Industry-Specific Digital Transformation
- Parent Category Name: Innovation
- Parent Category Link: /innovation
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some common obstacles that could prevent you from identifying and building the data & analytics skills your organization needs include:
Skill deficiency is frequently stated as a roadblock to realizing corporate goals for data & analytics. Soft skills and technical skills are complementary, and data & analytics teams need a combination of both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization’s data strategy to ensure the right skills are available at the right time and minimize pertinent risks.
Follow Info-Tech's advice on the roles and skills needed to support your data & analytics strategic growth objectives and how to execute an actionable plan:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
To generate business value from data, data leaders must first understand what skills are required to achieve these goals, identify the current skill gaps, and then develop skills development programs to enhance the relevant skills. Use Info-Tech's approach to identify and fill skill gaps to ensure you have the right skills at the right time.
Start with skills and roles identified as the highest priority through a high-level maturity assessment. From there, use this tool to determine whether the organization’s data & analytics team has the key role, the right combination of skill sets, and the right level competency for each skill. Create an actionable plan to develop skills and fill gaps.
In today's changing environment, data & analytics (D&A) teams have become an essential component, and it is critical for organizations to understand the skill and talent makeup of their D&A workforce. Chief data & analytics officers (CDAOs) or other equivalent data leaders can train current data employees or hire proven talent and quickly address skills gaps.
While developing technical skills is critical, soft skills are often left underdeveloped, yet lack of such skills is most likely why the data team would face difficulty moving beyond managing technology and into delivering business value.
Follow Info-Tech's methodology to identify and address skills gaps in today's data workplace. Align D&A skills with your organization's data strategy to ensure that you always have the right skills at the right time.
Ruyi Sun
Research Specialist,
Data & Analytics, and Enterprise Architecture
Info-Tech Research Group
The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some critical challenges organizations with skills deficiencies might face include:
Some common obstacles that could prevent you from identifying and building the data and analytics (D&A) skills your organization needs are:
Follow Info-Tech's guidance on the roles and skills required to support your D&A strategic growth objectives and how to execute an actionable plan:
Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills required by your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.
60% of organizations identify skills gaps as the key barriers preventing business transformation (World Economic Forum, 2023)
43% of respondents agree the business area with the greatest need to address potential skills gaps is data analytics (McKinsey & Company, 2020)
87% of surveyed companies say they currently experience skills gaps or expect them within a few years (McKinsey & Company, 2020)
28% say their organizations make effective decisions on how to close skills gaps (McKinsey & Company, 2020)
According to BearingPoint's CDO survey, cultural challenges and limited data literacy are the main roadblocks to a CDO's success. To drill further into the problem and understand the root causes of the two main challenges, conduct a root cause analysis (RCA) using the Five Whys technique.
(Source: BearingPoint, 2020)
Problem: Poor data literacy is the top challenge CDOs face when increasing the value of D&A. Why?
Problem: Cultural challenge is one of the biggest obstacles to a CDO's success. Why?
As organizations strive to become more data-driven, most conversations around D&A emphasize hard skills. Soft skills like leadership and change management are equally crucial, and deficits there could be the root cause of the data team's inability to demonstrate improved business performance.
The process of achieving data centricity requires alignment between the data and business teams, and that requires soft skills.
Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.
Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.
Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.
Understanding and knowing your organization's data maturity level is a prerequisite to assessing your current skill and determining where you must align in the future.
One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A.
While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.
Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Diagnostics and consistent frameworks used throughout all four options |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is four to six calls over the course of two to three months.
Phase 1 |
Phase 2 |
Phase 3 |
Call #1: Understand common data & analytics roles and skills, and your specific objectives and challenges. | Call #2: Assess the current data maturity level and competency of skills set. Identify the skills gap. | Call #3: Identify the relationship between current initiatives and capabilities. Initialize the corresponding roadmap for the data skills development program.
Call #4: (follow-up call) Touching base to follow through and ensure that benefits have received. |
Define Key Roles and Skills | Uncover the Skills Gap | Build an Actionable Plan |
AI and ML Specialist is projected to be the fastest-growing occupation in the next five years (World Economic Forum, 2023).
While tech roles take an average of 62 days to fill, hiring a senior data scientist takes 70.5 days (Workable, 2019). Start your recruitment cycle early for this demand.
CDOs act as impactful change agents ensuring that the organization's data management disciplines are running effectively and meeting the business' data needs. Only 12.0% of the surveyed organizations reported having a CDO as of 2012. By 2022, this percentage had increased to 73.7% (NewVantage Partners, 2022).
Sixty-five percent of respondents said lack of data literacy is the top challenge CDOs face today (BearingPoint, 2020). It has become imperative for companies to consider building a data literacy program which will require a dedicated data literacy team.
Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.
