments or Notes'. At the bottom the 'Reputational Score' row has a high average score of '3.1' and '%100' total weight in their respective columns.

    Summary

    Be vigilant and adaptable to change
    • Organizations need to learn how to assess the likelihood of potential risks in the changing global markets and recognize how their partnerships and subcontracts affect their brand.
    • Understanding how to monitor social media activity and online content will give you an edge in the current environment.
    • Bring the right people to the table to outline potential risks to your organization’s brand reputation.
    • Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the company’s reputation.
    • Incorporate lessons learned from incidents into your risk management process to build better plans for future issues.
    Stock image of a person's face overlaid with many different images.

    Organizations must evolve their risk assessments to be more adaptive to respond to global factors in the market.

    Ongoing monitoring of online media and the vendors tied to company visibility is imperative to avoiding disaster.

    Bibliography

    "The CEO Reputation Premium: Gaining Advantage in the Engagement Era." Weber Shandwick, March 2015. Accessed June 2022.

    Glidden, Donna. "Don't Underestimate the Need to Protect Your Brand in Publicity Clauses." Info-Tech Research Group, June 2022.

    Greenaway, Jordan. "Managing Reputation Risk: A start-to-finish guide." Transmission Private, July 2020. Accessed June 2022.

    Jagiello, Robert D., and Thomas T. Hills. “Bad News Has Wings: Dread Risk Mediates Social Amplification in Risk Communication.” Risk Analysis, vol. 38, no. 10, 2018, pp. 2193-2207.

    Kenton, Will. "Brand Recognition.” Investopedia, Aug. 2021. Accessed June 2022.

    Lischer, Brian. "How Much Does it Cost to Rebrand Your Company?" Ignyte, October 2017. Accessed June 2022.

    "Powerful Examples of How to Respond to Negative Reviews." ReviewTrackers, 16 Feb. 2022. Accessed June 2022.

    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012. Web.

    "Valuation of Trademarks: Everything You Need to Know." UpCounsel, 2022. Accessed June 2022.

    Related Info-Tech Research

    Sample of 'Assessing Financial Risk Management'. Identify and Manage Financial Risk Impacts on Your Organization
    • Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.
    • Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.
    Sample of 'How to Assess Strategic Risk'. Identify and Manage Strategic Risk Impacts on Your Organization
    • Identifying and managing a vendor’s potential strategic impact requires multiple people in the organization across several functions – and those people all need coaching on the potential changes in the market and how these changes affect strategic plans.
    • Organizational leadership is often caught unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.
    Research coming soon. Jump Start Your Vendor Management Initiative
    • Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. The key is to adapt vendor management principles to fit your needs…not the other way around.
    • All vendors are not of equal importance to an organization. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.

    Research Contributors and Experts

    Frank Sewell

    Research Director
    Info-Tech Research Group

    Donna Glidden

    Research Director
    Info-Tech Research Group

    Steven Jeffery

    Principal Research Director
    Info-Tech Research Group

    Mark Roman

    Managing Partner
    Info-Tech Research Group

    Phil Bode

    Principal Research Director
    Info-Tech Research Group

    Sarah Pletcher

    Executive Advisor
    Info-Tech Research Group

    Scott Bickley

    Practice Lead
    Info-Tech Research Group

    Select and Implement a Web Experience Management Solution

    • Buy Link or Shortcode: {j2store}556|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • A company’s web presence is its front face to the world. Ensuring you have the right suite of tools for web content management, experience design, and web analytics is critical to putting your best foot forward: failing to do so will result in customer attrition and lost revenue.
    • Web Experience Management (WEM) suites are a rapidly maturing and dynamic market, with a landscape full of vendors with cutting edge solutions and diverse offerings. As a result, finding a solution that is the best fit for your organization can be a complex process.

    Our Advice

    Critical Insight

    • WEM products are not a one-size-fits-all investment: unique evaluations and customization are required in order to deploy a solution that fits your organization.
    • WEM technology often complements core CRM and marketing management products – it does not supplant it, and must augment the rest of your customer experience management portfolio.
    • Phase your WEM implementation: Start with core capabilities such as content management, then add additional capabilities for site analytics and dynamic experience.

    Impact and Result

    • Align marketing needs with identified functional requirements.
    • Implement a best-fit WEM that increases customer acquisition and retention, and provides in-depth capabilities for site analysis.
    • Optimize procurement and operations costs for the WEM platform.

    Select and Implement a Web Experience Management Solution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should select and implement a WEM solution, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the WEM project and collect requirements

    Conduct a market overview, structure the project, and gather requirements.

    • Select and Implement a Web Experience Management Solution – Phase 1: Launch the WEM Project and Collect Requirements
    • WEM Project Charter Template
    • WEM Use-Case Fit Assessment Tool

    2. Select a WEM solution

    Analyze and shortlist vendors in the space and select a WEM solution.

    • Select and Implement a Web Experience Management Solution – Phase 2: Select a WEM Solution
    • WEM Vendor Shortlist & Detailed Feature Analysis Tool
    • WEM Vendor Demo Script Template
    • WEM RFP Template

    3. Plan the WEM implementation

    Plan the implementation and evaluate project metrics.

    • Select and Implement a Web Experience Management Solution – Phase 3: Plan the WEM Implementation
    • WEM Work Breakdown Structure Template
    [infographic]

    Workshop: Select and Implement a Web Experience Management Solution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch of the WEM Selection Project

    The Purpose

    Discuss the general project overview for the WEM selection.

    Key Benefits Achieved

    Launch of your WEM selection project.

    Development of your organization’s WEM requirements.

    Activities

    1.1 Facilitation of activities from the Launch the WEM Project and Collect Requirements phase, including project scoping and resource planning.

    1.2 Conduct overview of the WEM market landscape, trends, and vendors.

    1.3 Conduct process mapping for selected marketing processes.

    1.4 Interview business stakeholders.

    1.5 Prioritize WEM functional requirements.

    Outputs

    WEM Procurement Project Charter

    WEM Use-Case Fit Assessment

    2 Plan the Procurement and Implementation Process

    The Purpose

    Plan the procurement and the implementation of the WEM solution.

    Key Benefits Achieved

    Selection of a WEM solution.

    A plan for implementing the selected WEM solution.

    Activities

    2.1 Complete marketing process mapping with business stakeholders.

    2.2 Interview IT staff and project team, identify technical requirements for the WEM suite, and document high-level solution requirements.

    2.3 Perform a use-case scenario assessment, review use-case scenario results, identify use-case alignment, and review the WEM Vendor Landscape vendor profiles and performance.

    2.4 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

    2.5 Meet with project manager to discuss results and action items.

    Outputs

    Vendor Shortlist

    WEM RFP

    Vendor Evaluations

    Selection of a WEM Solution

    WEM projected work break-down

    Implementation plan

    Framework for WEM deployment and CRM/Marketing Management Suite Integration

    Domino – Maintain, Commit to, or Vacate?

    If you have a Domino/Notes footprint that is embedded within your business units and business processes and is taxing your support organization, you may have met resistance from the business and been asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses and a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Our Advice

    Critical Insight

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Impact and Result

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Domino – Maintain, Commit to, or Vacate? Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Domino – Maintain, Commit to, or Vacate? – A brief deck that outlines key migration options for HCL Domino platforms.

    This blueprint will help you assess the fit, purpose, and price of Domino options; develop strategies for overcoming potential challenges; and determine the future of Domino for your organization.

    • Domino – Maintain, Commit to, or Vacate? Storyboard

    2. Application Rationalization Tool – A tool to understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    Use this tool to input the outcomes of your various application assessments.

    • Application Rationalization Tool

    Infographic

    Further reading

    Domino – Maintain, Commit to, or Vacate?

    Lotus Domino still lives, and you have options for migrating away from or remaining with the platform.

    Executive Summary

    Info-Tech Insight

    “HCL announced that they have somewhere in the region of 15,000 Domino customers worldwide, and also claimed that that number is growing. They also said that 42% of their customers are already on v11 of Domino, and that in the year or so since that version was released, it’s been downloaded 78,000 times. All of which suggests that the Domino platform is, in fact, alive and well.”
    – Nigel Cheshire in Team Studio

    Your Challenge

    You have a Domino/Notes footprint embedded within your business units and business processes. This is taxing your support organization; you are meeting resistance from the business, and you are now asked to help the organization migrate away from the Lotus Notes platform. The Lotus Notes platform was long used by technology and businesses as a multipurpose solution that, over the years, became embedded within core business applications and processes.

    Common Obstacles

    For organizations that are struggling to understand their options for the Domino platform, the depth of business process usage is typically the biggest operational obstacle. Migrating off the Domino platform is a difficult option for most organizations due to business process and application complexity. In addition, migrating clients have to resolve the challenges with more than one replaceable solution.

    Info-Tech Approach

    The most common tactic is for the organization to better understand their Domino migration options and adopt an application rationalization strategy for the Domino applications entrenched within the business. Options include retiring, replatforming, migrating, or staying with your Domino platform.

    Review

    Is “Lotus” Domino still alive?

    Problem statement

    The number of member engagements with customers regarding the Domino platform has, as you might imagine, dwindled in the past couple of years. While many members have exited the platform, there are still many members and organizations that have entered a long exit program, but with how embedded Domino is in business processes, the migration has slowed and been met with resistance. Some organizations had replatformed the applications but found that the replacement target state was inadequate and introduced friction because the new solution was not a low-code/business-user-driven environment. This resulted in returning the Domino platform to production and working through a strategy to maintain the environment.

    This research is designed for:

    • IT strategic direction decision-makers
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating migration options for mission-critical applications running on Domino

    This research will help you:

    1. Evaluate migration options.
    2. Assess the fit and purpose.
    3. Consider strategies for overcoming potential challenges.
    4. Determine the future of this platform for your organization.

    The “everything may work” scenario

    Adopt and expand

    Believe it or not, Domino and Notes are still options to consider when determining a migration strategy. With HCL still committed to the platform, there are options organizations should seek to better understand rather than assuming SharePoint will solve all. In our research, we consider:

    Importance to current business processes

    • Importance of use
    • Complexity in migrations
    • Choosing a new platform

    Available tools to facilitate

    • Talent/access to skills
    • Economies of scale/lower cost at scale
    • Access to technology

    Info-Tech Insight

    With multiple options to consider, take the time to clearly understand the application rationalization process within your decision making.

    • Archive/retire
    • Application migration
    • Application replatform
    • Stay right where you are

    Eliminate your bias – consider the advantages

    “There is a lot of bias toward Domino; decisions are being made by individuals who know very little about Domino and more importantly, they do not know how it impacts business environment.”

    – Rob Salerno, Founder & CTO, Rivet Technology Partners

    Domino advantages include:

    Modern Cloud & Application

    • No-code/low-code technology

    Business-Managed Application

    • Business written and supported
    • Embrace the business support model
    • Enterprise class application

    Leverage the Application Taxonomy & Build

    • A rapid application development platform
    • Develop skill with HCL training

    HCL Domino is a supported and developed platform

    Why consider HCL?

    • Consider scheduling a Roadmap Session with HCL. This is an opportunity to leverage any value in the mission and brand of your organization to gain insights or support from HCL.
    • Existing Domino customers are not the only entities seeking certainty with the platform. Software solution providers that support enterprise IT infrastructure ecosystems (backup, for example) will also be seeking clarity for the future of the platform. HCL will be managing these relationships through the channel/partner management programs, but our observations indicate that Domino integrations are scarce.
    • HCL Domino should be well positioned feature-wise to support low-code/NoSQL demands for enterprises and citizen developers.

    Visualize Your Application Roadmap

    1. Focus on the application portfolio and crafting a roadmap for rationalization.
      • The process is intended to help you determine each application’s functional and technical adequacy for the business process that it supports.
    2. Document your findings on respective application capability heatmaps.
      • This drives your organization to a determination of application dispositions and provides a tool to output various dispositions for you as a roadmap.
    3. Sort the application portfolio into a disposition status (keep, replatform, retire, consolidate, etc.)
      • This information will be an input into any cloud migration or modernization as well as consolidation of the infrastructure, licenses, and support for them.

    Our external support perspective

    by Darin Stahl

    Member Feedback

    • Some members who have remaining Domino applications in production – while the retire, replatform, consolidate, or stay strategy is playing out – have concerns about the challenges with ongoing support and resources required for the platform. In those cases, some have engaged external services providers to augment staff or take over as managed services.
    • While there could be existing support resources (in house or on retainer), the member might consider approaching an external provider who could help backstop the single resource or even provide some help with the exit strategies. At this point, the conversation would be helpful in any case. One of our members engaged an external provider in a Statement of Work for IBM Domino Administration focused on one-time events, Tier 1/Tier 2 support, and custom ad hoc requests.
    • The augmentation with the managed services enabled the member to shift key internal resources to a focus on executing the exit strategies (replatform, retire, consolidate), since the business knowledge was key to that success.
    • The member also very aggressively governed the Domino environment support needs to truly technical issues/maintenance of known and supported functionality rather than coding new features (and increasing risk and cost in a migration down the road) – in short, freezing new features and functionality unless required for legal compliance or health and safety.
    • There obviously are other providers, but at this point Info-Tech no longer maintains a market view or scan of those related to Domino due to low member demand.

    Domino database assessments

    Consider the database.

    • Domino database assessments should be informed through the lens of a multi-value database, like jBase, or an object system.
    • The assessment of the databases, often led by relational database subject matter experts grounded in normalized databases, can be a struggle since Notes databases must be denormalized.
    Key/Value Column

    Use case: Heavily accessed, rarely updated, large amounts of data
    Data Model: Values are stored in a hash table of keys.
    Fast access to small data values, but querying is slow
    Processor friendly
    Based on amazon's Dynamo paper
    Example: Project Voldemort used by LinkedIn

    this is a Key/Value example

    Use case: High availability, multiple data centers
    Data Model: Storage blocks of data are contained in columns
    Handles size well
    Based on Google's BigTable
    Example: Hadoop/Hbase used by Facebook and Yahoo

    This is a Column Example
    Document Graph

    Use case: Rapid development, Web and programmer friendly
    Data Model: Stores documents made up of tagged elements. Uses Key/Value collections
    Better query abilities than Key/Value databases.
    Inspired by Lotus Notes.
    Example: CouchDB used by BBC

    This is a Document Example

    Use case: Best at dealing with complexity and relationships/networks
    Data model: Nodes and relationships.
    Data is processed quickly
    Inspired by Euler and graph theory
    Can easily evolve schemas
    Example: Neo4j

    This is a Graph Example

    Understand your options

    Archive/Retire

    Store the application data in a long-term repository with the means to locate and read it for regulatory and compliance purposes.

    Migrate

    Migrate to a new version of the application, facilitating the process of moving software applications from one computing environment to another.

    Replatform

    Replatforming is an option for transitioning an existing Domino application to a new modern platform (i.e. cloud) to leverage the benefits of a modern deployment model.

    Stay

    Review the current Domino platform roadmap and understand HCL’s support model. Keep the application within the Domino platform.

    Archive/retire

    Retire the application, storing the application data in a long-term repository.

    Abstract

    The most common approach is to build the required functionality in whatever new application/solution is selected, then archive the old data in PDFs and documents.

    Typically this involves archiving the data and leveraging Microsoft SharePoint and the new collaborative solutions, likely in conjunction with other software-as-a-service (SaaS) solutions.

    Advantages

    • Reduce support cost.
    • Consolidate applications.
    • Reduce risk.
    • Reduce compliance and security concerns.
    • Improve business processes.

    Considerations

    • Application transformation
    • eDiscovery costs
    • Legal implications
    • Compliance implications
    • Business process dependencies

    Info-Tech Insights

    Be aware of the costs associated with archiving. The more you archive, the more it will cost you.

    Application migration

    Migrate to a new version of the application

    Abstract

    An application migration is the managed process of migrating or moving applications (software) from one infrastructure environment to another.

    This can include migrating applications from one data center to another data center, from a data center to a cloud provider, or from a company’s on-premises system to a cloud provider’s infrastructure.

    Advantages

    • Reduce hardware costs.
    • Leverage cloud technologies.
    • Improve scalability.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Data extraction, starting from the document databases in NSF format and including security settings about users and groups granted to read and write single documents, which is a powerful feature of Lotus Domino documents.
    • File extraction, starting from the document databases in NSF format, which can contain attachments and RTF documents and embedded files.
    • Design of the final relational database structure; this activity should be carried out without taking into account the original structure of the data in Domino files or the data conversion and loading, from the extracted format to the final model.
    • Design and development of the target-state custom applications based on the new data model and the new selected development platform.

    Application replatform

    Transition an existing Domino application to a new modern platform

    Abstract

    This type of arrangement is typically part of an application migration or transformation. In this model, client can “replatform” the application into an off-premises hosted provider platform. This would yield many benefits of cloud but in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application.

    Two challenges are particularly significant when migrating or replatforming Domino applications:

    • The application functionality/value must be reproduced/replaced with not one but many applications, either through custom coding or a commercial-off-the-shelf/SaaS solution.
    • Notes “databases” are not relational databases and will not migrate simply to an SQL database while retaining the same business value. Notes databases are essentially NoSQL repositories and are difficult to normalize.

    Advantages

    • Leverage cloud technologies.
    • Improve scalability.
    • Align to a SharePoint platform.
    • Improve disaster recovery.
    • Improve application security.

    Considerations

    • Application replatform resource effort
    • Network bandwidth
    • New platform terms and conditions
    • Secure connectivity and communication
    • New platform security and compliance
    • Degree of complexity

    Info-Tech Insights

    There is a difference between a migration and a replatform application strategy. Determine which solution aligns to the application requirements.

    Stay with HCL

    Stay with HCL, understanding its future commitment to the platform.

    Abstract

    Following the announced acquisition of IBM Domino and up until around December 2019, HCL had published no future roadmap for the platform. The public-facing information/website at the time stated that HCL acquired “the product family and key lab services to deliver professional services.” Again, there was no mention or emphasis on upcoming new features for the platform. The product offering on their website at the time stated that HCL would leverage its services expertise to advise clients and push applications into four buckets:

    1. Replatform
    2. Retire
    3. Move to cloud
    4. Modernize

    That public-facing messaging changed with release 11.0, which had references to IBM rebranded to HCL for the Notes and Domino product – along with fixes already inflight. More information can be found on HCL’s FAQ page.

    Advantages

    • Known environment
    • Domino is a supported platform
    • Domino is a developed platform
    • No-code/low-code optimization
    • Business developed applications
    • Rapid application framework

    This is the HCL Domino Logo

    Understand your tools

    Many tools are available to help evaluate or migrate your Domino Platform. Here are a few common tools for you to consider.

    Notes Archiving & Notes to SharePoint

    Summary of Vendor

    “SWING Software delivers content transformation and archiving software to over 1,000 organizations worldwide. Our solutions uniquely combine key collaborative platforms and standard document formats, making document production, publishing, and archiving processes more efficient.”*

    Tools

    Lotus Notes Data Migration and Archiving: Preserve historical data outside of Notes and Domino

    Lotus Note Migration: Replacing Lotus Notes. Boost your migration by detaching historical data from Lotus Notes and Domino.

    Headquarters

    Croatia

    Best fit

    • Application archive and retire
    • Migration to SharePoint

    This is an image of the SwingSoftware Logo

    * swingsoftware.com

    Domino Migration to SharePoint

    Summary of Vendor

    “Providing leading solutions, resources, and expertise to help your organization transform its collaborative environment.”*

    Tools

    Notes Domino Migration Solutions: Rivit’s industry-leading solutions and hardened migration practice will help you eliminate Notes Domino once and for all.

    Rivive Me: Migrate Notes Domino applications to an enterprise web application

    Headquarters

    Canada

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the RiVit Logo

    * rivit.ca

    Lotus Notes to M365

    Summary of Vendor

    “More than 300 organizations across 40+ countries trust skybow to build no-code/no-compromise business applications & processes, and skybow’s community of customers, partners, and experts grows every day.”*

    Tools

    SkyBow Studio: The low-code platform fully integrated into Microsoft 365

    Headquarters:

    Switzerland

    Best fit

    • Application Archive & Retire
    • Migration to SharePoint

    This is an image of the SkyBow Logo

    * skybow.com | About skybow

    Notes to SharePoint Migration

    Summary of Vendor

    “CIMtrek is a global software company headquartered in the UK. Our mission is to develop user-friendly, cost-effective technology solutions and services to help companies modernize their HCL Domino/Notes® application landscape and support their legacy COBOL applications.”*

    Tools

    CIMtrek SharePoint Migrator: Reduce the time and cost of migrating your IBM® Lotus Notes® applications to Office 365, SharePoint online, and SharePoint on premises.

    Headquarters

    United Kingdom

    Best fit

    • Application replatform
    • Migration to SharePoint

    This is an image of the CIMtrek Logo

    * cimtrek.com | About CIMtrek

    Domino replatform/Rapid application selection framework

    Summary of Vendor

    “4WS.Platform is a rapid application development tool used to quickly create multi-channel applications including web and mobile applications.”*

    Tools

    4WS.Platform is available in two editions: Community and Enterprise.
    The Platform Enterprise Edition, allows access with an optional support pack.

    4WS.Platform’s technical support provides support services to the users through support contracts and agreements.

    The platform is a subscription support services for companies using the product which will allow customers to benefit from the knowledge of 4WS.Platform’s technical experts.

    Headquarters

    Italy

    Best fit

    • Application replatform

    This is an image of the 4WS PLATFORM Logo

    * 4wsplatform.org

    Activity

    Understand your Domino options

    Application Rationalization Exercise

    Info-Tech Insight

    Application rationalization is the perfect exercise to fully understand your business-developed applications, their importance to business process, and the potential underlying financial impact.

    This activity involves the following participants:

    • IT strategic direction decision-makers.
    • IT managers responsible for an existing Domino platform
    • Organizations evaluating platforms for mission-critical applications.

    Outcomes of this step:

    • Completed Application Rationalization Tool

    Application rationalization exercise

    Use this Application Rationalization Tool to input the outcomes of your various application assessments

    In the Application Entry tab:

    • Input your application inventory or subset of apps you intend to rationalize, along with some basic information for your apps.

    In the Business Value & TCO Comparison tab, determine rationalization priorities.

    • Input your business value scores and total cost of ownership (TCO) of applications.
    • Review the results of this analysis to determine which apps should require additional analysis and which dispositions should be prioritized.

    In the Disposition Selection tab:

    • Add to or adapt our list of dispositions as appropriate.

    In the Rationalization Inputs tab:

    • Add or adapt the disposition criteria of your application rationalization framework as appropriate.
    • Input the results of your various assessments for each application.

    In the Disposition Settings tab:

    • Add or adapt settings that generate recommended dispositions based on your rationalization inputs.

    In the Disposition Recommendations tab:

    • Review and compare the rationalization results and confirm if dispositions are appropriate for your strategy.

    In the Timeline Considerations tab:

    • Enter the estimated timeline for when you execute your dispositions.

    In the Portfolio Roadmap tab:

    • Review and present your roadmap and rationalization results.

    Follow the instructions to generate recommended dispositions and populate an application portfolio roadmap.

    This image depicts a scatter plot graph where the X axis is labeled Business Value, and the Y Axis is labeled Cost. On the graph, the following datapoints are displayed: SF; HRIS; ERP; ALM; B; A; C; ODP; SAS

    Info-Tech Insight

    Watch out for misleading scores that result from poorly designed criteria weightings.

    Related Info-Tech Research

    Build an Application Rationalization Framework

    Manage your application portfolio to minimize risk and maximize value.

    Embrace Business-Managed Applications

    Empower the business to implement their own applications with a trusted business-IT relationship.

    Satisfy Digital End Users With Low- and No-Code

    Extend IT, automation, and digital capabilities to the business with the right tools, good governance, and trusted organizational relationships.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    Research Authors

    Darin Stahl, Principal Research Advisor, Info-Tech Research Group

    Darin Stahl, Principal Research Advisor,
    Info-Tech Research Group

    Darin is a Principal Research Advisor within the Infrastructure practice, leveraging 38+ years of experience. His areas of focus include IT operations management, service desk, infrastructure outsourcing, managed services, cloud infrastructure, DRP/BCP, printer management, managed print services, application performance monitoring, managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC).

    Troy Cheeseman, Practice Lead, Info-Tech Research Group

    Troy Cheeseman, Practice Lead,
    Info-Tech Research Group

    Troy has over 24 years of experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) startups.

    Research Contributors

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob Salerno, Founder & CTO, Rivit Technology Partners

    Rob is the Founder and Chief Technology Strategist for Rivit Technology Partners. Rivit is a system integrator that delivers unique IT solutions. Rivit is known for its REVIVE migration strategy which helps companies leave legacy platforms (such as Domino) or move between versions of software. Rivit is the developer of the DCOM Application Archiving solution.

    Bibliography

    Cheshire, Nigel. “Domino v12 Launch Keeps HCL Product Strategy On Track.” Team Studio, 19 July 2021. Web.

    “Is LowCode/NoCode the best platform for you?” Rivit Technology Partners, 15 July 2021. Web.

    McCracken, Harry. “Lotus: Farewell to a Once-Great Tech Brand.” TIME, 20 Nov. 2012. Web.

    Sharwood, Simon. “Lotus Notes refuses to die, again, as HCL debuts Domino 12.” The Register, 8 June 2021. Web.

    Woodie, Alex. “Domino 12 Comes to IBM i.” IT Jungle, 16 Aug. 2021. Web.

    CIO Priorities 2023

    • Buy Link or Shortcode: {j2store}84|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    CIOs are facing these challenges in 2023:

    • Trying to understand the implications of external trends.
    • Determining what capabilities are most important to support the organization.
    • Understanding how to help the organization pursue new opportunities.
    • Preparing to mitigate new sources of organizational risk.

    Our Advice

    Critical Insight

    • While functional leaders may only see their next move, as head of the organization with a complete view of all the pieces, the CIO has full context awareness. It's up to them to assess their gaps, consider the present scenario, and then make their next move.
    • Each priority carries new opportunities for organizations that pursue them.
    • There are also different risks to mitigate as each priority is explored.

    Impact and Result

    • Inform your IT strategy for the year ahead.
    • Identify which capabilities you need to improve.
    • Add initiatives that support your priorities to your roadmap.

    CIO Priorities 2023 Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. CIO Priorities 2023 Report – Read about the priorities on IT leaders' agenda.

    Understand the five priorities that will help navigate the opportunities and risks of the year ahead.

    • CIO Priorities 2023 Report

    Infographic

     

    Further reading

    CIO Priorities 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    Analyst Perspective

    Take a full view of the board and use all your pieces to win.

    In our Tech Trends 2023 report, we called on CIOs to think of themselves as chess grandmasters. To view strategy as playing both sides of the board, simultaneously attacking the opponent's king while defending your own. In our CIO Priorities 2023 report, we'll continue with that metaphor as we reflect on IT's capability to respond to trends.

    If the trends report is a study of the board state that CIOs are playing with, the priorities report is about what move they should make next. We must consider all the pieces we have at our disposal and determine which ones we can afford to use to seize on opportunity. Other pieces are best used by staying put to defend their position.

    In examining the different capabilities that CIOs will require to succeed in the year ahead, it's apparent that a siloed view of IT isn't going to work. Just like a chess player in a competitive match would never limit themselves to only using their knights or their rooks, a CIO's responsibility is to deploy each of their pieces to win the day. While functional leaders may only see their next move, as head of the organization with a complete view of all the pieces, the CIO has full awareness of the board state.

    It's up to them to assess their gaps, consider the present scenario, and then make their next move.

    This is a picture of Brian Jackson

    Brian Jackson
    Principal Research Director, Research – CIO
    Info-Tech Research Group

    CIO Priorities 2023 is informed by Info-Tech's primary research data of surveys and benchmarks

    Info-Tech's Tech Trends 2023 report and State of Hybrid Work in IT: A Trend Report inform the externalities faced by organizations in the year ahead. They imply opportunities and risks that organizations face. Leadership must determine if they will respond and how to do so. CIOs then determine how to support those responses by creating or improving their IT capabilities. The priorities are the initiatives that will deliver the most value across the capabilities that are most in demand. The CIO Priorities 2023 report draws on data from several different Info-Tech surveys and diagnostic benchmarks.

    2023 Tech Trends and Priorities Survey; N=813 (partial), n=521 (completed)
    Info-Tech's Trends and Priorities 2023 Survey was conducted between August 9 and September 9, 2022. We received 813 total responses with 521 completed surveys. More than 90% of respondents work in IT departments. More than 84% of respondents are at a manager level of seniority or higher.

    2023 The State of Hybrid Work in IT Survey; N=518
    The State of Hybrid Work in IT Survey was conducted between July 11 and July 29 and received 518 responses. Nine in ten respondents were at a manager level of seniority or higher.

    Every organization will have its own custom list of priorities based on its internal context. Organizational goals, IT maturity level, and effectiveness of capabilities are some of the important factors to consider. To provide CIOs with a starting point for their list of priorities for 2023, we used aggregate data collected in our diagnostic benchmark tools between August 1, 2021, and October 31, 2022.

    Info-Tech's CEO-CIO Alignment Program is intended to be completed by CIOs and their supervisors (CEO or other executive position [CxO]) and will provide the average maturity level and budget expectations (N=107). The IT Management and Governance Diagnostic will provide the average capability effectiveness and importance ranking to CIOs (N=271). The CIO Business Vision Diagnostic will provide stakeholder satisfaction feedback (N=259).

    The 2023 CIO priorities are based on that data, internal collaboration sessions at Info-Tech, and external interviews with CIOs and subject matter experts.

    Build IT alignment

    Assess your IT processes

    Determine stakeholder satisfaction

    Most IT departments should aim to drive outcomes that deliver better efficiency and cost savings

    Slightly more than half of CIOs using Info-Tech's CEO-CIO Alignment Program rated themselves at a Support level of maturity in 2022. That aligns with IT professionals' view of their organizations from our Tech Trends and Priorities Survey, where organizations are rated at the Support level on average. At this level, IT departments can provide reliable infrastructure and support a responsive IT service desk that reasonably satisfies stakeholders.

    In the future, CIOs aspire to attain the Transform level of maturity. Nearly half of CIOs select this future state in our diagnostic, indicating a desire to deliver reliable innovation and lead the organization to become a technology-driven firm. However, we see that fewer CxOs aspire for that level of maturity from IT. CxOs are more likely than CIOs to say that IT should aim for the Optimize level of maturity. At this level, IT will help other departments become more efficient and lower costs across the organization.

    Whether a CIO is aiming for the top of the maturity scale in the future or not, IT maturity is achieved one step at a time. Aiming for outcomes at the Optimize level will be a realistic goal for most CIOs in 2023 and will satisfy many stakeholders.

    Current and future state of IT maturity

    This image depicts a table showing the Current and future states of IT maturity.

    Trends indicate a need to focus on leadership and change management

    Trends imply new opportunities and risks that an organization must decide on. Organizational leadership determines if action will be taken to respond to the new external context based on its importance compared to current internal context. To support their organizations, IT must use its capabilities to deliver on initiatives. But if a capability's effectiveness is poor, it could hamper the effort.

    To determine what capabilities IT departments may need to improve or create to support their organizations in 2023, we conducted an analysis of our trends data. Using the opportunities and risks implied by the Tech Trends 2023 report and the State of Hybrid Work in IT: A Trend Report, we've determined the top capabilities IT will need to respond. Capabilities are defined by Info-Tech's IT Management and Governance Framework.

    Tier 1: The Most Important Capabilities In 2023

    Enterprise Application Selection & Implementation

    Manage the selection and implementation of enterprise applications, off-the-shelf software, and software as a service to ensure that IT provides the business with the most appropriate applications at an acceptable cost.

    Effectiveness: 6.5; Importance: 8.8

    Leadership, Culture, and Values

    Ensure that the IT department reflects the values of your organization. Improve the leadership skills of your team to generate top performance.

    Effectiveness: 6.9; Importance: 9

    Data Architecture

    Manage the business' databases, including the technology, the governance processes, and the people that manage them. Establish the principles, policies, and guidelines relevant to the effective use of data within the organization.

    Effectiveness: 6.3; Importance: 8.8

    Organizational Change Management

    Implement or optimize the organization's capabilities for managing the impact of new business processes, new IT systems, and changes in organizational structure or culture.

    Effectiveness: 6.1; Importance: 8.8

    External Compliance

    Ensure that IT processes and IT-supported business processes are compliant with laws, regulations, and contractual requirements.

    Effectiveness: 7.4; Importance: 8.8

    Info-Tech's Management and Diagnostic Benchmark

    Tier 2: Other Important Capabilities In 2023

    Ten more capabilities surfaced as important compared to others but not as important as the capabilities in tier 1.

    Asset Management

    Track IT assets through their lifecycle to make sure that they deliver value at optimal cost, remain operational, and are accounted for and physically protected. Ensure that the assets are reliable and available as needed.

    Effectiveness: 6.4; Importance: 8.5

    Business Intelligence and Reporting

    Develop a set of capabilities, including people, processes, and technology, to enable the transformation of raw data into meaningful and useful information for the purpose of business analysis.

    Effectiveness: 6.3; Importance: 8.8

    Business Value

    Secure optimal value from IT-enabled initiatives, services, and assets by delivering cost-efficient solutions and services and by providing a reliable and accurate picture of costs and benefits.

    Effectiveness: 6.5; Importance: 8.7

    Cost and Budget Management

    Manage the IT-related financial activities and prioritize spending through the use of formal budgeting practices. Provide transparency and accountability for the cost and business value of IT solutions and services.

    Effectiveness: 6.5; Importance: 8.8

    Data Quality

    Put policies, processes, and capabilities in place to ensure that appropriate targets for data quality are set and achieved to match the needs of the business.

    Effectiveness: 6.4; Importance: 8.9

    Enterprise Architecture

    Establish a management practice to create and maintain a coherent set of principles, methods, and models that are used in the design and implementation of the enterprise's business processes, information systems, and infrastructure.

    Effectiveness: 6.8; Importance: 8.8

    IT Organizational Design

    Set up the structure of IT's people, processes, and technology as well as roles and responsibilities to ensure that it's best meeting the needs of the business.

    Effectiveness: 6.8; Importance: 8.8

    Performance Measurement

    Manage IT and process goals and metrics. Monitor and communicate that processes are performing against expectations and provide transparency for performance and conformance.

    Effectiveness: 6; Importance: 8.4

    Stakeholder Relations

    Manage the relationship between the business and IT to ensure that the stakeholders are satisfied with the services they need from IT and have visibility into IT processes.

    Effectiveness: 6.7; Importance: 9.2

    Vendor Management

    Manage IT-related services provided by all suppliers, including selecting suppliers, managing relationships and contracts, and reviewing and monitoring supplier performance.

    Effectiveness: 6.6; Importance: 8.4

    Defining the CIO Priorities for 2023

    Understand the CIO priorities by analyzing both how CIOs respond to trends in general and how a specific CIO responded in the context of their organization.

    This is an image of the four analyses: 1: Implications; 2: Opportunities and risks; 3: Case examples; 4: Priorities to action.

    The Five CIO Priorities for 2023

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    1. Adjust IT operations to manage for inflation
      • Business Value
      • Vendor Management
      • Cost and Budget Management
    2. Prepare your data pipeline to train AI
      • Business Intelligence and Reporting
      • Data Quality
      • Data Architecture
    3. Go all in on zero-trust security
      • Asset Management
      • Stakeholder Relations
      • External Compliance
    4. Engage employees in the digital age
      • Leadership, Culture, and Values
      • Organizational Change Management
      • Enterprise Architecture
    5. Shape the IT organization to improve customer experience
      • Enterprise Application Selection & Implementation
      • Performance Measurement
      • IT Organizational Design

    Adjust IT operations to manage for inflation

    Priority 01

    • APO06 Cost and Budget Management
    • APo10 Vendor Management
    • EDM02 Business Value

    Recognize the relative impact of higher inflation on IT's spending power and adjust accordingly.

    Inflation takes a bite out of the budget

    Two-thirds of IT professionals are expecting their budgets to increase in 2023, according to our survey. But not every increase is keeping up with the pace of inflation. The International Monetary Fund forecasts that global inflation rose to 8.8% in 2022. It projects it will decline to 6.5% in 2023 and 4.1% by 2024 (IMF, 2022).

    CIOs must account for the impact of inflation on their IT budgets and realize that what looks like an increase on paper is effectively a flat budget or worse. Applied to our survey takers, an IT budget increase of more than 6.5% would be required to keep pace with inflation in 2023. Only 40% of survey takers are expecting that level of increase. For the 27% expecting an increase between 1-5%, they are facing an effective decrease in budget after the impact of inflation. Those expecting no change in budget or a decrease will be even worse off.

    Looking ahead to 2023, how do you anticipate your IT spending will change compared to spending in 2022?

    Global inflation estimates by year

    2022 8.8%
    2023 6.5%
    2024 4.1%

    International Monetary Fund, 2022

    CIOs are more optimistic about budgets than their supervisors

    Data from Info-Tech's CEO-CIO Alignment Diagnostic benchmark also shows that CIOs and their supervisors are planning for increases to the budget. This diagnostic is designed for a CIO to use with their direct supervisor, whether it's the CEO or otherwise (CxO). Results show that on average, CIOs are more optimistic than their supervisors that they will receive budget increases and headcount increases in the years ahead.

    While 14% of CxOs estimated the IT budget would see no change or a decrease in the next three to five years, only 3% of CIOs said the same. A larger discrepancy is seen in headcount, where nearly one-quarter of CXOs estimated no change or decrease in the years ahead, versus only 10% of CIOs estimating the same.

    When we account for the impact of inflation in 2023, this misalignment between CIOs and their supervisors increases. When adjusting for inflation, we need to view the responses projecting an increase of between 1-5% as an effective decrease. With the inflation adjustment, 26% of CXOs are predicting IT budgets to stay flat or see a decrease compared to only 10% of CIOs.

    CIOs should consider how inflation has affected their projected spending power over the past year and take into account projected inflation rates over the next couple of years. Given that the past decade has seen inflation rates between 2-3%, the higher rates projected will have more of an impact on organizational budgets than usual.

    Expect headcount to stay flat or decline over 3-5 years

    CIO: 10%; CXO: 24%

    IT budget expectations to stay flat or decrease before inflation

    CIO: 13.6 %; CXO: 3.2%

    IT budget expectations to stay flat or decrease adjusted for inflation

    CIO: 25.8%; CXO: 9.7%

    Info-Tech's CEO-CIO Alignment Program

    Opportunities

    Appoint a "cloud economist"

    Organizations that migrated from on-premises data centers to infrastructure as a service shifted their capital expenditures on server racks to operational expenditures on paying the monthly service bill. Managing that monthly bill so that it is in line with desired performance levels now becomes crucial. The expected benefit of the cloud is that an organization can turn the dial up to meet higher demand and turn it down when demand slows. In practice this is sometimes more difficult to execute than anticipated. Some IT departments realize their cloud-based data flows aren't always connected to the revenue-generating activity seen in the business. As a result, a "cloud economist" is needed to closely monitor cloud usage and adjust it to financial expectations. Especially during any recessionary period, IT departments will want to avoid a "bill shock" incident.

    Partner with technology providers

    Keep your friends close and your vendors closer. Look for opportunities to create leverage with your strategic vendors to unlock new opportunities. Identify if a vendor you work with is not entrenched in your industry and offer them the credibility of working with you in exchange for a favorable contract. Offering up your logo for a website listing clients or giving your own time to speak in a customer session at a conference can go a long way to building up some goodwill with your vendors. That's goodwill you'll need when you ask for a new multi-year contract on your software license without annual increases built into the structure.

    Demonstrate IT projects improve efficiency

    An IT department that operates at the Optimize level of Info-Tech's maturity scale can deliver outcomes that lower costs for other departments. IT can defend its own budget if it's able to demonstrate that its initiatives will automate or augment business activities in a way that improves margins. The argument becomes even more compelling if IT can demonstrate it is supporting a revenue-generating initiative or customer-facing experience. CIOs will need to find business champions to vouch for the important contributions IT is making to their area.

    Risks

    Imposition of non-financial reporting requirements

    In some jurisdictions, the largest companies will be required to start collecting information on carbon emissions emitted as a result of business activities by the end of next year. Smaller sized organizations will be next on the list to determine how to meet new requirements issued by various regulators. Risks of failure include facing fines or being shunned by investors. CIOs will need to support their financial reporting teams in collecting the new required data accurately. This will incur new costs as well.

    Rising asset costs

    Acquiring IT equipment is becoming more expensive due to overall inflation and specific pressures around semiconductor supply chains. As a result, more CIOs are extending their device refresh policies to last another year or two. Still, demands for new devices to support new hybrid work models could put pressure on budgets as IT teams are asked to modernize conferencing rooms. For organizations adopting mixed reality headsets, cutting-edge capabilities will come at a premium. Operating costs of devices may also increase as inflation increases costs of the electricity and bandwidth they depend on.

    CASE STUDY
    Leverage your influence in vendor negotiations

    Denise Cornish, Associate VP of IT and Deputy COO,
    Western University of Health Sciences

    Since taking on the lead IT role at Western University in 2020, Denise Cornish has approached vendor management like an auditable activity. She evaluates the value she gets from each vendor relationship and creates a list of critical vendors that she relies upon to deliver core business services. "The trick is to send a message to the vendor that they also need us as a customer that's willing to act as a reference," she says. Cornish has managed to renegotiate a contract with her ERP vendor, locking in a multi-year contract with a very small escalator in exchange for presenting as a customer at conferences. She's also working with them on developing a new integration to another piece of software popular in the education space.

    Western University even negotiated a partnership approach with Apple for a program run with its College of Osteopathic Medicine of the Pacific (COMP) called the Digital Doctor Bag. The partnership saw Apple agree to pre-package a customer application developed by Western that delivered the curriculum to students and facilitated communications across students and faculty. Apple recognized Western as an Apple Distinguished School, a program that recognizes innovative schools that use Apple products.

    "I like when negotiations are difficult.
    I don't necessarily expect a zero-sum game. We each need to get something out of this and having the conversation and really digging into what's in it for you and what's in it for me, I enjoy that. So usually when I negotiate a vendor contract, it's rare that it doesn't work out."

    CASE STUDY
    Control cloud costs with a simplified approach

    Jim Love, CIO, IT World Canada

    As an online publisher and a digital marketing platform for technology products and services companies, IT World Canada (ITWC) has observed that there are differences in how small and large companies adopt the cloud as their computing infrastructure. For smaller companies, even though adoption is accelerating, there may still be some reluctance to fully embrace cloud platforms and services. While larger companies often have a multi-cloud approach, this might not be practical for smaller IT shops that may struggle to master the skills necessary to effectively manage one cloud platform. While Love acknowledges that the cloud is the future of corporate computing, he also notes that not all applications or workloads may be well suited to run in the cloud. As well, moving data into the cloud is cheap but moving it back out can be more expensive. That is why it is critical to understand your applications and the data you're working with to control costs and have a successful cloud implementation.

    "Standardization is the friend of IT. So, if you can standardize on one platform, you're going to do better in terms of costs."

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Cost and Budget Management

    Take control of your cloud costs by providing central financial oversight on the infrastructure-as-a-service provider your organization uses. Create visibility into your operational costs and define policies to control them. Right-size the use of cloud services to stay within organizational budget expectations.

    Take Control of Cloud Costs on AWS

    Take Control of Cloud Costs on Microsoft Azure

    Improve Business Value

    Reduce the funds allocated to ongoing support and impose tougher discipline around change requests to lighten your maintenance burden and make room for investment in net-new initiatives to support the business.

    Free up funds for new initiatives

    Improve Vendor Management

    Lay the foundation for a vendor management process with long-term benefits. Position yourself as a valuable client with your strategic vendors and leverage your position to improve your contract terms.

    Elevate Your Vendor Management Initiative

    Prepare your data pipeline to train AI

    Priority 02

    • ITRG06 BUSINESS INTELLIGENCE AND REPORTING
    • ITRG07 DATA ARCHITECTURE
    • ITRG08 DATA QUALITY

    Keep pace as the market adopts AI capabilities, and be ready to create competitive advantage.

    Today's innovation is tomorrow's expectation

    During 2022, some compelling examples of generative-AI-based products took the world by storm. Images from AI-generating bots Midjourney and Stable Diffusion went viral, flooding social media and artistic communities with images generated from text prompts. Exchanges with OpenAI's ChatGPT bot also caught attention, as the bot was able to do everything from write poetry, to provide directions on a cooking recipe and then create a shopping list for it, to generate working code in a variety of languages. The foundation models are trained with AI techniques that include generative adversarial networks, transformers, and variational autoencoders. The end result is an algorithm that can produce content that's meaningful to people based on some simple direction. The industry is only beginning to come to grips with how this sort of capability will disrupt the enterprise.

    Slightly more than one-third of IT professionals say their organization has already invested in AI or machine learning. It's the sixth-most popular technology to have already invested in after cloud computing (82%), application programming interfaces (64%), workforce management solutions (44%), data lakes (36%), and next-gen cybersecurity (36%). It's ahead of 12 other technologies that IT is already invested in.

    When we asked what technologies organizations planned to invest in for next year, AI rocketed up the list to second place, as it's selected by 44% of IT professionals. It falls behind only cloud computing. This jump up the list makes AI the fastest growing technology for new investment from organizations.

    Many AI capabilities seem cutting edge now, but organizations are prioritizing it as a technology investment. In a couple of years, access to foundational models that produce images, text, or code will become easy to access with a commercial license and an API integration. AI will become embedded in off-the-shelf software and drive many new features that will quickly become commonplace.

    To stay even with the competition and meet customer expectations, organizations will have to work to at least adopt these AI-enhanced products and services. For those that want to create a competitive advantage, they will have to build a data pipeline that is capable of training their own custom AI models based on their unique data sets.

    Which of the following technology categories has your organization already invested in?

    A bar graph is depicted the percentage of organizations which already had invested in the following Categories: Cloud Computing; Application Programming; Next-Gen Cybersecurity; Workforce Management Solutions; Data Lake/Lakehouse; Artificial Intelligence or Machine Learning.

    Which of those same technologies does your organization plan to invest in by the end of 2023?

    A bar graph is depicted the percentage of organizations which plan to invest in the following categories by the end of 2023: No-Code / Low-Code Platforms; Next-Gen Cybersecurity; Application Programming Interfaces (APIs); Data Lake / Lakehouse; Artificial Intelligence (AI) or Machine Learning; Cloud Computing

    Tech Trends 2023 Survey

    Data quality and governance will be critical to customize generative AI

    Data collection and analysis are on the minds of both CIOs and their supervisors. When asked what technologies the business should adopt in the next three to five years, big data (analytics) ranked as most critical to adopt among CIOs and their supervisors. Big data (collection) ranked fourth out of 11 options.

    Organizations that want to drive a competitive advantage from generative AI will need to train these large, versatile models on their own data sets. But at the same time, IT organizations are struggling to provide clean data. The second-most critical gap for IT organizations on average is data quality, behind only organizational change management. Organizations know that data quality is important to support analytics goals, as algorithms can suffer in their integrity if they don't have reliable data to work with. As they say, garbage in, garbage out.

    Another challenge to overcome is the gap seen in IT governance, the sixth largest gap on average. Using data toward training custom generative models will hold new compliance and ethical implications for IT departments to contend with. How user data can be leveraged is already the subject of privacy legislation in many different jurisdictions, and new AI legislation is being developed in various places around the world that could create further demands. In some cases, users are reacting negatively to AI-generated content.

    Biggest capability gaps between rated importance and effectiveness

    This is a Bar graph showing the capability gaps between rated importance and effectiveness.

    IT Management and Governance Diagnostic

    Most critical technologies to adopt rated by CIOs and their supervisors

    This is a Bar graph showing the most critical technologies to adopt as rated by CIO's and their supervisors

    CEO-CIO Alignment Program

    Opportunities

    Enterprise content discovery

    Many organizations still cobble together knowledgebases in SharePoint or some other shared corporate drive, full of resources that no one quite knows how to find. A generative AI chatbot holds potential to be trained on an organization's content and produce content based on an employee's queries. Trained properly, it could point employees to the right resource they need to answer their question or just provide the answer directly.

    Supply chain forecasts

    After Hurricane Ian shut down a Walmart distribution hub, the retailer used AI to simulate the effects on its supply chain. It rerouted deliveries from other hubs based on the predictions and planned for how to respond to demand for goods and services after the storm. Such forecasts would typically take a team of analysts days to compose, but thanks to AI, Walmart had it done in a matter of hours (The Economist, 2022).

    Reduce the costs of AI projects

    New generative AI models of sufficient scale offer advantages over previous AI models in their versatility. Just as ChatGPT can write poetry or dialogue for a play or perhaps a section of a research report (not this one, this human author promises), large models can be deployed for multiple use cases in the enterprise. One AI researcher says this could reduce the costs of an AI project by 20-30% (The Economist, 2022).