Tab 2. Skill & Role List
Objective: Review the library of skills and roles and customize them as needed to align with your organization's language and specific needs.
Download the Data & Analytics Assessment and Planning Tool
Define Key Roles and Skills | Uncover the Skills Gap | Build an Actionable Plan |
Understanding your organization's data maturity level is a prerequisite to assessing the skill sets you have today and determining where you need to align in the future.
Input: Current state capabilities, Use cases (if applicable), Data culture diagnostic survey results (if applicable)
Output: High-level maturity assessment, Prioritized list of data management focused area
Materials: Data Management Assessment and Planning Tool (optional), Data & Analytics Assessment and Planning Tool
Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders
Prioritize these skills and roles based on your current maturity levels and what you intend to accomplish with your data strategy.
Download the Data & Analytics Assessment and Planning Tool
Input: Sample questions targeting the activities, challenges, and opportunities of each unit
Output: Identified skills availability
Materials: Whiteboard/Flip charts, Data & Analytics Assessment and Planning Tool
Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders
Download the Data & Analytics Assessment and Planning Tool
Input: Current skills competency, Stakeholder interview results and findings
Output: Gap identification and analysis
Materials: Data & Analytics Assessment and Planning Tool
Participants: Data leads
Download the Data & Analytics Assessment and Planning Tool
Define Key Roles and Skills | Uncover the Skills Gap | Build an Actionable Plan |
One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A. While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.
Reskilling often indicates a change in someone's career path, so this decision requires a goal aligned with both individuals and the organization to establish a mutually beneficial situation.
When making reskilling decisions, organizations should also consider the relevance of the skill for different positions. For example, data administrators and data architects have similar skill sets, so reskilling is appropriate for these employees.
Upskilling tends to focus more on the soft skills necessary for more advanced positions. A data strategy lead, for example, might require design thinking training, which enables leaders to think from different perspectives.
Skill growth feasibility must also be considered. Some technical skills, particularly those involving cutting-edge technologies, require continual learning to maintain operational excellence. For example, a data scientist may require AI/ML skills training to incorporate use of modern automation technology.
For open positions and skills that are too resource-intensive to reskill or upskill, it makes sense to recruit new employees. Consider, however, time and cost feasibility of hiring. Some positions (e.g. senior data scientist) take longer to fill. To minimize risks, coordinate with your HR department and begin recruiting early.
The data team can collaborate with the human resources department to plan and develop internal training sessions aimed at specific skill sets.
This can also be accomplished through external training providers such as DCAM, which provides training courses on data management and analytics topics.
Colleges and universities can equip students with data analytics skills through formal education programs such as MBAs and undergraduate or graduate degrees in Data Science, Machine Learning, and other fields.
Investing time and effort to obtain certifications in the data & analytics field allows data workers to develop skills and gain recognition for continuous learning and self-improvement.
AWS Data Analytics and Tableau Data Scientist Certification are two popular data analytics certifications.
Some companies offer online courses in various subjects. Coursera and DataCamp are two examples of popular providers.
The organization can partner with a vendor who brings skills and talents that are not yet available within the organization. Employees can benefit from the collaboration process by familiarizing themselves with the project and enhancing their own skills.
The data team can engage with other departments that have previously done skills development programs, such as Finance and Change & Communications, who may have relevant resources to help you improve your business acumen and change management skills.
Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.
With a clear idea of skills needs and an executable strategy for training and reinforcing of concepts, HR programs and processes can help the data team foster a learning environment and establish a recruitment plan. The links below will direct you to blueprints produced by McLean & Company, a division of Info-Tech Research Group.
When integrating the skills of the future into workforce planning, determine the best approach for addressing the identified talent gaps – whether to build, buy, or borrow.
Integrate the future skills identified into the organization's workforce plan.
In cases where employee development is not feasible, the organization's talent acquisition strategy must focus more on buying or borrowing talent. This will impact the TA process. For example, sourcing and screening must be updated to reflect new approaches and skills.
If you have a talent acquisition strategy, assess how to integrate the new roles/skills into recruiting.
Review current organizational core competencies to determine if they need to be modified. New skills will help inform critical roles and competencies required in succession talent pools.
If no competency framework exists, use McLean & Company's Develop a Comprehensive Competency Framework blueprint.
Evaluate modified and new roles against the organization's compensation structure. Adjust them as necessary. Look at market data to understand compensation for new roles and skills.
Reassess your base pay structure according to market data for new roles and skills.
L&D plays a huge role in closing the skills gap. Build L&D opportunities to support development of new skills in employees.
Design an Impactful Employee Development Program to build the skills employees need in the future.