    Risks

    Impending AI regulation

    Multiple jurisdictions around the world are pursuing new legislation that imposes requirements on organizations that use AI, including the US, Europe, and Canada. Some uses of AI will be banned outright, such as the real-time use of facial recognition in public spaces, while in other situations people can opt out of using AI and work with a human instead. Regulations will take the risk of the possible outcomes created by AI into consideration, and organizations will often be required to disclose when and how AI is used to reach decisions (Science | Business, 2022). Questions around whether creators can prevent their content from being used for training AI are being raised, with some efforts already underway to collect a list of those who want to opt out. Organizations that adopt a generative AI model today may find it needs to be amended for copyright reasons in the future.

    Bias in the algorithms

    Organizations using a large AI model trained by a third party to complete their tasks or as a foundation to further customize it with their own data will have to contend with the inherent bias of the algorithm. This can lead to unintended negative experiences for users, as it did for MIT Technology Review journalist Melissa Heikkilä when she uploaded her images to AI avatar app Lensa, only to have it render a collection of sexualized portraits. Heikkilä contends that her Asian heritage overly influenced the algorithm to associate her with video-game characters, anime, and adult content (MIT Technology Review, 2022).

    Convincing nonsense

    Many of the generative AI bots released so far often create very good responses to user queries but sometimes create nonsense that at first glance might seem to be accurate. One example is Meta's Galactica bot – intended to streamline scientific research discovery and aid in text generation – which was taken down only three days after being made available. Scientists found that it generated fake research that sounded convincing or failed to do math correctly (Spiceworks, 2022).

    CASE STUDY
    How MLSE enhances the Toronto Raptors' competitiveness with data-driven practices

    Christian Magsisi, Vice President of Venue and Digital Technology, MLSE

    At the Toronto Raptors practice facility, the OVO Athletic Centre, a new 120-foot custom LG video screen towers over the court. The video board is used to playback game clips so coaches can use them to teach players, but it also displays analytics from algorithmic models that are custom-made for each player. Data on shot-making or defensive deflections are just a couple examples of what might inform the players.

    Vice President of Digital Technology Christian Magsisi leads a functional Digital Labs technical group at MLSE. The in-house team builds the specific data models that support the Raptors in their ongoing efforts to improve. The analytics are fed by Noah Analytics, which uses cognitive vision to provide real-time feedback on shot accuracy. SportsVU is a motion capture system that represents how players are positioned on the court, with detail down to which way they are facing and whether their arms are up or down. The third-party vendors provide the solutions to generate the analytics, but it's up to MLSE's internal team to shape them to be actionable for players during a practice.

    "All the way from making sure that a specific player is achieving the results that they're looking for and showing that through data, or finding opportunities for the coaching staff. This is the manifestation of it in real life. Our ultimate goal with the coaches was to be able to take what was on emails or in a report and sometimes even in text message and actually implement it into practice."

    Read the full story on Spiceworks Insights.

    How MLSE enhances the Toronto Raptors' competitiveness with data-driven practices (cont.)

    Humza Teherany, Chief Technology Officer, MLSE

    MLSE's Digital Labs team architects its data insights pipeline on top of cloud services. Amazon Web Services Rekognition provides cognitive vision analysis from video and Amazon Kinesis provides the video processing capabilities. Beyond the court, MLSE uses data to enhance the fan experience, explains CTO Humza Teherany. It begins with having meaningful business goals about where technology can provide the most value. He starts by engaging the leadership of the organization and considering the "art of the possible" when it comes to using technology to unlock their goals.

    Humza Teherany (left) and Christian Magsisi lead MLSE's digital efforts for the pro sports teams owned by the group, including the Toronto Raptors, Toronto Maple Leafs, and Toronto Argonauts. (Photo by Brian Jackson).

    Read the full story on Spiceworks Insights.

    "Our first goal in the entire buildup of the Digital Labs organization has been to support MLSE and all of our teams. We like to do things first. We leverage our own technology to make things better for our fans and for our teams to complete and find incremental advantages where possible."
    Humza Teherany,
    Chief Technology Officer, MLSE

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Data Quality

    The performance of AI-assisted tools depends on mature IT operations processes and reliable data sets. Standardize service management processes and build a knowledgebase of structured content to prepare for AI-assisted IT operations.

    Prepare for Cognitive Service Management

    Improve Business Intelligence and Reporting

    Explore the enterprise chatbots that are available to not only assist with customer interactions but also help your employees find the resources they need to do their jobs and retrieve data in real time.

    Explore the best chatbots software

    Improve Data Architecture

    Understand if you are ready to embark on the AI journey and what business use cases are appropriate for AI. Plan around the organization's maturity in people, tools, and operations for delivering the correct data, model development, and model deployment and managing the models in the operational areas.

    Create an Architecture for AI

    Go all in on zero-trust security

    Priority 03

    • BAI09 ASSET MANAGEMENT
    • APO08 STAKEHOLDER RELATIONS
    • MEA03 EXTERNAL COMPLIANCE

    Adopt zero-trust architecture as the new security paradigm across your IT stack and from an organizational risk management perspective.

    Putting faith in zero trust

    The push toward a zero-trust security framework is becoming necessary for organizations for several different reasons over the past couple of years. As the pandemic forced workers away from offices and into their homes, perimeter-based approaches to security were challenged by much wider network footprints and the need to identify users external to the firewall. Supply-chain security became more of a concern with notable attacks affecting many thousands of firms, some with severe consequences. Finally, the regulatory pressure to implement zero trust is rising following President Joe Biden's 2021 Executive Order on Improving the Nation's Cybersecurity. It directs federal agencies to implement zero trust. That will impact any company doing business with the federal government, and it's likely that zero trust will propagate through other government agencies in the years ahead. Zero-trust architecture can also help maintain compliance around privacy-focused regulations concerned about personal data (CSO Online, 2022).

    IT professionals are modestly confident that they can meet new government legislation regarding cybersecurity requirements. When asked to rank their confidence on a scale of one to five, the most common answer was 3 out of 5 (38.5%). The next most common answer was 4 out of 5 (33.3%).

    Zero-trust barriers:
    Talent shortage and lack of leadership involvement

    Out of a list of challenges, IT professionals are most concerned with talent shortages leading to capacity constraints in cybersecurity. Fifty-four per cent say they are concerned or very concerned with this issue. Implementing a new zero-trust framework for security will be difficult if capacity only allows for security teams to respond to incidents.

    The next most pressing concern is that cyber risks are not on the radar of executive leaders or the board of directors, with 46% of IT pros saying they are concerned or very concerned. Since zero-trust requires that organizations take an enterprise risk management approach to cybersecurity and involve top decision makers, this reveals another area where organizations may fall short of achieving a zero-trust environment.

    How confident are you that your organization is prepared to meet current and future government legislation regarding cybersecurity requirements? A circle graph is shown with 68.6% colored dark green, and the words: AVG 3.43 written inside the graph.
    a bar graph showing the confidence % for numbers 1-5
    54%

    of IT professionals are concerned with talent shortages leading to capacity constraints in cybersecurity.

    46%

    of IT professionals are concerned that cyber risks are not on the radar of executive leaders or the board of directors.

    Zero trust mitigates risk while removing friction

    A zero-trust approach to security requires organizations to view cybersecurity risk as part of its overall risk framework. Both CIOs and their supervisors agree that IT-related risks are a pain point. When asked to rate the severity of pain points, 58% of CIOs rated IT-related business risk incidents as a minor pain or major pain. Their supervisors were more concerned, with 61% rating it similarly. Enterprises can mitigate this pain point by involving top levels of leadership in cybersecurity planning.

    Organizations can be wary about implementing new security measures out of concern it will put barriers between employees and what they need to work. Through a zero-trust approach that focuses on identity verification, friction can be avoided. Overall, IT organizations did well to provide security without friction for stakeholders over the past 18 months. Results from Info-Tech's CIO Business Vision Diagnostic shows that stakeholders almost all agree friction due to security practices are acceptable. The one area that stands to be improved is remote/mobile device access, where 78.3% of stakeholders view the friction as acceptable.

    A zero-trust approach treats user identity the same regardless of device and whether it is inside or outside of the corporate network. This can remove friction when workers are looking to connect remotely from a mobile device.

    IT-related business risk incidents viewed as a pain point

    CXO 61%
    CIO 58%

    Business stakeholders rate security friction levels as acceptable

    A bar graph is depicted with the following dataset: Regulatory Compliance: 93.80%; Office/Desktop Computing:	86.50%;Data Access/Integrity: 86.10%; Remote/Mobile Device Access:	78.30%;

    CIO Business Vision Diagnostic, N=259

    Opportunities

    Move to identity-driven access control

    Today's approach to access control on the network is to allow every device to exchange data with every other device. User endpoints and servers talk to each other directly without any central governance. In a zero-trust environment, a centralized zero-trust network access broker provides one-to-one connectivity. This allows servers to rest offline until needed by a user with the right access permissions. Users verify their identity more often as they move throughout the network. The user can access the resources and data they need with minimal friction while protecting servers from unauthorized access. Log files are generated for analysis to raise alerts about when an authorized identity has been compromised.

    Protect data with just-in-time authentication

    Many organizations put process in place to make sure data at rest is encrypted, but often when users copy that data to their own devices, it becomes unencrypted, allowing attackers opportunities to exfiltrate sensitive data from user endpoints. Moving to a zero-trust environment where each data access is brokered by a central broker allows for encryption to be preserved. Parties accessing a document must exchange keys to gain access, locking out unauthorized users that don't have both sets of keys to decrypt the data (MIT Lincoln Laboratory, 2022).

    Harness free and open-source tools to deploy zero trust

    IT teams may not be seeing a budget infusion to invest in a new approach to security. By making use of the many free and open-source tools available, they can bootstrap their strategy into reality. Here's a list to get started:

    PingCastle Wrangle your Active Directory and find all the domains that you've long since forgotten about and manage the situation appropriately. Also builds a spoke-and-hub map of your Active Directory.

    OpenZiti Create an overlay network to enable programmable networking that supports zero trust.

    Snyk Developers can automatically find and fix vulnerabilities before they commit their code. This vendor offers a free tier but users that scale up will need to pay.

    sigstore Open-source users and maintainers can use this solution to verify the code they are running is the code the developer intended. Works by stitching together free services to facilitate software signing, verify against a transparent ledger, and provide auditable logs.

    Microsoft's SBOM generation tool A software bill of materials is a requirement in President Biden's Executive Order, intended to provide organizations with more transparency into their software components by providing a comprehensive list. Microsoft's tool will work with Windows, Linux, and Mac and auto-detect a longlist of software components, and it generates a list organized into four sections that will help organizations comprehend their software footprint.

    Risks

    Organizational culture change to accommodate zero trust

    Zero trust requires that top decision makers get involved in cybersecurity by treating it as an equal consideration of overall enterprise risk. Not all boards will have the cybersecurity expertise required, and some executives may not prioritize cybersecurity despite the warnings. Organizations that don't appoint a chief information security officer (CISO) role to drive the cybersecurity agenda from the top will be at risk of cybersecurity remaining an afterthought.

    Talent shortage

    No matter what industry you're in or what type of organization you run, you need cybersecurity. The demand for talent is very high and organizations are finding it difficult to hire in this area. Without the talent needed to mature cybersecurity approaches to a zero-trust model, the focus will remain on foundational principles of patch management to eliminate vulnerabilities and intrusion prevention. Smaller organizations may want to consider a "virtual CISO" that helps shape the organizational strategy on a part-time basis.

    Social engineering

    Many enterprise security postures remain vulnerable to an attack that commandeers an employee's identity to infiltrate the network. Hosted single sign-on models provide low friction and continuity of identity across applications but also offer a single point of failure that hackers can exploit. Phishing scams that are designed to trick an employee into providing their credentials to a fake website or to just click on a link that delivers a malware payload are the most common inroads that criminals take into the corporate network. Being aware of how user behavior influences security is crucial.

    CASE STUDY
    Engage the entire organization with cybersecurity awareness

    Serge Suponitskiy, CIO, Brosnan Risk Consultants

    Brosnan provides private security services to high-profile clients and is staffed by security experts with professional backgrounds in intelligence services and major law enforcement agencies. Safe to say that security is taken seriously in this culture and CIO Serge Suponitskiy makes sure that extends to all back-office staff that support the firm's activities. He's aware that people are often the weakest link in a cybersecurity posture and are prone to being fooled by a phishing email or even a fraudulent phone call. So cybersecurity training is an ongoing activity that takes many forms. He sends out a weekly cybersecurity bulletin that features a threat report and a story about the "scam of the week." He also uses KnowBe4, a tool that simulates phishing attacks and trains employees in security awareness. Suponitskiy advises reaching out to Marketing or HR for help with engaging employees and finding the right learning opportunities.

    "What is financially the best solution to protect yourself? It's to train your employees. … You can buy all of the tools and it's expensive. Some of the prices are going up for no reason. Some by 20%, some by 50%, it's ridiculous. So, the best way is to keep training, to keep educating, and to reimagine the training. It's not just sending this video that no one clicks on or posting a poster no one looks at. … Given the fact we're moving into this recession world, and everyone is questioning why we need to spend more, it's time to reimagine the training approach."

    CASE STUDY
    Focus on micro-segmentation as the foundation of zero trust

    David Senf, National Cybersecurity Strategist, Bell

    As a cybersecurity analyst and advisor that works with Bell's clients, David Senf sees zero-trust security as an opportunity for organizations to put a strong set of mitigating controls in place to defend against the thorny challenge of reducing vulnerabilities in their software supply chain. With major breaches being linked to widely used software in the past couple of years, security teams might find it effective to focus on a different layer of security to prevent certain breaches. With security policy being enforced at a narrow point/perimeter, attacks are in essence blocked from exploiting application vulnerabilities (e.g. you can't exploit what you can see). Organizations must still ensure there is a solid vulnerability management program in place, but surrounding applications with other controls is critical. One aspect of zero trust, micro-segmentation, which is an approach to network management, can limit the damage caused by a breach. The solutions help to map out and protect the different connections between applications that could otherwise be abused for discovery or lateral movement. Senf advises that knowing your inventory of software and the interdependencies between applications is the first step on a zero-trust journey, before putting protection and detection in place.

    "Next year will be a year of a lot more ZTNA, zero-trust network access, being deployed. So, I think that will give organizations more of an understanding of what zero trust is as well, from a really basic perspective. If I can just limit what applications you can see and no one can even see that application, it's undiscoverable because I've got that ZTNA solution in place. … I would see that as a leading area of deployment and coming to understand what zero trust is in 2023."

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Asset Management

    Enable reduced friction in the remote user experience by underpinning it with a hardware asset management program. Creating an inventory of devices and effectively tracking them will aid in maintaining compliance, result in stronger policy enforcement, and reduce the harm of a lost or stolen device.

    Implement Hardware Asset Management

    Improve Stakeholder Relations

    Communicate the transition from a perimeter-based security approach to an "Always Verify" approach with a clear roadmap toward implementation. Map key protect surfaces to business goals to demonstrate the importance of zero-trust security in helping the organization succeed. Help the organization's top leadership build awareness of cybersecurity risk.

    Build a Zero Trust Roadmap

    Improve External Compliance

    Manage the challenge of meeting new government requirements to implement zero-trust security and other data protection and cybersecurity regulations with a compliance program. Create a control environment that aligns multiple compliance regimes, and be prepared for IT audits.

    Build a Security Compliance Program

    Engage employees in the digital age

    Priority 04

    • ITRG02 LEADERSHIP, CULTURE, AND VALUES
    • BAI05 ORGANIZATIONAL CHANGE MANAGEMENT
    • APO03 ENTERPRISE ARCHITECTURE

    Lead a strong culture through digital means to succeed in engaging the hybrid workforce.

    The new deal for employers in a hybrid work world

    Necessity is the mother of innovation.

    The pandemic's disruption for non-essential workers looks to have a long-lasting, if not permanent, effect on the relationship between employer and employee. The new bargain for almost all organizations is a hybrid work reality, with employees splitting time between the office and working remotely, if not working remotely full-time. IT is in a unique position in the organization as it must not only contend with the shift to this new deal with its own employees but facilitate it for the entire organization.

    With 90% of organizations embracing some form of hybrid work, IT leaders have an opportunity to shift from coping with the new work reality to finding opportunities to improve productivity. Organizations that embrace a hybrid model for their IT departments see a more effective IT department. Organizations that offered no remote work for IT rated their IT effectiveness on average 6.2 out of 10, while organizations with at least 10% of IT roles in a hybrid model saw significantly higher effectiveness. At minimum, organizations with between 50%-70% of IT roles in a hybrid model rated their effectiveness at 6.9 out of 10.

    IT achieved this increase in effectiveness during a disruptive time that often saw IT take on a heavier burden. Remote work required IT to support more users and be involved in facilitating more work processes. Thriving through this challenging time is a win that's worth sharing with the rest of the organization.

    90% of organizations are embracing some form of hybrid work.

    IT's effectiveness compared to % working hybrid or remotely

    A bar graph is shown which compares the effectiveness of IT work with hybrid and full remote work, compared to No Remote Work for IT.

    High effectiveness doesn't mean high engagement

    Despite IT's success with hybrid work, CIOs are more concerned about their staff sufficiency, skill, and engagement than their supervisors. Among clients using our CEO-CIO Alignment Diagnostic, 49% of CIOs considered this issue a major pain point compared to only 32% of CXOs. While IT staff are more effective than ever, even while carrying more of a burden in the digital age, CIOs are still looking to improve staff engagement.

    Info-Tech's State of Hybrid Work Survey illuminates further details about where IT leaders are concerned for their employee engagement. About four in ten IT leaders say they are concerned for employee wellbeing, and almost the same amount say they are concerned they are not able to see signs that employees are demotivated (N=518).

    Boosting IT employees' engagement levels to match their effectiveness will require IT leaders to harness all the tools at their disposal. Communicating culture and effectively managing organizational change in the digital age is a real test of leadership.

    Staff sufficiency, skill, and engagement issues as a major pain point

    CXO 32%
    CIO 49%

    CEO-CIO Alignment Diagnostic

    Opportunities

    Drive effectiveness with a hybrid environment

    IT leaders concerned about the erosion of culture and connectedness due to hybrid work can mitigate those effects with increased and improved communication. Among highly effective IT departments, 55% of IT leaders made themselves highly available through instant messaging chat. Another 54% of highly effective leaders increased team meetings (State of Hybrid Work Survey, n=213). The ability to adapt to the team's needs and use a number of tactics to respond is the most important factor. The greater the number of tactics used to overcome communication barriers, the more effective the IT department (State of Hybrid Work Survey, N=518).

    Modernize the office conference room

    A hybrid work approach emphasizes the importance of not only the technology in the office conference room but the process around how meetings are conducted. Creating an equal footing for all participants regardless of how they join is the goal. In pursuit of that, 63% of organizations say they have made changes or upgrades to their conference room technology (n=496). The conferencing experience can influence employee engagement and work culture and enhance collaboration. IT should determine if the business case exists for upgrades and work to decrease the pain of using legacy solutions where possible (State of Hybrid Work in IT: A Trend Report).

    Understand the organizational value chain

    Map out the value chain from the customer perspective and then determine the organizational capabilities involved in delivering on that experience. It is a useful tool for helping IT staff understand how they're connected to the customer experience and organizational mission. It's crucial to identify opportunities to resolve pain points and create more efficiency throughout the organization.

    Risks

    Talent rejects the working model

    Many employees that experienced hybrid work over the past couple of years are finding it's a positive development for work/life balance and aren't interested in a full-time return to the office. Organizations that insist on returning all employees to the office all the time may find that employees choose to leave the organization. Similarly, it could be hard to hire IT talent in a competitive market if the position is required to be onsite every day. Most organizations are providing flexible options to employees and finding ways to manage work in the new digital age.

    Wasted expense on facilities

    Organizations may choose to keep their physical office only to later realize that no one is going to work there. While providing an office space can help foster positive culture through valuable face time, it has to be used intentionally. Managers should plan for specific days that their teams will meet in the office and make sure that work activities take advantage of everyone being in the same place at the same time. Asking everyone to come in so that they can be on a videoconference meeting in their cubicle isn't the point.

    Isolated employees and teams

    Studies on a remote work environment show it has an impact on how many connections each employee maintains within the company. Employees still interact well within their own teams but have fewer interactions across departments. Overall, workers are likely to collaborate just as often as they did when working in the office but with fewer other individuals at the company. Keep the isolating effect of remote work in mind and foster collaboration and networking opportunities across different departments (BBC News, 2022).

    CASE STUDY
    Equal support of in-office and remote work

    Roberto Eberhardt, CIO, Ontario Legislative Assembly

    Working in the legislature of the Ontario provincial government, CIO Roberto Eberhardt's staff went from a fully onsite model to a fully remote model at the outset of the pandemic. Today he's navigating his path to a hybrid model that's somewhere in the middle. His approach is to allow his business colleagues to determine the work model that's needed but to support a technology environment that allows employees to work from home or in the office equally. Every new process that's introduced must meet that paradigm, ensuring it will work in a hybrid environment. For his IT staff, he sees a culture of accountability and commitment to metrics to drive performance measurement as key to the success of this new reality.

    "While it's good in a way, the challenge for us is it became a little more complex because you have to account for all those things in the office environment and in the remote work approach. Everything you do now, you have to say OK well how is this going to work in this world and how will it work in the other world?"

    Creating purpose for IT through strategy

    Mike Russell, Virginia Community College System

    At the Virginia Community College System (VCCS), CIO Mike Russell's IT team supports an organization that governs and delivers services to all community colleges in the state. Russell sees his IT team's purpose as being driven by the organization's mission to ensure success throughout the entire student journey, from enrolment to becoming employed after graduation. That customer-focused mindset starts from the top-level leadership, the chancellor, and the state governor. The VCCS maintains a six-year business plan that informs IT's strategic plan and aligns IT with the mission, and both plans are living documents that get refreshed every two years. Updating the plans provides opportunities for the chancellor to engage the organization and remind everyone of the purpose of their work.

    "The outcome isn't the degree. The outcome we're trying to measure is the job. Did you get the job that you wanted? Whether it's being re-employed or first-time employment, did you get what you were after?"

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Leadership, Culture, and Values

    Help leaders manage their teams effectively in a hybrid environment by providing them with the right tools and tactics to manage the challenges of hybrid work. Focus on promoting teamwork and fostering connection.

    Prepare People Leaders for the Hybrid Work Environment

    Improve Organizational Change Management

    Assign accountability for managing the changes that the organization is experiencing in the digital age. Make a people-centric approach that takes human behavior into account and plans to address different needs in different ways. Be proactive about change.

    Master Organizational Change Management Practices

    Improve Enterprise Architecture

    Develop a foundation for aligning IT's activities with business value by creating a right-sized enterprise architecture approach that isn't heavy on bureaucracy. Drive IT's purpose by illustrating how their work contributes to the overall mission and the customer experience.

    Create a Right-Sized Enterprise Architecture Governance Framework

    Shape the IT organization to improve customer experience

    PRIORITY 05

    • BAI03 ENTERPRISE APPLICATION SELECTION & IMPLEMENTATION
    • MEA01 PERFORMANCE MEASUREMENT
    • ITRG01 IT ORGANIZATIONAL DESIGN

    Tightly align the IT organization with the organization's value chain from a customer perspective.

    IT's value is defined by faster, better, bigger

    The pandemic motivated organizations to accelerate their digital transformation efforts, digitalizing more of their tasks and organizing the company's value chain around satisfying the customer experience. Now we see organizations taking their foot off the gas pedal of digitalization and shifting their focus to extracting the value from their investments. They want to execute on the digital transformation in their operations and realize the vision they set out to achieve.

    In our Trends Report we compared the emphasis organizations are putting on digitalization to last year. Overall, we see that most organizations shifted fewer of their processes to digital in the past year.

    We also asked organizations what motivated their push toward automation. The most common drivers are to improve efficiency, with almost seven out of ten organizations looking to increase staff on high-level tasks by automating repetitive tasks, 67% also wanting to increase productivity without increasing headcount, and 59% wanting to reduce errors being made by people. In addition, more than half of organizations pursued automation to improve customer satisfaction.

    What best describes your main motivation to pursue automation, above other considerations?

    A bar graph is depicted showing the following dataset: Increase staff focus on high-level tasks by automating repetitive tasks:	69%; Increase productivity of existing staff to avoid increasing headcount:	67%; Reduce errors made by people:	59%; Improve customer satisfaction:	52%; Achieve cost savings through reduction in headcount:	35%; Increase revenue by enabling higher volume of work:	30%

    Tech Trends 2023 Survey

    To what extent did your organization shift its processes from being manually completed to digitally completed during past year?

    A bar graph is depicted showing the extent to which organizations shifted processes from manual to digital during the past year for 2022 and 2023, from Tech Trends 2023 Survey

    With the shift in focus from implementing new applications to support digital transformation to operating in the new environment, IT must shift its own focus to help realize the value from these systems. At the same time, IT must reorganize itself around the new value chain that's defined by a customer perspective.

    IT struggles to deliver business value or support innovation

    Many current IT departments are structured around legacy processes that hinder their ability to deliver business value. CIOs are trying to grapple with the misalignment between the modern business structure and keep up with the demands for innovation and agility.

    Almost nine in ten CIOs say that business frustration with IT's failure to deliver value is a pain point. Their supervisors have a slightly more favorable opinion, with 76% agreeing that it is a pain point.

    Similarly, nine in ten CIOs say that IT limits affecting business innovation and agility is a pain point, while 81% of their supervisors say the same.

    Supervisors say that IT should "ensure benefits delivery" as the most important process (CEO-CIO Alignment Program). This underlines the need to achieve alignment, optimize service delivery, and facilitate innovation. The pain points identified here will need to be resolved to make this possible.

    IT departments will need to contend with a tight labor market and economic volatility in the year ahead. If this drives down resource capacity, it will be even more critical to tightly align with the organization.

    Views business frustration with IT failure to deliver value as a pain point

    CXO 76%
    CIO 88%

    Views IT limits affecting business innovation and agility as a pain point

    CXO 81%
    CIO

    90%

    CEO-CIO Alignment Program

    Opportunities

    Define IT's value by its contributions to enterprise value

    Communicate the performance of IT to stakeholders by attributing positive changes in enterprise value to IT initiatives. For example, if a digital channel helped increase sales in one area, then IT can claim some portion of that revenue. If optimization of another process resulted in cost savings, then IT can claim that as a contribution toward the bottom line. CIOs should develop their handle on how KPIs influence revenues and costs. Keeping tabs on normalized year-over-year revenue comparisons can help demonstrate that IT contributions are making an impact on driving profitability.

    Go with buy versus build if it's a commodity service

    Most back-office functions common to operating a company can be provided by cloud-based applications accessed through a web browser. There's no value in having IT spend time maintaining on-premises applications that require hosting and ongoing maintenance. Organizations that are still accruing technical debt and are unable to modernize will increasingly find it is negatively impacting employee experience, as users expect their working experience to be similar to their experience with consumer applications. In addition, IT will continue to have capacity challenges as resources will be consumed by maintenance. As they seek to outsource some applications, IT will need to consider the geopolitical risk of certain jurisdictions in selecting a provider.

    Redefine how employee performance is tracked

    The concept of "clocking in" for a shift and spending eight hours a day on the job doesn't help guide IT toward its objectives or create any higher sense of purpose. Leaders must work to create a true sense of accountability by reaching consensus on what key performance indicators are important and tasking staff to improve them. Metrics should clearly link back to business outcomes and IT should understand the role they play in delivering a good customer experience.

    Risks

    Lack of talent available to drive transformation

    CIOs are finding it difficult to hire the talent needed to create the capacity they need as digital demands of their organizations increase. This could slow the pace of change as new positions created in IT go unfilled. CIOs may need to consider reskilling and rebalancing workloads of existing staff in the short term and tap outsourcing providers to help make up shortfalls.

    Resistance to change

    New processes may have been given the official rubber stamp, but that doesn't mean staff are adhering to them. Organizations that reorganize themselves must take steps to audit their processes to ensure they're executed the way they intend. Some employees may feel they are being made obsolete or pushed out of their jobs and become disengaged.

    Short-term increased costs

    Restructuring the organization can come with the need for new tools and more training. It may be necessary to operate with redundant staff for the transitional period. Some additional expenses might be incurred for a brief period as the new structure is being put in place.

    Emphasize the value of IT in driving revenue

    Salman Ali, CIO, McDonald's Germany

    As the new CIO to McDonald's Germany, Salman Ali came on board with an early mandate to reorganize the IT department. The challenge is to merge two organizations together: one that delivers core technology services of infrastructure, security, service desk, and compliance and one that delivers customer-facing technology such as in-store touchscreen kiosks and the mobile app for food delivery. He is looking to organize this new-look department around the technology in the hands of both McDonald's staff and its customers. In conversations with his stakeholders, Ali emphasizes the value that IT is driving rather than discussing the costs that go into it. For example, there was a huge cost in integrating third-party meal delivery apps into the point-of-sales system, but the seamless experience it delivers to customers looking to place an order helps to drive a large volume of sales. He plans to reorganize his department around this value-driven approach. The organization model will be executed with clear accountability in place and key performance indicators to measure success.

    "Technology is no longer just an enabler. It's now a strategic business function. When they talk about digital, they are really talking about what's in the customers' hands and what do they use to interact with the business directly? Digital transformation has given technology a new front seat that's really driving the business."

    CASE STUDY
    Overhauling the "heartbeat" of the organization

    Ernest Solomon, Former CIO, LAWPRO

    LAWPRO is a provider of professional liability insurance and title insurance in Canada. The firm is moving its back-office applications from a build approach to a buy approach and focusing its build efforts on customer-facing systems tied to revenue generation. CIO Ernest Solomon says his team has been developing on a legacy platform for two decades, but it's time to modernize. The firm is replacing its legacy platform and moving to a cloud-based system to address technical debt and improve the experience for staff and customers. The claims and policy management platform, the "heartbeat" of the organization, is moving to a software-as-a-service model. At the same time, the firm's customer-facing Title Plus application is being moved to a cloud-native, serverless architecture. Solomon doesn't see the need for IT to spend time building services for the back office, as that doesn't align with the mission of the organization. Instead, he focuses his build efforts on creating a competitive advantage.

    "We're redefining the customer experience, which is how do we move the needle in a positive direction for all the lawyers that interact with us? How do we generate that value-based proposition and improve their interactions with our organization?"

    From priorities to action

    Go deeper on pursuing your priorities by improving the associated capabilities.

    Improve Enterprise Application Selection & Implementation

    Help leaders manage their teams effectively in a hybrid environment by providing them with the right tools and tactics to manage the challenges of hybrid work. Focus on promoting teamwork and fostering connection.

    Embrace Business-Managed Applications

    Improve Performance Measurement

    Drive the most important IT process in the eyes of supervisors by defining business value and linking IT spend to it. Make benefits realization part of your IT governance.

    Maximize Business Value From IT Through Benefits Realization

    Improve IT Organizational Design

    Showcase IT's value to the business by aligning IT spending and staffing to business functions. Provide transparency into business consumption of IT and compare your spending to your peers'.

    IT Spend & Staffing Benchmarking

    The Five Priorities

    Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

    1. Adjust IT operations to manage for inflation
    2. Prepare your data pipeline to train AI
    3. Go all in on zero-trust security
    4. Engage employees in the digital age
    5. Shape the IT organization to improve customer experience

    Expert Contributors

    In order of appearance

    Denise Cornish, Associate VP of IT and Deputy COO, Western University of Health Sciences

    Jim Love, CIO, IT World Canada

    Christian Magsisi, Vice President of Venue and Digital Technology, MLSE

    Humza Teherany, Chief Technology Officer, MLSE

    Serge Suponitskiy, CIO, Brosnan Risk Consultants

    David Senf, National Cybersecurity Strategist, Bell

    Roberto Eberhardt, CIO, Ontario Legislative Assembly

    Mike Russell, Virginia Community College System

    Salman Ali, CIO, McDonald's Germany

    Ernest Solomon, Former CIO, LAWPRO

    Bibliography

    Anderson, Brad, and Seth Patton. "In a Hybrid World, Your Tech Defines Employee Experience." Harvard Business Review, 18 Feb. 2022. Accessed 12 Dec. 2022.
    "Artificial Intelligence Is Permeating Business at Last." The Economist, 6 Dec. 2022. Accessed 12 Dec. 2022.
    Badlani, Danesh Kumar, and Adrian Diglio. "Microsoft Open Sources Its Software Bill
    of Materials (SBOM) Generation Tool." Engineering@Microsoft, 12 July 2022. Accessed
    12 Dec. 2022.
    Birch, Martin. "Council Post: Equipping Employees To Succeed In Digital Transformation." Forbes, 9 Aug. 2022. Accessed 7 Dec. 2022.
    Bishop, Katie. "Is Remote Work Worse for Wellbeing than People Think?" BBC News,
    17 June 2022. Accessed 7 Dec. 2022.
    Carlson, Brian. "Top 5 Priorities, Challenges For CIOs To Recession-Proof Their Business." The Customer Data Platform Resource, 19 July 2022. Accessed 7 Dec. 2022.
    "CIO Priorities: 2020 vs 2023." IT PRO, 23 Sept. 2022. Accessed 2 Nov. 2022.
    cyberinsiders. "Frictionless Zero Trust Security - How Minimizing Friction Can Lower Risks and Boost ROI." Cybersecurity Insiders, 9 Sept. 2021. Accessed 7 Dec. 2022.
    Garg, Sampak P. "Top 5 Regulatory Reasons for Implementing Zero Trust."
    CSO Online, 27 Oct. 2022. Accessed 7 Dec. 2022.
    Heikkilä, Melissa. "The Viral AI Avatar App Lensa Undressed Me—without My Consent." MIT Technology Review, 12 Dec. 2022. Accessed 12 Dec. 2022.
    Jackson, Brian. "How the Toronto Raptors Operate as the NBA's Most Data-Driven Team." Spiceworks, 1 Dec. 2022. Accessed 12 Dec. 2022.
    Kiss, Michelle. "How the Digital Age Has Transformed Employee Engagement." Spiceworks,16 Dec. 2021. Accessed 7 Dec. 2022.
    Matthews, David. "EU Hopes to Build Aligned Guidelines on Artificial Intelligence with US." Science|Business, 22 Nov. 2022. Accessed 12 Dec. 2022.
    Maxim, Merritt. "New Security & Risk Planning Guide Helps CISOs Set 2023 Priorities." Forrester, 23 Aug. 2022. Accessed 7 Dec. 2022.
    Miller, Michael J. "Gartner Surveys Show Changing CEO and Board Concerns Are Driving a Different CIO Agenda for 2023." PCMag, 20 Oct. 2022. Accessed 2 Nov. 2022.
    MIT Lincoln Laboratory. "Overview of Zero Trust Architectures." YouTube,
    2 March 2022. Accessed 7 Dec. 2022.
    MIT Technology Review Insights. "CIO Vision 2025: Bridging the Gap between BI and AI." MIT Technology Review, 20 Sept. 2022. Accessed 1 Nov. 2022.
    Paramita, Ghosh. "Data Architecture Trends in 2022." DATAVERSITY, 22 Feb. 2022. Accessed 7 Dec. 2022.
    Rosenbush, Steven. "Cybersecurity Tops the CIO Agenda as Threats Continue to Escalate - WSJ." The Wall Street Journal, 17 Oct. 2022. Accessed 2 Nov. 2022.
    Sacolick, Isaac. "What's in the Budget? 7 Investments for CIOs to Prioritize." StarCIO,
    22 Aug. 2022. Accessed 2 Nov. 2022.
    Singh, Yuvika. "Digital Culture-A Hurdle or A Catalyst in Employee Engagement." International Journal of Management Studies, vol. 6, Jan. 2019, pp. 54–60. ResearchGate, https://doi.org/10.18843/ijms/v6i1(8)/08.
    "Talent War Set to Become Top Priority for CIOs in 2023, Study Reveals." CEO.digital,
    8 Sept. 2022. Accessed 7 Dec. 2022.
    Tanaka, Rodney. "WesternU COMP and COMP-Northwest Named Apple Distinguished School." WesternU News. 10 Feb. 2022. Accessed 12 Dec. 2022.
    Wadhwani, Sumeet. "Meta's New Large Language Model Galactica Pulled Down Three Days After Launch." Spiceworks, 22 Nov. 2022. Accessed 12 Dec. 2022.
    "World Economic Outlook." International Monetary Fund (IMF), 11 Oct. 2022. Accessed
    14 Dec. 2022.

    Build a Software Quality Assurance Program

    • Buy Link or Shortcode: {j2store}284|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $20,972 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Testing, Deployment & QA
    • Parent Category Link: /testing-deployment-and-qa
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new systems and changes quickly and with sufficient quality.
    • Many organizations lack the critical capabilities and resources needed to satisfy their growing testing backlog, risking product success.

    Our Advice

    Critical Insight

    • Testing is often viewed as a support capability rather than an enabler of business growth. It receives focus and investment only when it becomes a visible problem.
    • The rise in security risks, aggressive performance standards, constantly evolving priorities, and misunderstood quality policies further complicate QA as it drives higher expectations for effective practices.
    • QA starts with good requirements. Tests are only as valuable as the requirements they are validating and verifying. Early QA improves the accuracy of downstream tests and reduces costs of fixing defects late in delivery.
    • Quality is an organization-wide accountability. Upstream work can have extensive ramifications if all roles are not accountable for the decisions they make.
    • Quality must account for both business and technical requirements. Valuable change delivery is cemented in a clear understanding of quality from both business and IT perspectives.

    Impact and Result

    • Standardize your definition of a product. Come to an organizational agreement of what attributes define a high-quality product. Accommodate both business and IT perspectives in your definition.
    • Clarify the role of QA throughout your delivery pipeline. Indicate where and how QA is involved throughout product delivery. Instill quality-first thinking in each stage of your pipeline to catch defects and issues early.
    • Structure your test design, planning, execution, and communication practices to better support your quality definition and business and IT environments and priorities. Adopt QA good practices to ensure your tests satisfy your criteria for a high-quality and successful product.

    Build a Software Quality Assurance Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strong foundation for quality, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your QA process

    Standardize your product quality definition and your QA roles, processes, and guidelines according to your business and IT priorities.

    • Build a Strong Foundation for Quality – Phase 1: Define Your QA Process
    • Test Strategy Template

    2. Adopt QA good practices

    Build a solid set of good practices to define your defect tolerances, recognize the appropriate test coverage, and communicate your test results.

    • Build a Strong Foundation for Quality – Phase 2: Adopt QA Good Practices
    • Test Plan Template
    • Test Case Template
    [infographic]

    Workshop: Build a Software Quality Assurance Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your QA Process

    The Purpose

    Discuss your quality definition and how quality is interpreted from both business and IT perspectives.

    Review your case for strengthening your QA practice.

    Review the standardization of QA roles, processes, and guidelines in your organization.

    Key Benefits Achieved

    Grounded understanding of quality that is accepted across IT and between the business and IT.

    Clear QA roles and responsibilities.

    A repeatable QA process that is applicable across the delivery pipeline.

    Activities

    1.1 List your QA objectives and metrics.

    1.2 Adopt your foundational QA process.

    Outputs

    Quality definition and QA objectives and metrics.

    QA guiding principles, process, and roles and responsibilities.

    2 Adopt QA Good Practices

    The Purpose

    Discuss the practices to reveal the sufficient degree of test coverage to meet your acceptance criteria, defect tolerance, and quality definition.

    Review the technologies and tools to support the execution and reporting of your tests.

    Key Benefits Achieved

    QA practices aligned to industry good practices supporting your quality definition.

    Defect tolerance and acceptance criteria defined against stakeholder priorities.

    Identification of test scenarios to meet test coverage expectations.

    Activities

    2.1 Define your defect tolerance.

    2.2 Model and prioritize your tests.

    2.3 Develop and execute your QA activities.

    2.4 Communicate your QA activities.

    Outputs

    Defect tolerance levels and courses of action.

    List of test cases and scenarios that meet test coverage expectations.

    Defined test types, environment and data requirements, and testing toolchain.

    Test dashboard and communication flow.

    Configuration management

    • Buy Link or Shortcode: {j2store}4|cart{/j2store}
    • Related Products: {j2store}4|crosssells{/j2store}
    • Up-Sell: {j2store}4|upsells{/j2store}
    • Download01-Title: Harness the power of Configuration Management Executive Brief
    • Download-01: Visit Link
    • member rating overall impact: 8.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    Configuration management is all about being able to manage your assets within the support processes. That means to record what you need. Not less than that, and not more either.

    Asset Management, Configuration Management, Lifecycle Management

    Take Control of Cloud Costs on Microsoft Azure

    • Buy Link or Shortcode: {j2store}426|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $125,999 Average $ Saved
    • member rating average days saved: 50 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • Traditional IT budgeting and procurement processes don't work for public cloud services.
    • The self-service nature of the cloud means that often the people provisioning cloud resources aren't accountable for the cost of those resources.
    • Without centralized control or oversight, organizations can quickly end up with massive Azure bills that exceed their IT salary cost.

    Our Advice

    Critical Insight

    • Most engineers care more about speed of feature delivery and reliability of the system than they do about cost.
    • Often there are no consequences for overarchitecting or overspending on Azure.
    • Many organizations lack sufficient visibility into their Azure spend, making it impossible to establish accountability and controls.

    Impact and Result

    • Define roles and responsibilities.
    • Establish visibility.
    • Develop processes, procedures, and policies.

    Take Control of Cloud Costs on Microsoft Azure Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should take control of cloud costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a cost accountability framework

    Assess your current state, define your cost allocation model, and define roles and responsibilities.

    • Cloud Cost Management Worksheet
    • Cloud Cost Management Capability Assessment
    • Cloud Cost Management Policy
    • Cloud Cost Glossary of Terms

    2. Establish visibility

    Define dashboards and reports, and document account structure and tagging requirements.

    • Service Cost Cheat Sheet for Azure

    3. Define processes and procedures

    Establish governance for tagging and cost control, define process for right-sizing, and define process for purchasing commitment discounts.

    • Right-Sizing Workflow (Visio)
    • Right-Sizing Workflow (PDF)
    • Commitment Purchasing Workflow (Visio)
    • Commitment Purchasing Workflow (PDF)

    4. Build an implementation plan

    Document process interactions, establish program KPIs, and build implementation roadmap and communication plan.

    • Cloud Cost Management Task List
    [infographic]

    Workshop: Take Control of Cloud Costs on Microsoft Azure

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build a Cost Accountability Framework

    The Purpose

    Establish clear lines of accountability and document roles & responsibilities to effectively manage cloud costs.

    Key Benefits Achieved

    Understanding of key areas to focus on to improve cloud cost management capabilities.

    Activities

    1.1 Assess current state

    1.2 Determine cloud cost model

    1.3 Define roles & responsibilities

    Outputs

    Cloud cost management capability assessment

    Cloud cost model

    Roles & responsibilities

    2 Establish Visibility

    The Purpose

    Establish visibility into cloud costs and drivers of those costs.

    Key Benefits Achieved

    Better understanding of what is driving costs and how to keep them in check.

    Activities

    2.1 Develop architectural patterns

    2.2 Define dashboards and reports

    2.3 Define account structure

    2.4 Document tagging requirements

    Outputs

    Architectural patterns; service cost cheat sheet

    Dashboards and reports

    Account structure

    Tagging scheme

    3 Define Processes & Procedures

    The Purpose

    Develop processes, procedures, and policies to control cloud costs.

    Key Benefits Achieved

    Improved capability of reducing costs.

    Documented processes & procedures for continuous improvement.

    Activities

    3.1 Establish governance for tagging

    3.2 Establish governance for costs

    3.3 Define right-sizing process

    3.4 Define purchasing process

    3.5 Define notification and alerts

    Outputs

    Tagging policy

    Cost control policy

    Right-sizing process

    Commitment purchasing process

    Notifications and alerts

    4 Build an Implementation Plan

    The Purpose

    Document next steps to implement & improve cloud cost management program.

    Key Benefits Achieved

    Concrete roadmap to stand up and/or improve the cloud cost management program.

    Activities

    4.1 Document process interaction changes

    4.2 Define cloud cost program KPIs

    4.3 Build implementation roadmap

    4.4 Build communication plan

    Outputs

    Changes to process interactions

    Cloud cost program KPIs

    Implementation roadmap

    Communication plan

    Analyze Your Service Desk Ticket Data

    • Buy Link or Shortcode: {j2store}483|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $6,499 Average $ Saved
    • member rating average days saved: 3 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • Leverage your service desk ticket data to gain insights for your service desk strategy.

    Our Advice

    Critical Insight

    • Properly analyzing ticket data is challenging for the following reasons:
      • Poor ticket hygiene and unclear ticket handling means the data is often inaccurate or incomplete.
      • Service desk personnel are not sure where to start with analysis.
      • Too many metrics are tracked to parse actionable data from the noise.
    • Ticket data won’t give you a silver bullet, but it can help point you in the right direction.

    Impact and Result

    • Create an iterative framework for tracking metrics, keeping data clean, and actioning your data on day-to-day and month-to-month timelines.

    Analyze Your Service Desk Ticket Data Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should analyze your service desk ticket data, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Import your ticket data

    Enter your data into our tool. Compare your own ITSM ticket fields to improve ticket data moving forward.

    • Service Desk Ticket Analysis Tool

    2. Analyze your ticket data

    Use the ticket analysis tool as a guide to build your own operational dashboards to measure metrics over time. Gain actionable insights from your data.

    • Ticket Analysis Report

    3. Action your ticket data

    Use the data to communicate your findings to the business and leadership using the Ticket Analysis Report.

    [infographic]

    Further reading

    INFO-TECH RESEARCH GROUP

    Analyze Your Service Desk Ticket Data

    Take a data-driven approach to service desk optimization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Photo of Benedict Chang, Research Analyst, Infrastructure & Operations, Info-Tech Research Group

    Benedict Chang
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Photo of Ken Weston ITIL MP, PMP, Cert.APM, SMC, Research Director, Infrastructure & Operations, Info-Tech Research Group

    Ken Weston ITIL MP, PMP, Cert.APM, SMC
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    The perfect time to start analyzing your ticket data is now

    Service desks improve their services by leveraging ticket data to inform their actions. However, many organizations don’t know where to start. It’s tempting to wait for perfect data, but there’s a lot of value in analyzing your ticket data as it exists today.

    Start small. Track key tension metrics based on the out-of-the-box functionality in your tool. Review the metrics regularly to stay on track.

    By reviewing your ticket data, you’re going to get better organically. You’re going to learn about the state of your environment, the health of your processes, and the quality of your services. Regularly analyze your data to drive improvements.

    Make ticket analysis a weekly habit. Every week, you should be evaluating how the past week went. Every month, you should be looking for patterns and trends.

    Executive Summary

    Your Situation

    Leverage your service desk ticket data to gain insights for improving your operations:

    1. Use a data-based approach to allocate service desk resources.
    2. Design appropriate SLOs and SLAs to better service end users.
    3. Gain efficiencies for your shift-left strategy.
    4. Communicate the current and future value of the service desk to the business.

    Common Obstacles

    Properly analyzing ticket data is challenging for the following reasons:

    • Poor ticket hygiene and unclear ticket handling guidelines can lead to untrustworthy results.
    • Undocumented tickets from various intake channels prevents you from seeing the whole picture.
    • Service desk personnel are not sure where to start with analysis and are too busy to find time.
    • Too many metrics are tracked to parse actionable insights from the noise.

    Info-Tech’s Approach

    Info-Tech’s approach to improvement:

    • To reduce the noise, standardize your ticket data in a format that will ease analysis.
    • Start with common analyses using the cleaned data set.
    • Identify action items based on your ticket data.

    Analyze your ticket data to help continually improve your service desk.

    Slow down. Give yourself time.

    Give yourself time to observe the new metrics and draw enough insights to make recommendations for improvement. Then, execute on those recommendations. Slow and steady improvement of the service desk only adds business value and will have a positive impact on customer satisfaction.

    Your challenge

    This research is designed to help service desk managers analyze their ticket data

    Analyzing ticket data involves:

    • Collecting ticket data and keeping it clean. Based on the metrics you’re analyzing, define ticket expectations and keep the data up to date.
    • Showing the value of the service desk. SLAs are meaningless if they are not met consistently. The prerequisite to implementing proper SLAs is fully understanding the workload of the service desk.
    • Understanding – and improving – the user experience. You cannot improve the user experience without meaningful metrics that allow you to understand the user experience. Different user groups will have different needs and different expectations of the level of service. Your metrics should reflect those needs and expectations.