Input: Roles and skills required, Key decision points
Output: Actionable plan
Materials: Data & Analytics Assessment and Planning Tool
Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders
Download the Data & Analytics Assessment and Planning Tool
Name | Position | Company |
Ruyi Sun | Research Specialist | Info-Tech Research Group |
Name | Position | Company |
Steve Wills | Practice Lead | Info-Tech Research Group |
Andrea Malick | Advisory Director | Info-Tech Research Group |
Annabel Lui | Principal Advisory Director | Info-Tech Research Group |
Sherwick Min | Technical Counselor | Info-Tech Research Group |
2022 Workplace Learning Trends Report.” Udemy, 2022. Accessed 20 June 2023.
Agrawal, Sapana, et al. “Beyond hiring: How companies are reskilling to address talent gaps.” McKinsey & Company, 12 Feb. 2020. Accessed 20 June 2023.
Bika, Nikoletta. “Key hiring metrics: Useful benchmarks for tech roles.” Workable, 2019. Accessed 20 June 2023.
Chroust, Tomas. “Chief Data Officer – Leaders of data-driven enterprises.” BearingPoint, 2020. Accessed 20 June 2023.
“Data and AI Leadership Executive Survey 2022.” NewVantage Partners, Jan 2022. Accessed 20 June 2023.
Dondi, Marco, et al. “Defining the skills citizens will need in the future world of work.” McKinsey & Company, June 2021. Accessed 20 June 2023.
Futschek, Gerald. “Algorithmic Thinking: The Key for Understanding Computer Science.” Lecture Notes in Computer Science, vol. 4226, 2006.
Howard, William, et al. “2022 HR Trends Report.” McLean & Company, 2022. Accessed 20 June 2023.
“Future of Jobs Report 2023.” World Economic Forum, May 2023. Accessed 20 June 2023.
Knight, Michelle. “What is Data Ethics?” Dataversity, 19 May 2021. Accessed 20 June 2023.
Little, Jim, et al. “The CIO Imperative: Is your technology moving fast enough to realize your ambitions?” EY, 22 Apr. 2022. Accessed 20 June 2023.
“MDM Roles and Responsibilities.” Profisee, April 2019. Accessed 20 June 2023.
“Reskilling and Upskilling: A Strategic Response to Changing Skill Demands.” TalentGuard, Oct. 2019. Accessed 20 June 2023.
Southekal, Prashanth. “The Five C's: Soft Skills That Every Data Analytics Professional Should Have.” Forbes, 17 Oct. 2022. Accessed 20 June 2023.
Your organization is looking to invest in new software or a tool to solve key business and IT problems. They see open source as a viable option given the advertised opportunities and the popularity of many open-source projects, but they have concerns:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This research walks you through the misconceptions about open source, factors to consider in its selection, and initiatives to prepare your teams for its adoption.
Use this tool to identify key gaps in the people, processes, and technologies needed to support open source in your organization. It also contains a canvas to facilitate discussions about expectations with your stakeholders and applications teams.
Open-source software promotes enticing technology and functional opportunities to any organization looking to modernize without the headaches of traditional licensing. Many organizations see the value of open source in its ability to foster innovation, be flexible to various use cases and system configurations, and give complete control to the teams who are using and managing it.
However, open source is not free. While the software is freely and easily accessible, its use and sharing are bound by its licenses, and its implementation requires technical expertise and infrastructure investments. Your organization must be motivated and capable of taking on the various services traditionally provided and managed by the vendor.
Andrew Kum-Seun
Research Director,
Application Delivery and Application Management
Info-Tech Research Group
Your ChallengeYour organization is looking to invest in new software or a tool to solve key business and IT problems. They see open source as a viable option because of the advertised opportunities and the popularity of many open-source projects. Despite the longevity and the broad adoption of open-source software, stakeholders are hesitant about its adoption, its long-term viability, and the costs of ongoing support. A clear direction and strategy is needed to align the expected value of open source to your stakeholders’ priorities and gain the funding required to select, implement, and support open-source software. |
Common ObstaclesYour stakeholders’ fears, uncertainties, and doubts about open source may be driven by misinterpretation or outdated information. This hesitancy can persist despite some projects being active longer than their proprietary counterparts. Certain software features, support capabilities, and costs are commonly overlooked when selecting open-source software because they are often assumed in the licensing and service costs of commercial software. Open-source software is often technically complicated and requires specific skill sets and knowledge. Unfortunately, current software delivery capability gaps impede successful adoption and scaling of open-source software. |
Info-Tech’s ApproachOutline the value you expect to gain. Discuss current business and IT priorities, use cases, and value opportunities to determine what to expect from open-source versus commercial software. Define your open-source selection criteria. Clarify the driving factors in your evaluation of open-source and commercial software using your existing IT procurement practices as a starting point. Assess the readiness of your team. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of open-source software. |
Open source is as much about an investment in people as it is about technology. It empowers applications teams to take greater control over their technology and customize it as they see fit. However, teams need the time and funding to conduct the necessary training, management, and ongoing community engagement that open-source software and its licenses require.