    36% of organizations are prioritizing ticket handling in IT for 2021 (Source: SDI, 2021)

    12% of organizations are focusing directly on service desk improvement (Source: SDI, 2021)

    Common obstacles

    Many organizations face these barriers to analyzing their ticket data:

    • Finding time to properly analyze ticket data is a challenge. Not knowing where to start can lead to not analyzing the proper data. Service desks end up either tracking too much data or not tracking the proper metrics.
    • Data, even if clean, can be housed in various tools and databases. It’s difficult to aggregate data if the data is stored throughout various tools. Comparisons may also be difficult if the data sets aren’t consistent.
    • Shifting left to move tickets toward self-service is difficult when there is no visibility into which tickets should be shifted left.

    What your peers are saying about why they can’t start analyzing their ticket data:

    • “My technicians do not consistently update and close tickets.”
    • “My ITSM doesn’t have the capabilities I need to make informed decisions on shifting tickets left.”
    • “My tickets are always missing data”
    • “I’m constantly firefighting. I have no time for ticket data analysis.”
    • “I have no idea where to start with the amount of data I have.”
    (Source: Info-Tech survey, 2021; N=20.)

    Common obstacles that prevent effective ticket analysis

    We asked IT service desk managers and teams about their biggest hurdles

    Missing or Inaccurate Information
    • Lack of information in the ticket
    • Categories are too general/specific to draw insights
    • Poor ticket hygiene
    Missing Updates
    • Tickets aren’t updated while being resolved
    Correlating Tickets to Identify Trends
    • Not sure where to start with all the data at hand
    No Time
    • No time to figure out the tool or analyze the data properly
    Ineffective Categorization Schemes
    • Reduces the power of ticket data
    Tool Limitations
    • Can’t be easily customized
    • Too customized to be effective
    • Desired dashboards unavailable
    (Source: Info-Tech survey, 2021; N=20)

    Info-Tech’s approach

    Repeat this analysis every business cycle:

    • Gather Your Data
      Collect your ticket data OR start measuring the right metrics.
    • Extract & Analyze
      Organize and visualize your data to extract insights
    • Action the Results
      Implement low-effort improvements and celebrate quick successes.
    • Implement Larger Changes
      Reference your ticket data while implementing process, tooling, and other changes.
    • Communicate the Results
      Use your data to show the value of your effort.

    Measure the value of this blueprint

    Track these metrics as you improve

    Use the data to tell you which aspects of IT need to be shifted left and which need to be automated

    Your data will show you where you can improve.

    As you act on your data, you should see:

    • Lower costs per ticket
    • Decreased average time to resolve
    • Increased end-user satisfaction
    • Fewer tickets escalated beyond Tier 1

    An illustration of the 'Shift Left Strategy' using three line graphs arranged in a table with the same axes but representing different metrics. The header row is 'Metrics,' then values of the x-axes are 'Auto-Fix,' 'User,' 'Tier 1,' 'Tier2/Tier3,' and 'Vendor.' Under 'Metrics' we see 'Cost,' 'Time,' and 'Satisfaction.' The 'Cost' graph begins 'Low' at 'Auto-Fix' and gradually moves to 'High' at 'Vendor.' The 'Time' graph begins 'Low' at 'Auto-Fix' and gradually moves to 'High' at 'Vendor.' The 'Satisfaction' graph begins 'High' at 'Auto-Fix' and gradually moves to 'Low' at 'Vendor.' Below is an arrow directing us away from the 'Vendor' option and toward the 'Auto-Fix' option, 'Shift Ticket Resolution Left.'

    See Info-Tech’s blueprint Optimize the Service Desk With a Shift-Left Strategy.

    Info-Tech’s methodology for analyzing service desk tickets

    1. Import Your Ticket Data 2. Analyze Your Ticket Data 3. Communicate Your Insights
    Phase Steps
    1. Import Your Ticket Data
    1. Analyze High-Level Ticket Data
    2. Analyze Incidents, Service Requests, and Ticket Categories
    1. Build Recommendations
    2. Action and Communicate Your Ticket Data
    Phase Outcomes Enter your data into our tool. Compare your own ITSM ticket fields to improve ticket data moving forward. Use the Service Desk Ticket Analysis Tool as a guide to build your own operational dashboards to measure metrics over time. Gain actionable insights from your data. Use the data to communicate your findings to the business and leadership using the Ticket Analysis Report.

    Insight summary

    Slow down. Give yourself time.

    Give yourself time to observe the new metrics and draw enough insights to make recommendations for improvement. Then, execute on those recommendations. Slow and steady improvement of the service desk only adds business value and will have a positive impact on customer satisfaction.

    Iterate on what to track rather than trying to get it right the first time.

    Tracking the right data in your ticket can be challenging if you don’t know what you’re looking for. Start with standardized fields and iterate on your data analysis to figure out your gaps and needs.

    If you don’t know where to go, ticket data can point you in the right direction.

    If you have service desk challenges, you will need to allocate time to process improvement. However, prioritizing your initiatives is easier if you have the ticket data to point you in the right direction.

    Start with data from one business cycle.

    Service desks don’t need three years’ worth of data. Focus on gathering data for one business cycle (e.g. three months). That will give you enough information to start generating value.

    Let the data do the talking.

    Leverage the data to drive organizational and process change in your organization by tracking meaningful metrics. Choose those metrics using business-aligned goals.

    Paint the whole picture.

    Single metrics in isolation, even if measured over time, may not tell the whole story. Make sure you design tension metrics where necessary to get a holistic view of your service desk.

    Blueprint deliverables

    This blueprint’s key deliverable is a ticket analysis tool. Many of the activities throughout this blueprint will direct you to complete and interpret this tool. The other main deliverable is a stakeholder presentation template to help you document the outcomes of the project.
    Service Desk Ticket Analysis Tool Ticket Analysis Report
    Use this tool to identify trends and patterns in your ticket data to action improvement initiatives.

    Sample of the Service Desk Ticket Analysis Tool blueprint deliverable.

    Use this template to document the justification for addressing service desk improvement, the results of your analysis, and your next steps.

    Sample of the Ticket Analysis Report blueprint deliverable.

    Blueprint benefits

    IT Benefits

    • Discover and implement the proper metrics to improve your service desk
    • Use a data-based approach to improve your customer service and operational goals
    • Increase visibility with the business and other IT departments using a structured presentation

    Business Benefits

    • Quicker resolutions to incidents and service requests
    • Better expectations for the service desk and IT
    • Better visibility into the current state, challenges, and goals of the service desk
    • More effective support when contacting the service desk

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 3-4 calls over the course of 2-3 months.

    What does a typical GI on this topic look like?

      Phase 1

    • Call #1: Scope requirements, objectives, and your specific challenges. Enter your data into the tool.
    • Phase 2

    • Call #2: Assess the current state across the different dashboards.
    • Phase 3

    • Call #3: Identify improvements and insights to include in the communication report.
    • Call #4: Review the service desk ticket analysis report.

    PHASE 1

    Import Your Ticket Data

    This phase will walk you through the following activities:

    • 1.1.1 Define your objectives for analyzing ticket data
    • 1.1.2 Identify success metrics
    • 1.1.3 Import your ticket data into the tool
    • 1.1.4 Update your ticket fields for future analysis

    This phase involves the following participants:

    • Service Desk Manager
    • ITSM Manager
    • Service Desk Technician

    1.1.1 Define your objectives for analyzing ticket data

    Input: Understanding of current service desk process and ticket routing

    Output: Defined objectives for the project

    Materials: Whiteboard/flip charts, Ticket Analysis Report

    Participants: Service Desk Staff, Service Desk Manager, IT Director, CIO

    Use the discussion questions below as a guide
    1. Identify your main objective for analyzing ticket data. Use these three sample objectives as a starting point:
      • Demonstrate value to the business by improving customer service.
      • Improve service desk operations.
      • Reduce the number of recurring incidents.
    2. Answer the following questions as a group:
      • What challenges do you have getting accurate data for this objective?
      • What data is missing for supporting this objective?
      • What kind of issues must be solved for us to make progress on achieving this objective?
      • What decisions are held up from a lack of data?
      • How can better ticket data help us to more effectively manage our services and operations?

    Document in the Ticket Analysis Report.

    1.1.2 Identify success metrics

    Select metrics that will track your progress on meeting the objective identified in Activity 1.1.1.

    Input: Understanding of current service desk process and ticket routing

    Output: Defined objectives for the project

    Materials: Whiteboard/flip charts, Ticket Analysis Report

    Participants: Service Desk Manager, IT Director, CIO

    Use these sample metrics as a starting point:
    Demonstrate value to the business by improving customer service
    Ticket trends by category by month # tickets by business department % SLAs met by IT teams
    Average customer satisfaction rating % incident tickets closed in one day Service request SLAs met by % Annual IT satisfaction survey result
    Improve service desk operations
    Incident tickets assigned, sorted by age and priority Scheduled requests for today and tomorrow Knowledgebase articles due for renewal this month Top 5-10 tickets for the quarter
    Unassigned tickets by age # incident tickets assigned by tech Open tickets by category Backlog summary by age
    Reducing the number of recurring incidents
    # incidents by category and resolution code Number of problem tickets opened and resolved Correlation of ticket volume trends to events Reduction of volume of recurring tickets
    Use of knowledgebase by users Use of self-service for ticket creation Use of service catalog Use of automated features (e.g. password resets)
    Average call hold time % calls abandoned Average resolution time Number of tickets reopened

    Document in the Ticket Analysis Report.

    Inefficient ticket-handling processes lead to SLA breaches and unplanned downtime

    Analyze the ticket data to catch mismanaged or lost tickets that lead to unnecessary escalations and impact business profitability

    • Ticket Category – Are your tickets categorized by type of asset? By service?
    • Average Ticket Times – How long does it take to resolve or fulfill tickets?
    • Ticket Priority – What is the impact and urgency of the ticket?
    • SLA/OLA Violations – Did we meet our SLA objectives? If not, why?
    • Ticket Channel – How was the issue reported or ticket received?
    • Response and Fulfillment – Did we complete first contact resolution? How many times was it transferred?
    • Associated Tasks and Tickets – Is this incident associated with any other tasks like change tickets or problem tickets?

    Encourage proper ticket-handling procedures to enable data quality

    Ensure everyone understands the expectations and the value created from having ticket data that follows these expectations

    • Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
    • Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along within the ticket to the next technician.
    • Update user of ETA if issue cannot be resolved quickly.
    • Ticket templates for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
    • Update categories to reflect the actual issue and resolution.
    • Reference or link to the knowledgebase article as the documented steps taken to resolve the incident.
    • Validate with the client that the incident is resolved; automate this process with ticket closure after a certain time.
    • Close or resolve the ticket on time.

    Info-Tech Insight

    Ticket handling ensures clean handovers, whether it is to higher tiers or back to the customer. When filling the ticket out with information intended for another party, ensure the information is written for their benefit and from their point of view.

    Service Desk Ticket Analysis Tool overview

    The Service Desk Ticket Analysis Tool will help you standardize your ticket data in a meaningful format that will allow you to apply common analyses to identify the actions you need to take to improve service desk operations

    TABS 1 & 2
    INSTRUCTIONS & DATA ENTRY
    TAB 3 : TICKET SUMMARY
    TICKET SUMMARY DASHBOARDS
    TABS 4 to 8: DASHBOARDS
    INCIDENT SERVICE REQUEST CATEGORY
    Sample of the Service Desk Ticket Analysis Tool, tabs 1 & 2.
    Input at least three months of your exported ticket data into the corresponding columns in the tool to feed into the common analysis graphs in the other tabs.
    Sample of the Service Desk Ticket Analysis Tool, tab 3.
    This tab contains multiple dashboards analyzing how tickets come in, who requests them, who resolves them, and how long it takes to resolve them.
    Sample of the Service Desk Ticket Analysis Tool, tabs 4 to 8.
    These tabs each have dashboards outlining analysis on incidents and service requests. The category tab will allow you to dive deeper on commonly reported issues.

    1.1.3 Import your data into our Service Desk Ticket Analysis Tool

    You can still leverage your current data, but use this opportunity to improve your service desk ticket fields down the line

    Input: ITSM data log

    Output: Populated Service Desk Ticket Data Analysis Tool

    Materials: Whiteboard/flip charts, Service Desk Ticket Analysis Tool

    Participants: Service Desk Manager, Service Desk Technicians

    Start here:

    • Extract your ticket data from your ITSM tool in an Excel or text format.
    • Look at the fields on the data entry tab of the Service Desk Ticket Analysis Tool.
    • Fill the fields with your ticket data by copying and pasting relevant sections. It is okay if you don’t have all the fields, but take note of the fields you are missing.
    • With the list of the fields you are missing, run through the following activity to decide if you will need to adopt or add fields to your own service desk ticket tool.
    Fields Captured
    Ticket Number Open Date
    Open Time Closed Date
    Closed Time Intake Channel
    Time to Resolve Site Location
    First Contact Resolution Resolution Code
    Category (I, II, III) Ticket Type (Request or Incident)
    Status of Ticket Resolved by Tier
    Ticket Priority Requestor/Department
    SLA Fulfilled Subject
    Technician

    When entering your data, pay close attention to the following fields:

    • Time to Resolve: This is automatically calculated using data in the Open Date, Open Time, Close Date, and Close Time fields. You have three options for entering your data in these fields:
      1. Enter your data as the fields describe. Ensure your data contain only the field description (e.g. Open Date separated from Open Time). If your data contain Open Date AND Open Time, Excel will not show both.
      2. Enter your data only in Open Date and Close Date. If your ITSM does not separate date and time, you can keep the data in a single cell and enter it in the column. The formula in Time to Resolve will still be accurate.
      3. If your ITSM outputs Time to Resolve, overwrite the formula in the Time to Resolve column.
    • SLA: If your ITSM outputs SLA fulfilled: Y/N, enter that directly into the SLA Fulfilled column.
    • Blank Columns: If you do not have data for all the columns, that is okay. Continue with the following activity. Note that some stock dashboards will be empty if that is the case.
    • Incidents vs. Service Requests: If you separate incidents and service requests, be sure to capture that in the SR/Incident for Tabs 4 and 5. If you do not separate the two, then you will only need to analyze Tab 3.
    Fields Captured
    Ticket Number Open Date
    Open Time Closed Date
    Closed Time Intake Channel
    Time to Resolve Site Location
    First Contact Resolution Resolution Code
    Category (I, II, III) Ticket Type (Request or Incident)
    Status of Ticket Resolved by Tier
    Ticket Priority Requestor/Department
    SLA Fulfilled Subject
    Technician

    Use Info-Tech’s tool instead of building your own. Download the Service Desk Ticket Analysis Tool.

    1.1.4 Update your ticket fields for future analysis

    Input: Populated Service Desk Ticket Data Analysis Tool

    Output: New ticket fields to track

    Materials: Whiteboard/flip charts, Service Desk Ticket Analysis Tool

    Participants: Service Desk Manager, Service Desk Technicians

    As a group, pay attention to the ticket fields populated in the tool as well as the ticket fields that you were not able to populate. Use the example “Fields Captured” table to the right, which lists all fields present in the ticket analysis tool.

    Discuss the following questions:

    1. Consider the fields not captured. Would it be valuable to start capturing that data for future analysis?
    2. If so, does your ITSM support that field?
    3. Can you make the change in-house or do you have to bring in an external ITSM administrator to make the change?
    4. Capture the results in the Ticket Analysis Report.
    Example: Fields Captured - Fields Not Captured
    Ticket Number Open Date
    Open Time Closed Date
    Closed Time Intake Channel
    Time to Resolve Site Location
    First Contact Resolution Resolution Code
    Category (I, II, III) Ticket Type (Request or Incident)
    Status of Ticket Resolved by Tier
    Ticket Priority Requestor/Department
    SLA Fulfilled Subject
    Technician

    Document in the Ticket Analysis Report.

    Info-Tech Insight

    Don’t wait for your ticket quality to be perfect. You can still draw actions from your ticket data. They will likely be process improvements initially, but the exercise of pulling the data is a necessary first step.

    Common ticket fields tracked by your peers

    Which of these metrics do you track and action?

    • Remember you don’t have to track every metric. Only track metrics that are actionable.

    For each metric that you end up tracking:

    • Look for trends over time.
    • Brainstorm reasons why the metric could rise or fall.

    Associate a metric with each improvement you execute.

    • Performing this step will allow you to better see the value from your team’s efforts.
    • It will also give you a quicker response than waiting for spikes in your data.

    A bar chart of 'Metrics tracked by other organizations' with the x-axis populated by different metrics and the y-axis as '% organizations who track the metric'. The highest percentage of businesses track 'Ticket volume', then 'Ticket trends by category', then 'Tickets by business units'. The lowest three shown are 'Reopened tickets', 'Cost per ticket', and 'Other'.(Source: Info-Tech survey, 2021; N=20)

    PHASE 2

    Analyze Your Ticket Data

    This phase will walk you through the following activities:

    • 2.1.1 Review high-level ticket dashboards
    • 2.2.1 Review incident, service request, and ticket category dashboards

    This phase involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians
    • IT Managers

    Visualize your ticket data as a first step to analysis

    Identifying trends is easier when looking at diagrams, graphs, and figures

    Start your analysis with common visuals employed by other service desk professionals

    • Phase 2 will walk you through visualizing your data to get a better understanding of your ticket intake, incident management, and service request management.
    • Each step will walk you through:
      • Common visualizations used by service desks
      • Patterns to look for in your visualizations
      • Actions to take to address negative patterns and to continue positive trends
    • Share diagrams that underscore both the value being provided by the service desk as well as the scope of the pain points. Use Info-Tech’s Ticket Analysis Report template as a starting point.

    “Being able to tell stories with data is a skill that’s becoming ever more important in our world of increasing data and desire for data-driven decision making. An effective data visualization can mean the difference between success and failure when it comes to communicating the findings of your study, raising money for your nonprofit, presenting to your board, or simply getting your point across to your audience.” - Cole Knaflic, Founder and CEO, Storytelling with Data: A Data Visualization Guide for Business Professionals

    Use the detailed dashboards to determine the next steps for improvement

    A single number doesn’t tell the whole picture

    Analyze trends over time:

    • Analyze trends by day, by week, by month, and by year to determine:
      • When are the busy periods? (E.g. Do tickets tend to spike every morning, every Monday, or every September?)
      • When are the slow periods? (E.g. Do tickets drop at the end of the day, at midday, on Fridays, or over the summer?)
    • Are spikes or drops in volume consistent trends or one-time anomalies?

    Then build a plan to address them:

    • How will you handle volume spikes, if they’re consistent?
    • What can your resources work on during slow times, if they are consistent?
    • If you assume no shrinkage, can you handle the peaks in volume if you make all FTEs available to work on tickets at a certain time of day?

    Sample of a bar chart comparing tickets that were 'Backlog versus Closed by Month Opened'.

    Look for seasonal trends. In this example, we see high ticket volumes in May and January, with lower ticket volumes in June and July when many staff are taking holidays. However, also be careful to look at the big picture of how you pulled the data. August through October sees a high volume of open tickets because the data set is pulled in November, not because there’s a seasonal spike on tickets not closing at the end of the fiscal year.

    Track ticket data over time

    Make low-effort adjustments before major changes

    Don’t rush to a decision based off the first numbers you see

    Review ticket summary dashboard

    Ideally, you should track ticket patterns over an entire year to get a full sense of trends within each month of the year. At minimum, track for 30 days, then 60, then 90, and see if anything changes. The longer you can track ticket patterns, the more accurate your picture will be.

    Review additional dashboards

    If you separate incidents and service requests, and you have accurate ticket categories, then you can use these dashboards to further break down the data to identify ticket trends.

    The output of the ticket analysis will only be as accurate as its input.
    To get the most accurate results, first ensure your data is accurate, then analyze it over as much time as possible. Aggregating with accurate data will give you a better picture of the trends in demand that your service desk sees.

    Not separating incidents and service requests? Need to fix your ticket categories? Visit Standardize the Service Desk to get started.

    Analyze incidents and requests separately

    Each type has its own set of customer experiences and expectations

    • Different ticket types are associated with radically different prioritization, routing, and service levels. For instance, most incidents are resolved within a business day, but requests take longer to implement.
    • If you fail to distinguish between ticket types, your metrics will obscure service desk performance.
    • From a ticket analysis standpoint, separating ticket types prior to analysis or, better yet, at intake allows for cleaner data. In turn, this means more structured analyses, better insights, and more meaningful actions. Not separating ticket types may still get you to the same conclusions, but it will be much more difficult to sift through the data.

    Incident

    An unanticipated interruption of a service.
    The goal of incident management is to restore the service as soon as possible, even if the resolution involves a workaround.

    Request

    A generic description for a small change or service access.
    Requests are small, frequent, and low risk. They are best handled by a process distinct from incident, change, and project management.

    Not separating incidents and service requests? Need to fix your ticket categories? Visit Standardize the Service Desk to get started.

    Step 2.1

    Analyze Your High-Level Ticket Data

    Dashboards
    • Ticket Volume
    • Ticket Intake
    • Ticket Handling and Resolution
    • Ticket Categorization

    This step will walk you through the following activities:

    Visualize the current state of your service desk.

    This step involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians
    • IT Managers

    Outcomes of this step

    Build your metrics baseline to compare with future metric results.

    Dashboards: Ticket Volume

    Example of a dashboard for ticket volume with two bar charts, one breaking down volume by month, and the other marking certain days or weeks in each month.

    Analyze your data for insights

    • Analyze volume trends by day, by week, by month, and by year to determine:
      • When are the busy periods? (E.g. Do tickets tend to spike every morning, every Monday, or every September?)
      • When are slow periods? (E.g. Do tickets drop at the end of the day, at midday, on Fridays, or over the summer?)
    • Are spikes or drops in volume consistent trends or one-time anomalies?
    • What can your resources be working on during slow times? Are you able to address ticket backlog?

    Dashboards: Ticket Intake

    Example of a dashboard for ticket intake with three bar charts, one breaking it down by 'Intake Channel', one by 'Requestor/Department', and one by 'Location'.

    Analyze your data for insights

    • Determine how to drive intake to the most appropriate solution for your organization:
      • A web portal is the most efficient intake method, but it must be user friendly to increase its adoption.
      • The phone should be available for urgent requests or incidents. Encourage those who call with a request to submit a ticket through the portal.
      • Discourage use of email if it is unstructured, as users don’t provide enough detail, and often two or three transactions are required for triage.
      • If walk-ups are encouraged, structure and formalize the support so it can be resourced and managed rather than interrupt-driven.

    Dashboard: Ticket Handling and Resolution

    Example of a dashboard for ticket handling and resolution with three bar charts, one breaking down 'Tickets Resolved by Technician', one by 'Tier', and one by 'Average Time to Resolve (Hours)'.

    Analyze your data for insights

    • Look at your ticket load by technician and by tier. This is an essential step to set your baseline to measure your shift-left initiatives. If you are focusing on self-service or Tier 1 training, the ticket load from higher tiers should decrease over time.
    • If Tiers 2 and 3 are handling the majority of the tickets, this could be a red flag indicating tickets are inappropriately escalated or Tier 1 could use more training and support.
    • For average time to resolve and average time to resolve by tier, are you meeting your SLAs? If not, are your SLAs too aggressive? Are tickets left open and not properly closed?

    Dashboard: Ticket Categorization

    Analyze your data for insights

    • Ticket categorization is critical to clean data. Having a categorization scheme with categories that are miscellaneous, too specific, or too general easily leads to inaccurate reporting or confusing workflows for technicians.
    • When looking at your ticket categories, first look for duplicate categories that could be collapsed into one.
    • Also look at your top five to seven categories and see if they make sense. Are these good candidates in your organization for automation or shift-left?
    • Compare your Tier 1 categories. The level of specificity for these categories should be comparable to easily run reports. If they are not, assess the need for a category redesign.

    Example of a dashboard for ticket categorization with one horizontal bar chart, 'Incident Ticket Volume by Level 1 Category'.

    Step 2.2

    Analyze Incidents, Service Requests, and Ticket Categories

    Dashboards
    • Incidents
    • Service Requests
    • Volume by Ticket Category
    • Resolution Times by Priority and/or Category
    • Tabs for More Granular Investigation and Reporting

    This step will walk you through the following activities:

    Visualize your incident and service request ticket load and analyze trends. Use this information and cross reference data sets to gain a holistic view of how the service desk interacts with IT and the business.

    This step involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians
    • IT Managers

    Outcomes of this step

    Gain actionable, data-driven improvements based on your incident and service request data. Show the value of the service desk and highlight improvements needed.

    Incident and Service Requests Dashboard: Priority and SLA

    Example of an Incident and Service Requests dashboard for priority and SLA with three charts, one breaking down 'Incident Priority', one 'Average time to resolve (in hours) by priority', and one '% of SLA met'.

    Analyze your data for insights

    • Your ticket priority distribution for overall load and time to resolve (TTR) should look something like above with low-priority tickets having higher load and TTR and high/critical-priority tickets having a lower load and lower TTR. If it is reversed, that is a good indication that the service desk is too reactive or isn’t properly prioritizing its work.
    • If your SLA has a high failure rate, consider reassessing your targets with SLOs that you can meet before publishing them as achievable SLAs.

    Incident and Service Requests Dashboard: Priority and SLA

    Example of an Incident and Service Requests dashboard for resolution and close with three bar charts, one breaking down 'Incident Volume by Resolution Code', one 'Incidents Resolved by Tier', and one 'Average time to resolve (in hours) by Resolution Code'.

    Analyze your data for insights

    • Examine your ticket handling by looking at ticket status and resolution codes.
      • If you have a lot of blanks, then tickets are not properly handled. Consider reinforcing your standards for close codes and statuses.
      • Alternatively, if tickets are left open, you may have to build follow-ups on stale tickets into your process or introduce proper auto-close processes.

    Category, Resolution Time, and Resolution Code Dashboards

    These PivotCharts allow you to dig deeper

    Investigate whether there are trends in ticket volume and resolution times within specific categories and subcategories

    Tab 6, Category Dashboard; tab 7, Resolution Time Dashboard; and tab 8, Resolution Code Dashboard are PivotCharts. Use these tabs to investigate whether there are trends in ticket volume, resolution times, and resolution codes within specific categories and subcategories.

    Start with the charts that are available. The +/- buttons will allow you to show more granular information. By default, this granularity will be into the levels of the ticket categorization scheme.

    For most categorization schemes, there will be too many categories to properly graph. You can apply a filter to investigate specific categories by clicking on the drop-down buttons.

    Example of dashboards featured on next slide

    Use these tabs for more granular investigation and reporting

    TAB 6
    CATEGORY DASHBOARD
    TAB 7
    RESOLUTION TIME DASHBOARD
    TAB 8
    RESOLUTION TIME DASHBOARD
    Sample of the 'Ticket Volume by Second, Third Level Category' dashboard tab.
    Investigate ticket distributions in first, second, and third levels. Are certain categories overcrowded, suggesting they can be split? Are certain categories not being used?
    Sample of the 'Average Resolution Times' dashboard tab.
    Do average resolution times match your service level agreements? Do certain categories have significantly different resolution times? Are there areas that can benefit from shift-left?
    Sample of the 'Volume of Resolution Codes' dashboard tab.
    Are resolution codes being accurately used? Are there trends in resolution codes? Are these codes providing sufficient information for problem management?

    PHASE 3

    Communicate Your Insights

    This phase will walk you through the following activities:

    • 3.1.1 Review common recommendations
    • 3.2.1 Review ticket reports daily
    • 3.2.2 Incorporate ticket data into retrospectives and team updates
    • 3.2.3 Regularly review trends with business leaders
    • 3.2.4 Tell a story with your data

    This phase involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians
    • IT Managers

    Step 3.1

    Build Recommendations Based on Your Ticket Data

    Activities
    • 3.1.1 Review common recommendations

    This step will walk you through the following activities:

    Review common recommendations as a first step to extracting insights from your own data.

    This step involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians

    Outcomes of this step

    You will gain an understanding of the common challenges with service desks and ticket analysis in general. See which ones apply to you to inform your ticket data analysis moving forward.

    Review these common recommendations

    1. Fix your ticket categories
      Organize your ticket categorization scheme for proper routing and reporting.
    2. Focus more on self-service
      Self-service is essential to enable shift-left strategies. Focus on knowledgebase processes and portal ease of use.
    3. Update your service catalog
      Improve your service catalog, if necessary, to make it easy for end users to request services and for the service desk to provide those services.
    4. Direct volume toward other channels
      Walk-ups make it more difficult to properly log tickets and assign service desk resources. Drive volume to other channels to improve your ticket quality.
    5. Crosstrain Tier 1 on certain topics
      Tier 1 breadth of knowledge is essential to drive up first contact resolution.
    6. Build more automation
      Identify bottlenecks and challenges with your ticket data to streamline ticket handling and resolution.
    7. Revisit service level agreements
      Update your SLAs and/or SLOs to prioritize expectation management for your end users.
    8. Improve your data quality
      You can only analyze data that exists. Revisit your ticket-handling guidelines and more regularly check tickets to ensure they comply with those standards.

    Optimize your processes and look for opportunities for automation

    Leverage Info-Tech research to improve service desk processes

    Review your service desk processes and tools for optimization opportunities:

    • Clearly establish ticket-handling guidelines.
    • Use ticket templates to reduce time spent entering tickets.
    • Document incident management and service request fulfillment workflows and eliminate any unnecessary steps.
    • Automate manual tasks wherever possible.
    • Build or improve a self-service portal with a knowledgebase to allow users to resolve their own issues, reducing incoming ticket volume to the service desk.
    • Optimize your internal knowledgebase to reduce time spent troubleshooting recurring issues.
    • Leverage AI capabilities to speed up ticket processing and resolution.

    Standardize the Service Desk

    This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management.

    Optimize the Service Desk With a Shift-Left Strategy

    This project will help you build a strategy to shift service support left to optimize your service desk operations and increase end-user satisfaction.

    Step 3.2

    Action and Communicate Your Ticket Data

    Activities
    • 3.2.1 Review your ticket queues daily
    • 3.2.2 Incorporate ticket data into retrospectives and team status updates
    • 3.2.3 Regularly review trends with business leaders
    • 3.2.4 Tell a story with your data

    This step will walk you through the following activities:

    Organize your scrums to report on the metrics that will inform daily and monthly operations.

    This step involves the following participants:

    • Service Desk Manager
    • Service Desk Technicians
    • IT Managers

    Outcomes of this step

    Use the dashboards and data to inform your daily and monthly scrums.

    3.2.1 Review your ticket queues daily

    Clean data is still useless if not used properly

    • The metrics you’ve chosen to measure and visualize in the previous step are useful for informing your day-to-day, week-to-week, and month-to-month strategies for the service desk and IT. Conduct scrums daily to action your dashboard data to help clear ticket queues.
    • Reference your dashboards daily with each IT team.
    • You need to have a dashboard of open tickets assigned to each team.

    Review Daily

    • Ticket volume over the last day (look for spikes)
    • SLA breach risks/SLA breaches
    • Recurring incidents
    • Tickets open
    • Tickets handed over (confirmation of handover)

    3.2.2 Incorporate ticket data into retrospectives and team status updates

    Explain your metric spikes and trends

    • Hold weekly or monthly meetings to review the ticket trends selected during Phases 1 and 2 of this blueprint.
    • Review ticket spikes, identify seasonal trends, and discuss root causes (e.g. projects/changes going live, onboarding blitz).
    • Discuss any actions associated with spikes and seasonal trends (e.g. resource allocation, hiring, training).
    • You can incorporate other IT leaders or departments in this meeting as needed to discuss action items for improvement, quality assurance concerns, customer service concerns, and/or operating level agreement concerns.

    Review Weekly/Monthly

    • Ticket volume
    • Ticket category by priority level over time
    • Tickets from different business groups, VIP groups, and different vertical levels
    • Tickets escalated, tickets that didn’t need to be escalated, tickets that were incorrectly escalated
    • Ticket priority levels over time
    • Most requested services
    • Tickets resolved by which group over time
    • Ability to meet SLAs and OLAs over time by different groups

    3.2.3 Regularly review trends with business leaders

    Use your data to help improve business relationships

    Review the following with business leaders:

    • Volume of work done this past time cycle for the leader’s group
    • Trends and spikes in the data and possible explanations for them (note: get their input on the potential causes of trends)
    • Improvements you plan to execute within the service desk
    • Action items you need from the business leader

    Use your data to show the value you provide to the group. Schedule quarterly meetings with the heads of different business groups to discuss the work that the service desk does for each group.

    Show trends in incidents and service requests: “I see you have a spike in CRM tickets. I’ve been working with the CRM team to address this issue.”

    3.2.4 Tell a story with your data

    Effectively communicate with the business and leadership

    • With your visualized metrics, organize your story into a presentation for different stakeholder groups. You can use the Ticket Analysis Report as a starting point to provide data about:
      • Value provided by the service desk
      • Successes
      • Opportunities for Improvements
      • Current state of KPIs
    • Include information about the causes of data trends and actions you will take in response to the data.
    • For each of these themes, look at the metrics you’ve chosen to track and see which ones fit to tell the story. Let the data do the talking.
    • Consider supplementing the ticket data with data from other systems. For example, you can include data on transactional customer satisfaction surveys, knowledgebase utilization, and self-service utilization.

    Sample of the Ticket Analysis Report.

    Download the Ticket Analysis Report.

    Ticket Analysis Report

    Include the following information as you build your ticket analysis report:

    • Value Provided by the Service Desk
      Start with the value provided by the service desk to different areas of the business. Include information about first contact resolution, average resolution times, ticket volume (e.g. by category, priority, location, requestor).
    • Successes
      Successes is a general field that can include how process improvements have impacted the service desk or how initiatives have enhanced shift-left opportunities. Highlight any positive trends over time.
    • Opportunities for Improvement
      Let the data guide the conversation to where improvements can be made. Day-to-day ops, self-service tools, shifting work left from Tier 2, Tier 3, standardizing a non-standard service, and staffing adjustments are possibilities for this section.
    • Current State of KPIs
      Mean time to resolve, FCR, ticket volume, and end-user satisfaction are great KPIs to include as a starting point.

    Sample of the Ticket Analysis Report.

    Download the Ticket Analysis Report.

    Summary of Accomplishment

    Problem Solved

    You now have a better understanding of how to action your service desk ticket data, including improvements to your current ticket templates for incidents and service requests.

    You also have the data to craft a story to different stakeholder groups to celebrate the successes of the service desk and highlight possible improvements. Continue this exercise iteratively to continue improving the service desk.

    Remember, ticket analysis is not a single event but an ongoing initiative. As you track, analyze, and action more data, you will find more improvements.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Photo of Benedict Chang.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of dashboards we saw earlier. Sample of the 'Ticket Analysis Report'.
    Analyze your dashboards
    An analyst will walk through the ticket data and dashboards with you and your team to help interpret the data and tailor improvements
    Populate your ticket data report
    Given the action items from this solution set, an analyst will help you craft a report to celebrate the successes and highlight needed improvements in the service desk.

    Related Info-Tech Research

    Optimize the Service Desk With a Shift-Left Strategy

    The best type of service desk ticket is the one that doesn’t exist.

    Incident & Problem Management

    Don’t let persistent problems govern your department.

    Design & Build a User-Facing Service Catalog

    Improve user satisfaction with IT with a convenient menu-like catalog.

    Bibliography

    Bayes, Scarlett. “ITSM: 2021 & Beyond.” Service Desk Institute, 2021. Web.

    “Benchmarking Report v.9.” Service Desk Institute, 17 Jan. 2020. Web.

    Bennett, Micah. “The 9 Help Desk Metrics That Should Guide Your Customer Support.” Zapier, 3 Dec. 2015. Web.

    “Global State of Customer Service: The transformation of customer service from 2015 to present day.” Microsoft Dynamics 365, Microsoft, 2020. Web.

    Goodey, Ben. “How to Manually Analyze Support Tickets.” SentiSum, 26 July 2021. Web.

    Jadhav, Megha. “Four Metrics to Analyze When Using Ticketing Software.” Vision Helpdesk Blog, 21 Mar. 2016. Web.

    Knaflic, Cole Nussbaumer. Storytelling with Data: A Data Visualization Guide for Business Professionals. Wiley, 2015.

    Li, Ta Hsin, et al. “Incident Ticket Analytics for IT Application Management Services.” 2014 IEEE International Conference on Services Computing, 2014. Web.

    Olson, Sarah. “10 Help Desk Metrics for Service Desks and Internal Help Desks.” Zendesk Blog, Sept. 2021. Web.

    Paramesh, S.P., et al. “Classifying the Unstructured IT Service Desk Tickets Using Ensemble of Classifiers.” 2018 3rd International Conference on Computational Systems and Information Technology for Sustainable Solutions (CSITSS), 2018. Web.

    Volini, Erica, et al. “2021 Global Human Capital Trends: Special Report.” Deloitte Insights, 21 July 2021. Web.

    “What Kind of Analysis You Can Perform on a Ticket Management System.” Commence, 3 Dec. 2019. Web.

    INFO-TECH RESEARCH GROUP

    Learn the right way to manage metrics

    • Parent Category Name: Improve Your Processes
    • Parent Category Link: /improve-your-processes

    Learn to use metrics in the right way. Avoid staff (subconciously) gaming the numbers, as it is only natural to try to achieve the objective. This is really a case of be careful what you wish for, you may just get it.

    Register to read more …

    Drive Customer Convenience by Enabling Text-Based Customer Support

    • Buy Link or Shortcode: {j2store}531|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Text messaging services and applications (such as SMS, iMessage, WhatsApp, and Facebook Messenger) have seen explosive growth over the last decade. They are an entrenched part of consumers’ daily lives. For many demographics, text messaging rather than audio calls is the preferred medium of communication via smartphone.
    • Despite the popularity of text messaging services and applications with consumers, organizations have been slow to adequately incorporate these channels into their customer service strategy.
    • The result is a major disconnect between the channel preferences of consumers and the customer service options being offered by businesses.

    Our Advice

    Critical Insight

    • IT must work with their counterparts in customer service to build a technology roadmap that incorporates text messaging services and apps as a core channel for customer interaction. Doing so will increase IT’s stature as an innovator in the eyes of the business, while allowing the broader organization to leapfrog competitors that have not yet added text-based support to their repertoire of service channels. Incorporating text messaging as a customer service channel will increase customer satisfaction, improve retention, and reduce cost-to-serve.
    • A prudent strategy for text-based customer service begins with defining the value proposition and creating objectives: is there a strong fit with the organization’s customers and service use cases? Next, organizations must create a technology enablement roadmap for text-based support that incorporates the right tools and applications to deliver it. Finally, the strategy must address best practices for text-based customer service workflows and appropriate resourcing.

    Impact and Result

    • Understand the value and use cases for text-based customer support.
    • Create a framework for enabling technologies that will support scalable text-based customer service.
    • Improve underlying business metrics such as customer satisfaction, retention, and time to resolution by having a plan for text-based support.
    • Better align IT with customer service and support needs.

    Drive Customer Convenience by Enabling Text-Based Customer Support Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should be leveraging text-based services for customer support, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create the business case for text-based customer support

    Understand the use cases and benefits of using text-based services for customer support, and establish how they align to the organization’s current service strategy.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 1: Create the Business Case for Text-Based Customer Support
    • Text-Based Customer Support Strategic Summary Template
    • Text-Based Customer Support Project Charter Template
    • Text-Based Customer Support Business Case Assessment

    2. Create a technology enablement framework for text-based customer support

    Identify the right applications that will be needed to adequately support a text-based support strategy.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 2: Create a Technology Enablement Framework for Text-Based Customer Support
    • Text-Based Customer Support Requirements Traceability Matrix

    3. Create customer service workflows for text-based support

    Create repeatable workflows and escalation policies for text-centric support.

    • Drive Customer Convenience by Enabling Text-Based Customer Support – Phase 3: Create Customer Service Workflows for Text-Based Support
    • Text-Based Customer Support TCO Tool
    • Text-Based Customer Support Acceptable Use Policy
    [infographic]

    Workshop: Drive Customer Convenience by Enabling Text-Based Customer Support

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create the Business Case for Text-Based Support

    The Purpose

    Create the business case for text-based support.

    Key Benefits Achieved

    A clear direction on the drivers and value proposition of text-based customer support for your organization.

    Activities

    1.1 Identify customer personas.

    1.2 Define business and IT drivers.

    Outputs

    Identification of IT and business drivers.

    Project framework and guiding principles for the project.

    2 Create a Technology Enablement Framework for Text-Based Support

    The Purpose

    Create a technology enablement framework for text-based support.

    Key Benefits Achieved

    Prioritized requirements for text-based support and a vetted shortlist of the technologies needed to enable it.

    Activities

    2.1 Determine the correct migration strategy based on the current version of Exchange.

    2.2 Plan the user groups for a gradual deployment.

    Outputs

    Exchange migration strategy.

    User group organization by priority of migration.

    3 Create Service Workflows for Text-Based Support

    The Purpose

    Create service workflows for text-based support.

    Key Benefits Achieved

    Customer service workflows and escalation policies, as well as risk mitigation considerations.

    Present final deliverable to key stakeholders.

    Activities

    3.1 Review the text channel matrix.

    3.2 Build the inventory of customer service applications that are needed to support text-based service.

    Outputs

    Extract requirements for text-based customer support.

    4 Finalize Your Text Service Strategy

    The Purpose

    Finalize the text service strategy.

    Key Benefits Achieved

    Resource and risk mitigation plan.

    Activities

    4.1 Build core customer service workflows for text-based support.

    4.2 Identify text-centric risks and create a mitigation plan.

    4.3 Identify metrics for text-based support.

    Outputs

    Business process models assigned to text-based support.

    Formulation of risk mitigation plan.

    Key metrics for text-based support.

    Switching Software Vendors Overwhelmingly Drives Increased Satisfaction

    • Buy Link or Shortcode: {j2store}612|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation

    Organizations risk being locked in a circular trap of inertia from auto-renewing their software. With inertia comes complacency, leading to a decrease in overall satisfaction. Indeed, organizations are uniformly choosing to renew their software – even if they don’t like the vendor!

    Our Advice

    Critical Insight

    Renewal is an opportunity cost. Switching poorly performing software substantially drives increased satisfaction, and it potentially lowers vendor costs in the process. To realize maximum gains, it’s essential to have a repeatable process in place.

    Impact and Result

    Realize the benefits of switching by using Info-Tech’s five action steps to optimize your vendor switching processes:

    1. Identify switch opportunities.
    2. Evaluate your software.
    3. Build the business case.
    4. Optimize selection method.
    5. Plan implementation.

    Switching Software Vendors Overwhelmingly Drives Increased Satisfaction Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Why you should consider switching software vendors

    Use this outline of key statistics to help make the business case for switching poorly performing software.

    • Switching Existing Software Vendors Overwhelmingly Drives Increased Satisfaction Storyboard

    2. How to optimize your software vendor switching process

    Optimize your software vendor switching processes with five action steps.

    [infographic]

    Review Your Application Strategy

    • Buy Link or Shortcode: {j2store}82|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Over 80% of CXOs experience frustration with IT’s failure to deliver business value.
    • Sixty percent of CEOs believe that improvement is required around IT’s understanding of business goals.
    • Sixty percent of IT professionals know there is an opportunity to run applications more efficiently, eliminating wasteful or low-value activities.

    Our Advice

    Critical Insight

    • Organizations need to better align their application strategy with their business strategy as they proceed through tactical initiatives.
    • Application strategies provide guidance on how they will help the organization survive and thrive.

    Impact and Result

    Aligning your business with applications through your strategy will not only increase business satisfaction but also help to ensure you’re delivering applications that enable the organization’s goals.

    Review Your Application Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should have an application strategy and why you should use Info-Tech’s approach to review it. Learn how we can support you in completing this strategy and review.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review your strategy

    This review guide provides organizations with a detailed assessment of their application strategy, ensuring that the applications enable the business strategy so that the organization can be more effective.The assessment provides criteria and exercises to provide actionable outcomes.

    • Application Strategy Assessment Tool
    • Application Strategy Action Plan Report Template
    • Application Strategy Sample Action Plan Report
    [infographic]

    Create an Architecture for AI

    • Buy Link or Shortcode: {j2store}344|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $604,999 Average $ Saved
    • member rating average days saved: 49 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    This research is designed to help organizations who are facing these challenges:

    • Deliver on the AI promise within the organization.
    • Prioritize the demand for AI projects and govern the projects to prevent overloading resources.
    • Have sufficient data management capability.
    • Have clear metrics in place to measure progress and for decision making.

    AI requires a high level of maturity in all data management capabilities, and the greatest challenge the CIO or CDO faces is to mature these capabilities sufficiently to ensure AI success.

    Our Advice

    Critical Insight

    • Build your target state architecture from predefined best-practice building blocks.
    • Not all business use cases require AI to increase business capabilities.
    • Not all organizations are ready to embark on the AI journey.
    • Knowing the AI pattern that you will use will simplify architecture considerations.

    Impact and Result

    • This blueprint will assist organizations with the assessment, planning, building, and rollout of their AI initiatives.
      • Do not embark on an AI project with an immature data management practice. Embark on initiatives to fix problems before they cripple your AI projects.
      • Using architecture building blocks will speed up the architecture decision phase.
    • The success rate of AI initiatives is tightly coupled with data management capabilities and a sound architecture.

    Create an Architecture for AI Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand why you need an underlying architecture for AI, review Info-Tech's methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess business use cases for AI readiness

    Define business use cases where AI may bring value. Evaluate each use case to determine the company’s AI maturity in people, tools, and operations for delivering the correct data, model development, model deployment, and the management of models in the operational areas.

    • Create an Architecture for AI – Phase 1: Assess Business Use Cases for AI Readiness
    • AI Architecture Assessment and Project Planning Tool
    • AI Architecture Assessment and Project Planning Tool – Sample

    2. Design your target state

    Develop a target state architecture to allow the organization to effectively deliver in the promise of AI using architecture building blocks.

    • Create an Architecture for AI – Phase 2: Design Your Target State
    • AI Architecture Templates

    3. Define the AI architecture roadmap

    Compare current state with the target state to define architecture plateaus and build a delivery roadmap.

    • Create an Architecture for AI – Phase 3: Define the AI Architecture Roadmap
    [infographic]

    Workshop: Create an Architecture for AI

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Answer “Where To?”

    The Purpose

    Define business use cases where AI may add value and assess use case readiness.

    Key Benefits Achieved

    Know upfront if all required data resources are available in the required velocity, veracity, and variety to service the use case.

    Activities

    1.1 Review the business vision.

    1.2 Identify and classify business use cases.

    1.3 Assess company readiness for each use case.

    1.4 Review architectural principles and download and install Archi.

    Outputs

    List of identified AI use cases

    Assessment of each use case

    Data sources needed for each use case

    Archi installed

    2 Define the Required Architecture Building Blocks

    The Purpose

    Define architecture building blocks that can be used across use cases and data pipeline.

    Key Benefits Achieved

    The architectural building blocks ensure reuse of resources and form the foundation of a stepwise rollout.

    Activities

    2.1 ArchiMate modelling language overview.

    2.2 Architecture building block overview

    2.3 Identify architecture building blocks by use case.

    2.4 Define the target state architecture.

    Outputs

    A set of building blocks created in Archi

    Defined target state architecture using architecture building blocks

    3 Assess the Current State Architecture

    The Purpose

    Assess your current state architecture in the areas identified by the target state.

    Key Benefits Achieved

    Only evaluating the current state architecture that will influence your AI implementation.

    Activities

    3.1 Identify the current state capabilities as required by the target state.

    3.2 Assess your current state architecture.

    3.3 Define a roadmap and design implementation plateaus.

    Outputs

    Current state architecture documented in Archi

    Assessed current state using assessment tool

    A roadmap defined using plateaus as milestones

    4 Bridge the Gap and Create the Roadmap

    The Purpose

    Assess your current state against the target state and create a plan to bridge the gaps.

    Key Benefits Achieved

    Develop a roadmap that will deliver immediate results and ensure long-term durability.

    Activities

    4.1 Assess the gaps between current- and target-state capabilities.

    4.2 Brainstorm initiatives to address the gaps in capabilities

    4.3 Define architecture delivery plateaus.

    4.4 Define a roadmap with milestones.

    4.5 Sponsor check-in.

    Outputs

    Current to target state gap assessment

    Architecture roadmap divided into plateaus

    Initiate Your Service Management Program

    • Buy Link or Shortcode: {j2store}398|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • IT organizations continue attempting to implement service management, often based on ITIL, with limited success and without visible value.
    • More than half of service management implementations have failed beyond simply implementing the service desk and the incident, change, and request management processes.
    • Organizational structure, goals, and cultural factors are not considered during service management implementation and improvement.
    • The business lacks engagement and understanding of service management.

    Our Advice

    Critical Insight

    • Service management is an organizational approach. Focus on producing successful and valuable services and service outcomes for the customers.
    • All areas of the organization are accountable for governing and executing service management. Ensure that you create a service management strategy that improves business outcomes and provides the value and quality expected.

    Impact and Result

    • Identified structure for how your service management model should be run and governed.
    • Identified forces that impact your ability to oversee and drive service management success.
    • Mitigation approach to restraining forces.

    Initiate Your Service Management Program Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why service management implementations often fail and why you should establish governance for service management.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the level of oversight you need

    Use Info-Tech’s methodology to establish an effective service management program with proper oversight.

    • Service Management Program Initiation Plan
    [infographic]

    Build a Vendor Security Assessment Service

    • Buy Link or Shortcode: {j2store}318|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $17,501 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Vendor security risk management is a growing concern for many organizations. Whether suppliers or business partners, we often trust them with our most sensitive data and processes.
    • More and more regulations require vendor security risk management, and regulator expectations in this area are growing.
    • However, traditional approaches to vendor security assessments are seen by business partners and vendors as too onerous and are unsustainable for information security departments.

    Our Advice

    Critical Insight

    • An efficient and effective assessment process can only be achieved when all stakeholders are participating.
    • Security assessments are time-consuming for both you and your vendors. Maximize the returns on your effort with a risk-based approach.
    • Effective vendor security risk management is an end-to-end process that includes assessment, risk mitigation, and periodic re-assessments.

    Impact and Result

    • Develop an end-to-end security risk management process that includes assessments, risk treatment through contracts and monitoring, and periodic re-assessments.
    • Base your vendor assessments on the actual risks to your organization to ensure that your vendors are committed to the process and you have the internal resources to fully evaluate assessment results.
    • Understand your stakeholder needs and goals to foster support for vendor security risk management efforts.

    Build a Vendor Security Assessment Service Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a vendor security assessment service, review Info-Tech’s methodology, and understand the three ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define governance and process

    Determine your business requirements and build your process to meet them.

    • Build a Vendor Security Assessment Service – Phase 1: Define Governance and Process
    • Vendor Security Policy Template
    • Vendor Security Process Template
    • Vendor Security Process Diagram (Visio)
    • Vendor Security Process Diagram (PDF)

    2. Develop assessment methodology

    Develop the specific procedures and tools required to assess vendor risk.

    • Build a Vendor Security Assessment Service – Phase 2: Develop Assessment Methodology
    • Service Risk Assessment Questionnaire
    • Vendor Security Questionnaire
    • Vendor Security Assessment Inventory

    3. Deploy and monitor process

    Implement the process and develop metrics to measure effectiveness.

    • Build a Vendor Security Assessment Service – Phase 3: Deploy and Monitor Process
    • Vendor Security Requirements Template
    [infographic]

    Workshop: Build a Vendor Security Assessment Service

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Governance and Process

    The Purpose

    Understand business and compliance requirements.

    Identify roles and responsibilities.

    Define the process.

    Key Benefits Achieved

    Understanding of key goals for process outcomes.

    Documented service that leverages existing processes.

    Activities

    1.1 Review current processes and pain points.

    1.2 Identify key stakeholders.

    1.3 Define policy.

    1.4 Develop process.

    Outputs

    RACI Matrix

    Vendor Security Policy

    Defined process

    2 Define Methodology

    The Purpose

    Determine methodology for assessing procurement risk.

    Develop procedures for performing vendor security assessments.

    Key Benefits Achieved

    Standardized, repeatable methodologies for supply chain security risk assessment.

    Activities

    2.1 Identify organizational security risk tolerance.

    2.2 Develop risk treatment action plans.

    2.3 Define schedule for re-assessments.

    2.4 Develop methodology for assessing service risk.

    Outputs

    Security risk tolerance statement

    Risk treatment matrix

    Service Risk Questionnaire

    3 Continue Methodology

    The Purpose

    Develop procedures for performing vendor security assessments.

    Establish vendor inventory.

    Key Benefits Achieved

    Standardized, repeatable methodologies for supply chain security risk assessment.

    Activities

    3.1 Develop vendor security questionnaire.

    3.2 Define procedures for vendor security assessments.

    3.3 Customize the vendor security inventory.

    Outputs

    Vendor security questionnaire

    Vendor security inventory

    4 Deploy Process

    The Purpose

    Define risk treatment actions.

    Deploy the process.

    Monitor the process.

    Key Benefits Achieved

    Understanding of how to treat different risks according to the risk tolerance.

    Defined implementation strategy.

    Activities

    4.1 Define risk treatment action plans.

    4.2 Develop implementation strategy.

    4.3 Identify process metrics.

    Outputs

    Vendor security requirements

    Understanding of required implementation plans

    Metrics inventory

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy

    • Buy Link or Shortcode: {j2store}563|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Organizations are unaware of the capabilities of web analytics tools and unsure how to leverage these new technologies to enhance their web experience.
    • Traditional solutions offer only information and data about the activity on the website. It is difficult for organizations to understand the customer motivations and behavioral patterns using the data.
    • In addition, there is an overwhelming number of vendors offering various solutions. Understanding which solution best fits your business needs is crucial to avoid overspending.

    Our Advice

    Critical Insight

    • Understanding organizational goals and business objectives is essential in effectively leveraging web analytics.
    • It is easy to get lost in a sea of expensive web analytical tools. Choosing tools that align with the business objectives will keep the costs of customer acquisition and retention to a minimum.
    • Beyond selection and implementation, leveraging web analytic tools requires commitment from the organization to continuously monitor key KPIs to ensure good customer web experience.

    Impact and Result

    • Understand what web analytic tools are and some key trends in the market space. Learn about top advanced analytic tools that help understand user behavior.
    • Discover top vendors in the market space and some of the top-level features they offer.
    • Understand how to use the metrics to gather critical insights about the website’s use and key initiatives for successful implementation.

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy Research & Tools

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy Storyboard – A deck outlining the importance of web analytic tools and how they can be leveraged to meet your business needs.

    This research offers insight into web analytic tools, key trends in the market space, and an introduction to advanced web analytics techniques. Follow our five-step initiative to successfully select and implement web analytics tools and identify which baseline metrics to measure and continuously monitor for best results.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Leverage Web Analytics to Reinforce Your Web Experience Management Strategy Storyboard
    [infographic]

    Further reading

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy

    Web analytics tools are the gateway to understanding customer behavior.

    EXECUTIVE BRIEF

    Analyst Perspective

    In today’s world, users want to consume concise content and information quickly. Websites have a limited time to prove their usefulness to a new user. Content needs to be as few clicks away from the user as possible. Analyzing user behavior using advanced analytics techniques can help website designers better understand their audience.

    Organizations need to implement sophisticated analytics tools to track user data from their website. However, simply extracting data is not enough to understand the user motivation. A successful implementation of a web analytics tool will comprise both understanding what a customer does on the website and why the customer does what they do.

    This research will introduce some fundamental and advanced analytics tools and provide insight into some of the vendors in the market space.

    Photo of Sai Krishna Rajaramagopalan, Research Specialist, Applications − Enterprise Applications, Info-Tech Research Group. Sai Krishna Rajaramagopalan
    Research Specialist, Applications − Enterprise Applications
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Web analytics solutions have emerged as applications that provide extensive information and data about users visiting your webpage. However, many organizations are unaware of the capabilities of these tools and unsure how to leverage these new technologies to enhance user experience.
    Common Obstacles
    • Traditional solutions offer information and data about customers’ activity on the website but no insight into their motivations and behavioral patterns.
    • In addition, an overwhelming number of vendors are offering various solutions. Understanding which solution best fits your business needs is crucial to avoid overspending.
    Info-Tech’s Approach
    • This research is aimed to help you understand what web analytic tools are and some key trends in the market space. Learn about top advanced analytic tools that help you understand user behavior. Discover top vendors in the market space and some of the high-level features offered.
    • This research also explains techniques and metrics to gather critical insights about your website’s use and will aid in understanding users’ motivations and patterns and better predict their behavior on the website.

    Info-Tech Insight

    It is easy to get lost in a sea of expensive web analytics tools. Choose tools that align with your business objectives to keep the costs of customer acquisition and retention to a minimum.

    Ensure the success of your web analytics programs by following five simple steps

    1. ORGANIZATIONAL GOALS

    The first key step in implementing and succeeding with web analytics tools is to set clearly defined organizational goals, e.g. improving product sales.

    3. KPI METRICS

    Define key performance indicators (KPIs) that help track the organization’s performance, e.g. number of page visits, conversion rates, bounce rates.

    5. REVIEW

    Continuous improvement is essential to succeed in understanding customers. The world is a dynamic place, and you must constantly revise your organizational goals, business objectives, and KPIs to remain competitive.

    Centerpiece representing the five surrounding steps.

    2. BUSINESS OBJECTIVES

    The next step is to lay out business objectives that help to achieve the organization’s goals, e.g. to increase customer leads, increase customer transactions, increase web traffic.

    4. APPLICATION SELECTION

    Understand the web analytics tool space and which combination of tools and vendors best fits the organization’s goals.

    Web Analytics Introduction

    Understand traditional and advanced tools and their capabilities.

    Understanding web analytics

    • Web analytics is the branch of analytics that deals with the collection, reporting, and analysis of data generated by users visiting and interacting with a website.
    • The purpose of web analytics is to measure user behavior, optimize the website’s user experience and flow, and gain insights that help meet business objectives like increasing conversions and sales.
    • Web analytics allows you to see how your website is performing and how people are acting while on your website. What’s important is what you can do with this knowledge.
    • Data collected through web analytics may include traffic sources, referring sites, page views, paths taken, and conversion rates. The compiled data often forms a part of customer relationship management analytics to facilitate and streamline better business decisions.
    • Having strong web analytics is important in understanding customer behavior and fine-tuning marketing and product development approaches accordingly.
    Example of a web analytics dashboard.

    Why you should leverage web analytics

    Leveraging web analytics allows organizations to better understand their customers and achieve their business goals.

    The global web analytics market size is projected to reach US$5,156.3 million by 2026, from US$2,564 million in 2019, at a CAGR of 10.4% during 2021-2026. (Source: 360 Research Reports, 2021) Of the top 1 million websites with the highest traffic, there are over 3 million analytics technologies used. Google Analytics has the highest market share, with 50.3%. (Source: “Top 1 Million Sites,” BuiltWith, 2022)
    Of the 200 million active websites, 57.3% employ some form of web analytics tool. This trend is expected to grow as more sophisticated tools are readily available at a cheaper cost. (Source: “On the Entire Internet,” BuiltWith, 2022; Siteefy, 2022) A three-month study by Contentsquare showed a 6.9% increase in traffic, 11.8% increase in page views, 12.4% increase in transactions, and 3.6% increase in conversion rates through leveraging web analytics. (Source: Mordor Intelligence, 2022)

    Case Study

    Logo for Ryanair.
    INDUSTRY
    Aviation
    SOURCE
    AT Internet
    Web analytics

    Ryanair is a low-fare airline in Europe that receives nearly all of its bookings via its website. Unhappy with its current web analytics platform, which was difficult to understand and use, Ryanair was looking for a solution that could adapt to its requirements and provide continuous support and long-term collaboration.

    Ryanair chose AT Internet for its intuitive user interface that could effectively and easily manage all the online activity. AT was the ideal partner to work closely with the airline to strengthen strategic decision making over the long term, increase conversions in an increasingly competitive market, and increase transactions on the website.

    Results

    By using AT Internet Web Analytics to improve email campaigns and understand the behavior of website visitors, Ryanair was able to triple click-through rates, increase visitor traffic by 16%, and decrease bounce rate by 18%.

    Arrows denoting increases or decreases in certain metrics: '3x increase in click-through rates', '16% increase in visitor traffic', '18% decrease in bounce rate'.

    Use traditional web analytics tools to understand your consumer

    What does the customer do?
    • Traditional web analytics allows organizations to understand what is happening on their website and what customers are doing. These tools deliver hard data to measure the performance of a website. Some of the data measured through traditional web analytics are:
    • Visit count: The number of visits received by a webpage.
    • Bounce rate: The percentage of visitors that leave the website after only viewing the first page compared to total visitors.
    • Referrer: The previous website that sent the user traffic to a specific website.
    • CTA clicks: The number of times a user clicks on a call to action (CTA) button.
    • Conversion rate: Proportion of users that reach the final outcome of the website.
    Example of a traditional web analytics dashboard.

    Use advanced web analytics techniques to understand your consumer

    Why does the customer do what they do?
    • Traditional web analytic tools fail to explain the motivation of users. Advanced analytic techniques help organizations understand user behavior and measure user satisfaction. The techniques help answer questions like: Why did a user come to a webpage? Why did they leave? Did they find what they were looking for? Some of the advanced tools include:
    • Heatmapping: A visual representation of where the users click, scroll, and move on a webpage.
    • Recordings: A recording of the mouse movement and clicks for the entire duration of a user’s visit.
    • Feedback forms and surveys: Voice of the customer tools allowing users to give direct feedback about websites.
    • Funnel exploration: The ability to visualize the steps users take to complete tasks on your site or app.
    Example of an advanced web analytics dashboard.

    Apply industry-leading techniques to leverage web analytics

    Heatmapping
    • Heatmaps are used to visualize where users move their mouse, click, and scroll in a webpage.
    • Website heatmaps use a warm-to-cold color scheme to indicate user activity, with the warmest color indicating the highest visitor engagement and the coolest indicating the lowest visitor engagement.
    • Organizations can use this tool to evaluate the elements of the website that attract users and identify which sections require improvement to increase user engagement.
    • Website designers can make changes and compare the difference in user interaction to measure the effectiveness of the changes.
    • Scrollmaps help designers understand what the most popular scroll-depth of your webpage is – and that’s usually a prime spot for an important call to action.
    Example of a website with heatmapping overlaid.
    (Source: An example of a heatmap layered with a scrollmap from Crazy Egg, 2020)

    Apply industry-leading techniques to leverage web analytics

    Funneling

    • Funnels are graphical representations of a customer’s journey while navigating through the website.
    • Funnels help organizations identify which webpage users land on and where users drop off.
    • Organizations can capture every user step to find the unique challenges between entry and completion. Identifying what friction stands between browsing product grids and completing a transaction allows web designers to then eliminate it.
    • Designers can use A/B testing to experiment with different design philosophies to compare conversion statistics.
    • Funneling can be expanded to cross-channel analytics by incorporating referral data, cookies, and social media analytics.
    Example of a bar chart created through funneling.

    Apply industry-leading techniques to leverage web analytics

    Session recordings

    • Session recordings are playbacks of users’ interaction with the website on a single session. User interaction can vary between mouse clicks, keyboard input, and mouse scroll.
    • Recordings help organizations understand user motivation and help identify why users undertake certain tasks or actions on the webpage.
    • Playbacks can also be used to see if users are confused anywhere between the landing page and final transaction phase. This way, playbacks further help ensure visitors complete the funneling seamlessly.
    Example of a session recording featuring a line created by the mouse's journey.

    Apply industry-leading techniques to leverage web analytics

    Feedback and microsurveys

    • Feedback can be received directly from end users to help organizations improve the website.
    • Receiving feedback from users can be difficult, since not every user is willing to spend time to submit constructive and detailed feedback. Microsurveys are an excellent alternative.
    • Users can submit short feedback forms consisting of a single line or emojis or thumbs up or down.
    • Users can directly highlight sections of the page about which to submit feedback. This allows designers to quickly pinpoint areas for improvement. Additionally, web designers can play back recordings when feedback is submitted to get a clear idea about the challenges users face.
    Example of a website with a microsurvey in the corner.

    Market Overview

    Choose vendors and tools that best match your business needs.

    Top-level traditional features

    Feature Name

    Description

    Visitor Count Tracking Counts the number of visits received by a website or webpage.
    Geographic Analytics Uses location information to enable the organization to provide location-based services for various demographics.
    Conversion Tracking Measures the proportion of users that complete a certain task compared to total number of users.
    Device and Browser Analytics Captures and summarizes device and browser information.
    Bounce and Exit Tracking Calculates exit rate and bounce rate on a webpage.
    CTA Tracking Measures the number of times users click on a call to action (CTA) button.
    Audience Demographics Captures, analyzes, and displays customer demographic/firmographic data from different channels.
    Aggregate Traffic Reporting Works backward from a conversion or other key event to analyze the differences, trends, or patterns in the paths users took to get there.
    Social Media Analytics Captures information on social signals from popular services (Twitter, Facebook, LinkedIn, etc.).

    Top-level advanced features

    Feature Name

    Description

    HeatmappingShows where users have clicked on a page and how far they have scrolled down a page or displays the results of eye-tracking tests through the graphical representation of heatmaps.
    Funnel ExplorationVisualizes the steps users take to complete tasks on your site or app.
    A/B TestingEnables you to test the success of various website features.
    Customer Journey ModellingEffectively models and displays customer behaviors or journeys through multiple channels and touchpoints.
    Audience SegmentationCreates and analyzes discrete customer audience segments based on user-defined criteria or variables.
    Feedback and SurveysEnables users to give feedback and share their satisfaction and experience with website designers.
    Paid Search IntegrationIntegrates with popular search advertising services (i.e. AdWords) and can make predictive recommendations around areas like keywords.
    Search Engine OptimizationProvides targeted recommendations for improving and optimizing a page for organic search rankings (i.e. via A/B testing or multivariate testing).
    Session RecordingRecords playbacks of users scrolling, moving, u-turning, and rage clicking on your site.

    Evaluate software category leaders using SoftwareReviews’ vendor rankings and awards

    Logo for SoftwareReviews.
    Sample of SoftwareReviews' The Data Quadrant. The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    Sample of SoftwareReviews' The Emotional Footprint. The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Speak with category experts to dive deeper into the vendor landscape

    Logo for SoftwareReviews.
    Fact-based reviews of business software from IT professionals. Top-tier data quality backed by a rigorous quality assurance process. CLICK HERE to ACCESS

    Comprehensive software reviews
    to make better IT decisions

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Product and category reports with state-of-the-art data visualization. User-experience insight that reveals the intangibles of working with a vendor.

    SoftwareReviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. Combined with the insight of our expert analysts, our members receive unparalleled support in their buying journey.

    Top vendors in the web analytics space

    Logo for Google Analytics. Google Analytics provides comprehensive traditional analytics tools, free of charge, to understand the customer journey and improve marketing ROI. Twenty-four percent of all web analytical tools used on the internet are provided by Google analytics.
    Logo for Hotjar. Hotjar is a behavior analytics and product experience insights service that helps you empathize with and understand your users through their feedback via tools like heatmaps, session recordings, and surveys. Hotjar complements the data and insights you get from traditional web analytics tools like Google Analytics.
    Logo for Crazy Egg. Crazy Egg is a website analytics tool that helps you optimize your site to make it more user-friendly, more engaging, and more conversion-oriented. It does this through heatmaps and A/B testing, which allow you to see how people are interacting with your site.
    Logo for Amplitude Analytics. Amplitude Analytics provides intelligent insight into customer behavior. It offers basic functionalities like measuring conversion rate and engagement metrics and also provides more advanced tools like customer journey maps and predictive analytics capabilities through AI.

    Case Study

    Logo for Miller & Smith.
    INDUSTRY
    Real Estate
    SOURCE
    Crazy Egg

    Heatmaps and playback recordings

    Challenge

    Miller & Smith had just redesigned their website, but the organization wanted to make sure it was user-friendly as well as visually appealing. They needed an analytics platform that could provide information about where visitors were coming from and measure the effectiveness of the marketing campaigns.

    Solution

    Miller & Smith turned to Crazy Egg to obtain visual insights and track user behavior. They used heatmaps and playback recordings to see user activity within webpages and pinpoint any issues with user interface. In just a few weeks, Miller & Smith gained valuable data to work with: the session recordings helped them understand how users were navigating the site, and the heatmaps allowed them to see where users were clicking – and what they were skipping.

    Results

    Detailed reports generated by the solution allowed Miller & Smith team to convince key stakeholders and implement the changes easily. They were able to pinpoint what changes needed to be made and why these changes would improve their experience.

    Within few weeks, the bounce rate improved by 7.5% and goal conversion increased by 8.5% over a similar period the previous year.

    Operationalizing Web Analytics Tools

    Execute initiatives for successful implementation.

    Ensure success of your web analytics programs by following five simple steps

    1. ORGANIZATIONAL GOALS

    The first key step in implementing and succeeding with web analytics tools is to set clearly defined organizational goals, e.g. improving product sales.

    3. KPI METRICS

    Define key performance indicators (KPIs) that help track the organization’s performance, e.g. number of page visits, conversion rates, bounce rates.

    5. REVIEW

    Continuous improvement is essential to succeed in understanding customers. The world is a dynamic place, and you must constantly revise your organizational goals, business objectives, and KPIs to remain competitive.

    Centerpiece representing the five surrounding steps.

    2. BUSINESS OBJECTIVES

    The next step is to lay out business objectives that help to achieve the organization’s goals, e.g. to increase customer leads, increase customer transactions, increase web traffic.

    4. APPLICATION SELECTION

    Understand the web analytics tool space and which combination of tools and vendors best fits the organization’s goals.

    1.1 Understand your organization’s goals

    30 minutes

    Output: Organization’s goal list

    Materials: Whiteboard, Markers

    Participants: Core project team

    1. Identify the key organizational goals for both the short term and the long term.
    2. Arrange the goals in descending order of priority.

    Example table of goals ranked by priority and labeled short or long term.

    1.2 Align business objectives with organizational goals

    30 minutes

    Output: Business objectives

    Materials: Whiteboard, Markers

    Participants: Core project team

    1. Identify the key business objectives that help attain organization goals.
    2. Match each business objective with the corresponding organizational goals it helps achieve.
    3. Arrange the objectives in descending order of priority.

    Example table of business objectives ranked by priority and which organization goal they're linked to.

    Establish baseline metrics

    Baseline metrics will be improved through:

    1. Efficiently using website elements and CTA button placement
    2. Reducing friction between the landing page and end point
    3. Leveraging direct feedback from users to continuously improve customer experience

    1.3 Establish baseline metrics that you intend to improve via your web analytics tools

    30 minutes

    Example table with metrics, each with a current state and goal state.

    Accelerate your software selection project

    Vendor selection projects often demand extensive and unnecessary documentation.

    Software Selection Insight

    Balance the effort-to-information ratio required for a business impact assessment to keep stakeholders engaged. Use documentation that captures the key data points and critical requirements without taking days to complete. Stakeholders are more receptive to formal selection processes that are friction free.

    The Software Selection Workbook

    Work through the straightforward templates that tie to each phase of the Rapid Application Selection Framework, from assessing the business impact to requirements gathering.

    Sample of the Software Selection Workbook deliverable.

    The Vendor Evaluation Workbook

    Consolidate the vendor evaluation process into a single document. Easily compare vendors as you narrow the field to finalists.

    Sample of the Vendor Evaluation Workbook deliverable.

    The Guide to Software Selection: A Business Stakeholder Manual

    Quickly explain the Rapid Application Selection Framework to your team while also highlighting its benefits to stakeholders.

    Sample of the Guide to Software Selection: A Business Stakeholder Manual deliverable.

    Revisit the metrics you identified and revise your goals

    Track the post-deployment results, compare the metrics, and set new targets for the next fiscal year.

    Example table of 'Baseline Website Performance Metrics' with the column 'Revised Target' highlighted.

    Related Info-Tech Research

    Stock image of two people going over a contract. Modernize Your Corporate Website to Drive Business Value

    Drive higher user satisfaction and value through UX-driven websites.

    Stock image of a person using the cloud on their smartphone. Select and Implement a Web Experience Management Solution

    Your website is your company’s face to the world: select a best-of-breed platform to ensure you make a rock-star impression with your prospects and customers!

    Stock image of people studying analytics. Create an Effective Web Redesign Strategy

    Ninety percent of web redesign projects, executed without an effective strategy, fail to accomplish their goals.

    Bibliography

    "11 Essential Website Data Factors and What They Mean." CivicPlus, n.d. Accessed 26 July 2022.

    “Analytics Usage Distribution in the Top 1 Million Sites.” BuiltWith, 1 Nov. 2022. Accessed 26 July 2022.

    "Analytics Usage Distribution on the Entire Internet." BuiltWith, 1 Nov. 2022. Accessed 26 July 2022.

    Bell, Erica. “How Miller and Smith Used Crazy Egg to Create an Actionable Plan to Improve Website Usability.” Crazy Egg, n.d. Accessed 26 July 2022.

    Brannon, Jordan. "User Behavior Analytics | Enhance The Customer Journey." Coalition Technologies, 8 Nov 2021. Accessed 26 July 2022.

    Cardona, Mercedes. "7 Consumer Trends That Will Define The Digital Economy In 2021." Adobe Blog, 7 Dec 2020. Accessed 26 July 2022.

    “The Finer Points.“ Analytics Features. Google Marketing Platform, 2022. Accessed 26 July 2022.

    Fitzgerald, Anna. "A Beginner’s Guide to Web Analytics." HubSpot, 21 Sept 2022. Accessed 26 July 2022.

    "Form Abandonment: How to Avoid It and Increase Your Conversion Rates." Fullstory Blog, 7 April 2022. Accessed 26 July 2022.

    Fries, Dan. "Plug Sales Funnel Gaps by Identifying and Tracking Micro-Conversions." Clicky Blog, 9 Dec 2019. Accessed 7 July 2022.

    "Funnel Metrics in Saas: What to Track and How to Improve Them?" Userpilot Blog, 23 May 2022. Accessed 26 July 2022.

    Garg, Neha. "Digital Experimentation: 3 Key Steps to Building a Culture of Testing." Contentsquare, 21 June 2021. Accessed 26 July 2022.

    “Global Web Analytics Market Size, Status and Forecast 2021-2027.” 360 Research Reports, 25 Jan. 2021. Web.

    Hamilton, Stephanie. "5 Components of Successful Web Analytics." The Daily Egg, 2011. Accessed 26 July 2022.

    "Hammond, Patrick. "Step-by-Step Guide to Cohort Analysis & Reducing Churn Rate." Amplitude, 15 July 2022. Accessed 26 July 2022.

    Hawes, Carry. "What Is Session Replay? Discover User Pain Points With Session Recordings." Dynatrace, 20 Dec 2021. Accessed 26 July 2022.

    Huss, Nick. “How Many Websites Are There in the World?” Siteefy, 8 Oct. 2022. Web.

    Nelson, Hunter. "Establish Web Analytics and Conversion Tracking Foundations Using the Google Marketing Platform.” Tortoise & Hare Software, 29 Oct 2022. Accessed 26 July 2022.

    "Product Analytics Vs Product Experience Insights: What’s the Difference?" Hotjar, 14 Sept 2021. Accessed 26 July 2022.

    “Record and watch everything your visitors do." Inspectlet, n.d. Accessed 26 July 2022.

    “Ryanair: Using Web Analytics to Manage the Site’s Performance More Effectively and Improve Profitability." AT Internet, 1 April 2020. Accessed 26 July 2022.

    Sibor, Vojtech. "Introducing Cross-Platform Analytics.” Smartlook Blog, 5 Nov 2022. Accessed 26 July 2022.

    "Visualize Visitor Journeys Through Funnels.” VWO, n.d. Accessed 26 July 2022.

    "Web Analytics Market Share – Growth, Trends, COVID-19 Impact, and Forecasts (2022-2027)." Mordor Intelligence, 2022. Accessed 26 July 2022.

    “What is the Best Heatmap Tool for Real Results?” Crazy Egg, 27 April 2020. Web.

    "What Is Visitor Behavior Analysis?" VWO, 2022. Accessed 26 July 2022.

    Zheng, Jack G., and Svetlana Peltsverger. “Web Analytics Overview.” IGI Global, 2015. Accessed 26 July 2022.

    The Rush Trap: Why "Move Fast and Break Things" Breaks Your Business

    • Large vertical image:

    Most business leaders think that the best way to beat the competition is to push their development teams harder and demand faster delivery. I've seen the opposite happen many times.

    When you prioritize "shipping fast" and "getting to market first," you often end up taking the longest time to succeed, because your team must spend months, sometimes years, addressing the problems caused by your haste. On the surface, things appear to be improving, but internally, they can feel overwhelming. You will notice this impact on your staff.

    This is the harsh truth about rushing IT development:

    Every Shortcut Creates Two New Problems

    Here's what really happens in the codebase when you tell your team to "just get it done fast": you don't do proper input validation and sanitization because you say, "We'll add that later." And then you have to deal with SQL injection attacks and data breaches for months. This wasted time could have been avoided by using simple parameterized queries and validation frameworks.

    In 2024, the average cost of a data breach was $4.88 million. 73% of these breaches require more than 200 days to resolve. You only code for the happy flow, but real users submit incorrect data, experience network timeouts, and encounter failures with third-party APIs. 

    Your app crashes more than it should because you didn't set up proper error handling, or circuit breakers, or graceful degradation patterns. I know these take time to implement, but what would you rather have? Customers abandoning it?

    Businesses lose an average of $5,600 per minute when their systems go down, and e-commerce sites can lose up to $300,000 per hour during busy times. Instead of fixing the root causes of problems, you just patch them up with quick fixes. Instead of proper garbage collection, that memory leak gets a band-aid restart script. Instead of being optimized, the slow database query is cached.

    Soon, you will find yourself struggling to keep your building intact.

    To keep up with technical debt, companies usually have to spend 23–42% of their total IT budget each year.

    You don't do full testing because "writing unit tests takes longer than manual testing." This approach does not include load testing, test-driven development, or integration testing. Your first real test is when you have paying customers in production. Companies that don't test their software properly have 60% more bugs in their products and spend 40% more time fixing them than companies that do.

    You start without being able to properly monitor and see what's going on. There are no logging frameworks, no application performance monitoring, and no health checks in place. When things go wrong—and they will—it's difficult to figure out what's amiss. Without proper monitoring, it takes an average of 4.5 hours to find and fix IT problems. With full observability tools, it only takes 45 minutes.

    It's easy to see that every shortcut you take today will cause two new problems tomorrow. Each of those problems makes two more. You're going to be in a lot of trouble with technical debt, security holes, and unstable systems soon. All because you were in a hurry to meet some random deadline.

    The true cost of rushing in those "move fast and break things" success stories is often overlooked. You don't guarantee a quick time to market when you rush code to market. You're just making sure that failure to market happens quickly. Remember that most Silicon Valley break-movers lose millions, but you never read about those; you only read about the 1 in 350 VC-backed companies that make it. That is a staggering 0.29%. I would not bet on that strategy just yet.

    Because code that is rushed doesn't just break once. It breaks all the time. In production. This issue arises when dealing with real customers. At the worst times. Your developers are putting out fires instead of adding new features. Instead of adding the features that the customer asked for, they're fixing race conditions at 2 AM. They're patching vulnerabilities in dependencies rather than creating the next version.

    According to research, developers in environments with a lot of technical debt spend 42% of their time on maintenance and bug fixes, while those in well-architected systems spend only 23% of their time on these tasks. Bad code drives up your infrastructure costs by requiring more servers to handle the same load. Your database runs slower because no one took the time to make the right indexes or make the queries run faster. Unoptimized applications typically require 3 to 5 times more infrastructure resources, directly impacting your cloud computing and operational costs.

    The costs of getting new customers go up because products that are rushed have higher churn rates. People stop using apps that crash a lot or don't work well. For example, 53% of mobile users will stop using an app if it takes longer than 3 seconds to load. It costs 5 to 25 times more to get a new customer than to keep an old one.

    In the meantime, what about your competitor who took an extra month to set up proper error handling, security controls, and performance optimization? They're growing smoothly while you're still working on the base.

    The Slow Way Is the Quick Way

    Let me tell you a myth that is costing you millions: The race isn't about speed unless you're in a real winner-take-all market with huge network effects. It's about lasting.

    There is usually room for more than one winner in most markets. Your real job isn't to be the first to market; it's to still be there when the "fast movers" fail because they owe too much money. The businesses that are the biggest in their markets aren't usually the first ones there. They are the ones who took the time to use excellent software engineering practices from the start. They used well-known security frameworks like the OWASP guidelines to make their systems safe, set up the right authentication and authorization patterns, and made sure their APIs were designed with security and resilience in mind from the start.

    Companies that have good security practices have 76% fewer security incidents and save an average of $1.76 million for every breach they avoid. They wrote code for failure scenarios using patterns like retry logic with exponential backoff, circuit breakers to stop failures from spreading, and bulkhead isolation to keep problems from spreading.

    They set up full logging and monitoring so they could find problems before customers did. Systems that are built well and have the right resilience patterns are up 99.9% of the time, while systems that are built quickly are up 95% to 98% of the time. While you may believe that 95% to 98% uptime is an acceptable figure to agree to, take a moment to consider what that actually translates to in terms of downtime for your availability metrics. Remember that you should only calculate the times you really want to be available. This is due to the fact that any unavailability during your downtime is not taken into account. But failures do not take your opening hours into consideration. 

    Successful companies used domain-driven design to get the business requirements right, made complete API documentation, and built automated testing suites that found regressions before deployment. Companies that do a lot of testing deliver features 2.5 times faster and with 50% fewer bugs after deployment.

    They made sure that their environments were always the same by using infrastructure as code, setting up the right CI/CD pipelines with automated security scanning and regression testing, and planning for horizontal scaling from the start.

    Companies that have mature DevOps practices deploy 208 times more often and have lead times that are 106 times faster, all while being more reliable.

    What This Means for Your Process of Development

    The truth is that your development schedule isn't about meeting deadlines. The purpose is to create systems that function effectively when real people use them in real-life situations with actual data and at a large scale. If your code crashes under load because you didn't use the right caching strategies or database connection pooling, it doesn't matter how fast it is to market.

    If you neglect to conduct security code reviews and utilize static analysis tools, the likelihood of hacking increases significantly.

    Think about the return on investment: putting in an extra 20–30% up front for the right architecture, security, and testing usually cuts the total cost of ownership by 60–80% over the life of the application.

    The first "delay" of 2 to 4 weeks for proper engineering practices saves 6 to 12 months of fixing technical debt later on.

    You have a simple choice: either take the time to follow excellent software engineering practices now, or spend the next two years telling customers why your system is down again while your competitors take your market share. The companies that last and eventually take over choose quality engineering over random speed. I leave it up to your imagination as to what multi-trillion-dollar company immediately comes to mind.

    I am always up for a conversation.

    Make IT a Successful Partner in M&A Integration

    • Buy Link or Shortcode: {j2store}79|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • Many organizations forget the essential role IT plays during M&A integration. IT is often unaware of a merger or acquisition until the deal is announced, making it very difficult to adequately interpret business goals and appropriately assess the target organization.
    • IT-related integration activities are amongst the largest cost items in an M&A, yet these costs are often overlooked or underestimated during due diligence.
    • IT is expected to use the M&A team’s IT due diligence report and estimated IT integration budget, which may not have been generated appropriately.
    • IT involvement in integration is critical to providing a better view of risks, improving the ease of integration, and optimizing synergies.

    Our Advice

    Critical Insight

    • Anticipate that you are going to be under pressure. Fulfill short-term, tactical operational imperatives while simultaneously conducting discovery and designing the technology end-state.
    • To migrate risks and guide discovery, select a high-level IT integration posture that aligns with business objectives.

    Impact and Result

    • Once a deal has been announced, use this blueprint to set out immediately to understand business M&A goals and expected synergies.
    • Assemble an IT Integration Program to conduct discovery and begin designing the technology end-state, while simultaneously identifying and delivering operational imperatives and quick-wins as soon as possible.
    • Following discovery, use this blueprint to build initiatives and put together an IT integration budget. The IT Integration Program has an obligation to explain the IT cost implications of the M&A to the business.
    • Once you have a clear understanding of the cost of your IT integration, use this blueprint to build a long-term action plan to achieve the planned technology end-state that best supports the business capabilities of the organization.

    Make IT a Successful Partner in M&A Integration Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should follow Info-Tech’s M&A IT integration methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the project

    Define the business’s M&A goals, assemble an IT Integration Program, and select an IT integration posture that aligns with business M&A strategy.

    • Make IT a Successful Partner in M&A Integration – Phase 1: Launch the Project
    • IT Integration Charter

    2. Conduct discovery and design the technology end-state

    Refine the current state of each IT domain in both organizations, and then design the end-state of each domain.

    • Make IT a Successful Partner in M&A Integration – Phase 2: Conduct Discovery and Design the Technology End-State
    • IT Integration Roadmap Tool

    3. Initiate operational imperatives and quick-wins

    Generate tactical operational imperatives and quick-wins, and then develop an interim action plan to maintain business function and capture synergies.

    • Make IT a Successful Partner in M&A Integration – Phase 3: Initiate Operational Imperatives and Quick-Wins

    4. Develop an integration roadmap

    Generate initiatives and put together a long-term action plan to achieve the planned technology end-state.

    • Make IT a Successful Partner in M&A Integration – Phase 4: Develop an Integration Roadmap
    [infographic]

    Workshop: Make IT a Successful Partner in M&A Integration

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the Project

    The Purpose

    Identification of staffing and skill set needed to manage the IT integration.

    Generation of an integration communication plan to highlight communication schedule during major integration events.

    Identification of business goals and objectives to select an IT Integration Posture that aligns with business strategy.

    Key Benefits Achieved

    Defined IT integration roles & responsibilities.

    Structured communication plan for key IT integration milestones.

    Creation of the IT Integration Program.

    Generation of an IT Integration Posture.

    Activities

    1.1 Define IT Integration Program responsibilities.

    1.2 Build an integration communication plan.

    1.3 Host interviews with senior management.

    1.4 Select a technology end-state and IT integration posture.

    Outputs

    Define IT Integration Program responsibilities and goals

    Structured communication plan

    Customized interview guide for each major stakeholder

    Selected technology end-state and IT integration posture

    2 Conduct Discovery and Design the Technology End-State

    The Purpose

    Identification of information sources to begin conducting discovery.

    Definition of scope of information that must be collected about target organization.

    Definition of scope of information that must be collected about your own organization.

    Refinement of the technology end-state for each IT domain of the new entity. 

    Key Benefits Achieved

    A collection of necessary information to design the technology end-state of each IT domain.

    Adequate information to make accurate cost estimates.

    A designed end-state for each IT domain.

    A collection of necessary, available information to make accurate cost estimates. 

    Activities

    2.1 Define discovery scope.

    2.2 Review the data room and conduct onsite discovery.

    2.3 Design the technology end-state for each IT domain.

    2.4 Select the integration strategy for each IT domain.

    Outputs

    Tone set for discovery

    Key information collected for each IT domain

    Refined end-state for each IT domain

    Refined integration strategy for each IT domain

    3 Initiate Tactical Initiatives and Develop an Integration Roadmap

    The Purpose

    Generation of tactical initiatives that are operationally imperative and will help build business credibility.

    Prioritization and execution of tactical initiatives.

    Confirmation of integration strategy for each IT domain and generation of initiatives to achieve technology end-states.

    Prioritization and execution of integration roadmap.

    Key Benefits Achieved

    Tactical initiatives generated and executed.

    Confirmed integration posture for each IT domain.

    Initiatives generated and executed upon to achieve the technology end-state of each IT domain. 

    Activities

    3.1 Build quick-win and operational imperatives.

    3.2 Build a tactical action plan and execute.

    3.3 Build initiatives to close gaps and redundancies.

    3.4 Finalize your roadmap and kick-start integration.

    Outputs

    Tactical roadmap to fulfill short-term M&A objectives and synergies

    Confirmed IT integration strategies

    Finalized integration roadmap

    The ESG Imperative and Its Impact on Organizations

    • Buy Link or Shortcode: {j2store}196|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • Global regulatory climate disclosure requirements are still evolving and are not consistent.
    • Sustainability is becoming a corporate imperative, but IT’s role is not fully clear.
    • The environmental, social, and governance (ESG) data challenge is large and continually expanding in scope.
    • Collecting the necessary data and managing ethical issues across supply chains is a daunting task.
    • Communicating long-term value is difficult when customer and employee expectations are shifting.

    Our Advice

    Critical Insight

    • An organization's approach to ESG cannot be static or tactical. It is a moving landscape that requires a flexible, holistic approach across the organization. Cross-functional coordination is essential in order to be ready to respond to changing conditions.
    • Even though the ESG data requirements are large and continually expanding in scope, many organizations have well-established data frameworks and governance practices in place to meet regulatory obligations such as Sarbanes–Oxley that should used as a starting point.

    Impact and Result

    • Organizations will have greater success if they focus their ESG program efforts on the ESG factors that will have a material impact on their company performance and their key stakeholders.
    • Continually evaluating the evolving ESG landscape and its impact on key stakeholders will enable organizations to react quickly to changing conditions.
    • A successful ESG program requires a collaborative and integrated approach across key business stakeholders.
    • Delivering high-quality metrics and performance indicators requires a flexible and digital data approach, where possible, to enable data interoperability.

    The ESG Imperative and Its Impact on Organizations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. The ESG Imperative and Its Impact on Organizations Deck – Learn why sustainability is becoming a key measurement of corporate performance and how to set your organization up for success.

    Understand the foundational components and drivers of the broader concept of sustainability: environmental, social, and governance (ESG) and IT’s roles within an organization’s ESG program. Learn about the functional business areas involved, the roles they play and how they interact with each other to drive program success.

    • The ESG Imperative and Its Impact on Organizations Storyboard

    Infographic

    Further reading

    The ESG Imperative and Its Impact on Organizations

    Design to enable an active response to changing conditions.

    Analyst Perspective

    Environmental, social, and governance (ESG) is a corporate imperative that is tied to long-term value creation. An organization's social license to operate and future corporate performance depends on managing ESG factors well.

    Central to an ESG program is having a good understanding of the ESG factors that may have a material impact on enterprise value and key internal and external stakeholders. A comprehensive ESG strategy supported by strong governance and risk management is also essential to success.

    Capturing relevant data and applying it within risk models, metrics, and internal and external reports is necessary for sharing your ESG story and measuring your progress toward meeting ESG commitments. Consequently, the data challenges have received a lot of attention, and IT leaders have a role to play as strategic partner and enabler to help address these challenges. However, ESG is more than a data challenge, and IT leaders need to consider the wider implications in managing third parties, selecting tools, developing supporting IT architecture, and ensuring ethical design.

    For many organizations, the ESG program journey has just begun, and collaboration between IT and risk, procurement, and compliance will be critical in shaping program success.

    This is a picture of Donna Bales, Principal Research Director, Info-Tech Research Group

    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Global regulatory climate disclosure requirements are still evolving and are not consistent.
    • Sustainability is becoming a corporate imperative, but IT's role is not fully clear.
    • The ESG data challenge is large and continually expanding in scope.
    • Collecting the necessary data and managing ethical issues across supply chains is a daunting task.
    • Communicating long-term value is difficult when customer and employee expectations are shifting.

    Common Obstacles

    • The data necessary for data-driven insights and accurate disclosure is often hampered by inaccurate and incomplete primary data.
    • Other challenges include:
      • Approaching ESG holistically and embedding it into existing governance, risk, and IT capabilities.
      • Building knowledge and adapting culture throughout all levels of the organization.
      • Monitoring stakeholder sentiment and keeping strategy aligned to expectations.

    Info-Tech's Approach

    • Use this blueprint to educate yourself on ESG factors and the broader concept of sustainability.
    • Learn about Info-Tech's ESG program approach and use it as a framework to begin your ESG program journey.
    • Identify changes that may be needed in your organizational operating model, strategy, governance, and risk management approach.
    • Discover areas of IT that may need to be prioritized and resourced.

    Info-Tech Insight

    An organization's approach to ESG cannot be static or tactical. ESG is a moving landscape that requires a flexible, holistic approach across the organization. It must become part of the way you work and enable an active response to changing conditions.

    This is an image of Info-Tech's thoughtmap for eight steps of the ESG Program Journey

    Putting ESG in context

    ESG has moved beyond the tipping point to corporate table stakes

    • In recent years, ESG issues have moved from voluntary initiatives driven by corporate responsibility teams to an enterprise-wide strategic imperative.
    • Organizations are no longer being measured by financial performance but by how they contribute to a sustainable and equitable future, such as how they support sustainable innovation through their business models and their focus on collaboration and inclusion.
    • A corporation's efforts toward sustainability is measured by three components: environmental, social, and governance.

    Sustainability

    The ability of a corporation and broader society to endure and survive over the long term by managing adverse impacts well and promoting positive opportunities.

    This is an image of the United Nation's 17 sustainable goals.

    Source: United Nations

    Putting "E," "S," and "G" in context

    Corporate sustainability depends on managing ESG factors well

    • Environmental, social, and governance are the component pieces of a sustainability framework that is used to understand and measure how an organization impacts or is affected by society as a whole.
    • Human activities, particularly fossil fuel burning since the mid twentieth century, have increased greenhouse gas concentration, resulting in observable changes to the atmosphere, ocean, cryosphere, and biosphere.
    • The E in ESG relates to the positive and negative impacts an organization may have on the environment, such as the energy it takes in and the waste it discharges.
    • The S in ESG is the most ambiguous component in the framework, as social impact relates not only to risks but also prosocial behaviour. It's the most difficult to measure but can have significant financial and reputational impact on corporations if material and poorly managed.
    • The G in ESG is foundational to the realization of S and E. It encompasses how well an organization integrates these considerations into the business and how well the organization engages with key stakeholders, receives feedback, and is transparent with its intentions.

    Common examples of ESG issues include: Environmental: Climate change, greenhouse gas emissions (CHG), deforestation, biodiversity, pollution, water, waste, extended producer responsibility, etc. Social: Customer relations, employee relations, labor, human rights, occupational health and safety, community relations, supply chains, etc. Governance: Board management practices, succession planning, compensation, diversity, equity and inclusion, regulatory compliance, corruption, fraud, data hygiene and security, etc. Source: Getting started with ESG - Sustainalytics

    Understanding the drivers behind ESG

    $30 trillion is expected to be transferred from the baby boomers to Generation Z and millennials over the next decade
    – Accenture

    Drivers

    • The rapid rise of ESG investing
    • The visibility of climate change is driving governments, society, and corporations to act and to initiate and support net zero goals.
    • A younger demographic that has strong convictions and financial influence
    • A growing trend toward mandatory climate and diversity, equity, and inclusion (DEI) disclosures required by global regulators
    • Recent emphasis by regulators on board accountability and fiduciary duty
    • Greater societal awareness of social issues and sustainability
    • A new generation of corporate leadership that is focused on sustainable innovation

    The evolving regulatory landscape

    Global regulators are mobilizing toward mandatory regulatory climate disclosure

    Canada

    • Canadian Securities Administrators (CSA) NI 51-107 Disclosure of Climate-related Matters

    Europe

    • European Commission, Sustainable Finance Disclosure Regulation (SFDR)
    • European Commission, EU Supply Chain Act
    • Germany – The German Supply Chain Act (GSCA)
    • Financial Conduct Authority UK, Proposal (DP 21/4) Sustainability Disclosure Requirements and investment labels
    • UK Modern Slavery Act, 2015

    United States

    • Securities and Exchange Commission (SEC) 33-11042– The Enhancement and Standardization of Climate-Related Disclosures for Investors
    • SEC 33-11038 Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
    • Nasdaq Board Diversity Rule (5605(f))

    New Zealand

    • New Zealand, The Financial Sector (Climate-related Disclosures and Other Matters) Amendment Act 2021

    Begin by setting your purpose

    Consider your role as a corporation in society and your impact on key stakeholders

    • The impact of a corporation can no longer be solely measured by financial impact but also its impact on social good. Corporations have become real-world actors that impact and are affected by the environment, people, and society.
    • An ESG program should start with defining your organization's purpose in terms of corporate responsibility, the role it will play, and how it will endure over time through managing adverse impacts and promoting positive impacts.
    • Corporations should look inward and outward to assess the material impact of ESG factors on their organization and key internal and external stakeholders.
    • Once stakeholders are identified, consider how the ESG factors might be perceived by delving into what matters to stakeholders and what drives their behavior.

    Understanding your stakeholder landscape is essential to achieving ESG goals

    Internal Stakeholders: Board; Management; Employees. External Stakeholders: Activists; Regulators; Customers; Lenders; Government; Investors; Stakeholders; Community; Suppliers

    Assess ESG impact

    Materiality assessments help to prioritize your ESG strategy and enable effective reporting

    • The concept of materiality as it relates to ESG is the process of gaining different perspectives on ESG issues and risks that may have significant impact (both positive and negative) on or relevance to company performance.
    • The objective of a materiality assessment is to identify material ESG issues most critical to your organization by looking a broad range of social and environmental factors. Its purpose is to narrow strategic focus and enable an organization to assess the impact of financial and non-financial risks aggregately.
    • It helps to make the case for ESG action and strategy, assess financial impact, get ahead of long-term risks, and inform communication strategies.
    • Organizations can leverage assessment tools from Sustainalytics or SASB Standards to help assess ESG risks or use guidance or benchmarking information from industry associations.

    Info-Tech Insight

    Survey key stakeholders to obtain a more holistic viewpoint of expectations and the industry landscape and gain credibility through the process.

    Use a materiality matrix to understand ESG exposure

    This is an image of a materiality matrix used to understand ESG exposure.

    Example: Beverage Company

    Follow a holistic approach

    To deliver on your purpose, sustainability must be integrated throughout the organization

    • An ESG program cannot be implemented in a silo. It must be anchored on its purpose and supported by a strong governance structure that is intertwined with other functional areas.
    • Effective governance is essential to instill trust, support sound decision making, and manage ESG.
    • Governance extends beyond shareholder rights to include many other factors, such as companies' interactions with competitors, suppliers, and governments. More transparency is sought on:
      • Corporate behavior, executive pay, and oversight of controls.
      • Board diversity, compensation, and skill set.
      • Oversight of risk management, particularly risks related to fraud, product, data, and cybersecurity

    "If ESG is the framework of non-financial risks that may have a material impact on the company's stakeholders, corporate governance is the process by which the company's directors and officers manage those risks."
    – Zurich Insurance

    A pyramid is depicted. The top of the pyramid is labeled Continual Improvement, and the following terms are inside this box. Governance: Strategy; Risk Management; Metrics & Targets. At the bottom of the pyramid is a box with right facing arrows, labeled Transparency and Disclosure. This is Informed by the TCFD Framework

    Governance and organization approach

    There is no one-size-fits-all approach

    47% of companies reported that the full board most commonly oversees climate related risks and opportunities while 20% delegate to an existing board governance committee (EY Research, 2021).

    • The organizational approach to ESG will differ across industry segments and corporations depending on material risks and their upstream and downstream value change. However, the accountability for ESG sits squarely at the CEO and board level.
    • Some organizations have taken the approach of hiring a Chief Sustainability Officer to work alongside the CEO on execution of ESG goals and stakeholder communication, while others use other members of the strategic leadership to drive the desired outcomes.
    Governance Layer Responsibilities
    Board
    • Overall accountability lies with the full board. Some responsibilities may be delegated to newly formed dedicated ESG governance committee.
    Oversight
    Executive leadership
    • Accountable for sustainability program success and will work with CEO to set ESG purpose and goals.
    Oversight and strategic direction
    Management
    • Senior management drives execution; sometimes led by a cross-functional committee.
    Execution

    Strategy alignment

    "74% of finance leaders say that investors increasingly use nonfinancial information in their decision-making."

    – "Aligning nonfinancial reporting..." EY, 2020

    • Like any journey, the ESG journey requires knowing where you are starting from and where you are heading to.
    • Once your purpose is crystalized, identify and surface gaps between where you want to go as an organization (your purpose and goals) and what you need to deliver as an organization to meet the expectations of your internal and external stakeholders (your output).
    • Using the results of the materiality assessment, weigh the risk, opportunities, and financial impact to help prioritize and determine vulnerabilities and where you might excel.
    • Finally, evaluate and make changes to areas of your business that need development to be successful (culture, accountability and board structure, ethics committee, etc.)

    Gap analysis example for delivering reporting requirements

    Organizational Goals

    • Regulatory Disclosure
      • Climate
      • DEI
      • Cyber governance
    • Performance Tracking/Annual Reporting
      • Corporate transparency on ESG performance via social, annual circular
    • Evidence-Based Business Reporting
      • Risk
      • Board
      • Suppliers

    Risk-size your ESG goals

    When integrating ESG risks, stick with a proven approach

    • Managing ESG risks is central to making sound organizational decisions regarding sustainability but also to anticipating future risks.
    • Like any new risk type, ESG risk should be interwoven into your current risk management and control framework via a risk-based approach.
    • Yet ESG presents some new risk challenges, and some risk areas may need new control processes or enhancements.
    NET NEW ENHANCEMENT
    Climate disclosure Data quality management
    Assurance specific to ESG reporting Risk sensing and assessment
    Supply chain transparency tied back to ESG Managing interconnections
    Scenario analysis
    Third-party ratings and monitoring

    Info-Tech Insight

    Integrate ESG risks early, embrace uncertainty by staying flexible, and strive for continual improvement.

    A funnel chart is depicted. The inputs to the funnel are: Strategy - Derive ESG risks from strategy, and Enterprise Risk Appetite. Inside the funnel, are the following terms: ESG; Data; Cyber. The output of the funnel is: Evidence based reporting ESG Insights & Performance metrics

    Managing supplier risks

    Suppliers are a critical input into an organization's ESG footprint

    "The typical consumer company's supply chain ... [accounts] for more than 80% of greenhouse-gas emissions and more than 90% of the impact on air, land, water, biodiversity, and geological resources."
    – McKinsey & Company, 2016

    • Although companies are accustomed to managing third parties via procurement processes, voluntary due-diligence, and contractual provisions, COVID-19 surfaced fragility across global supply chains.
    • The mismanagement of upstream and downstream risks of supply chains can harm the reputation, operations, and financial performance of businesses.
    • To build resiliency to and visibility of supply chain risk, organizations need to adapt current risk management programs, procurement practices, and risk assessment tools and techniques.
    • Procurement departments have an enhanced function, effectively acting as gatekeepers by performing due diligence, evaluating performance, and strengthening the supplier relationship through continual feedback and dialogue.
    • Technologies such as blockchain and IoT are starting to play a more dominant role in supply chain transparency.

    Raw materials are upstream and consumers are downstream.

    "Forty-five percent of survey respondents say that they either have no visibility into their upstream supply chain or that they can see only as far as their first-tier suppliers."
    – "Taking the pulse of shifting supply chains," McKinsey & Company, 2022

    Metrics and targets

    Metrics are key to stakeholder transparency, measuring performance against goals, and surfacing organizational blind spots

    • ESG metrics are qualitative or quantitative insights that measure organizations' performance against ESG goals. Along with traditional business metrics, they assist investors with assessing the long-term performance of companies based on non-financial ESG risks and opportunities.
    • Metrics, key performance indicators (KPIs), and key risk indicators (KRIs) are used to measure how ESG factors affect an organization and how an organization may impact any of the underlying issues related to each ESG factor.
    • There are several reporting standards that offer specific ESG performance metrics, such as the Global Reporting Institute (GRI), Sustainability Accounting Standards Board (SASB), and World Economic Forum (WEF).
    • For climate-related disclosures, global regulators are converging on the Task Force for Climate-related Disclosures (TCFD) and the International Sustainability Standards Board (ISSB).

    Example metrics for ESG factors

    Example metrics for environment include greenhouse gas emissions, water footprint, renewable energy share, and % of recycled material. Example social metrics include rates of injury, proportion of spend on local supplies, and percentage of gender or ethnic groups in management roles. Example governance metrics include annual CEO compensation compared to median, number of PII data breaches, and completed number of supplier assessments.

    The impact of ESG on IT

    IT plays a critical role in achieving ESG goals

    • IT groups have a critical role to play in helping organizations develop strategic plans to meet ESG goals, measure performance, monitor risks, and deliver on disclosure requirements.
    • IT's involvement extends from the CIO providing input at a strategic level to leading the charge within IT to instill new goals and adapt the culture toward one focused on sustainability.
    • To set the tone, CIOs should begin by updating their IT governance structure and setting ESG goals for IT.
    • IT leaders will need to think about resource use and efficiency and incorporate this into their IT strategy.

    Info-Tech Insight

    IT leaders need to work collaboratively with risk management to optimize decision making and continually improve ESG performance and disclosure.

    "A great strategy meeting is a meeting of the minds."
    – Max McKeown

    The data challenge

    The ESG data requirement is large and continually expanding in scope

    • To meet ESG objectives, corporations are challenged with collecting non-financial data from across functional business and geographical locations and from their supplier base and supply chains.
    • One of the biggest impediments to ESG implementation is the lack of high-quality data and of mature processes and tools to support data collection.
    • The data challenge is compounded by the availability and usability of data, immature and fragmented standards that hinder comparability, and workflow integration.

    Info-Tech Insight

    Keep your data model flexible and digital where possible to enable data interoperability.

    A flow chart is depicted. the top box is labeled ESG Program. Below that are Boxes labeled Tactical and Strategic. Below the Tactical Box, is a large X showing a lack of connection to the following points: Duplicative; Inefficient/Costly. Below the box labeled Strategic are the following terms: Data-Driven; Reusable; Digital.

    "You can have data without information, but you cannot have information without data."
    – Daniel Keys Moran

    It's more than a data challenge

    Organizations will rely on IT for execution, and IT leaders will need to be ready

    Data Management: Aggregated Reporting; Supplier Management; Cyber Management; Operational Management; Ethical Design(AI, Blockchain); IT Architecture; Resource Efficiency; Processing & Tooling; Supplier Assessment.

    Top impacts on IT departments

    1. ESG requires corporations to keep track of ESG-related risks of third parties. This will mean more robust assessments and monitoring.
    2. Many areas of ESG are new and will require new processes and tools.
    3. The SEC has upped the ante recently, requiring more rigorous accountability and reporting on cyber incidents.
    4. New IT systems and architecture may be needed to support ESG programs.
    5. Current reporting frameworks may need updating as regulators move to digital.
    6. Ethical design will need to be considered when AI is used to support risk/data management and when it is used as part of product solutions.

    Key takeaways

    • It's critical for organizations to look inward and outward to assess the material impact of ESG factors on their organization and key internal and external stakeholders.
    • ESG requires a flexible, holistic approach across the organization. It must become part of the way you work and enable an active response to changing conditions.
    • ESG introduces new risks that should not be viewed in isolation but interwoven into your current risk management and control framework via a risk-based approach.
    • Identify and integrate risks early, embrace uncertainty by staying flexible, and strive for continual improvement.
    • Metrics are key to telling your ESG story. Place the appropriate importance on the information that will be reported.
    • Recognize that the data challenge is complex and evolving and design your data model to be flexible, interoperable, and digital.
    • IT's role is far reaching, and IT will have a critical part in managing third parties, selecting tools, developing supporting IT architecture, and using ethical design.

    Definitions

    TERM DEFINITON
    Corporate Social Responsibility Management concept whereby organizations integrate social and environmental concerns in their operations and interactions with their stakeholders.
    Chief Sustainability Officer Steers sustainability commitments, helps with compliance, and helps ensure internal commitments are met. Responsibilities may extend to acting as a liaison with government and public affairs, fostering an internal culture, acting as a change agent, and leading delivery.
    ESG An acronym that stands for environment, social, and governance. These are the three components of a sustainability program.
    ESG Standard Contains detailed disclosure criteria including performance measures or metrics. Standards provide clear, consistent criteria and specifications for reporting. Typically created through consultation process.
    ESG Framework A broad contextual model for information that provides guidance and shapes the understanding of a certain topic. It sets direction but does not typically delve into the methodology. Frameworks are often used in conjunction with standards.
    ESG Factors The factors or issues that fall under the three ESG components. Measures the sustainability performance of an organization.
    ESG Rating An aggregated score based on the magnitude of an organization's unmanaged ESG risk. Ratings are provided by third-party rating agencies and are increasingly being used for financing, transparency to investors, etc.
    ESG Questionnaire ESG surveys or questionnaires are administered by third parties and used to assess an organization's sustainability performance. Participation is voluntary.
    Key Risk Indicator (KRI) A measure to indicate the potential presence, level, or trend of a risk.
    Key Performance Indicator (KPI) A measure of deviation from expected outcomes to help a firm see how it is performing.
    Materiality Material topics are topics that have a direct or indirect impact on an organization's ability to create, preserve, or erode economic, environment and social impact for itself and its stakeholder and society as a whole
    Materiality Assessment A materiality assessment is a tool to identify and prioritize the ESG issues most critical to the organization.
    Risk Sensing The range of activities carried out to identify and understand evolving sources of risk that could have a significant impact on the organization (e.g. social listening).
    Sustainability The ability of an organization and broader society to endure and survive over the long term by managing adverse impacts well and promoting positive opportunities.
    Sustainalytics Now part of Morningstar. Sustainalytics provides ESG research, ratings, and data to institutional investors and companies.
    UN Guiding Principles on Business and Human Rights (UNGPs) UN Guiding Principles on Business and Human Rights (UNGPs) provide an essential methodological foundation for how impacts across all dimensions should be assessed.

    Reporting & standard frameworks

    STANDARD DEFINITION AND FOCUS
    CDP CDP has created standards and metrics for comparing sustainability impact. Focuses on environmental data (e.g. carbon, water, and forests) and on data disclosure and benchmarking.
    (Formally Carbon Disclosure Project) Audience: All stakeholders
    Dow Jones Sustainability Indices (DJSI) Heavy on corporate governance and company performance. Equal balance of economic, environmental, and social.
    Audience: All stakeholders
    Global Reporting Initiative (GRI) International standards organization that has a set of standards to help organizations understand and communicate their impacts on climate change and social responsibility. The standard has a strong emphasis on transparency and materiality, especially on social issues.
    Audience: All stakeholders
    International Sustainability Standards Board (ISSB) Standard-setting board that sits within the International Financial Reporting Standards (IFRS) Foundation. The IFRS Foundation is a not-for-profit, public-interest organization established to develop high-quality, understandable, enforceable, and globally accepted accounting and sustainability disclosure standards.
    Audience: Investor-focused
    United Nations Sustainable Development Goals (UNSDG) Global partnership across sectors and industries to achieve sustainable development for all (17 Global Goals)
    Audience: All stakeholders
    Sustainability Accounting Standards Board (SASB) Industry-specific standards to help corporations select topics that may impact their financial performance. Focus on material impacts on financial condition or operating performance.
    Audience: Investor-focused
    Task Force Of Climate-related Disclosures (TCFD; created by the Financial Stability Board) Standards framework focused on the impact of climate risk on financial and operating performance. More broadly the disclosures inform investors of positive and negative measures taken to build climate resilience and make transparent the exposure to climate-related risk.
    Audience: Investors, financial stakeholders

    Bibliography

    Anne-Titia Bove and Steven Swartz, McKinsey, "Starting at the source: Sustainability in supply chains", 11 November 2016

    Accenture, "The Greater Wealth Transfer – Capitalizing on the intergenerational shift in wealth", 2012

    Beth Kaplan, Deloitte, "Preparing for the ESG Landscape, Readiness and reporting ESG strategies through controllership playbook", 15 February 2022

    Bjorn Nilsson et al, McKinsey & Company, "Financial institutions and nonfinancial risk: How corporates build resilience," 28 February 2022

    Bolden, Kyle, Ernst and Young, "Aligning nonfinancial reporting with your ESG strategy to communicate long-term value", 18 Dec. 2020

    Canadian Securities Administrators, "Canadian securities regulators seek comment on climate-related disclosure requirements", 18 October 2021

    Carol A. Adams et al., Global Risk Institute, "The double-materiality concept, Application and issues", May 2021

    Dunstan Allison-Hope et al, BSR, "Impact-Based Materiality, Why Companies Should-Focus Their Assessments on Impacts Rather than Perception", 3 February 2022

    EcoVadis, "The World's Most Trusted Business Sustainability Ratings",

    Ernst and Young, "Four opportunities for enhancing ESG oversight", 29 June 2021

    Federal Ministry of Labour and Social Affairs, The Act on Corporate Due Diligence Obligations in Supply Chains (Gesetz über die unternehmerischen Sorgfaltspflichten in Lieferketten)", Published into Federal Law Gazette, 22, July 2021

    "What Every Company Needs to Know", Sustainalytics

    Global Risk Institute, The GRI Perspective, "The materiality madness: why definitions matter", 22 February 2022

    John P Angkaw "Applying ERM to ESG Risk Management", 1 August 2022

    Hillary Flynn et al., Wellington Management, "A guide to ESG materiality assessments", June 2022

    Katie Kummer and Kyle Lawless, Ernst and Young, "Five priorities to build trust in ESG", 14 July 2022

    Knut Alicke et al., McKinsey & Company, "Taking the pulse of shifting supply chains", 26 August 2022

    Kosmas Papadopoulos and Rodolfo Arauj. The Harvard School Forum on Corporate Governance, "The Seven Sins of ESG Management", 23 September 2020

    KPMG, Sustainable Insight, "The essentials of materiality assessment", 2014

    Lorraine Waters, The Stack, "ESG is not an environmental issue, it's a data one", 20 May 2021

    Marcel Meyer, Deloitte, "What is TCFD and why does it matter? Understanding the various layers and implications of the recommendations",

    Michael W Peregnne et al., "The Harvard Law School Forum on Corporate Governance, The Important Legacy of the Sarbanes Oxley Act," 30 August 2022

    Michael Posner, Forbes, "Business and Human Rights: Looking Ahead To The Challenges Of 2022", 15 December 2021

    Myles Corson and Tony Kilmas, Ernst and Young, "How the CFO can balance competing demands and drive future growth", 3 November 2020

    Novisto, "Navigating Climate Data Disclosure", 2022

    Novisto, "XBRL is coming to corporate sustainability reporting", 17 April 2022

    "Official Journal of the European Union, Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability-related disclosures in the financial services sector", 9 December 2019

    Osler, "ESG and the future of sustainability", Podcast, 01 June 2022

    Osler, "The Rapidly Evolving World of ESG Disclosure: ISSB draft standards for sustainability and climate related disclosures", 19 May 2022

    Sarwar Choudhury and Zach Johnston, Ernst and Young "Preparing for Sox-Like ESG Regulation", 7 June 2022

    Securities and Exchange Commission, "The Enhancement and Standardization of Climate-related Disclosures for Investors", 12 May 2022

    "Securities and Exchange Commission, SEC Proposes Rules on Cybersecurity, Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, 9 May 2022

    Sean Brown and Robin Nuttall, McKinsey & Company, "The role of ESG and purpose", 4 January 2022

    Statement by Chair Gary Gensler, "Statement on ESG Disclosure Proposal", 25 May 2022

    Svetlana Zenkin and Peter Hennig, Forbes, "Managing Supply Chain Risk, Reap ESG Rewards", 22 June 2022

    Task Force on Climate Related Financial Disclosures, "Final Report, Recommendations of the Task Force on Climate-related Financial Disclosures", June 2017

    World Economic Forum, "Why sustainable governance and corporate integrity are crucial for ESG", 29 July 2022

    World Economic Forum (in collaboration with PwC) "How to Set Up Effective Climate Governance on Corporate Boards, Guiding Principles and questions", January 2019

    World Economic Forum, "Defining the "G" in ESG Governance Factors at the Heart of Sustainable Business", June 2022

    World Economic Forum, "The Risk and Role of the Chief Integrity Officer: Leadership Imperatives in and ESG-Driven World", December 2021

    World Economic Forum, "How to Set Up Effective Climate Governance on Corporate Boards Guiding principles and questions", January 2019

    Zurich Insurance, "ESG and the new mandate for corporate governance", 2022

    AI Governance

    • Buy Link or Shortcode: {j2store}206|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $389 Average $ Saved
    • member rating average days saved: 3 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • The use of AI and machine learning (ML) has gained momentum as organizations evaluate the potential applications of AI to enhance the customer experience, improve operational efficiencies, and automate business processes.
    • Growing applications of AI have reinforced concerns about ethical, fair, and responsible use of the technology that assists or replaces human decision making.

    Our Advice

    Critical Insight

    • Implementing AI systems requires careful management of the AI lifecycle, governing data, and machine learning model to prevent unintentional outcomes not only to an organization’s brand reputation but, more importantly, to workers, individuals, and society.
    • When adopting AI, it is important to have a strong ethical and risk management framework surrounding its use.

    Impact and Result

    • AI governance enables management, monitoring, and control of all AI activities within an organization.

    AI Governance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. AI Governance Deck – A framework for building responsible, ethical, fair, and transparent AI.

    Create the foundation that enables management, monitoring, and control of all AI activities within the organization. The AI governance framework will allow you to define an AI risk management approach and defines methodology for managing and monitoring the AI/ML models in production.

    • AI Governance Storyboard
    [infographic]

    Further reading

    AI Governance

    A Framework for Building Responsible, Ethical, Fair, and Transparent AI

    Are you ready for AI?

    Business leaders must manage the associated risks as they scale their use of AI

    In recent years, following technological breakthroughs and advances in development of machine learning (ML) models and management of large volumes of data, organizations are scaling their use of artificial intelligence (AI) technologies.

    The use of AI and ML has gained momentum as organizations evaluate the potential applications of AI to enhance the customer experience, improve operational efficiencies, and automate business processes.

    Growing applications of AI have reinforced concerns about ethical, fair, and responsible use of the technology that assists or replaces human decision-making.

    Implementing AI systems requires careful management of the AI lifecycle, governing data, and machine learning model to prevent unintentional outcomes not only to an organization’s brand reputation but also, more importantly, to workers, individuals, and society. When adopting AI, it is important to have strong ethical and risk management frameworks surrounding its use.

    “Responsible AI is the practice of designing, building and deploying AI in a manner that empowers people and businesses, and fairly impacts customers and society – allowing companies to engender trust and scale AI with confidence.” (World Economic Forum)

    Regulations and risk assessment tools

    Governments around the world are developing AI assessment methodologies and legislation for AI. Here are a couple of examples:

    • Responsible use of artificial intelligence (AI) guiding principles (Canada):
      1. understand and measure the impact of using AI by developing and sharing tools and approaches
      2. be transparent about how and when we are using AI, starting with a clear user need and public benefit
      3. provide meaningful explanations about AI decision-making, while also offering opportunities to review results and challenge these decisions
      4. be as open as we can by sharing source code, training data, and other relevant information, all while protecting personal information, system integration, and national security and defense
      5. provide sufficient training so that government employees developing and using AI solutions have the responsible design, function, and implementation skills needed to make AI-based public services better
    • The Algorithmic Impact Assessment tool (Canada) is used to determine the impact level of an automated decision-system. It defines 48 risk and 33 mitigation questions. Assessment scores consider factors such as systems design, algorithm, decision type, impact, and data.
    • The National AI Initiative Act of 2020 (DIVISION E, SEC. 5001) (US) became law on January 1, 2021. This is a program across the entire Federal government to accelerate AI research and application.
    • Bill C-27, Artificial Intelligence and Data Act (AIDA) (Canada), when passed, would be the first law in Canada regulating the use of artificial intelligence systems.
    • The EU Artificial Intelligence Act (EU) assigns applications of AI to three risk categories: applications and systems that create an unacceptable risk, such as government-run social scoring; high-risk applications, such as a CV-scanning tool that ranks job applicants; and lastly, applications not explicitly listed as high-risk.
    • The FEAT Principles Assessment Methodology was created by the Monetary Authority of Singapore (MAS) in collaboration with other 27 industry partners for financial institutions to promote fairness, ethics, accountability, and transparency (FEAT) in the use of artificial intelligence and data analytics (AIDA).

    AI policies around the world

    Map of AI policies around the world, marked by circles of varying color and size. The legend on the right indicates '# of AI Policies (2019-2021)' by color.
    Source of data: OECD.AI (2021), powered by EC/OECD (2021), database of national AI policies, accessed on 7/09/2022, https://oecd.ai.

    The need for AI governance

    “To adopt AI, organizations will need to review and enhance their processes and governance frameworks to address new and evolving risks.” (Canadian RegTech Association, Safeguarding AI Use Through Human-Centric Design, 2020)

    To ensure responsible, transparent, and ethical AI systems, organizations will need to review existing risk control frameworks and update them to include AI risk management and impact assessment frameworks and processes.

    As ML and AI technologies are constantly evolving, the AI governance and AI risk management frameworks will need to evolve to ensure the appropriate safeguards and controls are in place.

    This applies not only to the machine learning models and AI system custom built by the organization’s data science and AI team, but it also includes AI-powered vendor tools and technologies. The vendors should be able to explain how AI is used in their products, how the model was trained, and what data was used to train the model.

    AI governance enables management, monitoring, and control of all AI activities within an organization.

    Stock image of a chip o a circuitboard labelled 'AI'.

    Key concepts

    Info-Tech Research Group defines the key terms used in this document as follows:

    Machine learning systems learn from experience and without explicit instructions. They learn patterns from data, then analyze and make predictions based on past behavior and the patterns learned.

    Artificial intelligence is a combination of technologies and can include machine learning. AI systems perform tasks that mimic human intelligence, such as learning from experience and problem solving. Most importantly, AI makes its own decisions without human intervention.

    We use the definition of data ethics by Open Data Institute: “Data ethics is a branch of ethics that considers the impact of data practices on people, society and the environment. The purpose of data ethics is to guide the values and conduct of data practitioners in data collection, sharing and use.”

    Algorithmic or machine bias is systematic and repeatable errors in a computer system that create unfair outcomes, such as privileging one arbitrary group of users over others. Algorithmic bias is not a technical problem. It’s a social and political problem, and in the context of implementing AI for business benefits, it’s a business problem.

    Download the blueprint Mitigate Machine Bias blueprint for detailed discussion on bias, fairness, and transparency in AI systems

    Key concepts – explainable, transparent and trustworthy

    Responsible AI is the practice of designing, building and deploying AI in a manner that empowers people and businesses and fairly impacts customers and society – allowing companies to engender trust and scale AI with confidence” (CIFAR).

    The AI system is considered trustworthy when people understand how the technology works and when we can assess that it’s safe and reliable. We must be able to trust the output of the system and understand how the system was designed, what data was used to train it, and how it was implemented.

    Explainable AI, sometimes abbreviated as XAI, refers to the ability to explain how an AI model makes predictions, its anticipated impact, and its potential biases.

    Transparency means communicating with and empowering users by sharing information internally and with external stakeholders, including beneficiaries and people impacted by the AI-powered product or service.

    68% [of Canadians] are concerned they don’t understand the technology well enough to know the risks.

    77% say they are concerned about the risks AI poses to society (TD, 2019)

    AI Governance Framework

    Monitoring
    Monitoring compliance and risk of AI/ML systems/models in production

    Tools & Technologies
    Tools and technologies to support AI governance framework implementation

    Model Governance
    Ensures accountability and traceability for AI/ML models

    AI Governance Framework with the surrounding 7 headlines and an adjective between each pair: 'Accountable', 'Trustworthy', 'Responsible', 'Ethical', 'Fair', 'Explainable', 'Transparent'. Organization
    Structure, roles, and responsibilities of the AI governance organization

    Operating Model
    How AI governance operates and works with other organizational structures to deliver value

    Risk and Compliance
    Alignment with corporate risk management and ensuring compliance with regulations and assessment frameworks

    Policies/Procedures/ Standards
    Policies and procedures to support implementation of AI governance

    Build Your BizDevOps Playbook

    • Buy Link or Shortcode: {j2store}177|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality.
    • Many organizations see BizDevOps as a solution to help meet this demand. However, they often lack the critical cross-functional collaboration and team-sport culture that are critical for success.
    • The industry provides little consensus and guidance on how to prepare for the transition to BizDevOps.

    Our Advice

    Critical Insight

    • BizDevOps is cultural, not driven by tools. It is about delivering high-quality and valuable releases to stakeholders through collective ownership, continuous collaboration, and team-first behaviors supported by tools.
    • BizDevOps begins with a strong foundation in five key areas. The crux of successful BizDevOps is centered on the strategic adoption and optimization of building great requirements, collaborative practices, iterative delivery, application management, and high-fidelity environments.
    • Teams take STOCK of what it takes to collaborate effectively. Teams and stakeholders must show up, trust the delivery method and people, orchestrate facilitated activities, clearly communicate and knowledge share every time they collaborate.

    Impact and Result

    • Bring the right people to the table. BizDevOps brings significant organizational, process and technology changes to improve delivery effectiveness. Include the key roles in the definition and validation of your BizDevOps vision and practices.
    • Focus on the areas that matter. Review your current circumstances and incorporate the right practices that addresses your key challenges and blockers to becoming BizDevOps.
    • Build your BizDevOps playbook. Gain a broad understanding of the key plays and practices that makes a successful BizDevOps organization. Verify and validate these practices in order to tailor them to your context. Keep your playbook live.

    Build Your BizDevOps Playbook Research & Tools

    Start here – read the Executive Brief

    Find out why you should implement BizDevOps, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get started with BizDevOps

    Set the right expectations with your stakeholders and define the context of your BizDevOps implementation.

    • Build Your BizDevOps Playbook – Phase 1: Get Started With BizDevOps
    • BizDevOps Playbook

    2. Tailor your BizDevOps playbook

    Tailor the plays in your BizDevOps playbook to your circumstances and vision.

    • Build Your BizDevOps Playbook – Phase 2: Tailor Your BizDevOps Playbook
    [infographic]

    Workshop: Build Your BizDevOps Playbook

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set Your Expectations

    The Purpose

    Discuss the goals of your BizDevOps playbook.

    Identify the various perspectives who should be included in the BizDevOps discussion.

    Level set expectations of your BizDevOps implementation.

    Key Benefits Achieved

    Identification of the key roles who should be included in the BizDevOps discussion.

    Learning of key practices to support your BizDevOps vision and goals.

    Your vision of BizDevOps in your organization.

    Activities

    1.1 Define BizDevOps.

    1.2 Understand your key stakeholders.

    1.3 Define your objectives.

    Outputs

    Your BizDevOps definition

    List of BizDevOps stakeholders

    BizDevOps vision and objectives

    2 Set the Context

    The Purpose

    Understand the various methods to initiate the structuring of facilitated collaboration.

    Share a common way of thinking and behaving with a set of principles.

    Focus BizDevOps adoption on key areas of software product delivery.

    Key Benefits Achieved

    A chosen collaboration method (Scrum, Kanban, Scrumban) to facilitate collaboration

    A mutually understanding and beneficial set of guiding principles

    Areas where BizDevOps will see the most benefit

    Activities

    2.1 Select your foundation method.

    2.2 Define your guiding principles.

    2.3 Focus on the areas that matter.

    Outputs

    Chosen collaboration model

    List of guiding principles

    High-level assessment of delivery practices and its fit for BizDevOps

    3 Tailor Your BizDevOps Playbook

    The Purpose

    Review the good practices within Info-Tech’s BizDevOps Playbook.

    Tailor your playbook to reflect your circumstances.

    Key Benefits Achieved

    Understanding of the key plays involved in product delivery

    Product delivery plays that reflect the challenges and opportunities of your organization and support your BizDevOps vision

    Activities

    3.1 Review and tailor the plays in your playbook

    Outputs

    High-level discussion of key product delivery plays and its optimization to support BizDevOps

    Prepare and Defend Against a Software Audit

    • Buy Link or Shortcode: {j2store}59|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $32,499 Average $ Saved
    • member rating average days saved: 6 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Audit defense starts long before you get audited. Negotiating your vendors’ audit rights and maintaining a documented consolidated licensing position ensure that you are not blindsided by a sudden audit request.
    • Notification of an impending audit can cause panic. Don't panic. While the notification will be full of strong language, your best chance of success is to take control of the situation. Prepare a measured response that buys you enough time to get your house in order before you let the vendor in.
    • If a free software asset review sounds too good to be true, then it probably is. If a vendor or one of its partners offers up a free software asset management engagement, they aren’t doing so out of the goodness of their heart — they expect to recoup their costs (and then some) from identified license discrepancies.

    Our Advice

    Critical Insight

    • The amount of business disruption depends on the scope of the audit, and the size and complexity of the organization coupled with the contractual audit clause in the contract.
    • These highly visible failures can be prevented through effective software asset management practices.
    • As complexity of licensing increases, so do penalties. If the environment is highly complex, prioritize effort by likelihood of audit and spend.
    • Ensure electronic records exist for license documentation to provide fast access for audit and information requests
    • Verify accuracy of discovered data. Ensure all devices on the network are being audited. Without a complete discovery process, data will always be inaccurate.

    Impact and Result

    • Being able to respond quickly with accurate data is critical. When deadlines are tight, and internal resources don’t exist, hire a third party as their experience will allow a faster response.
    • Negotiate terms of the audit such as deadlines, proof of license entitlement, and who will complete the audit.
    • Create a methodology to quickly and efficiently respond to audit requests.
    • Conduct annual internal audits.
    • Have a designated cross-functional IT audit team.
    • Prepare documentation in advance.
    • Manage audit logistics to minimize business disruption.
    • Dispute unwarranted findings.

    Prepare and Defend Against a Software Audit Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should be prepared and ready to defend against a software audit, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prevent an audit

    Begin your proactive audit management journey and leverage value from your software asset management program.

    • Prepare and Defend Against a Software Audit – Phase 1: Prevent an Audit
    • Audit Defense Maturity Assessment Tool
    • Effective Licensing Position Tool
    • Audit Defence RACI Template

    2. Prepare for an audit

    Prepare for an audit by effectively scoping and consolidating organizational response.

    • Prepare and Defend Against a Software Audit – Phase 2: Prepare for an Audit
    • Software Audit Scoping Email Template
    • Audit Defense Readiness Assessment

    3. Conduct the audit

    Execute the audit in a way that preserves valuable relationships while accounting for vendor specific criteria.

    • Prepare and Defend Against a Software Audit – Phase 3: Conduct an Audit
    • Software Audit Launch Email Template

    4. Manage post-audit activities

    Conduct negotiations, settle on remuneration, and close out the audit.

    • Prepare and Defend Against a Software Audit - Phase 4: Manage Post-Audit Activities
    [infographic]

    Workshop: Prepare and Defend Against a Software Audit

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prevent an Audit

    The Purpose

    Kick off the project

    Identify challenges and red flags

    Determine maturity and outline internal audit

    Clarify stakeholder responsibilities

    Build and structure audit team

    Key Benefits Achieved

    Leverage value from your audit management program

    Begin your proactive audit management journey

    A documented consolidated licensing position, which ensures that you are not blindsided by a sudden audit request

    Activities

    1.1 Perform a maturity assessment of the current environment

    1.2 Classify licensing contracts/vendors

    1.3 Conduct a software inventory

    1.4 Meter application usage

    1.5 Manual checks

    1.6 Gather software licensing data

    1.7 Reconcile licenses

    1.8 Create your audit team and assign accountability

    Outputs

    Maturity assessment

    Effective license position/license reconciliation

    Audit team RACI chart

    2 Prepare for an Audit

    The Purpose

    Create a strategy for audit response

    Know the types of requests

    Scope the engagement

    Understand scheduling challenges

    Know roles and responsibilities

    Understand common audit pitfalls

    Define audit goals

    Key Benefits Achieved

    Take control of the situation and prepare a measured response

    A dedicated team responsible for all audit-related activities

    A formalized audit plan containing team responsibilities and audit conduct policies

    Activities

    2.1 Use Info-Tech’s readiness assessment template

    2.2 Define the scope of the audit

    Outputs

    Readiness assessment

    Audit scoping email template

    3 Conduct the Audit

    The Purpose

    Overview of process conducted

    Kick-off and self-assessment

    Identify documentation requirements

    Prepare required documentation

    Data validation process

    Provide resources to enable the auditor

    Tailor audit management to vendor compliance position

    Enforce best-practice audit behaviors

    Key Benefits Achieved

    A successful audit with minimal impact on IT resources

    Reduced severity of audit findings

    Activities

    3.1 Communicate audit commencement to staff

    Outputs

    Audit launch email template

    4 Manage Post-Audit Activities

    The Purpose

    Clarify auditor findings and recommendations

    Access severity of audit findings

    Develop a plan for refuting unwarranted findings

    Disclose findings to management

    Analyze opportunities for remediation

    Provide remediation options and present potential solutions

    Key Benefits Achieved

    Ensure your audit was productive and beneficial

    Improve your ability to manage audits

    Come to a consensus on which findings truly necessitate organizational change

    Activities

    4.1 Don't accept the penalties; negotiate with vendors

    4.2 Close the audit and assess the financial impact

    Outputs

    A consensus on which findings truly necessitate organizational change

    Select and Implement a Social Media Management Platform

    • Buy Link or Shortcode: {j2store}554|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • The proliferation of social media networks, customer data, and use cases has made ad hoc social media management challenging.
    • Many organizations struggle with shadow IT when it comes to technology enablement for social media; SMMP fragmentation leads to increased costs and no uniformity in enterprise social media management capabilities.

    Our Advice

    Critical Insight

    • SMMP selection must be driven by your overall customer experience management strategy; link your SMMP selection to your organization’s CXM framework.
    • Shadow IT will dominate if IT does not step in. Even more so than other areas, SMMP selection is rife with shadow IT.
    • Ensure strong points of integration between SMMP and other software such as CRM. SMMPs can contribute to a unified, 360-degree customer view.

    Impact and Result

    • The value proposition of SMMPs revolves around enhancing the effectiveness and efficiency of social media. Using an SMMP to manage social media is considerably more cost effective than ad hoc (manual) management.
    • IT must partner with other departments (e.g. Marketing) to successfully evaluate, select, and implement an SMMP. Before selecting an SMMP, the organization must have a solid overall strategy for leveraging social media in place. If IT does not work as a trusted advisor to the business, shadow IT in social media management will be rampant.

    Select and Implement a Social Media Management Platform Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an SMMP, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop a technology enablement approach

    Conduct a maturity assessment to determine whether a dedicated SMMP is right for your organization.

    • Select and Implement a Social Media Management Platform – Phase 1: Develop a Technology Enablement Approach for Social Media
    • Social Media Maturity Assessment Tool
    • Social Media Opportunity Assessment Tool
    • SMMP Use-Case Fit Assessment Tool

    2. Select an SMMP

    Use the Vendor Landscape findings and project guidance to develop requirements for your SMMP RFP, and evaluate and shortlist vendors based on your expressed requirements.

    • Select and Implement a Social Media Management Platform – Phase 2: Select an SMMP
    • SMMP Vendor Shortlist & Detailed Feature Analysis Tool
    • SMMP Vendor Demo Script
    • SMMP RFP Template
    • SMMP RFP Evaluation and Scoring Tool
    • Vendor Response Template

    3. Review implementation considerations

    Even a solution that is a perfect fit for an organization will fail to generate value if it is not properly implemented or measured. Conduct the necessary planning before implementing your SMMP.

    • Select and Implement a Social Media Management Platform – Phase 3: Review Implementation Considerations
    • Social Media Steering Committee Charter Template
    [infographic]

    Workshop: Select and Implement a Social Media Management Platform

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch Your SMMP Selection Project

    The Purpose

    Discuss the general project overview for the SMMP selection.

    Key Benefits Achieved

    Determine your organization’s readiness for SMMP.

    Activities

    1.1 Identify organizational fit for the technology.

    1.2 Evaluate social media opportunities within your organization.

    1.3 Determine the best use-case scenario for your organization.

    Outputs

    Organizational maturity assessment

    SMMP use-case fit assessment

    2 Plan Your Procurement and Implementation Process

    The Purpose

    Plan the procurement and implementation of the SMMP.

    Key Benefits Achieved

    Select an SMMP.

    Review implementation considerations.

    Activities

    2.1 Review use-case scenario results, identify use-case alignment

    2.2 Review the SMMP Vendor Landscape vendor profiles and performance.

    2.3 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

    2.4 Meet with the project manager to discuss results and action items.

    Outputs

    Vendor shortlist

    SMMP RFP

    Vendor evaluations

    Selection of an SMMP

    Framework for SMMP deployment and integration

    Further reading

    Select and Implement a Social Media Management Platform

    Rein in social media by choosing a management platform that’s right for you.

    ANALYST PERSPECTIVE

    Enterprise use of social media for customer interaction has exploded. Select the right management platform to maximize the value of your social initiatives.

    Social media has rapidly become a ubiquitous channel for customer interaction. Organizations are using social media for use cases from targeted advertising, to sales prospecting, to proactive customer service. However, the growing footprint of social media initiatives – and the constant proliferation of new social networks – has created significant complexity in effectively capturing the value of social.

    Organizations that are serious about social manage this complexity by leveraging dedicated social media management platforms. These platforms provide comprehensive capabilities for managing multiple social media networks, creating engagement and response workflows, and providing robust social analytics. Selecting a best-fit SMMP allows for standardized, enterprise-wide capabilities for managing all aspects of social media.

    This report will help you define your requirements for social media management and select a vendor that is best fit for your needs, as well as review critical implementation considerations such as CRM integration and security.

    Ben Dickie
    Research Director, Enterprise Applications
    Info-Tech Research Group

    Executive summary

    Situation

    • Social media has reached maturity as a proven, effective channel for customer interaction across multiple use cases, from customer analytics to proactive customer service.
    • Organizations are looking to IT to provide leadership with social media technology enablement and integration with other enterprise systems.

    Complication

    • The proliferation of social media networks, customer data, and use cases has made ad hoc social media management challenging.
    • Many organizations struggle with shadow IT when it comes to technology enablement for social media; SMMP fragmentation leads to increased costs and no uniformity in enterprise social media management capabilities.

    Resolution

    • Social media management platforms (SMMPs) reduce complexity and increase the results of enterprise social media initiatives. SMMPs integrate with a variety of different social media services, including Facebook, Twitter, LinkedIn, and YouTube. The platforms offer a variety of tools for managing social media, including account management, in-band response and engagement, and social monitoring and analytics.
    • The value proposition of SMMPs revolves around enhancing the effectiveness and efficiency of social media. Using an SMMP to manage social media is considerably more cost effective than ad hoc (manual) management.
    • IT must partner with other departments (e.g. Marketing) to successfully evaluate, select, and implement an SMMP. Before selecting an SMMP, the organization must have a solid overall strategy for leveraging social media in place. If IT does not work as a trusted advisor to the business, shadow IT in social media management will be rampant.

    Info-Tech Insight

    1. SMMP selection must be driven by your overall customer experience management strategy: link your SMMP selection to your organization’s CXM framework.
    2. Shadow IT will dominate if IT does not step in: even more so than other areas, SMMP selection is rife with shadow IT.
    3. Ensure strong points of integration between SMMP and other software such as customer relationship management (CRM). SMMPs can contribute to a unified, 360-degree customer view.

    Framing the SMMP selection and implementation project

    This Research Is Designed For:
    • IT directors advising the business on how to improve the effectiveness and efficiency of social media campaigns through technology.
    • IT professionals involved in evaluating, selecting, and deploying an SMMP.
    • Business analysts tasked with collection and analysis of SMMP business requirements.
    This Research Will Help You:
    • Clearly link your business requirements to SMMP selection criteria.
    • Select an SMMP vendor that meets your organization’s needs across marketing, sales, and customer service use cases.
    • Adopt standard operating procedures for SMMP deployment that address issues such as platform security and CRM integration.
    This Research Will Also Assist:
    • Executive-level stakeholders in the following roles:
      • Vice-president of Sales, Marketing, or Customer Service.
      • Business unit managers tasked with ensuring strong end-user adoption of an SMMP.
    This Research Will Help Them
    • Understand what’s new in the SMMP market.
    • Evaluate SMMP vendors and products for your enterprise needs.
    • Determine which products are most appropriate for particular use cases and scenarios.

    Social media management platforms augment social capabilities within a broader customer experience ecosystem

    Customer Experience Management (CXM)

    'Customer Relationship Management Platform' surrounded by supporting capabilities, one of which is highlighted, 'Social Media Management Platform'.

    Social Media Management Platforms are one piece of the overall customer experience management ecosystem, alongside tools such as CRM platforms and adjacent point solutions for sales, marketing, and customer service. Review Info-Tech’s CXM blueprint to build a complete, end-to-end customer interaction solution portfolio that encompasses SMMP alongside other critical components. The CXM blueprint also allows you to develop strategic requirements for SMMP based on customer personas and external market analysis.

    SMMPs reduce complexity and increase the effectiveness of enterprise social media programs

    • SMMPs are solutions (typically cloud based) that offer a host of features for effectively monitoring the social cloud and managing your organization’s presence in the social cloud. SMMPs give businesses the tools they need to run social campaigns in a timely and cost-effective manner.
    • The typical SMMP integrates with two or more social media services (e.g. Facebook, Twitter) via the services’ API or a dedicated connector. SMMPs are not simply a revised “interface layer” for a single social media service. They provide layers for advanced management and analytics across multiple services.
    • The unique value of SMMPs comes from their ability to manage and track multiple social media services. Aggregating and managing data from multiple services gives businesses a much more holistic view of their organization’s social initiatives and reputation in the social cloud.
    Diagram with 'End Users (e.g. marketing managers)' at the top and social platforms like Facebook and Twitter at the bottom; in between them are 'SMMPs’: 'Account & Campaign Management', 'Social Engagement', and 'Social Monitoring/Analytics'.
    SMMPs mediate interactions between end users and the social cloud.

    Info-Tech Best Practice

    The increasing complexity of social media, coupled with the rising importance of social channels, has led to a market for formal management platforms. Organizations with an active presence in social media (i.e. multiple services or pages) should strongly consider selecting and deploying an SMMP.

    Failing to rein in social media initiatives leads to more work, uninformed decisions, and diminishing returns

    • The growth of social media services has made manually updating pages and feeds an ineffective and time-consuming process. The challenge is magnified when multiple brands, product lines, or geographic subsidiaries are involved.
      • Use the advanced account management features of an SMMP to reduce the amount of time spent updating social media services.
    • Engaging customers through social channels can be a delicate task – high volumes of social content can easily overwhelm marketing and service representatives, leading to missed selling opportunities and unacceptable service windows.
      • Use the in-band engagement capabilities of an SMMP to create an orderly queue for social interactions.
    • Consumer activity in the social cloud has been increasing exponentially. As the volume of content grows, separating the signal from the noise becomes increasingly difficult.
      • Use the advanced social analytics of an SMMP to ensure critical consumer insights are not overlooked.
    Ad Hoc Management vs. SMMPs:
    What’s the difference?

    Ad Hoc Social Media Management

    Social media initiatives are managed directly through the services themselves. For example, a marketing professional would log in to multiple corporate Twitter accounts to post the same content for a promotional campaign.

    Social Media Management Platform

    Social media initiatives are managed through a third-party software platform. For example, a marketing professional would update all social account simultaneously with just a couple clicks. SMMPs also provide cross-service social analytics – highly valuable for decision makers!

    Info-Tech Best Practice

    Effectively managing a social media campaign is not a straightforward exercise. If you have (or plan to have) a large social media footprint, now is the time to procure formal software tools for social media management. Continuing to manage social media in an ad hoc manner is sapping time and money.

    Review the critical success factors for SMMP across the project lifecycle, from planning to post-implementation

    Info-Tech Insight

    Executive management support is crucial. The number one overall critical success factor for an SMMP strategy is top management support. This emphasizes the importance of sales, service, and marketing and prudent corporate strategic alignment. A strategic objective in SMMP projects is to position top management as an enabler rather than a barrier.

    Planning Implementation Post-Implementation Overall
    1 Appropriate Selection Project Management Top Management Support Top Management Support
    2 Clear Project Goals Top Management Support Project Management Appropriate Selection
    3 Top Management Support Training Training Project Management
    4 Business Mission and Vision Effective Communication Effective Communication Training
    5 Project Management Supplier Supports Appropriate Selection Clear Project Goals

    (Source: Information Systems Frontiers)

    Dell uses a dedicated social media management platform to power a comprehensive social command center

    CASE STUDY

    Industry: High-Tech | Source: Dell
    With a truly global customer base, Dell gets about 22,000 mentions on the social web daily, and does not sit idly by. Having established a physical Social Media Command Center powered by Salesforce’s Social Studio, Dell was one of the companies that pioneered the command center concept for social response.

    The SMMP carries out the following activities:

    • Tracking mentions of Dell in the social cloud
    • Sentiment analysis
    • Connecting customers who need assistance with experts who can help them
    • Social media training
    • Maintenance of standards for social media interactions
    • Spreading best social media practices across the organization

    Today the company claims impressive results, including:

    • “Resolution rate” of 99% customer satisfaction
    • Boosting its customer reach with the same number of employees
    • One third of Dell’s former critics are now fans

    Logo for Dell.

    Tools:
    • Salesforce Social Studio
    • Three rows of monitors offering instant insights into customer sentiment, share of voice, and geography.
    Staff:
    • The center started with five people; today it is staffed by a team of 15 interacting with customers in 11 languages.
    • Dell values human interaction; the center is not running on autopilot, and any ambiguous activity is analyzed (and dealt with) manually on an individual basis.

    Follow Info-Tech’s methodology for selection and implementation of enterprise applications

    Prior to embarking on the vendor selection stage, ensure you have set the right building blocks and completed the necessary prerequisites.

    Diagram with 'Enterprise Applications' at the center surrounded by a cycle of 'conceptual', 'consensus', 'concrete', and 'continuous'. The outer circle has three categories with three actions each, 'Governance and Optimization: Process Optimization, Support/ Maintenance, Transition to Operations', 'Strategy and Alignment: Foundation, Assessment, Strategy/ Business Case', and 'Implementation: System Implementation, Business Process Management, Select and Implement'. Follow Info-Tech’s enterprise applications program that covers the application lifecycle from the strategy stage, through selection and implementation, and up to governance and optimization.

    The implementation and execution stage entails the following steps:

    1. Define the business case.
    2. Gather and analyze requirements.
    3. Build the RFP.
    4. Conduct detailed vendor evaluations.
    5. Finalize vendor selection.
    6. Review implementation considerations.

    Info-Tech Insight

    A critical preceding task to selecting a social media management platform is ensuring a strategy is in place for enterprise social media usage. Use our social media strategy blueprint to ensure the foundational elements are in place prior to proceeding with platform selection.

    Use this blueprint to support your SMMP selection and implementation

    Launch the SMMP Project and Collect Requirements — Phase 1

    Benefits — Use the project steps and activity instructions outlined in this blueprint to streamline your selection process and implementation planning. Save time and money, and improve the impact of your SMMP selection by leveraging Info-Tech’s research and project steps.

    Select Your SMMP Solution — Phase 2

    Use Info-Tech’s SMMP Vendor Landscape contained in Phase 2 of this project to support your vendor reviews and selection. Refer to the use-case performance results to identify vendors that align with the requirements and solution needs identified by your earlier project findings.

    Get Ready for Your SMMP Implementation — Phase 3

    Info-Tech Insight — Not everyone’s connection and integration needs are the same. Understand your own business’s integration environment and the unique technical and functional requirements that accompany them to create criteria and select a best-fit SMMP solution.

    Use Info-Tech’s use-case scenario approach to select a best-fit solution for your business needs

    Readiness

    Determine where you are right now and where your organization needs to go with a social media strategy.

    Three stages eventually leading to shapes in a house, 'Distributed Stage', 'Loosely Coupled Stage', and 'Command Center Stage'.
    Use-Case Assessment

    Identify the best-fit use-case scenario to determine requirements that best align with your strategy.

    Three blocks labelled 'Social Listening & Analytics', 'Social Customer Care', and 'Social Publishing & Campaign Management'.
    Selection

    Approach vendor selection through a use-case centric lens to balance the need for different social capabilities.

    Logos for vendors including Adobe, Hootsuite, CISION, and more.

    Info-Tech walks you through the following steps to help you to successfully select and implement your SMMP

    Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes.

    Locate your starting point in the research based on the current stage of your project.

    Legend for the diagram above: lines represent Major Milestones, size of circles represent Low or High effort, size of text represents Average or Greater importance, and color of the circles represents the phase.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Select and Implement a Social Media Management Platform – project overview

    1. Develop a Technology Enablement Approach 2. Select an SMMP 3. Review Implementation Considerations
    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Determine if a dedicated SMMP is right for your organization

    • Social Media Maturity Assessment Tool
    • Social Media Opportunity Assessment Tool

    1.2 Use an SMMP to enable marketing, sales, and service use cases

    • SMMP Use-Case Fit Assessment Tool

    2.1 SMMP Vendor Landscape

    • CRM Suite Evaluation and RFP Scoring Tool

    2.2 Select your SMMP

    • SMMP Vendor Demo Script Template
    • SMMP RFP Template

    3.1 Establish best practices for SMMP implementation

    • Social Media Steering Committee

    3.2 Assess the measured value from the project

    Guided Implementations

    • Identify organizational fit for the technology.
    • Evaluate social media opportunities within your organization.
    • Evaluate which SMMP use-case scenario is best fit for your organization
    • Discuss the use-case fit assessment results and the Vendor Landscape.
    • Review contract.
    • Determine what is the right governance structure to overlook the SMMP implementation.
    • Identify the right deployment model for your organization.
    • Identify key performance indicators for business units using an SMMP.
    Associated Activity icon

    Onsite Workshop

    Module 1:
    Launch Your SMMP Selection Project
    Module 2:
    Plan Your Procurement and Implementation Process
    Phase 1 Outcome:
    • Social Media Maturity Assessment
    • SMMP Use-Case Assessment
    Phase 2 Outcome:
    • Selection of an SMMP
    Phase 3 Outcome:
    • A plan for implementing the selected SMMP

    SMMP selection and implementation workshop overview

    Associated Activity icon Contact your account representative or email Workshops@InfoTech.com for more information.

    Day 1

    Preparation

    Day 2

    Workshop Day

    Day 3

    Workshop Day

    Day 4

    Workshop Day

    Day 5

    Working Session

    Workshop Preparation
    • Facilitator meets with the project manager and reviews the current project plans and IT landscape of the organization.
    • A review of scheduled meetings and engaged IT and business staff is performed.
    Morning Itinerary
    • Conduct activities from Develop a technology enablement approach for social media phase, including social media maturity and readiness assessment.
    • Conduct overview of the market landscape, trends, and vendors.
    Afternoon Itinerary
    • Interview business stakeholders.
    • Prioritize SMMP requirements.
    Morning Itinerary
    • Perform a use-case scenario assessment.
    Afternoon Itinerary
    • Review use-case scenario results; identify use-case alignment.
    • Review the SMMP Vendor Landscape vendor profiles and performance.
    Morning Itinerary
    • Continue review of SMMP Vendor Landscape results and use-case performance results.
    Afternoon Itinerary
    • Create a custom vendor shortlist.
    • Investigate additional vendors for exploration in the market.
    Workshop Debrief
    • Meet with project manager to discuss results and action items.
    • Wrap up outstanding items from workshop.
    (Post-Engagement): Procurement Support
    • The facilitator will support the project team to outline the RFP contents and evaluation framework.
    • Planning of vendor demo script. Input: solution requirements and use-case results.
    Example of a light blue slide. The light blue slides at the end of each section highlight the key activities and exercises that will be completed during the engagement with our analyst team.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members who will come onsite to facilitate a workshop for your organization.

    A small monochrome icon depicting a descending bar graph.

    This icon denotes a slide that pertains directly to the Info-Tech vendor profiles on marketing management technology. Use these slides to support and guide your evaluation of the MMS vendors included in the research.

    Select and Implement a Social Media Management Platform

    PHASE 1

    Develop a Technology Enablement Approach for Social Media

    Phase 1: Develop a technology enablement approach for social media

    Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes. Only Phase 1 is highlighted.
    Estimated Timeline: 1-3 Months

    Info-Tech Insight

    Before an SMMP can be selected, the organization must have a strategy in place for enterprise social media. Implementing an SMMP before developing a social media strategy would be akin to buying a mattress without knowing the size of the bed frame.

    Major Milestones Reached
    • Project launch
    • Completion of requirements gathering and documentation

    Key Activities Completed

    • Readiness assessment
    • Project plan / timeline
    • Stakeholder buy-in
    • Technical assessment
    • Functional assessment

    Outcomes from This Phase

    Social Media Maturity Assessment

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Develop a technology enablement approach for social media

    Proposed Time to Completion: 2 weeks
    Step 1.1: Determine if a dedicated SMMP is right for your organization Step 1.2: Use an SMMP to enable marketing, sales, and service use cases
    Start with an analyst kick-off call:
    • Assess your readiness for the SMMP project.
    • Evaluate social media opportunities within your organization.
    Review findings with analyst:
    • Discuss how an SMMP can assist with marketing, sales, and customer service.
    • Evaluate which SMMP use case scenario is best fit for your organization.
    Then complete these activities…
    • Assess your social media maturity.
    • Inventory social media networks to be supported by the SMMP.
    Then complete these activities…
    • Assess best-fit use-case scenario.
    • Build the metrics inventory.
    With these tools & templates:
    • Social Media Maturity Assessment Tool
    • Social Media Opportunity Assessment Tool
    With these tools & templates:
    • SMMP Use-Case Fit Assessment Tool
    Phase 1 Results & Insights:
    • Social Media Maturity Assessment
    • SMMP Use-Case Assessment

    Phase 1, Step 1: Determine if a dedicated SMMP is right for your organization

    1.1

    1.2

    Determine if a dedicated SMMP is right for your organization Use an SMMP to enable marketing, sales, and service use cases

    This step will walk you through the following activities:

    • Assess where your organization sits on the social media maturity curve.
    • Inventory the current social media networks that must be supported by the SMMP.
    • Go/no-go assessment on SMMP.

    This step involves the following participants:

    • Digital Marketing Executive
    • Digital Strategy Executive
    • Business stakeholders

    Outcomes of this step

    • Social media maturity assessment
    • Inventory of enterprise social media
    • SMMP Go/no-go decision

    Before selecting an SMMP, start with the fundamentals: build a comprehensive strategy for enterprise social media

    Why build a social media strategy?

    • Social media is neither a fad nor a phenomenon; it is simply another tool in the business process. Social channels do not necessitate a radical departure from the organization’s existing customer interaction strategy. Rather, social media should be added to your channel mix and integrated within the existing CRM strategy.
    • Social media allows organizations to form direct and indirect connections through the Friend-of-a-Friend (FOAF) model, which increases the credibility of the information in the eyes of the consumer.
    • Social media enables organizations to share, connect, and engage consumers in an environment where they are comfortable. Having a social media presence is rapidly becoming a pre-requisite for successful business-to-consumer enterprises.

    Important considerations for an enterprise social media strategy:

    • Determine how social media will complement existing customer interaction goals.
    • Assess which social media opportunities exist for your organization.
    • Consider the specific goals you want to achieve using social channels and pick your services accordingly.
    • Not all social media services (e.g. Facebook, Twitter, LinkedIn) are equal. Consider which services will be most effective for goal achievement.
    For more information on developing a strategy for enterprise social media, please refer to Info-Tech’s research on Social Media.

    Implement a social media strategy by determining where you are right now and where your organization needs to go

    Organizations pass through three main stages of social media maturity: distributed, loosely coupled, and command center. As you move along the maturity scale, the business significance of the social media program increases. Refer to Info-Tech’s Implement a Social Media Program for guidance on how to execute an ongoing social media program.
    The y-axis 'Business Significance'.

    Distributed Stage

    Shapes labelled 'Sales', 'Customer Service', and 'Marketing'.

    • Open-source or low-cost solutions are implemented informally by individual depts. for specific projects.
    • Solutions are deployed to fulfill a particular function without an organizational vision. The danger of this stage is lack of consistent customer experience and wasted resources.

    Loosely Coupled Stage

    Same shapes with the addition of 'PR' and surrounded by a dotted-line house.

    • More point solutions are implemented across the organization. There is a formal cross-departmental effort to integrate some point solutions.
    • Risks include failing to put together an effective steering committee and not including IT in the decision-making process.

    Command Center Stage

    Same shapes with a solid line house.

    • There’s enterprise-level steering committee with representation from all areas: execution of social programs is handled by a fully resourced physical (or virtual) center.
    • Risks include improper resource allocation and lack of end-user training.
    The x-axis 'Maturity Stages'.
    Optimal stages for SMMP purchase

    Assess where your organization sits on the social media maturity curve

    Associated Activity icon 1.1.1 30 Minutes

    INPUT: Social media initiatives, Current status

    OUTPUT: Current State Maturity Assessment

    MATERIALS: Whiteboard, Markers, Sticky notes

    PARTICIPANTS: Digital Strategy Executive, Business stakeholders

    Before you can move to an objective assessment of your social media program’s maturity, take an inventory of your current efforts across different departments (e.g. Marketing, PR, Sales, and Customer Service). Document the results in the Social Media Maturity Assessment Tool to determine your social media readiness score.

    Department Social Media Initiative(s) Current Status
    Marketing Branded Facebook page with updates and promotions Stalled: insufficient resources
    Sales LinkedIn prospecting campaign for lead generation, qualification, and warm open Active: however, new reps are poorly trained on LinkedIn prospect best practices
    Customer Service Twitter support initiative: mentions of our brand are paired with sentiment analysis to determine who is having problems and to reach out and offer support Active: program has been highly successful to date
    HR Recruitment campaign through LinkedIn and Branch Out Stalled: insufficient technology support for identifying leading candidates
    Product Development Defect tracking for future product iterations using social media Partially active: Tracked, but no feedback loop present
    Social Media Maturity Level Distributed

    Determine your organization’s social media maturity with Info-Tech’s Maturity Assessment Tool

    Supporting Tool icon 1.1 Social Media Maturity Assessment Tool

    Assessing where you fit on the social media maturity continuum is critical for setting the future direction of your social media program. We’ll work through a short tool that assesses the current state of your social media program, then discuss the results.

    Info-Tech’s Social Media Maturity Assessment Tool will help you determine your company’s level of maturity and recommend steps to move to the next level or optimize the status quo of your current efforts.

    INFO-TECH TOOL Sample of the Social Media Current State Assessment.

    The social cloud is a dominant point of interaction: integrate social channels with existing customer interaction channels

    • Instead of thinking of customers as an island, think of them interacting with each other and with organizations in the social cloud. As a result, the social cloud itself becomes a point of interaction, not just individual customers.
    • The social cloud is accessible with services like social networks (e.g. Facebook) and micro-blogs (Twitter).
    • Previous lessons learned from the integration of Web 1.0 e-channels should be leveraged as organizations add the social media channel into their overall customer interaction framework:
      • Do not design exclusively around a single channel. Design hybrid-channel solutions that include social channels.
      • Balance customer segment goals and attributes, product and service goals and attributes, and channel capabilities.
    The 'Web 2.0 Customer Interaction Framework' with 'Social Cloud' above, connected to the below through 'Conversations & Information'. Below are two categories with their components interconnected, 'Communication Channels: Face to Face, Phone, E-mail, Web, and Social Media' and 'Customer Experience Management: Marketing, Sales, and Service'.

    Info-Tech Best Practice

    Don’t believe that social channel integration will require an entire rebuild of your CXM strategy. Social channels are just new interaction channels that need to be integrated – as you’ve done in the past with Web 1.0 e-channels.

    Understand the different types of social media services and how they link to social media strategy and SMMP selection

    Before adopting an SMMP, it’s important to understand the underlying services they manage. Social media services facilitate the creation and dissemination of user-generated content, and can be grouped according to their purpose and functionality:
    • Social Networking: Social networking services use the Friend-of-a-Friend model to allow users to communicate with their personal networks. Users can share a wide variety of information and media with one another. Social networking sites include Facebook and LinkedIn.
    • Blogging: Blogs are websites that allow users to upload text and media entries, typically displayed in reverse-chronological order. Prominent blogging services include Blogger and WordPress.
    • Micro-Blogging: Micro-blogging is similar to blogging, with the exception that written content is limited to a set number of characters. Twitter, the most popular service, allows users to post messages up to 140 characters.
    • Social Multimedia: Social multimedia sites provide an easy way for users to upload and share multimedia content (e.g. pictures, video) with both their personal contacts as well as the wider community. YouTube is extremely popular for video sharing, while Instagram is a popular option for sharing photos and short videos.

    Info-Tech Best Practice

    In many cases, services do not fit discretely within each category. With minor exceptions, creating an account on a social media service is free, making use of these services extremely cost effective. If your organization makes extensive use of a particular service, ensure it is supported by your SMMP vendor.

    Four categories of social media company logos: 'Social multimedia', 'Micro-blogging', 'Blogging', and 'Social Networking'.

    Inventory the current social media networks that must be supported by the SMMP

    Associated Activity icon 1.1.2

    INPUT: Social media services

    OUTPUT: Inventory of enterprise social media

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project team

    1. List all existing social media networks used by your organization.
    2. For each network, enumerate all the accounts that are being used for organizational objectives.
    3. Identify the line of business that administers and manages each service.
    Network Use Case Account Ownership
    Facebook
    • Branding
    • Marketing
    • Social Monitoring
    • Facebook recruitment
    • Corporate Communications
    • Marketing
    Twitter
    • Social monitoring
    • Customer response
    • Corporate
    • Customer Service
    ... ... ...

    An explosion of social media services and functionality has made effectively managing social interactions a complex task

    • Effectively managing social channels is an increasingly complicated task. Proliferation of social media services and rapid end-user uptake has made launching social interactions a challenge for small and large organizations.
    • Using multiple social media services can be a nightmare for account management (particularly when each brand or product line has its own set of social accounts).
    • The volume of data generated by the social cloud has also created barriers for successfully responding in-band to social stakeholders (social engagement), and for carrying out social analytics.
    • There are two methods for managing social media: ad hoc management and platform-based management.
      • Ad hoc social media management is accomplished using the built-in functionality and administrative controls of each social media service. It is appropriate for small organizations with a very limited scope for social media interaction, but poses difficulties once “critical mass” has been reached.
    Comparison of 'Ad Hoc Management' with each social media platform managed directly by the user and 'Platform-Based Management' with social platforms managed by a 'SMMP' which is managed by the user.
    Ad hoc management results in a number of social media touch points. SMMPs serve as a single go-to point for all social media initiatives

    Info-Tech Best Practice

    Managing social media is becoming increasingly difficult to do through ad hoc methods, particularly for larger organizations and those with multiple brand portfolios. Ad hoc management is best suited for small organizations with an institutional client base who only need a bare bones social media presence.

    Select social media services that will achieve your specific objectives – and look for SMMPs that integrate with them

    What areas are different social media services helpful in?
    Domain Opportunity Consumer Social Networks (Facebook) Micro-Blogging (Twitter) Professional Social Networks (LinkedIn) Consumer Video Sharing Networks (YouTube)
    Marketing Building Positive Brand Image Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Increase Mind Share Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Gaining Customer Insights Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Sales Gaining Sales Insights Dark Blue circle 'Potentially Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Increase Revenue Dark Blue circle 'Potentially Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Customer Acquisition Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'.
    Service Customer Satisfaction Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'.
    Increase Customer Retention Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
    Reducing Cost of Service Dark Blue circle 'Potentially Useful'. Dark Blue circle 'Potentially Useful'. Dark Blue circle 'Potentially Useful'. Green circle 'Proven Useful'.

    Green circle 'Proven Useful'. Proven Useful*

    Dark Blue circle 'Potentially Useful'. Potentially Useful

    *Proven useful by Info-Tech statistical analysis carried out on a cross-section of real-world implementations.

    Social media is invaluable for marketing, sales, and customer service. Some social media services have a higher degree of efficacy than others for certain functions. Be sure to take this into account when developing a social media strategy.

    Info-Tech Best Practice

    Different social media services are more effective than others for different goals. For example, YouTube is useful as an avenue for marketing campaigns, but it’s of substantially less use for sales functions like lead generation. The services you select while planning your social media strategy must reflect concrete goals.

    Ad hoc social media management results in manual, resource-intensive processes that are challenging to measure

    • Most organizations that have pursued social media initiatives have done so in an ad hoc fashion rather than outlining a formal strategy and deploying software solutions (e.g. SMMP).
    • Social media is often a component of Customer Experience Management (CXM); Info-Tech’s research shows many organizations are handling CRM without a strategy in place, too.
    • Social media management platforms reduce the resource-intensive processes required for ongoing social media involvement and keep projects on track by providing reporting metrics.
    Social media and CRM are often being done without a defined strategy in place.

    Four-square matrix titled 'Strategy' presenting percentages with y-axis 'CRM', x-axis 'Social Media', both having two sections 'Ad hoc' and 'Defined'.
    Source: Info-Tech Survey, N=64

    Many processes related to social media are being done manually, despite the existence of SMMPs.

    Four-square matrix titled 'technology' presenting percentages with y-axis 'CRM', x-axis 'Social Media', both having two sections 'Ad hoc' and 'Defined'.

    “When we started our social media campaign, it took 34 man-hours a week. An SMMP that streamlines these efforts is absolutely an asset.” (Edie May, Johnson & Johnson Insurance Company)

    SMMPs provide functionality for robust account management, in-band customer response, and social monitoring/analytics

    • Features such as unified account management and social engagement capabilities boost the efficiency of social campaigns. These features reduce duplication of effort (e.g. manually posting the same content to multiple services). Leverage account management functionality and in-band response to “do more with less.”
    • Features such as comprehensive monitoring of the social cloud and advanced social analytics (i.e. sentiment analysis, trends and follower demographics) allow organizations to more effectively use social media. These features empower organizations with the information they need to make informed decisions around messaging and brand positioning. Use social analytics to zero in on your most important brand advocates.

    The value proposition of SMMPs revolves around enhancing the effectiveness and efficiency of social media initiatives.

    Three primary use cases for social media management:

    Social Listening & Analytics — Monitor and analyze a variety of social media services: provide demographic analysis, frequency analysis, sentiment analysis, and content-centric analysis.

    Social Publishing & Campaign Management — Executing marketing campaigns through social channels (e.g. Facebook pages).

    Social Customer Care — Track customer conversations and provide the ability to respond in-platform to social interactions.

    Info-Tech Best Practice

    SMMPs are a technology platform, but this alone is insufficient to execute a social media program. Organization and process must be integrated as well. See Info-Tech’s research on developing a social media strategy for a step-by-step guide on how to optimize your internal organization and processes.

    Social analytics vary: balance requirements among monitoring goals and social presence/property management

    Segment your requirements around common SMMP vendor product design points. Current market capabilities vary between two primary feature categories: social cloud monitoring and social presence and property management.

    Cloud-Centric

    Social Monitoring

    Content-Centric

    Social cloud monitoring enables:
    • Brand and product monitoring
    • Reputation monitoring
    • Proactive identification of service opportunities
    • Competitive intelligence
    Social presence and property management enables:
    • Monitor and manage discussions on your social properties (e.g. Twitter feeds, Facebook Pages, YouTube channels)
    • Execute marketing campaigns within your social properties

    Social Analytics

    Social analytics provide insights to both dimensions of social media monitoring.

    Some firms only need social cloud monitoring, some need to monitor their own social media properties, and others will need to do both. Some vendors do both while other vendors excel in only one feature dimension. If you are NOT prepared to act on results from social cloud monitoring, then don’t expand your reach into the social cloud for no reason. You can always add cloud monitoring services later. Likewise, if you only need to monitor the cloud and have no or few of your own social properties, don’t buy advanced management and engagement features.

    Use social analytics to gain the most value from your SMMP

    Research indicates successful organizations employ both social cloud monitoring and management of their own properties with analytical tools to enhance both or do one or the other well. Few vendors excel at both larger feature categories. But the market is segmented into vendors that organizations should be prepared to buy more than one product from to satisfy all requirements. However, we expect feature convergence over the next 1–3 years, resulting in more comprehensive vendor offerings.

    Most sought social media analytics capabilities

    Bar Chart of SM analytics capabilities, the most sought after being 'Demographic analysis', 'Geographic analysis', 'Semantic analysis', 'Automated identification of subject and content', and 'Predictive modeling'.
    (Source: The State of Social Media Analytics (2016))

    Value driven from social analytics comes in the form of:
    • Improved customer service
    • Increased revenue
    • Uncovered insights for better targeted marketing
    • A more personalized customer experience offered
    Social analytics is integral to the success of the SMMP – take advantage of this functionality!

    Cost/Benefit Scenario: A mid-sized consumer products company wins big by adopting an SMMP

    The following example shows how an SMMP at a mid-sized consumer products firm brought in $36 000 a year.

    Before: Manual Social Media Management

    • Account management: a senior marketing manager was responsible for updating all twenty of the firm’s social media pages and feeds. This activity consumed approximately 20% of her time. Her annual salary was $80,000. Allocated cost: $16,000 per year.
    • In-band response: Customer service representatives manually tracked service requests originating from social channels. Due to the use of multiple Twitter feeds, several customers were inadvertently ignored and subsequently defected to competitors. Lost annual revenue due to customer defections: $10,000.
    • Social analytics: Analytics were conducted in a crude, ad hoc fashion using scant data available from the services themselves. No useful insights were discovered. Gains from social insights: $0.

    Ad hoc management is costing this organization $26,000 a year.

    After: Social Media Management Platform

    • Account management: Centralized account controls for rapidly managing several social media services meant the amount of time spent updating social media was cut 75%. Allocated cost savings: $12,000 per year.
    • In-band response: Using an SMMP provided customer service representatives with a console for quickly and effectively responding to customer service issues. Service window times were significantly reduced, resulting in increased customer retention. Revenue no longer lost due to defections: $10,000.
    • Social analytics: The product development group used keyword-based monitoring to assist with designing a successful new product. Social feedback noticeably boosted sales. Gains from social insights: $20,000
    • Cost of SMMP: $6,000 per year.

    The net annual benefit of adopting an SMMP is $36,000.

    Go with an SMMP if your organization needs a heavy social presence; stick with ad hoc management if it doesn’t

    The value proposition of acquiring an SMMP does not resonate the same for all organizations: in some cases, it is more cost effective to forego an SMMP and stick with ad hoc social media management.

    Follow these guidelines for determining if an SMMP is a natural fit for your organization.

    Go with an SMMP if…

    • Your organization already has a large social footprint: you manage multiple feeds/pages on three or more social media services.
    • Your organization’s primary activity is B2C marketing; your target consumers are social media savvy. Example: consumer packaged goods.
    • The volume of marketing, sales and service inquiries received over social channels has seen a sharp increase in the last 12 months.
    • Your firm or industry is the topic of widespread discussion in the social cloud.

    Stick with ad hoc management if…

    • Regulatory compliance prohibits the extensive use of social media in your organization.
    • Your organization is focused on a small number of institutional clients with well-defined organizational buying behaviors.
    • Your target market is antipathetic towards using social channels to interact with your organization.
    • Your organization is in a market space where only a bare-bones social media presence is seen as a necessity (for example, only a basic informational Facebook page is maintained).

    Info-Tech Best Practice

    Using an SMMP is definitively superior to ad hoc social media management for those organizations with multiple brands and product portfolios (e.g. consumer packaged goods). Ad hoc management is best for small organizations with an institutional client base who only need a bare bones social media presence.

    Assess which social media opportunities exist for your organization with Info-Tech’s tool

    Supporting Tool icon 1.2 Social Media Opportunity Assessment Tool

    Use Info-Tech’s Social Media Opportunity Assessment Tool to determine, based on your unique criteria, where social media opportunities exist for your organization in marketing, sales, and service.

    Info-Tech Best Practice

    1. Remember that departmental goals will overlap; gaining customer insight is valuable to marketing, sales, and customer service.
    2. The social media benefits you can expect to achieve will evolve as your processes mature.
    3. Often, organizations jump into social media because they feel they have to. Use this assessment to identify early on what your drivers should be.
    Sample of the Social Media Opportunity Assessment Tool.

    Go/no-go assessment on SMMP

    Associated Activity icon 1.1.3

    INPUT: Social Media Opportunity Questionnaire

    OUTPUT: SMMP go/no-go decision

    MATERIALS: Whiteboard, Opportunity Assessment Tool

    PARTICIPANTS: Digital Strategy Executive, Business stakeholders

    Identify whether an SMMP will help you achieve your goals in sales, marketing, and customer service.

    1. Complete the questionnaire in the Social Media Opportunity Assessment Tool. Ensure all relevant stakeholders are present to answer questions pertaining to their business area.
    2. Evaluate the results to better understand whether your organization has the opportunity to achieve each established goal in marketing, sales, and customer service with an SMMP or you are not likely to benefit from investing in a social media management solution.

    Phase 1, Step 2: Use an SMMP to enable marketing, sales, and service use cases

    1.1

    1.2

    Determine if a dedicated SMMP is right for your organization Use an SMMP to enable marketing, sales, and service use cases

    This step will walk you through the following activities:

    • Profile and rank your top use cases for social media management
    • Build the metrics inventory

    This step involves the following participants:

    • Project Manager
    • Project Team

    Outcomes of this step

    • Use case suitability
    • SMMP metrics inventory

    SMMPs equip front-line sales staff with the tools they need for effective social lead generation

    • Content-centric social analytics allow sales staff to see click-through details for content posted on social networks. In many cases, these leads are warm and ready for immediate follow-up.
    • A software development firm uses an SMMP to post a whitepaper promoting its product to multiple social networks.
      • The whitepaper is subsequently downloaded by a number of potential prospects.
      • Content-centric analytics within the SMMP link the otherwise-anonymous downloads to named social media accounts.
      • Leads assigned to specific account managers, who use existing CRM software to pinpoint contact information and follow-up in a timely manner.
    • Organizations that intend to use their SMMP for sales purposes should ensure their vendor of choice offers integration with LinkedIn. LinkedIn is the business formal of social networks, and is the network with the greatest proven efficacy from a sales perspective.

    Using an SMMP to assist the sales process can…

    • Increase the number of leads generated through social channels as a result of social sharing.
    • Increase the quality of leads generated through social channels by examining influence scores.
    • Increase prospecting efficiency by finding social leads faster.
    • Keep account managers in touch with prospects and clients through social media.

    Info-Tech Best Practice

    Social media is on the rise in sales organizations. Savvy companies are using social channels at all points in the sales process, from prospecting to account management. Organizations using social channels for sales will want an SMMP to manage the volume of information and provide content-centric analytics.

    Incorporate social media into marketing workflows to gain customer insights, promote your brand, and address concerns

    While most marketing departments have used social media to some extent, few are using it to its full potential. Identify marketing workflows that can be enhanced through the use of social channel integration.
    • Large organizations must define separate workflows for each stakeholder organization if marketing’s duties are divided by company division, brand, or product lines.
    • Inquiries stemming from marketing campaigns and advertising must be handled by social media teams. For example, if a recent campaign sparks customer questions on the company’s Facebook page, be ready to respond!
    • Social media can be used to detect issues that may indicate product defects, provided defect tracking is not already incorporated into customer service workflows. If defect tracking is part of customer service processes, then such issues should be routed to the customer service organization.
    • If social listening is employed, in addition to monitoring the company's own social properties, marketing teams may elect to receive notices of major trends concerning the company's products or those of competitors.
    Word jumble of different sized buzz words around 'Brand Building'.

    I’m typically using my social media team as a proactive marketing team in the social space, whereas I’m using my consumer relations team as a reactive marketing and a reactive consumer relations taskforce. So a little bit different perspective.” (Greg Brickl, IT Director, Organic Valley)

    SMMPs allow marketers to satisfy all of their needs with one solution

    • Have a marketing manager jointly responsible for the selection of an SMMP to realize higher overall success. This will significantly improve customer acquisition approval and competitive intelligence, as well as the overall SMMP success.
    • The marketing manager should be involved in fleshing out the business requirements of the SMMP in order to select the most appropriate solution.
    • Once selected, the SMMP has multiple benefits for marketing professionals. One pivotal benefit of SMMPs for marketing is the capability for centralized account management. Multiple social pages and feeds can be rapidly managed at pre-determined times, through an easy-to-use dashboard delivered from one source.
    • Centralized account management is especially pertinent for organizations with a wide geographic client base, as they can manage wide social media campaigns within multiple time zones, delivering their messaging appropriately. (e.g. contests, product launches, etc.)
    Bar Chart comparing 'Average Success Scores' of different goals based on whether the 'Marketing Manager [was] Responsible' or not. Scores are always higher when they were.
    (Source: Info-Tech Research Group N = 37)

    Info-Tech Best Practice

    Managing multiple social media accounts on an ad hoc basis is time consuming and costs money. Lower costs and get the best results out of your social media campaigns by involving the marketing team in the SMMP selection process and knowing their functional requirements.

    Leverage SMMPs to proactively identify and respond to customer service issues occurring in the social cloud

    • SMMPs are an invaluable tool in customer service organizations. In-band response capabilities allow customer service representatives to quickly and effectively address customer service issues – either reactively or proactively.
    • Reactive customer service can be provided through SMMPs by providing response capabilities for private messages or public mentions (e.g. “@AcmeCo” on Twitter). Many SMMPs provide a queue of social media messages directed at the organization, and also give the ability to assign specific messages to an individual service representative or product expert. Responding to a high-volume of reactive social media requests can be time consuming without an SMMP.
    • Proactive customer service uses the ability of SMMPs to monitor the social cloud for specific keywords in order to identify customers having issues. Forward-thinking companies actively monitor the social cloud for customer service opportunities, to protect and improve their image.
    Illustration of reactive service where the customer initiates the process and then receives service.
    Reactive service is customer-initiated.

    Illustration of proactive service with a complaint through Twitter monitored by an SMMP allowing an associate to provide a 'Proactive Resolution'.
    SMMPs enable organizations to monitor the social cloud for service opportunities and provide proactive service in-band.

    Info-Tech Best Practice

    Historically, customer service has been “reactive” (i.e. customer initiated) and solely between the customer and supplier. Social media forces proactive service interactions between customer, supplier, and the entire social cloud. Using an SMMP significantly improves reactive and proactive service. The ability to integrate with customer service applications is essential.

    Customer service is a vital department to realize value from leveraging an SMMP

    Info-Tech’s research shows that the more departments get involved with social media implementation, the higher the success score (calculated based on respondents’ report of the positive impact of social media on business objectives). On average, each additional department involved in social media programs increases the overall social media success score by 5%. For example, organizations that leveraged social media within the customer service department, achieved a higher success score than those that did not.

    The message is clear: encourage broad participation in coordinated social media efforts to realize business goals.

    Line graph comparing 'Social Media Success Score' with the 'Number of Departments Involved'. The line trends upward on both axes.
    (Source: Info-Tech Research Group N=65)
    Bar chart comparing 'Social Media Success Scores' if 'Customer Service Involvement' was Yes or No. 'Yes' has a higher score.

    Our research indicates that the most important stakeholder to ensure steering committee success is Customer Service. This has a major impact on CRM integration requirements – more on this later.

    SMMPs are indispensable for allowing PR managers to keep tabs on the firm and its brands

    • Public relations is devoted to relationship management; as such, it is critical for savvy PR departments to have a social media presence.
    • SMMPs empower PR professionals with the ability to track the sentiment of what is said about their organization. Leverage keyword searches and heuristic analysis to proactively mitigate threats and capitalize on positive opportunities. For example, sentiment analysis can be used to identify detractors making false claims over social channels. These claims can then be countered by the Public Relations team.
    • Sentiment analysis can be especially important to the PR professional through change and crisis management situations. These tools allow an organization to track the flow of information, as well as the balance of positive and negative postings and their influence on others in the social cloud.
    • Social analytics provided by SMMPs also serve as a goldmine for competitive intelligence about rival firms and their products.

    Benefits of Sentiment Analysis for PR

    • Take the pulse of public perception of your brands (and competitors).
    • Mitigate negative comments being made and respond immediately.
    • Identify industry and consumer thought leaders to follow on social networks.

    Illustration of sentiment analysis.
    Use sentiment analysis to monitor the social cloud.

    Info-Tech Best Practice

    Leaving negative statements unaddressed can cause harm to an organization’s reputation. Use an SMMP to track what is being said about your organization; take advantage of response capabilities to quickly respond and mitigate PR risk.

    SMMPs for recruiting is an emerging talent recruitment technique and will lead to stronger candidates

    • Social media provides more direct connections between employer and applicant. It’s faster and more flexible than traditional e-channels.
    • SMMPs should be deployed to the HR silo to aid with recruiting top-quality candidates. Account management functionality can dramatically reduce the amount of time HR managers spend synchronizing content between various social media services.
    • In-band response capabilities flag relevant social conversations and allow HR managers to rapidly respond to prospective employee inquiries. Rapid response over social channels gives candidates a positive impression of the organization.
    • Analytics give HR managers insight into hiring trends and the job market at large – sentiment analysis is useful for gauging not just candidate interests, but also anonymous employee engagement.

    A social media campaign managed via SMMP can…

    • Increase the size of the applicant pool by “fishing where the fish are.”
    • Increase the quality of applicants by using monitoring to create targeted recruitment materials.
    • Increase recruiting efficiency by having a well-managed, standing presence on popular social media sites – new recruiting campaigns require less “awareness generation” time.
    • Allow HR/recruiters to be more in-touch with hiring trends via social analytics.
    Horizontal bar chart of social media platforms that recruiters use. LinkedIn is at the top with 87%. Only 4% of recruiters are NOT using social media for recruitment, while 50% of recruiters plan to increase their investment in SMR in the coming year. (Source: Jobvite, 2015)

    Collapse your drivers for SMMP and link them to Info-Tech’s Vendor Landscape use cases

    Vendor Profiles icon

    USE CASES

    Social Listening and Analytics

    What It Looks Like
    Functionality for capturing, aggregating, and analyzing social media content in order to create actionable customer or competitive insights.

    How It Works
    Social listening and analytics includes features such as sentiment and contextual analysis, workflow moderation, and data visualization.

    Social Publishing and Campaign Management

    What It Looks Like
    Functionality for publishing content to multiple networks or accounts simultaneously, and managing social media campaigns in-depth (e.g. social property management and post scheduling).

    How It Works
    Social publishing and campaign management include features such as campaign execution, social post integration, social asset management, and post time optimization.

    Social Customer Care

    What It Looks Like
    Functionality for management of the social customer service queue as well as tools for expedient resolution of customer issues.

    How It Works
    Social customer care use case primarily relies on strong social moderation and workflow management.

    Identify the organizational drivers for social media management – whether it is recruiting, public relations, customer service, marketing, or sales – and align them with the most applicable use case.

    Profile and rank your top use cases for social media management using the Use-Case Fit Assessment Tool

    Associated Activity icon 1.2.1 1 Hour

    INPUT: Project Manager, Core project team

    OUTPUT: Use-case suitability

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Download your own version of the tool and complete the questionnaire on tab 2, Assessment.
      • Use the information gathered from your assessments and initial project scoping to respond to the prompts to identify the business and IT requirements for the tool.
      • Answer the prompts for each statement from a range of strongly disagree to strongly agree.
    2. Review the outcomes on tab 3, Results.
      • This tab provides a qualitative measure assessing the strength of your fit against the industry use-case scenarios.
    3. If not completed as a team, debrief the results and implications to your core project team.

    Use the SMMP Use-Case Fit Assessment Tool to identify which areas you should focus on

    Supporting Tool icon 1.3 Use Case Fit Assessment Tool
    Use the Use-Case Fit Assessment Tool to understand how your unique requirements map into a specific SMMP use case.

    This tool will assess your answers and determine your relative fit against the use-case scenarios.

    Fit will be assessed as “Weak,” “Moderate,” or “Strong.”

    Consider the common pitfalls, which were mentioned earlier, that can cause IT projects to fail. Plan and take clear steps to avoid or mitigate these concerns.

    Note: These use-case scenarios are not mutually exclusive. Your organization can align with one or more scenarios based on your answers. If your organization shows close alignment to multiple scenarios, consider focusing on finding a more robust solution and concentrate your review on vendors that performed strongly in those scenarios or meet the critical requirements for each.

    INFO-TECH DELIVERABLE

    Sample of the SMMP Use-Case Fit Assessment Tool.

    Identify the marketing, sales, and customer service metrics that you will target for improvement using an SMMP

    Create measurable S.M.A.R.T. goals for the project.

    Consider the following questions when building your SMMP metrics:
    1. What are the top marketing objectives for your company? For example, is building initial awareness or driving repeat customers more important?
    2. What are the corresponding social media goals for this business objective?
    3. What are some of the metrics that could be used to determine if business and social media objectives are being attained?
    Use Case Sample Metric Descriptions Target Metric
    Social Listening and Analytics Use a listening tool to flag all mentions of our brands or company on social Increase in mentions with neutral or positive sentiment, decrease in mentions with negative sentiment
    Social Publishing and Campaign Management Launch a viral video campaign showcasing product attributes to drive increased YT traffic Net increase in unaided customer recall
    Social Customer Care Create brand-specific social media pages to increase customer sentiment for individual brand extensions Net increase in positive customer sentiment (i.e. as tracked by an SMMP)

    Build the metrics inventory

    Associated Activity icon 1.2.2 45 Minutes

    INPUT: Marketing, sales, and customer service objectives

    OUTPUT: Metrics inventory

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Identify the top marketing, sales, and customer service objectives for your company? For example, is building initial awareness or driving repeat customers more important?
    2. What are the corresponding social media goals for each business objective?
    3. What are some of the metrics that could be used to determine if business and social media objectives are being attained?
    Marketing/PR Objectives Social Media Goals Goal Attainment Metrics
    E.g. build a positive brand image
    • Create brand-specific social media pages to increase customer sentiment for individual brand extensions
    Net increase in positive customer sentiment (i.e. as tracked by an SMMP)
    E.g. increase customer mind share
    • Launch a viral video campaign showcasing product attributes to drive increased YT traffic
    Net increase in unaided customer recall
    E.g. monitor public mentions
    • Use a listening tool to flag all mentions of our brands or company on social
    Increase in mentions with neutral or positive sentiment, decrease in mentions with negative sentiment

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1

    Sample of activity 1.1.1 'Assess where your organization sits on the social media maturity curve'. Assess your organization’s social media maturity

    An Info-Tech analyst will facilitate a discussion to assess the maturity of your organization’s social media program and take an inventory of your current efforts across different departments (e.g. Marketing, PR, Sales, and Customer Service).

    1.1.2

    Sample of activity 1.1.2 'Inventory the current social media networks that must be supported by SMMP'. Inventory your current social media networks

    The analyst will facilitate an exercise to catalog all social media networks used in the organization.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    1.1.3

    Sample of activity 1.1.3 'Go/no-go assessment on SMMP'. Go/no go assessment on SMMP

    Based on the maturity assessment, the analyst will help identify whether an SMMP will help you achieve your goals in sales, marketing, and customer service.

    1.2.1

    Sample of activity 1.2.1 'Profile and rank your top use cases for social media management using the Use Case Fit Assessment Tool'. Rank your top use cases for social media management

    An analyst will facilitate the exercise to answer a series of questions in order to determine best-fit scenario for social media management for your organization.

    1.2.2

    Sample of activity 1.2.2 'Build the metrics inventory'. Build the metrics inventory

    An analyst will lead a whiteboarding exercise to brainstorm and generate metrics for your organization’s social media goals.

    Select and Implement a Social Media Management Platform

    PHASE 2

    Select an SMMP

    This phase also includes Info-Tech’s SMMP Vendor Landscape Title icon for vendor slides.

    Phase 2: Select an SMMP

    Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes. Only Phase 2 is highlighted.
    Estimated Timeline: 1-3 Months

    Info-Tech Insight

    Taking a use-case-centric approach to vendor selection allows you to balance the need for different social capabilities between analytics, campaign management and execution, and customer service.

    Major Milestones Reached
    • Vendor Selection
    • Finalized and Approved Contract

    Key Activities Completed

    • RFP Process
    • Vendor Evaluations
    • Vendor Selection
    • Contract Negotiation

    Outcomes from This Phase

    The completed procurement of an SMMP solution.

    • Selected SMMP solution
    • Negotiated and finalized contract

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Select an SMMP

    Proposed Time to Completion: 4 weeks
    Step 2.1: Analyze and shortlist SMMP vendors Step 2.2: Evaluate vendor responses
    Start with an analyst kick-off call:
    • Evaluate the SMMP marketspace.
    • Re-evaluate best-fit use case.
    Review findings with analyst:
    • Determine your SMMP procurement strategy.
    • Reach out to SMMP vendors.
    Then complete these activities…
    • Review vendor profiles and analysis.
    • Create your own evaluation framework and shortlisting criteria.
    Then complete these activities…
    • Prioritize your requirements.
    • Create an RFP for SMMP procurement.
    • Evaluate vendor responses.
    • Set up product demonstrations.
    With these tools & templates:
    • SMMP Vendor Landscape (included here)
    • SMMP Vendor Shortlist Tool
    With these tools & templates:
    • SMMP RFP Template
    • SMMP Vendor Demo Script Template
    • SMMP Evaluation and RFP Scoring Tool
    Phase 1 Results & Insights:
    • Finalize vendor and product selection

    Phase 2, Step 1: Analyze and shortlist vendors in the space

    2.1

    2.2

    Analyze and shortlist vendors in the space Select your SMMP solution

    This step will walk you through the following activities:

    • Review vendor landscape methodology
    • Shortlist SMMP vendors

    This step involves the following participants:

    • Core team
    • Representative stakeholders from Digital Marketing, Sales, and IT

    The SMMP Vendor Landscape includes the following sections:

    VENDOR LANDSCAPE

    Info-Tech's Methodology

    Vendor title icon.

    Vendor Landscape use-case scenarios are evaluated based on weightings of features and vendor/product considerations

    Vendor Profiles icon

    Use cases were scored around the features from the general scoring identified as being relevant to the functional considerations and drivers for each scenario.

    Calculation Overview
    Advanced Features Score X Vendor Multiplier = Vendor Performance for Each Scenario
    Pie Chart of Product and Vendor Weightings.
    Product and Vendor Weightings
    Pie Chart of Advanced Features Weightings.
    Advanced Features Weightings

    Please note that both advanced feature scores and vendor multipliers are based on the specific weightings calibrated for each scenario.

    Vendor performance for each use-case scenario is documented in a weighted bar graph

    Vendor Profiles icon
    Sample of the 'Vendor performance for the use-case scenario' slide. Vendor Performance

    Vendors qualify and rank in each use-case scenario based on their relative placement and scoring for the scenario.

    Vendor Ranking

    Champion: The top vendor scored in the scenario

    Leaders: The vendors who placed second and third in the scenario

    Players: Additional vendors who qualified for the scenarios based on their scoring

    Sample of the 'Value Index for the use case scenario' slide. Value ScoreTM

    Each use-case scenario also includes a Value Index that identifies the Value Score for a vendor relative to their price point. This additional framework is meant to help price-conscious organizations identify vendors who provide the best “bang for the buck.”

    VENDOR LANDSCAPE

    Review the SMMP Vendor Evaluation

    Vendor title icon.

    SMMP market overview

    Vendor Profiles icon

    How It Got Here

    • The SMMP market was created in response to the exploding popularity of social media and the realization that it can be harnessed for a wide variety of enterprise purposes (from consumer intelligence to marketing campaigns and customer service).
    • As the number of social media services has expanded, and as the volume of content generated via social networks has ballooned, it became increasingly difficult to mine insights and manage social campaigns. A number of vendors (mostly start-ups) began offering platforms that attempted to streamline and harness social media processes.
    • As usage of social media expanded beyond just the marketing and PR function, being able to successfully scale a social strategy to a large number of customer care and sales interactions became paramount: SMMPs filled a niche by offering large-scale response and workflow management capabilities.

    Where It’s Going

    • The market is segmented into two broad camps: SMMPs focused on social listening and analytics, and SMMPs focused on social engagement. Although the two have begun to converge, there continues to be a clear junction in the market between the two, with a surprising lack of vendors that are equally adept at both sides.
    • With the rise of SMMPs, the expectation was that CRM vendors would offer feature sets similar to those of standalone SMMPS. However, CRM vendors have been slow in incorporating the functionality directly into their products. While some major vendors have made ground in this direction in the last year, organizations that are serious about social will still need a best-of-breed SMMP.
    • Other major trends include using application integration to build a 360-degree view of the customer, workflow automation, and competitive benchmarking.

    Info-Tech Insight

    As the market evolves, capabilities that were once cutting edge become default and new functionality becomes differentiating. Supporting multiple social media services and accounts has become a Table Stakes capability and should no longer be used to differentiate solutions. Instead focus on an SMMP’s social listening, campaign management, and customer care to help you find a solution that best fits your requirements.

    Review Info-Tech’s Vendor Landscape of the SMMP market to identify vendors that meet your requirements

    Vendors Evaluated

    Various logos of the vendors who were evaluated.

    Each vendor in this landscape was evaluated based on their features, product considerations, and vendor considerations. Each vendor was profiled using these evaluations and, based on their performance, qualified and placed in specific use-case scenarios.

    These vendors were included due to consideration of their market share, mind share, and platform coverage

    Vendor Profiles icon

    Vendors included in this report provide a comprehensive, innovative, and functional solution for integrating applications and automating their messaging.

    Included in this Vendor Landscape:

    Adobe: Adobe Social is a key pillar of Adobe’s ecosystem that is heavily focused on social analytics and engagement.

    Hootsuite: A freemium player with strong engagement and collaboration tools, particularly well suited for SMBs.

    Salesforce: Social Studio is a leading social media management solution and is a key channel of Salesforce Marketing Cloud.

    Sendible: A fairly new entrant to the social media management space, Sendible offers robust campaign management capability that is well suited for agencies and SMBs.

    Sprinklr: A leading solution that focuses on social customer care, offering strong ability to prioritize, route, and categorize high-volume social messaging.

    Sprout Social: A great choice for mid-sized companies looking to provide robust social engagement and customer care.

    Sysomos: Their MAP and Heartbeat products offer customers in-depth analysis of a wide array of social channels.

    Viralheat (Cision): Now a Cision product, Viralheat is an excellent option for analytics, social response workflow management, and in-band social engagement.

    Table Stakes represent the minimum standard; without these, a product doesn’t even get reviewed

    Vendor Profiles icon

    The Table Stakes

    Feature: What it is:
    Multiple Services Supported The ability to mange or analyze at least two or more social media services.
    Multiple Accounts Supported The ability to manage or analyze content from at least two or more social media accounts.
    Basic Engagement The ability to post status updates to multiple social media sites.
    Basic Analytics The ability to display inbound feeds and summary info from multiple social media sites.

    What does this mean?

    The products assessed in this Vendor Landscape meet, at the very least, the requirements outlined as Table Stakes.

    Many of the vendors go above and beyond the outlined Table Stakes, some even do so in multiple categories. This section aims to highlight the products’ capabilities in excess of the criteria listed here.

    Info-Tech Insight

    If Table Stakes are all you need from your SMMP solution, the only true differentiator for the organization is price. Otherwise, dig deeper to find the best price to value for your needs.

    Advanced Features are the capabilities that allow for granular differentiation of market players and use-case performance

    Vendor Profiles icon

    Scoring Methodology

    Info-Tech scored each vendor’s features on a cumulative four-point scale. Zero points are awarded to features that are deemed absent or unsatisfactory, one point is assigned to features that are partially present, two points are assigned to features that require an extra purchase in the vendor’s product portfolio or through a third party, three points are assigned to features that are fully present and native to the solution, and four points are assigned to the best-of-breed native feature.

    For an explanation of how Advanced Features are determined, see Information Presentation – Feature Ranks (Stoplights) in the Appendix.

    Feature: What we looked for:
    Social Media Channel Integration - Inbound Ability to monitor social media services, such as Facebook, Twitter, LinkedIn, YouTube, and more.
    Social Media Channel Integration - Outbound Ability to publish to social media services such as Facebook, Twitter, LinkedIn, YouTube, and more.
    Social Response Management Ability to respond in-band to social media posts.
    Social Moderation and Workflow Management Ability to create end-to-end routing and escalation workflows from social content.
    Campaign Execution Ability to manage social and media assets: tools for social campaign execution, reporting, and analytics.
    Social Post Archival Ability to archive social posts and platform activity to create an audit trail.
    Trend Analysis Ability to monitor trends and traffic on multiple social media sites.
    Sentiment Analysis Ability to analyze and uncover insights from attitudes and opinions expressed on social media.
    Contextual Analysis Ability to use NLP, deep learning and semantic analysis to extract meaning from social posts.
    Social Asset Management Ability to access visual asset library with access permissions and expiry dates to be used on social media.
    Post Time Optimization Ability to optimize social media posts by maximizing the level of interaction and awareness around the posts.
    Dashboards and Visualization Ability to visualize data and create analytics dashboards.

    Vendor scoring focused on overall product attributes and vendor performance in the market

    Vendor Profiles icon

    Scoring Methodology

    Info-Tech Research Group scored each vendor’s overall product attributes, capabilities, and market performance.

    Features are scored individually as mentioned in the previous slide. The scores are then modified by the individual scores of the vendor across the product and vendor performance features.

    Usability, overall affordability of the product, and the technical features of the product are considered, and scored on a five-point scale. The score for each vendor will fall between worst and best in class.

    The vendor’s performance in the market is evaluated across four dimensions on a five-point scale. Where the vendor places on the scale is determined by factual information, industry position, and information provided by customer references and/or available from public sources.

    Product Evaluation Features

    Usability The end-user and administrative interfaces are intuitive and offer streamlined workflow.
    Affordability Implementing and operating the solution is affordable given the technology.
    Architecture Multiple deployment options, platform support, and integration capabilities are available.

    Vendor Evaluation Features

    Viability Vendor is profitable, knowledgeable, and will be around for the long term.
    Focus Vendor is committed to the space and has a future product and portfolio roadmap.
    Reach Vendor offers global coverage and is able to sell and provide post-sales support.
    Sales Vendor channel partnering, sales strategies, and process allow for flexible product acquisition.

    Balance individual strengths to find the best fit for your enterprise

    Vendor Profiles icon

    A list of vendors with ratings for their 'Product: Overall, Usability, Affordability, and Architecture' and their 'Vendor: Overall, Viability, Focus, Reach, and Sales'. It uses a quarters rating system where 4 quarters of a circle is Exemplary and 0 quarters is Poor.

    For an explanation of how the Info-Tech Harvey Balls are calculated, see Information Presentation – Criteria Scores (Harvey Balls) in the Appendix.

    Balance individual strengths to find the best fit for your enterprise

    Vendor Profiles icon

    A list of vendors with ratings for their 'Evaluated Features'. Rating system uses Color coding with green being 'Feature is fully present...' and red being 'Feature is absent', and if a star is in the green then 'Feature is best in its class'.

    For an explanation of how Advanced Features are determined, see Information Presentation – Feature Ranks (Stoplights) in the Appendix.

    Vendor title icon.

    USE CASE 1

    Social Listening and Analytics

    Seeking functionality for capturing, aggregating, and analyzing social media content in order to create actionable customer or competitive insights.

    Feature weightings for the social listening and analytics use-case scenario

    Vendor Profiles icon

    Core Features

    Sentiment Analysis Uncovering attitudes and opinions expressed on social media is important for generating actionable customer insights.
    Dashboards and Visualization Capturing and aggregating social media insights is ineffective without proper data visualization and analysis.
    Trend Analysis The ability to monitor trends across multiple social media services is integral for effective social listening.
    Contextual Analysis Understanding and analyzing language and visual content on social media is important for generating actionable customer insights.

    Additional Features

    Social Media Channel Integration – Inbound

    Social Moderation and Workflow Management

    Social Post Archival

    Feature Weightings

    Pie chart of feature weightings.

    Vendor considerations for the social listening and analytics use-case scenario

    Vendor Profiles icon

    Product Evaluation Features

    Usability A clean and intuitive user interface is important for users to fully leverage the benefits of an SMMP.
    Affordability Affordability is an important consideration as the price of SMMPs can vary significantly depending on the breadth and depth of capability offered.
    Architecture SMMP is more valuable to organizations when it can integrate well with their applications, such as CRM and marketing automation software.

    Vendor Evaluation Features

    Viability Vendor viability is critical for long-term stability of an application portfolio.
    Focus The vendor is committed to the space and has a future product and portfolio roadmap.
    Reach Companies with processes that cross organizational and geographic boundaries require effective and available support.
    Sales Vendors need to demonstrate flexibility in terms of industry and technology partnerships to meet evolving customer needs.

    Pie chart for Product and Vendor Evaluation Features.

    Vendor performance for the social listening and analytics use-case scenario

    Vendor Profiles icon
    Champion badge.

    Champions for this use case:

    Salesforce: Salesforce Social Studio offers excellent trend and in-depth contextual analysis and is among the best vendors in presenting visually appealing and interactive dashboards.
    Leader badge.

    Leaders for this use case:

    Sysomos: Sysomos MAP and Heartbeat are great offerings for conducting social media health checks using in-depth contextual analytics.

    Adobe: Adobe Social is a great choice for digital marketers that need in-depth sentiment and longitudinal analysis of social data – particularly when managing social alongside other digital channels.

    Best Overall Value badge.

    Best Overall Value Award

    Sysomos: A strong analytics capability offered in Sysomos MAP and Heartbeat at a relatively low cost places Sysomos as the best bang for your buck in this use case.

    Players in the social listening and analytics scenario

    • Sprinklr
    • Hootsuite
    • Sprout Social

    Vendor performance for the social listening and analytics use-case scenario

    Vendor Profiles icon

    Stacked bar chart comparing vendors' use-case performance in multiple areas of 'Social Listening and Analytics'.

    Value Index for the social listening and analytics scenario

    Vendor Profiles icon
    What is a Value Score?

    The Value Score indexes each vendor’s product offering and business strength relative to its price point. It does not indicate vendor ranking.

    Vendors that score high offer more bang-for-the-buck (e.g. features, usability, stability) than the average vendor, while the inverse is true for those that score lower.

    Price-conscious enterprises may wish to give the Value Score more consideration than those who are more focused on specific vendor/product attributes.

    On a relative basis, Sysomos maintained the highest Info-Tech Value ScoreTM of the vendor group for this use-case scenario. Vendors were indexed against Sysomos’ performance to provide a complete, relative view of their product offerings.

    Bar chart of vendors' Value Scores in social listening and analytics. Sysomos has the highest and the Average Score is 66.8.

    For an explanation of how price is determined, see Information Presentation – Price Evaluation in the Appendix.

    For an explanation of how the Info-Tech Value Index is calculated, see Information Presentation – Value Index in the Appendix.

    Vendor title icon.

    USE CASE 2

    Social Publishing and Campaign Management

    Seeking functionality for publishing content to multiple networks or accounts simultaneously, and managing social media campaigns in-depth (e.g. social property management and post scheduling).

    Feature weightings for the social publishing and campaign management use-case scenario

    Vendor Profiles icon

    Core Features

    Campaign Execution The ability to manage multiple social media services simultaneously is integral for carrying out social media campaigns.
    Social Response Management Creating response workflows is equally important to publishing capability for managing social campaigns.

    Additional Features

    Social Media Channel Integration – Outbound

    Social Moderation and Workflow Management

    Social Post Archival

    Social Asset Management

    Post Time Optimization

    Social Media Channel Integration – Inbound

    Trend Analysis

    Sentiment Analysis

    Dashboards and Visualization

    Feature Weightings

    Pie chart of feature weightings.

    Vendor considerations for the social publishing and campaign management use-case scenario

    Vendor Profiles icon

    Product Evaluation Features

    Usability A clean and intuitive user interface is important for users to fully leverage the benefits of an SMMP.
    Affordability Affordability is an important consideration as the price of SMMPs can vary significantly depending on the breadth and depth of capability offered.
    Architecture SMMP is more valuable to organizations when it can integrate well with their applications, such as CRM and marketing automation software.

    Vendor Evaluation Features

    Viability Vendor viability is critical for long-term stability of an application portfolio.
    Focus The vendor is committed to the space and has a future product and portfolio roadmap.
    Reach Companies with processes that cross organizational and geographic boundaries require effective and available support.
    Sales Vendors need to demonstrate flexibility in terms of industry and technology partnerships to meet evolving customer needs.

    Pie chart of Product and Vendor Evaluation Features.

    Vendor performance for the social publishing and campaign management use-case scenario

    Vendor Profiles icon

    Champion badge.

    Champions for this use case:

    Adobe: Adobe has the best social campaign execution capability in the market, enabling marketers to manage and auto-track multiple campaigns. It also offers a strong asset management feature that allows users to leverage Marketing Cloud content.
    Leader badge.

    Leaders for this use case:

    Salesforce: SFDC has built a social marketing juggernaut, offering top-notch response workflows and campaign execution capability.

    Hootsuite: Hootsuite has good response capabilities backed up by a strong team collaboration feature set. It offers simplified cross-platform posting and post-time optimization capabilities.

    Best Overall Value badge.

    Best Overall Value Award

    Sendible: Sendible offers the best value for your money in this use case with good response workflows and publishing capability.

    Players in the social publishing and campaign management scenario

    • Sprout Social
    • Sprinklr
    • Sendible

    Vendor performance for the social publishing and campaign management use-case scenario

    Vendor Profiles icon

    Stacked bar chart comparing vendors' use-case performance in multiple areas of 'Social publishing and campaign management'.

    Value Index for the social publishing and campaign management scenario

    Vendor Profiles icon

    What is a Value Score?

    The Value Score indexes each vendor’s product offering and business strength relative to its price point. It does not indicate vendor ranking.

    Vendors that score high offer more bang-for-the-buck (e.g. features, usability, stability) than the average vendor, while the inverse is true for those that score lower.

    Price-conscious enterprises may wish to give the Value Score more consideration than those who are more focused on specific vendor/product attributes.

    On a relative basis, Sendible maintained the highest Info-Tech Value ScoreTM of the vendor group for this use-case scenario. Vendors were indexed against Sendible’s performance to provide a complete, relative view of their product offerings.

    Bar chart of vendors' Value Scores in social publishing and campaign management. Sendible has the highest and the Average Score is 72.9.

    For an explanation of how Price is determined, see Information Presentation – Price Evaluation in the Appendix.

    For an explanation of how the Info-Tech Value Index is calculated, see Information Presentation – Value Index in the Appendix.

    Vendor title icon.

    USE CASE 3

    Social Customer Care

    Seeking functionality for management of the social customer service queue as well as tools for expedient resolution of customer issues.

    Feature weightings for the social customer care use-case scenario

    Vendor Profiles icon

    Core Features

    Social Moderation and Workflow Management Creating escalation workflows is important for triaging customer service, managing the social customer service queue and offering expedient resolution to customer complaints.

    Additional Features

    Social Media Channel Integration – Outbound

    Social Moderation and Workflow Management

    Social Response Management

    Social Post Archival

    Sentiment Analysis

    Dashboards and Visualization

    Campaign Execution

    Trend Analysis

    Post Time Optimization

    Feature Weightings

    Pie chart with Feature Weightings.

    Vendor considerations for the social customer case use-case scenario

    Vendor Profiles icon

    Product Evaluation Features

    Usability A clean and intuitive user interface is important for users to fully leverage the benefits of an SMMP.
    Affordability Affordability is an important consideration as the price of SMMPs can vary significantly depending on the breadth and depth of capability offered.
    Architecture SMMP is more valuable to organizations when it can integrate well with their applications, such as CRM and marketing automation software.

    Vendor Evaluation Features

    Viability Vendor viability is critical for long-term stability of an application portfolio.
    Focus The vendor is committed to the space and has a future product and portfolio roadmap.
    Reach Companies with processes that cross organizational and geographic boundaries require effective and available support.
    Sales Vendors need to demonstrate flexibility in terms of industry and technology partnerships to meet evolving customer needs.

    Pie chart with Product and Vendor Evaluation Features.

    Vendor performance for the social customer care use-case scenario

    Vendor Profiles icon

    Champion badge.

    Champions for this use case:

    Salesforce: Salesforce offers exceptional end-to-end social customer care capability with strong response escalation workflows.
    Leader badge.

    Leaders for this use case:

    Sprinklr: Sprinklr’s offering gives users high flexibility to configure escalation workflows and role-based permissions for managing the social customer service queue.

    Hootsuite: Hootsuite’s strength lies in the breadth of social networks that the platform supports in offering expedient resolution to customer complaints.

    Best Overall Value badge.

    Best Overall Value Award

    Sysomos: Sysomos is the best bang for your buck in this use case, offering essential response and workflow capabilities.

    Players in the social listening and analytics scenario

    • Sendible
    • Sysomos
    • Viralheat (Cision)

    Vendor performance for the social customer care use-case scenario

    Vendor Profiles icon

    Stacked bar chart comparing vendors' use-case performance in multiple areas of 'Social customer care'.

    Value Index for the social customer care scenario

    Vendor Profiles icon

    What is a Value Score?

    The Value Score indexes each vendor’s product offering and business strength relative to its price point. It does not indicate vendor ranking.

    Vendors that score high offer more bang-for-the-buck (e.g. features, usability, stability) than the average vendor, while the inverse is true for those that score lower.

    Price-conscious enterprises may wish to give the Value Score more consideration than those who are more focused on specific vendor/product attributes.

    On a relative basis, Sendible maintained the highest Info-Tech Value ScoreTM of the vendor group for this use-case scenario. Vendors were indexed against Sendible’s performance to provide a complete, relative view of their product offerings.

    Bar chart of vendors' Value Scores in social customer care. Sysomos has the highest and the Average Score is 79.6.

    For an explanation of how Price is determined, see Information Presentation – Price Evaluation in the Appendix.

    For an explanation of how the Info-Tech Value Index is calculated, see Information Presentation – Value Index in the Appendix.

    VENDOR LANDSCAPE

    Vendor Profiles and Scoring

    Vendor title icon.

    Use the information in the SMMP Vendor Landscape analysis to streamline your own vendor analysis process

    Vendor Profiles icon

    This section of the Vendor Landscape includes the profiles and scoring for each vendor against the evaluation framework previously outlined.

    Sample of the SMMP Vendor Landscape analysis. Vendor Profiles
    • Include an overview for each company.
    • Identify the strengths and weaknesses of the product and vendor.
    • Identify the three-year TCO of the vendor’s solution (based on a ten-tiered model).
    Sample of the Vendor Landscape profiles slide.
    Vendor Scoring

    Use the Harvey Ball scoring of vendor and product considerations to assess alignment with your own requirements.

    Review the use-case scenarios relevant to your organization’s Use-Case Fit Assessment results to identify a vendor’s fit to your organization's SMMP needs. (See the following slide for further clarification on the use-case assessment scoring process.)

    Review the stoplight scoring of advanced features to identify the functional capabilities of vendors.

    Sample of the Vendor Scoring slide.

    Adobe Social is a powerhouse for digital marketers, with extremely well-developed analytics capabilities

    Vendor Profiles icon
    Product Adobe Social
    Employees 15,000+
    Headquarters San Jose, CA
    Website Adobe.com
    Founded 1982
    Presence NASDAQ: ADBE

    Logo for Adobe.

    3 year TCO for this solution falls into pricing tier 8 between $500,000 and $1,000,000.

    Pricing tier for Adobe, tier 8.
    Pricing provided by vendor

    OVERVIEW
    • Adobe Social is a strong offering included within the broader Adobe Marketing Cloud. The product is tightly focused on social analytics and social campaign execution. It’s particularly well-suited to dedicated digital marketers or social specialists.
    STRENGTHS
    • Adobe Social provides broad capabilities across social analytics and social campaign management; its integration with Adobe Analytics is a strong selling point for organizations that need a complete, end-to-end solution.
    • It boasts great archiving capabilities (up to 7 years for outbound posts), meeting the needs of compliance-centric organizations and providing for strong longitudinal analysis capabilities.
    CHALLENGES
    • The product plays well with the rest of the Adobe Marketing Cloud, but the list of third-party CRM and CSM integrations is shorter than some other players in the market.
    • While the product is unsurprisingly geared towards marketers, organizations that want a scalable platform for customer service use cases will need to augment the product due to its focus on campaigns and analytics – service-related workflow and automation capabilities are not a core focus for the company.

    Adobe Social

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Adobe. Overall product is 3/4; overall vendor is 4/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Adobe earned 'Leader' in Social Listening & Analytics and 'Champion' in Social Publishing & Campaign Management.
    Info-Tech Recommends

    Adobe Social provides impressive features, especially for companies that position social media within a larger digital marketing strategy. Organizations that need powerful social analytics or social campaign execution capability should have Adobe on their shortlist, though the product may be an overbuy for social customer care use cases.

    Scores for Adobe's individual features, color-coded as they were previously.

    Hootsuite is a capable vendor that offers a flexible solution for monitoring many different social media services

    Vendor Profiles icon
    Product Hootsuite
    Employees 800
    Headquarters Vancouver, BC
    Website Hootsuite.com
    Founded 2007
    Presence Privately held

    Logo for Hootsuite.

    3 year TCO for this solution falls into pricing tier 6, between $100,000 and $250,000.

    Pricing tier for Hootsuite, tier 6.
    Pricing derived from public information

    OVERVIEW
    • In the past, Hootsuite worked on the freemium model by providing basic social account management features. The company has since expanded its offering and put a strong focus on enterprise feature sets, such as collaboration and workflow management.
    STRENGTHS
    • Hootsuite is extremely easy to use, having one of the most straightforward interfaces of vendors evaluated.
    • It has extensive monitoring capabilities for a wide variety of social networks as well as related services, which are supported through an app store built into the Hootsuite platform.
    • The product provides a comprehensive model for team-based collaboration and workflow management, demonstrated through nice cross-posting and post-time optimization capabilities.
    CHALLENGES
    • Hootsuite’s reporting and analytics capabilities are relatively basic, particularly when contrasted with more analytics-focused vendors in the market.
    • Running cross-channel campaigns is challenging without integration with third-party applications.

    Hootsuite

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Hootsuite. Overall product is 3/4; overall vendor is 4/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Hootsuite earned 5th out of 6 in Social Listening & Analytics, 'Leader' in Social Publishing & Campaign Management, and 'Leader' in Social Customer Care.
    Info-Tech Recommends

    The free version of Hootsuite is useful for getting your feet wet with social management. The paid version is a great SMMP for monitoring and engaging your own social properties with good account and team management at an affordable price. This makes it ideal for SMBs. However, organizations that need deep social analytics may want to look elsewhere.

    Scores for Hootsuite's individual features, color-coded as they were previously.

    Salesforce Marketing Cloud continues to be a Cadillac solution; it’s a robust platform with a host of features

    Vendor Profiles icon
    Product Salesforce Social Studio
    Employees 24,000+
    Headquarters San Francisco, CA
    Website Salesforce.com
    Founded 1999
    Presence NASDAQ: CRM

    Logo for Salesforce.

    3 year TCO for this solution falls into pricing tier 7, between $250,000 and $500,000

    Pricing tier for Salesforce, tier 7.
    Pricing provided by vendor

    OVERVIEW
    • Social Studio is a powerful solution fueled by Salesforce’s savvy acquisitions in the marketing automation and social media management marketspace. The product has rapidly matured and is adept at both marketing and customer service use cases.
    STRENGTHS
    • Salesforce continues to excel as one of the best SMMP vendors in terms of balancing inbound analytics and outbound engagement. The recent addition of Salesforce Einstein to the platform bolsters deep learning capabilities and enhances the product’s value proposition to those that want a tool for robust customer intelligence.
    • Salesforce’s integration of Marketing Cloud, with its Sales and Service Clouds, also creates a good 360-degree customer view.
    CHALLENGES
    • Salesforce’s broad and deep feature set comes at a premium: the solution is priced materially higher than many other vendors. Before you consider Marketing Cloud, it’s important to evaluate which social media capabilities you want to develop: if you only need basic response workflows or dashboard-level analytics, purchasing Marketing Cloud runs the risk of overbuying.
    • In part due to its price point and market focus, Marketing Cloud is more suited to enterprise use cases than SMB use cases.

    Salesforce

    Vendor Profiles icon
    'Product' and 'Vendor' scores for  . Overall product is 3/4; overall vendor is 4/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Salesforce earned 'Champion' in Social Listening & Analytics, 'Leader' in Social Publishing & Campaign Management, and 'Champion' in Social Customer Care.
    Info-Tech Recommends

    Social Studio in Salesforce Marketing Cloud remains a leading solution. Organizations that need to blend processes across the enterprise that rely on social listening, deep analytics, and customer engagement should have the product on their shortlist. However, companies with more basic needs may be off-put by the solution’s price point.

    Scores for 's individual features, color-coded as they were previously.

    Sendible offers multiple social media management capabilities for SMBs and agencies

    Vendor Profiles icon
    Product Sendible
    Employees 27
    Headquarters London, UK
    Website Sendible.com
    Founded 2009
    Presence Privately held

    Logo for Sendible.

    3 year TCO for this solution falls into pricing tier 4, between $25,000 and $50,000

    Pricing tier for Sendible, tier 4.
    Pricing derived from public information

    OVERVIEW
    • Founded in 2009, Sendible is a rising player in the SMMP market. Sendible is primarily focused on the SMB space. A growing segment of its client base is digital marketing agencies and franchise companies.
    STRENGTHS
    • Sendible’s user interface is very intuitive and user friendly.
    • The product offers the ability to manage multiple social accounts simultaneously as well as schedule posts to multiple groups on different social networks, making Sendible a strong choice for social engagement and customer care.
    • Its affordability is strong given its feature set, making it an attractive option for organizations that are budget conscious.
    CHALLENGES
    • Sendible remains a smaller vendor in the market – its list of channel partners lags behind larger incumbents.
    • Sendible’s contextual and visual content analytics are lacking vis-à-vis more analytics-centric vendors.

    Sendible

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Sendible. Overall product is 3/4; overall vendor is 4/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sendible earned 6th out of 6 and 'Best Overall Value' in Social Publishing & Campaign Management and 4th out of 6 in Social Customer Care.
    Info-Tech Recommends

    Sendible offers a viable solution for small and mid-market companies, as well as social agencies with a focus on customer engagement for marketing and customer service use cases. However, organizations that need deep social analytics may want to look elsewhere.

    Scores for Sendible's individual features, color-coded as they were previously.

    Sprinklr

    Vendor Profiles icon
    Product Sprinklr
    Employees 1,100
    Headquarters New York, NY
    Website Sprinklr.com
    Founded 2009
    Presence Privately held

    Logo for Sprinklr.

    Pricing tier for Sprinklr, tier 6.
    Pricing derived from public information

    OVERVIEW
    • Sprinklr has risen rapidly as a best-of-breed player in the social media management market. It markets a solution geared towards multiple use cases, from customer intelligence and analytics to service-centric response management.
    STRENGTHS
    • Sprinklr’s breadth of capabilities are impressive: the vendor has maintained a strong focus on social-specific functionality. As a result of this market focus, they have invested prudently in advanced social analytics and moderation workflow capabilities.
    • Sprinklr’s user experience design and data visualization capabilities are top-notch, making it a solution that’s easy for end users and decision makers to get up and running with quickly.
    CHALLENGES
    • Relative to other players in the market, the breadth and scope of Sprinklr’s integrations with other customer experience management solutions is limited.
    • Based on its feature set and price point, Sprinklr is best suited for mid-to-large organizations. SMBs run the risk of an overbuy situation.

    Sprinklr

    Vendor Profiles icon

    'Product' and 'Vendor' scores for Sprinklr. Overall product is 3/4; overall vendor is 3/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sprinklr earned 4th out of 6 in Social Listening & Analytics, 5th out of 6 in Social Publishing & Campaign Management, and 'Leader' in Social Customer Care.
    Info-Tech Recommends

    Sprinklr is a strong choice for small and mid-market organizations offering breadth of social media management capabilities that covers social analytics, engagement, and customer service.

    Scores for Sprinklr's individual features, color-coded as they were previously.

    Sprout Social provides small-to-medium enterprises with robust social response capabilities at a reasonable price

    Vendor Profiles icon
    Product Sprout Social
    Employees 200+
    Headquarters Chicago, IL
    Website Sproutsocial.com
    Founded 2010
    Presence Privately held

    Logo for Sprout Social.

    3 year TCO for this solution falls into pricing tier 6, between $100,000 and $250,000

    Pricing tier for Sprout Social, tier 6.
    Pricing derived from public information

    OVERVIEW
    • Sprout Social has built out its enterprise capabilities over the last several years. It offers strong feature sets for account management, social monitoring and analytics, and customer care – it particularly excels at the latter.
    STRENGTHS
    • Sprout’s unified inbox and response management features are some of the most intuitive we’ve seen. This makes it a natural option for providing customer service via social channels.
    • Sprout Social is priced competitively in relation to other vendors.
    • The product provides strong social asset management capabilities where users can set content permissions and expiration dates, and limit access.
    CHALLENGES
    • Deep contextual analysis is lacking: the solution clearly falls more to the engagement side of the spectrum, and is particularly suited for social customer service.
    • Sprout Social has a limited number of technology partners for integrations with applications such as CRM and marketing automation software.
    • It still has a predominantly North American market focus.

    Sprout Social

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Sprout Social. Overall product is 3/4; overall vendor is 3/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sprout Social earned 6th out of 6 in Social Listening & Analytics and 4th out of 6 in Social Publishing & Campaign Management.
    Info-Tech Recommends

    Sprout Social’s easy-to-understand benchmarking and dashboards, paired with strong response management, make it a great choice for mid-sized enterprises concerned with social engagement. However, organizations that want to do deep social analytics will need to augment the solution.

    Scores for Sprout Social's individual features, color-coded as they were previously.

    Sysomos’ prime feature is its hardy analytics built atop a plethora of inbound social channels

    Vendor Profiles icon

    Product Sysomos MAP and Heartbeat
    Employees 200+
    Headquarters Toronto, ON
    Website Sysomos.com
    Founded 2007
    Presence Privately held

    Logo for Sysomos.

    3 year TCO for this solution falls into pricing tier 4, between $25,000 and $50,000

    Pricing tier for Sysomos, tier 4.
    Pricing derived from public information

    OVERVIEW
    • Sysomos began life as a project at the University of Toronto prior to its acquisition by Marketwire in 2010.
    • It split from Marketwire in 2015 and redesigned its product to focus on social monitoring, analysis, and engagement.

    STRENGTHS

    • MAP and Heartbeat offer extensive contextual and sentiment analytics, consolidating findings through a spam-filtering process that parses out a lot of the “noise” inherent in social media data.
    • The solution provides an unlimited number of profiles, enabling more opportunities for collaboration.
    • It provides workflow summaries, documenting the actions of staff and providing an audit trail through the entire process.

    CHALLENGES

    • Sysomos has introduced a publishing tool for social campaigns. However, its outbound capabilities continue to lag, and there are currently no tools for asset management.
    • Sysomos’ application integration stack is limited relative to other vendors.

    Sysomos

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Sysomos. Overall product is 3/4; overall vendor is 3/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sysomos earned 'Leader' and 'Best Overall Value' in Social Listening & Analytics and 5th out of 6 as well as 'Best Overall Value' in Social Customer Care.
    Info-Tech Recommends

    Sysomos’ broad array of good features has made it a frequent challenger to Marketing Cloud on analytics-centric SMMP evaluation shortlists. Enterprise-scale customers specifically interested in social listening and analytics, rather than customer engagement and campaign execution, will definitely want to take a look.

    Scores for Sysomos's individual features, color-coded as they were previously.

    Viralheat offers a clean analysis of an organization’s social media activity and has beefed up response workflows

    Vendor Profiles icon

    Product Viralheat
    Employees 1,200
    Headquarters Chicago, IL
    Website Cision.com
    Founded 2015
    Presence Privately held

    Logo for Cision (Viralheat).

    3 year TCO for this solution falls into pricing tier 6, between $100,000 and $250,000

    Pricing tier for Cision (Viralheat), tier 6.
    Pricing derived from public information

    OVERVIEW
    • Viralheat has been in the social media market since 2009. It provides tools for analytics and in-band social engagement.
    • The company was acquired by Cision in 2015, a Chicago-based public relations technology company.

    STRENGTHS

    • Viralheat offers robust workflow management capabilities for social response and is particularly useful for customer service.
    • The product has strong post time optimization capability through its ViralPost scheduling feature.
    • Cision’s acquisition of Viralheat makes the product a great choice for third-party social media management, namely public relations and digital marketing agencies.

    CHALLENGES

    • Viralheat remains a smaller vendor in the market – its list of channel partners lags behind larger incumbents.
    • Contextual and sentiment analysis are lacking relative to other vendors.

    Cision (Viralheat)

    Vendor Profiles icon
    'Product' and 'Vendor' scores for Cision (Viralheat). Overall product is 3/4; overall vendor is 2/4.
    'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Cision (Viralheat) earned  in Social Listening & Analytics,  in Social Publishing & Campaign Management, and  in Social Customer Care.
    Info-Tech Recommends

    Cision has upped its game in terms of social workflow and response management and it monitors an above-average number of services. It is a steadfast tool for brands that are primarily interested in outbound customer engagement for marketing and customer service use cases.

    Scores for Cision (Viralheat)'s individual features, color-coded as they were previously.

    Use the SMMP Vendor Shortlist Tool to customize the vendor analysis for your organization

    Vendor Profiles icon SMMP Vendor Shortlist & Detailed Feature Analysis Tool

    Instructions

    1. Eliminate misaligned vendors with knock-out criteria
      Use the SMMP Vendor Shortlist &am; Detailed Feature Analysis Tool to eliminate vendors based on specific knock-out criteria on tab 2, Knock-Out Criteria.
    2. Create your own evaluation framework
      Tailor the vendor evaluation to include your own product and vendor considerations on tab 3, Weightings. Identify the significance of advanced features for your own procurement on a scale of Mandatory, Optional, and Not Required on tab 4, Detailed Feature Analysis.
    3. Review the results of your customized evaluation
      Review your custom vendor shortlist on tab 5, Results.
    This evaluation uses both functional and architectural considerations to eliminate vendors.

    Knock-Out Criteria

    COTS vs. Open Source
    Deployment Models

    Sample of the SMMP Vender Shortlist & Detailed Feature Analysis Tool tab 5, Results.
    Sample Vendor Shortlist from tab 5, Results

    Interpreting the Results
    Your custom shortlist will rank vendors that passed the initial knock-out criteria based on their overall score.
    The shortlist will provide broken-down scoring, as well as a custom value index based on the framework set in the tool.

    Phase 2, Step 2: Select your SMMP solution

    2.1

    2.2

    Analyze and shortlist vendors in the space Select your SMMP solution

    This step will walk you through the following activities:

    • Prioritize your solution requirements.
    • Create an RFP to submit to vendors.
    • Solicit and review vendor proposals.
    • Conduct onsite vendor demonstrations.
    • Select the right solution.

    This step involves the following participants:

    • Core Project Team
    • Procurement Manager
    • Representative Stakeholders from Digital Marketing, Sales, and IT

    Outcomes of this step:

    • SMMP Selection Strategy

    Determine your SMMP procurement strategy

    Critical Points and Checks in Your Procurement
    • Follow your own organization’s procurement procedures to ensure that you adhere to your organization’s policies.
    • Based on your organization’s policies, identify if you are going to conduct a private or public RFP process.
      • If your RFP will contain sensitive information, use a private RFP process that is directed to specific vendors in order to protect the proprietary practices of your business.

    Info-Tech Insight

    If you are still not sure of a vendor’s capabilities, we recommend sending an RFI before proceeding with an RFP.

    INFO-TECH OPPORTUNITY

    If your organization lacks a clear procurement process, refer to Info-Tech's Optimize IT Procurement research to help construct a formal process for selecting application technology.

    Info-Tech’s 15-Step Procurement Process

    Use Info-Tech's procurement process to ensure that your SMMP selection is properly planned and executed.

    1. Initiate procurement.
    2. Select procurement manager.
    3. Prepare for procurement; check that prerequisites are met.
    4. Select appropriate procurement vehicle.
    5. Assemble procurement teams.
    6. Create procurement project plan.
    7. Identify and notify vendors about procurement.
    8. Configure procurement process.
    9. Gather requirements.
    10. Prioritize requirements.
    11. Build the procurement documentation package.
    12. Issue the procurement.
    13. Evaluate proposals.
    14. Recommend a vendor.
    15. Present to management.

    Much of your procurement process should already be outlined from your charter and initial project structuring.
    In this stage of the process, focus on the successful completion of steps 7-15.

    Prioritize your solution requirements based on your business, architecture, and performance needs

    Associated Activity icon

    INPUT: Requirements Workbook and requirements gathering findings

    OUTPUT: Full documentation of requirements for the RFP and solution evaluation process

    Completed in Section 3

    1. Identify Your Requirements
      Use the findings being collected in the Requirements Workbook and related materials to define clear requirements around your organization’s desired SMMP.
    2. Prioritize Your Requirements
      • Identify the significance of each requirement for your solution evaluation.
      • Identify features and requirements as mandatory, important, or optional.
      • Control the number of mandatory requirements you document. Too many mandatory requirements could create an unrealistic framework for evaluating solutions.
    3. Create a Requirements Package
      • Consolidate your identified requirements into one list, removing redundancies and conflicts.
      • Categorize the requirements based on their priority and nature.
      • Use this requirements package as you evaluate vendors and create your RFP for shortlisted vendors.

    Info-Tech Insight

    No solution will meet 100% of your requirements. Control the number of mandatory requirements you place in your procurement process to ensure that vendors that are the best fit for your organization are not eliminated unnecessarily.

    Create an RFP to submit to vendors

    Supporting Tool icon Request for Proposal Template
    Associated Activity icon Activity: Interpreting the Results

    INPUT: Requirements package, Organization’s procurement procedures

    OUTPUT: RFP

    MATERIALS: Whiteboard and markers

    PARTICIPANTS: Project manager, Core project team

    Leverage Info-Tech’s SMMP RFP Template to convey your desired suite requirements to vendors and outline the proposal and procurement steps set by your organization.

    Build Your RFP
    1. Outline the organization's procurement instructions for vendors (Sections 1, 3, and 5).
    2. Input the requirements package created in Activity 5.2 into your RFP (Section 4).
    3. Create a scenario overview to provide vendors an opportunity to give an estimated price.

    Approval Process

    Each organization has a unique procurement process; follow your own organization’s process as you submit your RFPs to vendors.

    1. Ensure compliance with your organization's standards and gain approval for submitting your RFP.

    Info-Tech RFP
    Table of Contents

    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Standardize the potential responses from vendors and streamline your evaluation with a response template

    Supporting Tool icon Vendor Response Template
    Sample of the Vendor Response Template. Adjust the scope and content of the Vendor Response Template to fit your SMMP procurement process and vendor requirements.

    Section

    Why is this section important?

    About the Vendor This is where the vendor will describe itself and prove its organizational viability.
    Understanding of the Challenge Demonstrates that understanding of the problem is the first step in being able to provide a solution.
    Methodology Shows that there is a proven methodology to approach and solve the challenge.
    Proposed Solution Describes how the vendor will address the challenge. This is a very important section as it articulates what you will receive from the vendor as a solution.
    Project Management, Plan, and Timeline Provides an overview of the project management methodology, phases of the project, what will be delivered, and when.
    Vendor Qualifications Provides evidence of prior experience with delivering similar projects for similar clients.
    References Provides contact information for individuals/organizations for which the vendor has worked and who can vouch for the experience and success of working with this vendor.
    Value Added Services Remember, this could lead to a long-term relationship. It’s not only about what you need now, but also what you may need in the future.
    Requirements Confirmation from the vendor as to which requirements it can meet and how it will meet them.

    Evaluate the RFPs you receive within a clear scoring process

    Supporting Tool icon SMMP RFP Evaluation and Scoring Tool
    Steps to follow: 'Review, Evaluate, Shortlist, Brief, Select' with the first 3 highlighted.

    Associated Activity icon Activity

    Build a fair evaluation framework that evaluates vendor solutions against a set criteria rather than relative comparisons.

    INSTRUCTIONS

    1. Have members of the SMMP evaluation team review the RFP responses given by vendors.
    2. Input vendor solution information into the SMMP RFP Evaluation and Scoring Tool.
    3. Analyze the vendors against your identified evaluation framework.
    4. Identify vendors with whom you wish to arrange vendor briefings.
    5. Contact vendors and arranging briefings.
    How to use this tool
    • Review the feature list and select where each feature is mandatory, desirable, or not applicable.
    • Select if each feature has been met by the vendor RFP response.
    • Enter the costing information provided by each vendor.
    • Determine the relative importance of the features, architecture, and support.
    Tool Output
    • Costing
    • Overall score
    • Evaluation notes and comments

    Vendor product demonstration

    Vendor Profiles icon Demo Script Template

    Demo

    Invite vendors to come onsite to demonstrate the product and to answer questions. Use a demo script to help identify how a vendor’s solution will fit your organization’s particular business capability needs.
    Make sure the solution will work for your business

    Provide the vendor with some usage patterns for the SMMP tool in preparation for the vendor demo.

    Provide the following information to vendors in your script:

    • Usage for different groups.
    • SMMP usage and [business analytics] usage.
    • The requirements for administration.
    How to challenge the vendors in the demo
    • Change visualization/presentation.
    • Change the underlying data.
    • Add additional datasets to the artifacts.
    • Collaboration capabilities.
    • Perform an investigation in terms of finding BI objects and identifying previous changes, and examine the audit trail.
    Sample of the SMMP Demo Script Template
    SMMP Demo Script Template

    INFO-TECH ACTIVITY

    INPUT: Requirements package, Use-case results

    OUTPUT: Onsite demo

    1. Create a demo script that will be sent to vendors that outlines SMMP usage patterns from your organization.
    2. Construct the demo script with your SMMP evaluation team, providing both prompts for the vendor to display the capabilities and some sample data for the vendor to model.

    Use vendor RFPs and demos to select the SMMP that best fits your organization’s needs

    Supporting Tool icon Suite Evaluation and Scoring Tool: Tab 5, Overall Score

    Don’t just choose the vendor who gave the best presentation. Instead, select the vendor who meets your functional requirements and organizational needs.

    Category Weight Vendor 1 Vendor 2 Vendor 3 Vendor 4
    SMMP Features 60% 75% 80% 80% 90%
    Architecture 25% 55% 60% 90% 90%
    Support 15% 10% 70% 60% 95%
    Total Score 100% 60% 74% 80% 91%
    Use your objective evaluation to select a vendor to recommend to management for procurement. Arrow from 'Vendor 4' to post script.

    Don’t automatically decide to go with the highest score; validate that the vendor is someone you can envision working with for the long term.

    • Select a vendor based not only on their evaluation performance, but also on your belief that you could form a lasting and supportive relationship with them.
    • Integration needs are dynamic, not static. Find an SMMP tool and vendor that have strong capabilities and will fit with the application and integration plans of the business.
    • In many cases, you will require professional services together with your SMMP purchase to make sure you have some guidance in the initial development and your own staff are trained properly.

    Following the identification of your selected suite, submit your recommendation to the organization’s management or evaluation team for final approval.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of 'Create an RFP to submit to vendors' slide with 'Request for Proposal Template'. Create an RFP for SMMP procurement

    Our Info-Tech analyst will walk you through the RFP preparation to ensure the SMMP requirements are articulated clearly to vendors in this space.

    Sample of 'Vendor product demonstration' slide with 'Demo Script Template'. Create SMMP demo scripts

    An analyst will walk you through the demo script preparation to guide the SMMP product demonstrations and briefings offered by vendors. The analyst will ensure the demo script addresses key requirements documented earlier in the process.

    Select and Implement a Social Media Management Platform

    PHASE 3

    Review Implementation Considerations

    Phase 3: Review implementation considerations

    Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes. Only Phase 3 is highlighted.
    Estimated Timeline:

    Info-Tech Insight

    Even a solution that is a perfect fit for an organization will fail to generate value if it is not properly implemented or measured. Conduct the necessary planning before implementing your SMMP.

    Major Milestones Reached
    • Plan for implementation and expected go-live date

    Key Activities Completed

    • SMMP Implementation Plan
    • Governance Plan
    • Change Control Methods

    Outcomes from This Phase

    Plans for implementing the selected SMMP tool.

    Phase 3 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Review Implementation Considerations

    Proposed Time to Completion: 2 weeks
    Step 3.1: Establish best practices for SMMP implementation Step 3.2: Assess the measured value from the project
    Start with an analyst kick-off call:
    • Determine the right governance structure to overlook the SMMP implementation.
    • Identify integrations with other applications.
    • Establish an ongoing maintenance plan.
    • Assess the different deployment models.
    Review findings with analyst:
    • Determine the key performance indicators for each department using the SMMP
    • Identify key performance indicators for business units using an SMMP
    Then complete these activities…
    • Establish a governance structure for social media.
    • Specify data linkages with CRM.
    • Identify risks and mitigation strategies
    • Determine the right deployment model for your organization.
    Then complete these activities…
    • Identify key performance indicators for business units using an SMMP
    With these tools & templates:
    • Social Media Steering Committee
    Phase 3 Results & Insights:
    • Implementation Plan
    • SMMP KPIs

    Phase 3, Step 1: Establish best practices for SMMP implementation

    3.1

    3.2

    Establish best practices for SMMP implementation Assess the measured value from the project

    This step will walk you through the following activities:

    • Establish a governance structure for social media management.
    • Specify the data linkages you will need between your CRM platform and SMMP.

    This step involves the following participants:

    • Core Project Team

    Outcomes of this step

    • Social Media Steering Committee Charter
    • SMMP data migration Inventory
    • Determination of the deployment model that works best for your organization
    • Deployment Model

    Follow these steps for effective SMMP implementation

    What to Consider

    • Creating an overall social media strategy is the critical first step in implementing an SMMP.
    • Selecting an SMMP involves gathering business requirements, then translating those requirements into specific selection criteria. Know exactly what your business needs are to ensure the right SMMP is selected.
    • Implement the platform with an eye toward creating business value: establish points of integration with the existing CRM solution, establish ongoing maintenance policies, select the right deployment model, and train end users around role-based objectives.
    Arrow pointing down.

    Plan

    • Develop a strategy for customer interaction
    • Develop a formal strategy for social media
    • Determine business requirements
    Arrow pointing down.

    Create RFP

    • Translate into functional requirements
    • Determine evaluation criteria
    Arrow pointing down.

    Evaluate

    • Evaluate vendors against criteria
    • Shortlist vendors
    • Perform in-depth vendor review

    Implement

    • Integrate with existing CRM ecosystem (if applicable)
    • Establish ongoing maintenance policies
    • Map deployment to organizational models
    • Train end-users and establish acceptable use policies
    • Designate an SMMP subject matter expert

    Before deploying the SMMP, ensure the right social media governance structures are in place to oversee implementation

    An SMMP is a tool, not a substitute, for adequate cross-departmental social media oversight. You must coordinate efforts across constituent stakeholders.

    • Successful organizations have permanent governance structures in place for managing social media. For example, mature companies leverage Social Media Steering Committees (SMSCs) to coordinate the social media initiatives of different business units and departments. Large organizations with highly complex needs may even make use of a physical command center.
    • Compared to traditional apps projects (like CRM or ERP), social media programs tend to start as grassroots initiatives. Marketing and Public Relations departments are the most likely to spearhead the initial push, often selecting their own tools without IT involvement or oversight. This causes application fragmentation and a proliferation of shadow IT.
    • This organic adoption contrasts with the top-down approach many IT leaders are accustomed to. Bottom-up growth can ensure rapid response to social media opportunities, but it also leads to insufficient coordination. A conscious effort should be made to mature your social media strategy beyond this disorganized initial state.
    • IT can help be a “cat herder” to shepherd departments into shared initiatives.

    Info-Tech Best Practice

    Before implementing the SMMP, go through the appropriate organizational governance structures to ensure they have input into the deployment. If a social media steering committee is not already in place, rolling out an SMMP is a great opportunity to get one going. See our research on social media program execution for more details.

    Establish a governance structure for social media management

    Associated Activity icon 3.1.1 60 minutes

    INPUT: Project stakeholders, SMMP mandate

    OUTPUT: Social Media Governance Structure

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Describe the unique role that the governance team will play in social media management.
    2. Describe the overall purpose statement of the governance team.
    3. Define the roles and responsibilities of the governance team.
    4. Document the outcome in the Social Media Steering Committee Charter.

    EXAMPLE

    Executive Sponsorship
    Social Media Steering Committee
    VP Marketing VP Sales VP Customer Service VP Public Relations CIO/ IT Director
    Marketing Dept. Sales Dept. Customer Service Dept. Public Relations Dept. IT Dept.

    Use Info-Tech’s Social Media Steering Committee Charter Template to define roles and ensure value delivery

    Supporting Tool icon 3.1

    Leaders must ensure that the SMSC has a formal mandate with clear objectives, strong executive participation, and a commitment to meeting regularly. Create an SMSC Charter to formalize the committee governance capabilities.

    Developing a Social Media Steering Committee Charter:
    • Outline the committee’s structure, composition, and responsibilities using the Info-Tech Social Media Steering Committee Charter Template.
    • This template also outlines the key tasks and responsibilities for the committee:
      • Providing strategic leadership for social media
      • Leading SMMP procurement efforts
      • Providing process integration
      • Governing social media initiatives
      • Ensuring open communications between departments with ownership of social media processes
    • Keep the completed charter on file and available to all committee members. Remember to periodically update the document as organizational priorities shift to ensure the charter remains relevant.

    INFO-TECH DELIVERABLE

    Sample of the Social Media Steering Committee Charter Template.

    Integrate your social media management platform with CRM to strengthen the realization of social media goals

    • Linking social media to existing customer relationship management solutions can improve information accuracy, reduce manual effort and provide more in-depth customer insights.
      • Organizations Info-Tech surveyed, and who integrated their solutions, achieved more goals as a result.
    • Several major CRM vendors are now offering products that integrate with popular social networking services (either natively or by providing support for third-party add-ons).
      • For example, Salesforce.com now allows for native integration with Twitter, while an add-on available for Oracle gathers real-time information about prospects by pulling their extended information from publicly available LinkedIn profiles.
    • Some CRM vendors are acquiring established SMMPs outright.
      • For example, Salesforce.com acquired Radian6 for their clients that have advanced social media requirements.
    Bar chart comparing the social media goal realization of organizations that integrated their SMMP and CRM technology and those that didn't.

    Info-Tech Best Practice

    CRM vendors still lag in out-of-the-box social features, making a separate SMMP purchase a given. For companies that have not formally integrated social media with CRM, IT should develop the business case in conjunction with the applicable business-side partner (e.g. Marketing, Sales, Service, PR, etc.).

    Establish points of integration between SMMPs and CRM suites to gain a 360 degree view of the customer

    • Social media is a valuable tool from a standalone perspective, but its power is considerably magnified when it’s paired with the CRM suite.
    • Many SMMPs offer native integration with CRM platforms. IT should identify and enable these connectors to strengthen the business value of the platform.
    • An illustrated example of how an SMMP linked via CRM can provide proactive service while contributing to sales and marketing.
      An example of how an SMMP linked via CRM can provide proactive service while contributing to sales and marketing.
    • New channels do not mean they stand alone and do not need to be integrated into the rest of the customer interaction architecture.
    • Challenge SMMP vendors to demonstrate integration experience with CRM vendors and multimedia queue vendors.
    • Manual integration – adding resolved social inquiries yourself to a CRM system after closure – cannot scale given the rapid increase in customer inquiries originating in the social cloud. Integration with interaction management workflows is most desirable.

    These tools are enabling sales, and they help us serve our customers better. And anything that does that, is a good investment on our part.” Chip Meyers, (Sales Operation Manager, Insource)

    Info-Tech Best Practice

    SMMPs are a necessary single-channel evolutionary step, just like there used to be email-only and web chat-only customer service options in the late 1990s. But they are temporary. SMMPs will eventually be subsumed into the larger marketing automation ecosystem. Only a few best of breed will survive in 10 years.

    Specify the data linkages you will need between your CRM platform and SMMP

    Associated Activity icon 3.1.2 1 hour

    INPUT: SMMP data sources

    OUTPUT: SMMP data migration inventory

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Build a list of sources of information that you’ll need to integrate with your CRM tool.
    2. Identify:
      1. Data Source
      2. Integration Direction
      3. Data Type and Use Case
    Data Source Migration/Integration Direction Data Type/Use Case
    Social Platform Bidirectional Recent Social Posts
    Customer Data Warehouse Bidirectional Contact Information, Cases, Tasks, Opportunities

    Establish a plan for ongoing platform maintenance

    • Like other enterprise applications, the SMMP will require periodic upkeep. IT must develop and codify policies around ongoing platform maintenance.
    • Platform maintenance should touch on the following areas:
      • Account access and controls – periodically, access privileges for employees no longer with the organization should be purged.
      • Platform security – cloud-based platforms will be automatically updated by the vendor to plug security holes, but on-premises solutions must be periodically updated to ensure that there are no gaps in security.
      • Pruning of old or outdated material – pages (e.g. Facebook Groups, Events, and Twitter feeds) that are no longer in use should be pruned. For example, a management console for an event that was held two years ago is unnecessary. Remove it from the platform (and the relevant service) to cut down on clutter (and reduce costs for “per-topic” priced platforms.)
    SMMP being fixed by a wrench.

    IT: SMMP Maintenance Checklist

    • Account upkeep and pruning
    • Security, privacy, and access
    • Content upkeep and pruning

    Info-Tech Best Practice

    Even cloud-based platforms like SMMPs require a certain degree of maintenance around account controls, security, and content pruning. IT should assist the business units in carrying out periodic maintenance.

    Social media is a powerful medium, but organizations must develop a prudent strategy for minimizing associated risks

    Using an SMMP can help mitigate many of the risks associated with social media. Review the risk categories on the next several slides to determine which ones can be mitigated by effective utilization of a dedicated SMMP.

    Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
    Privacy and Confidentiality High
    • Risk of inappropriate exchange of information between personal and business social networks (e.g. a personal account used for company business).
    • Abuse of privacy and confidentiality laws.
    • Whenever possible, implement separate social network accounts for business, and train your employees to avoid using personal accounts at work.
    • Have a policy in place for how to treat pre-existing accounts versus newly created ones for enterprise use.
    • Use the “unified sign-on” capabilities of an SMMP to prevent employees from directly accessing the underlying social media services.

    Good governance means being proactive in mitigating the legal and compliance risks of your social media program

    Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
    Trademark and Intellectual Property Medium
    • Copyrighted information could inappropriately be used for promotional and other business purposes (e.g. using a private user’s images in collateral).
    • Legal should conduct training to make sure the organization’s social media representatives only use information in the public domain, nothing privileged or confidential. This is particularly sensitive for Marketing and PR.
    Control over Brand Image and Inappropriate Content Medium
    • Employees on social media channels may post something inappropriate to the nature of your business.
    • Employees can post something that compromises industry and/or ethical standards.
    • Use SMMP outbound filtering/post approval workflows to censor certain inappropriate keywords.
    • Select the team carefully and ensure they are fully trained on both official company policy and social media etiquette.
    • Ensure strong enforcement of Social Media AUPs: take a zero tolerance approach to flagrant abuses.

    Security is a top-of-mind risk, though bandwidth is a low priority issue for most organizations

    Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
    IT Security Medium Risk of employees downloading or being sent malware through social media services. Your clients are also exposed to this risk; this may undermine their trust of your brand.
    • Implement policies that outline appropriate precautions by employees, such as using effective passwords and not downloading unauthorized software.
    • Use web-filtering and anti-malware software that incorporates social media as a threat vector.
    Bandwidth Low Increase in bandwidth needs to support social media efforts, particularly when using video social media such as YouTube.
    • Plan for any bandwidth requirements with IT network staff.
    • Most social media strategies shouldn’t have a material impact on bandwidth.

    Poaching of client lists and increased costs are unlikely to occur, but address as a worst case scenario

    Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
    Competitors Poaching Client Lists Low The ability for a competitor to view lists of clients that have joined your organization’s social media groups.
    • In a public social network, you cannot prevent this. Monitor your own brand as well as competitors’. If client secrecy must be maintained, then you should use a private social network (e.g. Jive, Lithium, private SharePoint site), not a public network.
    Increased Cost of Servicing Customers Low Additional resources may be allocated to social media without seeing immediate ROI.
    • Augment existing customer service responsibilities with social media requests.
    • If a dedicated resource is not available, dedicate a specific amount of time per employee to be spent addressing customer concerns via social media.

    Determine your top social media risks and develop an appropriate mitigation strategy that incorporates an SMMP

    Associated Activity icon 3.1.3 20 minutes

    INPUT: Risk assessment inventory

    OUTPUT: Top social media risks and mitigation plan

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Based on your unique business variables, which social media risk categories are most applicable to your organization? In what order?
    2. Summarize the top risks below and identify mitigation steps (which often involve effective use of a dedicated SMMP).
    Rank Risk Category Mitigation Steps
    High Confidentiality We have strong records retention requirements, so using a rules-based SMMP like SocialVolt is a must.
    Medium Brand Image Ensure that only personnel who have undergone mandatory training can touch our social accounts via an SMMP.
    Low Competitors’ Poaching Lists Migrate our Business Services division contacts onto LinkedIn – maintain no Facebook presence for these clients.

    Determine the workflows that will be supported using your social media management platform

    Determine when, where, and how social media services should be used to augment existing workflows across (and between) the business process domains. Establish escalation rules and decide whether workflows will be reactive or proactively.

    • Fine tune your efforts in each business process domain by matching social technologies to specific business workflows. This will clearly delineate where value is created by leveraging social media.
    • Common business process domains that should be targeted include marketing, sales, and customer service. Public relations, human resources, and analyst relations are other areas to consider for social process support.
    • For each business process domain, IT should assist with technology enablement and execution.
    Target domains: 'Marketing', 'Sales', 'Customer Service', 'Public Relations', 'Human Resources'.

    Info-Tech Best Practice

    The social media governance team should have high-level supervision of process workflows. Ask to see reports from line managers on what steps they have taken to put process in place for reactive and proactive customer interactions, as well as escalations and channel switching. IT helps orchestrate these processes through knowledge and expertise with SMMP workflow capability.

    There are three primary models for SMMP deployment: the agency model uses the SMMP as a third-party offering

    There are three models for deploying an SMMP: agency, centralized, and distributed.

    Agency Model
    Visual of the Agency Model with the 'Social Cloud' attached to the 'SMMP' attached to the 'Agency (e.g. marketing or public relations agency)' attached to the 'Client Organization (Marketing, Sales, Service)'
    • In the agency model of SMMP deployment, the platform is managed on behalf of the organization by a third party – typically a marketing or public relations agency.
    • The agency serves as the primary touch point for the client organization: the client requests the types of market research it wants done, or the campaigns it wants managed. The agency uses its own SMMP(s) to execute the requests. Often, the SMMP’s results or dashboards will be rebranded by the agency.
    • Pros: The agency model is useful when large portions of marketing, service, or public relations are already being outsourced to a third-party provider. Going with an agency also splits the cost of more expensive SMMPs over multiple clients, and limits deployment costs.
    • Cons: The client organization has no direct control over the platform; going with an agency is not cost effective for firms with in-house marketing or PR capabilities.
    • Advice: Go with an agency-managed SMMP if you already use an agency for marketing or PR.

    Select the centralized deployment model when SMMP functionality rests in the hands of a single department

    Centralized Model
    Visual of the Centralized Model with the 'Social Cloud' attached to the 'SMMP' attached to 'Marketing' attached to the 'Sales' and 'Service'
    In this example, marketing owns and manages a single SMMP
    • In the centralized model, a single SMMP workspace is owned and operated predominantly by a single business unit or department. Unlike the agency model, the SMMP functionality is utilized in-house.
    • Information from the SMMP may occasionally be shared with other departments, but normally the platform is used almost exclusively by a single group in the company. Marketing or public relations are usually the groups that maintain ownership of the SMMP in the centralized model (with selection and deployment assistance from the IT department).
    • Pros: The centralized model provides small organizations with an in-house, dedicated SMMP without having to go through an agency. Having a single group own and manage the SMMP is considerably more cost effective than having SMMPs licensed to multiple business units in a small company.
    • Cons: If more and more departments start clamoring for control of SMMP resources, the centralized model will fail to meet the overall needs of the organization.
    • Advice: Small-to-medium enterprises with mid-sized topic or brand portfolios should use the centralized model.

    Go with a distributed deployment if multiple business units require advanced SMMP functionality

    Distributed Model
    Visual of the Distributed Model with the 'Social Cloud' attached to two 'SMMPs', one attached to 'Marketing' and 'Sales', the other to 'Customer Service' and 'Public Relations'.
    • In the distributed model, multiple SMMPs (sometimes from different vendors) or multiple SMMP workspaces (from a single vendor) are deployed to several groups (e.g. multiple departments or brand portfolios) in the organization.
    • Pros: The distributed model is highly effective in large organizations with multiple departments or brands that each are interested in SMMP functionality. Having separate workspaces for each business group enables customizing workspaces to satisfy different goals of the different business groups.
    • Cons: The cost of deploying multiple SMMP workspaces can be prohibitive.
    • Advice: Go with the distributed model if your organization is large and has multiple relevant departments or product marketing groups, with differing social media goals.

    Determine which deployment model works best for your organization

    Associated Activity icon 3.1.4 1 Hour

    INPUT: Deployment models

    OUTPUT: Best fit deployment model

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Project Manager, Core project team

    1. Assess and understand the three models of SMMP deployments: agency, centralized and distributed. Consider the pros and cons of each model.
    2. Understand how your organization manages enterprise social media. Consider the follow questions:
      • What is the size of your organization?
      • Who owns the management of social media in your organization?
      • Is social media managed in-house or outsourced to an agency?
      • What are the number of departments that use and rely on social media?
    3. Select the best deployment model for your organization.
    Agency Model Centralized Model Distributed Model
    Visual of the Agency Model with the 'Social Cloud' attached to the 'SMMP' attached to the 'Agency (e.g. marketing or public relations agency)' attached to the 'Client Organization (Marketing, Sales, Service)' Visual of the Centralized Model with the 'Social Cloud' attached to the 'SMMP' attached to 'Marketing' attached to the 'Sales' and 'Service' Visual of the Distributed Model with the 'Social Cloud' attached to two 'SMMPs', one attached to 'Marketing' and 'Sales', the other to 'Customer Service' and 'Public Relations'.

    Create an SMMP training matrix based on social media roles

    IT must assist the business by creating and executing a role-based training program. An SMMP expert in IT should lead training sessions for targeted groups of end users, training them only on the functions they require to perform their jobs.

    Use the table below to help identify which roles should be trained on which SMMP features.

    PR Professionals Marketing Brand, Product, and Channel Managers Customer Service Reps and Manager Product Development and Market Research IT Application Support
    Account Management Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
    Response and Engagement Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
    Social Analytics and Data Mining Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
    Marketing Campaign Execution Circle indicating a positive field. Circle indicating a positive field.
    Mobile Access Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
    Archiving Circle indicating a positive field.
    CRM Integration Circle indicating a positive field.

    Phase 3, Step 2: Track your metrics

    3.1

    3.2

    Establish best practices for SMMP implementation Assess the measured value from the project

    This step will walk you through the following activities:

    • Identify metrics and KPIs for business units using a dedicated SMMP

    This step involves the following participants:

    • Core Project Team
    • Representative Stakeholders from Digital Marketing, Sales, and IT

    Outcomes of this step

    • Key Performance Indicators

    Know key performance indicators (KPIs) for each department that employs a dedicated social media management platform

    Share of Voice
    How often a brand is mentioned, relative to other brands competing in a defined market.

    User Engagement
    Quantity and quality of customer interactions with a brand or with each other, either on- or offline.

    Campaign Success
    Tracking reception of campaigns and leads brought in as a result.
    Marketing KPIs Reach
    Measurement of the size of market your brand advertisements and communications reach.

    Impressions
    The number of exposures your content, ad, or social post has to people in your target audience.

    Cost per Point (CPP)
    Cost to reach one percent of your organization’s audience.

    Product Innovation
    The quantity and quality of improvements, updates, and changes to existing products.

    Time-to-Market
    Time that passes between idea generation and the product being available to consumers.

    Product Development KPIs

    New Product Launches
    A ratio of completely new product types released to brand extensions and improvements.

    Cancelled Projects
    Measure of quality of ideas generated and quality of idea assessment method.

    Use social media metrics to complement your existing departmental KPIs – not usurp them

    Cost per Lead
    The average amount an organization spends to find leads.

    Conversion Rate
    How many sales are made in relation to the number of leads.

    Quantity of Leads
    How many sales leads are in the funnel at a given time.
    Sales KPIs Average Cycle Time
    Average length of time it takes leads to progress through the sales cycle.

    Revenue by Lead
    Total revenue divided by total number of leads.

    Avg. Revenue per Rep
    Total revenue divided by number of sales reps.

    Time to Resolution
    Average amount of time it takes for customers to get a response they are satisfied with.

    First Contact Resolution
    How often customer issues are resolved on the first contact.

    Customer Service KPIs

    Contact Frequency
    The number of repeated interactions from the same customers.

    Satisfaction Scores
    Determined from customer feedback – either through surveys or gathered sporadically.

    Social analytics don’t operate alone; merge social data with traditional data to gain the deepest insights

    Employee Retention
    The level of effort an organization exerts to maintain its current staff.

    Employee Engagement
    Rating of employee satisfaction overall or with a given aspect of the workplace.

    Preferred Employer
    A company where candidates would rather work over other companies.
    Marketing KPIs Recruitment Cycle Time
    Average length of time required to recruit a new employee.

    Employee Productivity
    A comparison of employee inputs (time, effort, etc.) and outputs (work).

    Employee Referrals
    The ratio of employee referrals that complete the recruitment process.

    There are conversations going on behind your back, and if you're not participating in them, then you're either not perpetuating the positive conversation or not diffusing the negative. And that's irresponsible in today's business world.” (Lon Safko, Social Media Bible)

    Identify key performance indicators for business units using an SMMP

    Associated Activity icon 3.2.1 30 minutes

    INPUT: Social media goals

    OUTPUT: SMMP KPIs

    MATERIALS: Whiteboard, Markers

    PARTICIPANTS: Representative stakeholders from different business units

    For each listed department, identify the social media goals and departmental key performance indicators to measure the impact of the SMMP.

    DepartmentSocial Media GoalsKPI
    Marketing
    • E.g. build a positive brand image
    • Net increase in brand recognition
    Product Development
    • Launch a viral video campaign showcasing product attributes to drive increased YT traffic
    • Net increase in unaided customer recall
    Sales
    • Enhance sales lead generation through social channels
    • Net increase in sales lead generation in the social media sales funnel
    Customer Service
    • Produce more timely responses to customer enquiries and complaints
    • Reduced time to resolution
    HR
    • Enhance social media recruitment channels
    • Number of LinkedIn recruitment

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1

    Sample of activity 3.1.1 'Establish a governance structure for social media management'. Establish a governance structure for social media management

    Our Info-Tech analyst will walk you through the exercise of developing roles and responsibilities to govern your social media program.

    3.1.2

    Sample of activity 3.1.2 'Specify the data linkages you will need between your CRM platform and SMMP'. Specify the data linkages you will need between your CRM and SMMP

    The analyst will help you identify the points of integration between the SMMP and your CRM platform.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    3.1.3

    Sample of activity 3.1.3 'Determine your top social media risks and develop an appropriate mitigation strategy that incorporates an SMMP'. Determine your top social media risks

    Our Info-Tech analyst will facilitate the discussion to identify the top risks associated with the SMMP and determine mitigation strategies for each risk.

    3.1.4

    Sample of activity 3.1.4 'Determine which deployment model works best for your organization'. Determine the best-fit deployment model

    An analyst will demonstrate the different SMMP deployment models and assist in determining the most suitable model for your organization.

    3.2.1

    Sample of activity 3.2.1 'Identify key performance indicators for business units using an SMMP'. Identify departmental KPIs

    An analyst will work with different stakeholders to determine the top social media goals for each department.

    Appendices

    Works Cited

    Ashja, Mojtaba, Akram Hadizadeh, and Hamid Bidram. “Comparative Study of Large Information Systems’ CSFs During Their Life Cycle.” Information Systems Frontiers. September 8, 2013.

    UBM. “The State of Social Media Analytics.” January, 2016.

    Jobvite. “2015 Recruiter Nation Survey.” September, 2015.

    Vendor Landscape Analysis Appendices

    Vendor Landscape Methodology:
    Overview

    Info-Tech’s Vendor Landscapes are research materials that review a particular IT market space, evaluating the strengths and abilities of both the products available in that space, as well as the vendors of those products. These materials are created by a team of dedicated analysts operating under the direction of a senior subject matter expert over a period of several weeks.

    Evaluations weigh selected vendors and their products (collectively “solutions”) on the following eight criteria to determine overall standing:

    • Features: The presence of advanced and market-differentiating capabilities.
    • User Interface: The intuitiveness, power, and integrated nature of administrative consoles and client software components.
    • Affordability: The three-year total cost of ownership of the solution; flexibility of the pricing and discounting structure.
    • Architecture: The degree of integration with the vendor’s other tools, flexibility of deployment, and breadth of platform applicability.
    • Viability: The stability of the company as measured by its history in the market, the size of its client base, and its percentage of growth.
    • Focus: The commitment to both the market space, as well as to the various sized clients (small, mid-sized, and enterprise clients).
    • Reach: The ability of the vendor to support its products on a global scale.
    • Sales: The structure of the sales process and the measure of the size of the vendor’s channel and industry partners.

    Evaluated solutions within scenarios are visually represented by a Pathway to Success, based off a linear graph using above scoring methods:

    • Use-case scenarios are decided upon based on analyst expertise and experience with Info-Tech clients.
    • Use-case scenarios are defined through feature requirements, predetermined by analyst expertise.
    • Placement within scenario rankings consists of features being evaluated against the other scoring criteria.

    Info-Tech’s Vendor Landscapes are researched and produced according to a strictly adhered to process that includes the following steps:

    • Vendor/product selection
    • Information gathering
    • Vendor/product scoring
    • Information presentation
    • Fact checking
    • Publication

    This document outlines how each of these steps is conducted.

    Vendor Landscape Methodology:
    Vendor/Product Selection & Information Gathering

    Info-Tech works closely with its client base to solicit guidance in terms of understanding the vendors with whom clients wish to work and the products that they wish evaluated; this demand pool forms the basis of the vendor selection process for Vendor Landscapes. Balancing this demand, Info-Tech also relies upon the deep subject matter expertise and market awareness of its Senior Analysts to ensure that appropriate solutions are included in the evaluation. As an aspect of that expertise and awareness, Info-Tech’s analysts may, at their discretion, determine the specific capabilities that are required of the products under evaluation, and include in the Vendor Landscape only those solutions that meet all specified requirements.

    Information on vendors and products is gathered in a number of ways via a number of channels.

    Initially, a request package is submitted to vendors to solicit information on a broad range of topics. The request package includes:

    • A detailed survey.
    • A pricing scenario (see Vendor Landscape Methodology: Price Evaluation and Pricing Scenario, below).
    • A request for reference clients.
    • A request for a briefing and, where applicable, guided product demonstration.

    These request packages are distributed approximately eight weeks prior to the initiation of the actual research project to allow vendors ample time to consolidate the required information and schedule appropriate resources.

    During the course of the research project, briefings and demonstrations are scheduled (generally for one hour each session, though more time is scheduled as required) to allow the analyst team to discuss the information provided in the survey, validate vendor claims, and gain direct exposure to the evaluated products. Additionally, an end-user survey is circulated to Info-Tech’s client base and vendor-supplied reference accounts are interviewed to solicit their feedback on their experiences with the evaluated solutions and with the vendors of those solutions.

    These materials are supplemented by a thorough review of all product briefs, technical manuals, and publicly available marketing materials about the product, as well as about the vendor itself.

    Refusal by a vendor to supply completed surveys or submit to participation in briefings and demonstrations does not eliminate a vendor from inclusion in the evaluation. Where analyst and client input has determined that a vendor belongs in a particular evaluation, it will be evaluated as best as possible based on publicly available materials only. As these materials are not as comprehensive as a survey, briefing, and demonstration, the possibility exists that the evaluation may not be as thorough or accurate. Since Info-Tech includes vendors regardless of vendor participation, it is always in the vendor’s best interest to participate fully.

    All information is recorded and catalogued, as required, to facilitate scoring and for future reference.

    Vendor Landscape Methodology:
    Scoring

    Once all information has been gathered and evaluated for all vendors and products, the analyst team moves to scoring. All scoring is performed at the same time so as to ensure as much consistency as possible. Each criterion is scored on a ten-point scale, though the manner of scoring for criteria differs slightly:

    • Features is scored via Cumulative Scoring.
    • Affordability is scored via Scalar Scoring.
    • All other criteria are scored via Base5 Scoring.

    Cumulative Scoring is on a four-point scale. Zero points are awarded to features that are deemed absent or unsatisfactory, one point is assigned to features that are partially present, two points are assigned to features that require an extra purchase in the vendor’s product portfolio or through a third party, three points are assigned to features that are fully present and native to the solution, and four points are assigned to the best-of-breed native feature. The assigned points are summed and normalized to a value out of ten. For example, if a particular Vendor Landscape evaluates eight specific features in the Feature Criteria, the summed score out of eight for each evaluated product would be multiplied by 1.25 to yield a value out of ten to represent in a Harvey Ball format.

    In Scalar Scoring, a score of ten is assigned to the lowest cost solution, and a score of one is assigned to the highest cost solution. All other solutions are assigned a mathematically-determined score based on their proximity to / distance from these two endpoints. For example, in an evaluation of three solutions, where the middle cost solution is closer to the low end of the pricing scale it will receive a higher score, and where it is closer to the high end of the pricing scale it will receive a lower score; depending on proximity to the high or low price it is entirely possible that it could receive either ten points (if it is very close to the lowest price) or one point (if it is very close to the highest price). Where pricing cannot be determined (vendor does not supply price and public sources do not exist), a score of 0 is automatically assigned.

    In Base5 scoring a number of sub-criteria are specified for each criterion (for example, Longevity, Market Presence, and Financials are sub-criteria of the Viability criterion), and each one is scored on the following scale:

    • 5 - The product/vendor is exemplary in this area (nothing could be done to improve the status).
    • 4 - The product/vendor is good in this area (small changes could be made that would move things to the next level).
    • 3 - The product/vendor is adequate in this area (small changes would make it good, more significant changes required to be exemplary).
    • 2 - The product/vendor is poor in this area (this is a notable weakness and significant work is required).
    • 1 - The product/vendor fails in this area (this is a glaring oversight and a serious impediment to adoption).

    The assigned points are summed and normalized to a value out of ten as explained in Cumulative Scoring above.

    Scores out of ten, known as Raw scores, are transposed as is into Info-Tech’s Vendor Landscape Shortlist Tool, which automatically determines Vendor Landscape positioning (see Vendor Landscape Methodology: Information Presentation – Vendor Landscape, below), Criteria Score (see Vendor Landscape Methodology: Information Presentation – Criteria Score, below), and Value Index (see Vendor Landscape Methodology: Information Presentation – Value Index, below).

    Vendor Landscape Methodology:
    Information Presentation – Criteria Scores (Harvey Balls)

    Info-Tech’s criteria scores are visual representations of the absolute score assigned to each individual criterion, as well as of the calculated overall vendor and product scores. The visual representation used is Harvey Balls.

    Harvey Balls are calculated as follows:

    1. Raw scores are transposed into the Info-Tech Vendor Landscape Shortlist Tool (for information on how raw scores are determined, see Vendor Landscape Methodology: Scoring, above).
    2. Each individual criterion raw score is multiplied by a pre-assigned weighting factor for the Vendor Landscape in question. Weighting factors are determined prior to the evaluation process, based on the expertise of the Senior or Lead Research Analyst, to eliminate any possibility of bias. Weighting factors are expressed as a percentage, such that the sum of the weighting factors for the vendor criteria (Viability, Strategy, Reach, Channel) is 100%, and the sum of the product criteria (Features, Usability, Affordability, Architecture) is 100%.
    3. A sum-product of the weighted vendor criteria scores and of the weighted product criteria scores is calculated to yield an overall vendor score and an overall product score.
    4. Both overall vendor score / overall product score, as well as individual criterion raw scores are converted from a scale of one to ten to Harvey Ball scores on a scale of zero to four, where exceptional performance results in a score of four and poor performance results in a score of zero.
    5. Harvey Ball scores are converted to Harvey Balls as follows:
      • A score of four becomes a full Harvey Ball.
      • A score of three becomes a three-quarter full Harvey Ball.
      • A score of two becomes a half-full Harvey Ball.
      • A score of one becomes a one-quarter full Harvey Ball.
      • A score of zero becomes an empty Harvey Ball.
    6. Harvey Balls are plotted by solution in a chart where rows represent individual solutions and columns represent overall vendor / overall product, as well as individual criteria. Solutions are ordered in the chart alphabetically by vendor name.
    Harvey Balls
    Overall Harvey Balls represent weighted aggregates. Example of Harvey Balls with 'Overall' balls at the beginning of each category followed by 'Criteria' balls for individual raw scores. Criteria Harvey Balls represent individual raw scores.

    Vendor Landscape Methodology:
    Use-Case Scoring

    Within each Vendor Landscape a set of use-case scenarios are created by the analysts by considering the different outcomes and purposes related to the technology being evaluated. To generate the custom use-case vendor performances, the feature and Harvey Ball scoring performed in the Vendor Landscapes are set with custom weighting configurations.

    Calculations

    Each product has a vendor multiplier calculated based on its weighted performance, considering the different criteria scored in the Harvey Ball evaluations.

    To calculate each vendor’s performance, the advanced feature scores are multiplied against the weighting for the feature in the use-case scenario’s configuration.

    The weighted advanced feature score is then multiplied against the vendor multiplier.

    The sum of each vendor’s total weighted advanced features is calculated. This sum is used to identify the vendor’s qualification and relative rank within the use case.

    Example pie charts.

    Each use case’s feature weightings and vendor/product weighting configurations are displayed within the body of slide deck.

    Use-Case Vendor Performance

    Example stacked bar chart of use-case vendor performance.

    Vendors who qualified for each use-case scenario are ranked from first to last in a weighted bar graph based on the features considered.

    Vendor Landscape Methodology:
    Information Presentation – Feature Ranks (Stoplights)

    Advanced features are determined by analyst expertise, leveraging information gained from conversations with clients. Advanced features chosen as part of the evaluation are representative of what Info-Tech clients have indicated are of importance to their vendor solution. Advanced features are evaluated through a series of partial marks, dedicated to whether the solution performs all aspects of the Info-Tech definition of the feature and whether the feature is provided within the solution. Analysts hold the right to determine individual, unique scoring criteria for each evaluation. If a feature does not meet the criteria, Info-Tech holds the right to score the feature accordingly.

    Use cases use features as a baseline of the inclusion and scoring criteria.

    'Stoplight Legend' with green+star 'Feature category is present: best in class', green 'Feature category is present: strong', yellow 'Feature category is present: average', orange 'Feature category is partially present: weak', and red 'Feature category is absent or near-absent'.

    Vendor Landscape Methodology:
    Information Presentation – Value Index

    Info-Tech’s Value Index is an indexed ranking of solution value per dollar as determined by the raw scores assigned to each criteria (for information on how raw scores are determined, see Vendor Landscape Methodology: Scoring, above).

    Value scores are calculated as follows:

    1. The TCO Affordability criterion is removed from the Affordability score and the remaining product score criteria (Features, Usability, Architecture). Affordability scoring is adjusted with the TCO weighting distributed in proportion to the use case’s weighting for Affordability. Weighting is adjusted as to retain the same weightings relative to one another, while still summing to 100%.
    2. An adjusted multiplier is determined for each vendor using the recalculated Affordability scoring.
    3. The multiplier vendor score and vendor’s weighted feature score (based on the use-case scenario’s weightings), are summed. This sum is multiplied by the TCO raw score to yield an interim Value Score for each solution.
    4. All interim Value Scores are then indexed to the highest performing solution by dividing each interim Value Score by the highest interim Value Score. This results in a Value Score of 100 for the top solution and an indexed Value Score relative to the 100 for each alternate solution.
    5. Solutions are plotted according to Value Score, with the highest score plotted first, and all remaining scores plotted in descending numerical order.

    Where pricing is not provided by the vendor and public sources of information cannot be found, an Affordability raw score of zero is assigned. Since multiplication by zero results in a product of zero, those solutions for which pricing cannot be determined receive a Value Score of zero. Since Info-Tech assigns a score of zero where pricing is not available, it is always in the vendor’s best interest to provide accurate and up-to-date pricing. In the event that insufficient pricing is available to accurately calculate a Value Index, Info-Tech will omit it from the Vendor Landscape.

    Value Index

    Vendors are arranged in order of Value Score. The Value Score each solution achieved is displayed, and so is the average score.

    Example bar chart indicating the 'Value Score' vs the 'Average Score'.

    Those solutions that are ranked as Champions are differentiated for point of reference.

    Vendor Landscape Methodology:
    Information Presentation – Price Evaluation: Mid-Market

    Info-Tech’s Price Evaluation is a tiered representation of the three-year Total Cost of Ownership (TCO) of a proposed solution. Info-Tech uses this method of communicating pricing information to provide high-level budgetary guidance to its end-user clients while respecting the privacy of the vendors with whom it works. The solution TCO is calculated and then represented as belonging to one of ten pricing tiers.

    Pricing tiers are as follows:

    1. Between $1 and $2,500
    2. Between $2,500 and $10,000
    3. Between $10,000 and $25,000
    4. Between $25,000 and $50,000
    5. Between $50,000 and $100,000
    6. Between $100,000 and $250,000
    7. Between $250,000 and $500,000
    8. Between $500,000 and $1,000,000
    9. Between $1,000,000 and $2,500,000
    10. Greater than $2,500,000

    Where pricing is not provided, Info-Tech makes use of publicly available sources of information to determine a price. As these sources are not official price lists, the possibility exists that they may be inaccurate or outdated, and so the source of the pricing information is provided. Since Info-Tech publishes pricing information regardless of vendor participation, it is always in the vendor’s best interest to supply accurate and up to date information.

    Info-Tech’s Price Evaluations are based on pre-defined pricing scenarios (see Product Pricing Scenario, below) to ensure a comparison that is as close as possible between evaluated solutions. Pricing scenarios describe a sample business and solicit guidance as to the appropriate product/service mix required to deliver the specified functionality, the list price for those tools/services, as well as three full years of maintenance and support.

    Price Evaluation

    Call-out bubble indicates within which price tier the three-year TCO for the solution falls, provides the brackets of that price tier, and links to the graphical representation.

    Example price evaluation with a '3 year TCO...' statement, a visual gauge of bars, and a statement on the source of the information.

    Scale along the bottom indicates that the graphic as a whole represents a price scale with a range of $1 to $2.5M+, while the notation indicates whether the pricing was supplied by the vendor or derived from public sources.

    Vendor Landscape Methodology:
    Information Presentation – Vendor Awards

    At the conclusion of all analyses, Info-Tech presents awards to exceptional solutions in three distinct categories. Award presentation is discretionary; not all awards are extended subsequent to each Vendor Landscape and it is entirely possible, though unlikely, that no awards may be presented.

    Awards categories are as follows:

    • Champion Awards are presented to the top performing solution in a particular use-case scenario. As a result, only one Champion Award is given for each use case, and the entire Vendor Landscape will have the same number of Champion Awards as the number of evaluated use cases.
    • Leader Awards are presented to top performing solutions for each use-case scenario. Depending on the use-case scenario and the number of solutions being evaluated, a variable number of leader awards will be given. This number is at the discretion of the analysts, but is generally placed at two, and given to the solutions ranking second and third respectively for the use case.
    • Best Overall Value Awards are presented to the solution for each use-case scenario that ranked the highest in the Info-Tech Value Index for each evaluated scenario (see Vendor Landscape Methodology: Information Presentation – Value Index, above). If insufficient pricing information is made available for the evaluated solutions, such that a Value Index cannot be calculated, no Best Overall Value Award will be presented. Only one Best Overall Value Award is available for each use-case scenario.

    Vendor Awards for Use-Case Performance

    Vendor Award: 'Champion'. Info-Tech’s Champion Award is presented to solutions that placed first in an use-case scenario within the Vendor Landscape.
    Vendor Award: 'Leader'. Info-Tech Leader Award is given to solutions who placed in the top segment of a use-case scenario.
    Vendor Award: 'Best Overall Value'. Info-Tech’s Best Overall Value Award is presented to the solution within each use-case scenario with the highest Value Index score.

    Vendor Landscape Methodology:
    Fact Check & Publication

    Info-Tech takes the factual accuracy of its Vendor Landscapes, and indeed of all of its published content, very seriously. To ensure the utmost accuracy in its Vendor Landscapes, we invite all vendors of evaluated solutions (whether the vendor elected to provide a survey and/or participate in a briefing or not) to participate in a process of fact check.

    Once the research project is complete and the materials are deemed to be in a publication ready state, excerpts of the material specific to each vendor’s solution are provided to the vendor. Info-Tech only provides material specific to the individual vendor’s solution for review encompassing the following:

    • All written review materials of the vendor and the vendor’s product that comprise the evaluated solution.
    • Info-Tech’s Criteria Scores / Harvey Balls detailing the individual and overall vendor / product scores assigned.
    • Info-Tech’s Feature Rank / stoplights detailing the individual feature scores of the evaluated product.
    • Info-Tech’s Raw Pricing for the vendor either as received from the vendor or as collected from publicly available sources.
    • Info-Tech’s Scenario ranking for all considered scenarios for the evaluated solution.

    Info-Tech does not provide the following:

    • Info-Tech’s Vendor Landscape placement of the evaluated solution.
    • Info-Tech’s Value Score for the evaluated solution.
    • End-user feedback gathered during the research project.
    • Info-Tech’s overall recommendation in regard to the evaluated solution.

    Info-Tech provides a one-week window for each vendor to provide written feedback. Feedback must be corroborated (be provided with supporting evidence), and where it does, feedback that addresses factual errors or omissions is adopted fully, while feedback that addresses opinions is taken under consideration. The assigned analyst team makes all appropriate edits and supplies an edited copy of the materials to the vendor within one week for final review.

    Should a vendor still have concerns or objections at that time, they are invited to a conversation, initially via email, but as required and deemed appropriate by Info-Tech, subsequently via telephone, to ensure common understanding of the concerns. Where concerns relate to ongoing factual errors or omissions, they are corrected under the supervision of Info-Tech’s Vendor Relations personnel. Where concerns relate to ongoing differences of opinion, they are again taken under consideration with neither explicit not implicit indication of adoption.

    Publication of materials is scheduled to occur within the six weeks following the completion of the research project, but does not occur until the fact check process has come to conclusion, and under no circumstances are “pre-publication” copies of any materials made available to any client.

    Pricing Scenario

    Info-Tech Research Group is providing each vendor with a common pricing scenario to enable normalized scoring of Affordability, calculation of Value Index rankings, and identification of the appropriate solution pricing tier as displayed on each vendor scorecard.

    Vendors are asked to provide list costs for SMMP software licensing to address the needs of a reference organization described in the pricing scenario. Please price out the lowest possible 3-year total cost of ownership (TCO) including list prices for software and licensing fees to meet the requirements of the following scenario.

    Three-year total acquisition costs will be normalized to produce the Affordability raw scores and calculate Value Index ratings for each solution.

    The pricing scenario:

    • Enterprise Name: Imperial Products Incorporated
    • Enterprise Size: SMB
    • Enterprise Vertical: Consumer packaged goods
    • Total Number of Sites: Three office locations
    • Total Number of Employees: 500
    • Total Number SMMP End Users: 50
      • 20 dedicated CSRs who are handling all customer service issues routed to them
      • 5 PR managers who need the ability to monitor the social cloud
      • 24 brand portfolio managers – each portfolio has 5 products (25 total)
      • Each product has its own Facebook and Twitter presence
      • 1 HR manager (using social media for recruiting)
    • Total Number of IT Staff: 20
    • Operating System Environment: Windows 7
    • Functional Requirements and Additional Information: Imperial Products Incorporated is a mid-sized consumer packaged goods firm operating in the United States. The organization is currently looking to adopt a platform for social media monitoring and management. Functional requirements include the ability to monitor and publish to Facebook, Twitter, YouTube, and blogs. The platform must have the ability to display volume trends, show follower demographics, and conduct sentiment analysis. It must also provide tools for interacting in-platform with social contacts, provide workflow management capabilities, and offer the ability to manage specific social properties (e.g. Facebook Pages). Additional features that are desirable are the ability to archive social interactions, and a dedicated mobile application for one of the major smartphone/tablet operating systems (iOS, Android etc.).

    Create a Work-From-Anywhere Strategy

    • Buy Link or Shortcode: {j2store}323|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 33 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    Work-from-anywhere isn’t going anywhere. During the initial rush to remote work, tech debt was highlighted and the business lost faith in IT. IT now needs to:

    • Rebuild trust with the CXO.
    • Identify gaps created from the COVID-19 rush to remote work.
    • Identify how IT can better support remote workers.

    IT went through an initial crunch to enable remote work. It’s time to be proactive and learn from our mistakes.

    Our Advice

    Critical Insight

    • It’s not about embracing the new normal; it’s about resiliency and long-term success. Your strategy needs to not only provide short-term operational value but also make the organization more resilient for the unknown risks of tomorrow.
    • The nature of work has fundamentally changed. IT departments must ensure service continuity, not for how the company worked in 2019, but for how the company is working now and will be working tomorrow.
    • Ensure short-term survival. Don’t focus on becoming an innovator until you are no longer stuck in firefighting.
    • Aim for near-term innovation. Once you’re a trusted operator, become a business partner by helping the business better adapt business processes and operations to work-from-anywhere.

    Impact and Result

    Follow these steps to build a work-from-anywhere strategy that resonates with the business:

    • Identify a vision that aligns with business goals.
    • Design the work-from-anywhere value proposition for critical business roles.
    • Benchmark your current maturity.
    • Build a roadmap for bridging the gap.

    Benefit employees’ remote working experience while ensuring that IT heads in a strategic direction.

    Create a Work-From-Anywhere Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create a work-from-anywhere strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a target state

    Identify a vision that aligns with business goals, not for how the company worked in 2019, but for how the company is working now and will be working tomorrow.

    • Work-From-Anywhere Strategy Template
    • Work-From-Anywhere Value Proposition Template

    2. Analyze current fitness

    Don’t focus on becoming an innovator until you are no longer stuck in firefighting mode.

    3. Build a roadmap for improving enterprise apps

    Use these blueprints to improve your enterprise app capabilities for work-from-anywhere.

    • Microsoft Teams Cookbook – Sections 1-2
    • Rationalize Your Collaboration Tools – Phases 1-3
    • Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Storyboard
    • The Rapid Application Selection Framework Deck

    4. Build a roadmap for improving strategy, people & leadership

    Use these blueprints to improve IT’s strategy, people & leadership capabilities for work-from-anywhere.

    • Define Your Digital Business Strategy – Phases 1-4
    • Training Deck: Equip Managers to Effectively Manage Virtual Teams
    • Sustain Work-From-Home in the New Normal Storyboard
    • Develop a Targeted Flexible Work Program for IT – Phases 1-3
    • Maintain Employee Engagement During the COVID-19 Pandemic Storyboard
    • Adapt Your Onboarding Process to a Virtual Environment Storyboard
    • Manage Poor Performance While Working From Home Storyboard
    • The Essential COVID-19 Childcare Policy for Every Organization, Yesterday Storyboard

    5. Build a roadmap for improving infrastructure & operations

    Use these blueprints to improve infrastructure & operations capabilities for work-from-anywhere.

    • Stabilize Infrastructure & Operations During Work-From-Anywhere – Phases 1-3
    • Responsibly Resume IT Operations in the Office – Phases 1-5
    • Execute an Emergency Remote Work Plan Storyboard
    • Build a Digital Workspace Strategy – Phases 1-3

    6. Build a roadmap for improving IT security & compliance capabilities

    Use these blueprints to improve IT security & compliance capabilities for work-from-anywhere.

    • Cybersecurity Priorities in Times of Pandemic Storyboard
    • Reinforce End-User Security Awareness During Your COVID-19 Response Storyboard

    Infographic

    Workshop: Create a Work-From-Anywhere Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define a Target State

    The Purpose

    Define the direction of your work-from-anywhere strategy and roadmap.

    Key Benefits Achieved

    Base your decisions on senior leadership and user needs.

    Activities

    1.1 Identify drivers, benefits, and challenges.

    1.2 Perform a goals cascade to align benefits to business needs.

    1.3 Define a vision and success metrics.

    1.4 Define the value IT brings to work-from-anywhere.

    Outputs

    Desired benefits for work-from-anywhere

    Vision statement

    Mission statement

    Success metrics

    Value propositions for in-scope user groups

    2 Review In-Scope Capabilities

    The Purpose

    Focus on value. Ensure that major applications and IT capabilities will relieve employees’ pains and provide them with gains.

    Key Benefits Achieved

    Learn from past mistakes and successes.

    Increase adoption of resulting initiatives.

    Activities

    2.1 Review work-from-anywhere framework and identify capability gaps.

    2.2 Review diagnostic results to identify satisfaction gaps.

    2.3 Record improvement opportunities for each capability.

    2.4 Identify deliverables and opportunities to provide value for each.

    2.5 Identify constraints faced by each capability.

    Outputs

    SWOT assessment of work-from-anywhere capabilities

    Projects and initiatives to improve capabilities

    Deliverables and opportunities to provide value for each capability

    Constraints with each capability

    3 Build the Roadmap

    The Purpose

    Build a short-term plan that allows you to iterate on your existing strengths and provide early value to your users.

    Key Benefits Achieved

    Provide early value to address operational pain points.

    Build a plan to provide near-term innovation and business value.

    Activities

    3.1 Organize initiatives into phases.

    3.2 Identify tasks for short-term initiatives.

    3.3 Estimate effort with Scrum Poker.

    3.4 Build a timeline and tie phases to desired business benefits.

    Outputs

    Prioritized list of initiatives and phases

    Profiles for short-term initiatives

    External Compliance

    • Buy Link or Shortcode: {j2store}39|cart{/j2store}
    • Related Products: {j2store}39|crosssells{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security and Risk
    • Parent Category Link: /security-and-risk
    Take Control of Compliance Improvement to Conquer Every Audit

    Create Stakeholder-Centric Architecture Governance

    • Buy Link or Shortcode: {j2store}583|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $3,099 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • Traditional enterprise architecture management (EAM) caters to only 10% – the IT people, and not to the remaining 90% of the organization.
    • EAM practices do not scale well with the agile way of working and are often perceived as "bottlenecks” or “restrictors of design freedom.”
    • The organization scale does not justify a full-fledged EAM with many committees, complex processes, and detailed EA artifacts.

    Our Advice

    Critical Insight

    Architecture is a competency, not a function. Project teams, including even business managers outside of IT, can assimilate “architectural thinking.”

    Impact and Result

    Increase business value through the dissemination of architectural thinking throughout the organization. Maturing your EAM practices beyond a certain point does not help.

    Create Stakeholder-Centric Architecture Governance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here

    Improve benefits from your enterprise architecture efforts through the dissemination of architecture thinking throughout your organization.

    • Create Stakeholder-Centric Architecture Governance Storyboard
    [infographic]

    Leverage Big Data by Starting Small

    • Buy Link or Shortcode: {j2store}201|cart{/j2store}
    • member rating overall impact: 7.0/10 Overall Impact
    • member rating average dollars saved: 3 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • The desire for rapid decision making is increasing and the complexity of data sources is growing; business users want access to several new data sources, but in a way that is controlled and easily consumable.
    • Organizations may understand the transformative potential of a big data initiative, but struggle to make the transition from the awareness of its importance to identifying a concrete use case for a pilot project.
    • The big data ecosystem is crowded and confusing, and a lack of understanding of that ecosystem may cause a paralysis for organizations.

    Our Advice

    Critical Insight

    • Big data is simply data. With technological advances, what was once considered big data is now more approachable for all organizations irrespective of size.
    • The variety element is the key to unlocking big data value. Drill down into your specific use cases more effectively by focusing on what kind of data you should use.
    • Big data is about deep analytics. Deep doesn’t mean difficult. Visualization of data, integrating new data, and understanding associations are ways to deepen your analytics.

    Impact and Result

    • Establish a foundational understanding of what big data entails and what the implications of its different elements are for your organization.
    • Confirm your current maturity for taking on a big data initiative, and make considerations for core data management practices in the context of incorporating big data.
    • Avoid boiling the ocean by pinpointing use cases by industry and functional unit, followed by identifying the most essential data sources and elements that will enable the initiative.
    • Leverage a repeatable pilot project framework to build out a successful first initiative and implement future projects en-route to evolving a big data program.

    Leverage Big Data by Starting Small Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should leverage big data, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Undergo big data education

    Build a foundational understanding of the current big data landscape.

    • Leverage Big Data by Starting Small – Phase 1: Undergo Big Data Education

    2. Assess big data readiness

    Appraise current capabilities for handling a big data initiative and revisit the key data management practices that will enable big data success.

    • Leverage Big Data by Starting Small – Phase 2: Assess Big Data Readiness
    • Big Data Maturity Assessment Tool

    3. Pinpoint a killer big data use case

    Armed with Info-Tech’s variety dimension framework, identify the top use cases and the data sources/elements that will power the initiative.

    • Leverage Big Data by Starting Small – Phase 3: Pinpoint a Killer Big Data Use Case
    • Big Data Use-Case Suggestion Tool

    4. Structure a big data proof-of-concept project

    Leverage a repeatable framework to detail the core components of the pilot project.

    • Leverage Big Data by Starting Small – Phase 4: Structure a Big Data Proof-of-Concept Project
    • Big Data Work Breakdown Structure Template
    • Data Scientist
    • Big Data Cost/Benefit Tool
    • Big Data Stakeholder Presentation Template
    • Big Data Communication Tracking Template
    [infographic]

    Workshop: Leverage Big Data by Starting Small

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Undergo Big Data Education

    The Purpose

    Understand the basic elements of big data and its relationship to traditional business intelligence.

    Key Benefits Achieved

    Common, foundational knowledge of what big data entails.

    Activities

    1.1 Determine which of the four Vs is most important to your organization.

    1.2 Explore new data through a social lens.

    1.3 Brainstorm new opportunities for enhancing current reporting assets with big data sources.

    Outputs

    Relative importance of the four Vs from IT and business perspectives

    High-level improvement ideas to report artifacts using new data sources

    2 Assess Your Big Data Readiness

    The Purpose

    Establish an understanding of current maturity for taking on big data, as well as revisiting essential data management practices.

    Key Benefits Achieved

    Concrete idea of current capabilities.

    Recommended actions for developing big data maturity.

    Activities

    2.1 Determine your organization’s current big data maturity level.

    2.2 Plan for big data management.

    Outputs

    Established current state maturity

    Foundational understanding of data management practices in the context of a big data initiative

    3 Pinpoint Your Killer Big Data Use Case

    The Purpose

    Explore a plethora of potential use cases at the industry and business unit level, followed by using the variety element of big data to identify the highest value initiative(s) within your organization.

    Key Benefits Achieved

    In-depth characterization of a pilot big data initiative that is thoroughly informed by the business context.

    Activities

    3.1 Identify big data use cases at the industry and/or departmental levels.

    3.2 Conduct big data brainstorming sessions in collaboration with business stakeholders to refine use cases.

    3.3 Revisit the variety dimension framework to scope your big data initiative in further detail.

    3.4 Create an organizational 4-column data flow model with your big data sources/elements.

    3.5 Evaluate data sources by considering business value and risk.

    3.6 Perform a value-effort assessment to prioritize your initiatives.

    Outputs

    Potential big data use cases

    Potential initiatives rooted in the business context and identification of valuable data sources

    Identification of specific data sources and data elements

    Characterization of data sources/elements by value and risk

    Prioritization of big data use cases

    4 Structure a Big Data Proof-of-Concept Project

    The Purpose

    Put together the core components of the pilot project and set the stage for enterprise-wide support.

    Key Benefits Achieved

    A repeatable framework for implementing subsequent big data initiatives.

    Activities

    4.1 Construct a work breakdown structure for the pilot project.

    4.2 Determine your project’s need for a data scientist.

    4.3 Establish the staffing model for your pilot project.

    4.4 Perform a detailed cost/benefit analysis.

    4.5 Make architectural considerations for supporting the big data initiative.

    Outputs

    Comprehensive list of tasks for implementing the pilot project

    Decision on whether or not a data scientist is needed, and where data science capabilities will be sourced

    RACI chart for the project

    Big data pilot cost/benefit summary

    Customized, high-level architectural model that incorporates technologies that support big data