According to Synopsys, “Open source software (OSS) is software that is distributed with its source code, making it available for use, modification, and distribution with its original rights. … Programmers who have access to source code can change a program by adding to it, changing it, or fixing parts of it that aren’t working properly. OSS typically includes a license that allows programmers to modify the software to best fit their needs and control how the software can be distributed.”
Source: OpenLogic, 2022
State the Value of Open Source: Discuss current business and IT priorities, use cases, and value opportunities to determine what to expect from open-source versus commercial software.
Select Your Open-Source Software: Clarify the driving factors in your evaluation of open-source and commercial software using your existing IT procurement practices as a starting point.
Prepare for Open Source: Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of open-source software.
1.1.1 Outline the value you expect to gain from open-source software
This step involves the following participants:
Outcomes of this step:
This canvas is intended to provide a single pane of glass to start collecting your thoughts and framing your future conversations on open-source software selection and adoption.
Record the results in the “Open-Source Canvas” tab in the Open-Source Readiness Assessment.
Many leading-edge and bleeding-edge technologies are collaborated and innovated in open-source projects, especially in areas that are beyond the vision and scope of vendor products and priorities.
Open-source projects are focused. They are designed and built to solve specific business and technology problems.
All aspects of the open-source software are customizable, including source code and integrations. They can be used to extend, complement, or replace internally developed code. Licenses define how open-source code should be and must be used, productized, and modified.
Open-source communities encourage contribution and collaboration among their members to add functionality and improve quality and adoption.
Open-source software is accessible to everyone, free of charge. Communities do not need be consulted prior to acquisition, but the software’s use, configurations, and modifications may be restricted by its license.
Source: Red Hat, 2022
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This phase will help you define a benefits management process to help support effective benefits definition during portfolio intake.
This phase will help you define a process for effective benefits management during project planning and the execution intake phase.
This phase will help you define a process for effectively tracking and reporting on benefits realization post-project.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Assess the current state of benefits management at your organization and establish a realistic target state.
Establish project and portfolio baselines for benefits management.
Set achievable workshop goals and align stakeholder expectations.
Establish a solid foundation for benefits management success.
1.1 Introductions and overview.
1.2 Discuss attendee expectations and goals.
1.3 Complete Info-Tech’s PPM Current State Scorecard.
1.4 Perform right-wrong-confusing-missing analysis.
1.5 Define target state for benefits management.
1.6 Refine project levels.
Info-Tech’s PPM Current State Scorecard report
Right-wrong-confusing-missing analysis
Stakeholder alignment around workshop goals and target state
Info-Tech’s Project Intake Classification Matrix
Establish organizationally specific benefit metrics and KPIs.
Develop clear roles and accountabilities for benefits management.
An articulation of project benefits and measurements.
Clear checkpoints for benefits communication during the project are defined.
2.1 Map the current portfolio intake process.
2.2 Establish project sponsor responsibilities and accountabilities for benefits management.
2.3 Develop organizationally specific benefit metrics and KPIs.
2.4 Integrate intake legitimacy into portfolio intake processes.
Info-Tech’s Project Sponsor Role Description Template
Info-Tech’s Benefits Commitment Form Template
Intake legitimacy process flow and RASCI chart
Intake legitimacy SOP
Develop a customized SOP for benefits management during project planning and execution.
Ensure that all changes to the project have been recorded and benefits have been updated in preparation for deployment.
Updated benefits expectations are included in the final sign-off package.
3.1 Map current project management process and audit project management documentation.
3.2 Identify appropriate benefits control points.
3.3 Customize project management documentation to integrate benefits.
3.4 Develop a deployment legitimacy process flow.
Customized project management toolkit
Info-Tech’s Project Benefits Documentation Workbook
Deployment of legitimacy process flow and RASCI chart
Deployment of legitimacy SOP
Develop a post-project benefits realization process.
Clear project sponsorship accountabilities for post-project benefits tracking and reporting.
A portfolio level benefits tracking tool for reporting on benefits attainment.
4.1 Identify appropriate benefits control points in the post-project process.
4.2 Configure Info-Tech’s Portfolio Benefits Tracking Tool.
4.3 Define a post-project benefits reporting process.
4.4 Formalize protocol for reporting on, and course correcting, benefit lags.
4.5 Develop a post-project legitimacy process flow.
Info-Tech’s Portfolio Benefits Tracking Tool
Post-Project legitimacy process flow and RASCI chart
Post-Project Legitimacy SOP
Info-Tech’s Benefits Legitimacy Handbook
Info-Tech’s Benefits Legitimacy Workflow Template
Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.
A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this research to identify and quantify the potential strategic impacts caused by vendors. Use Info-Tech’s approach to look at the strategic impact from various perspectives to better prepare for issues that may arise.
By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Like most people, organizations are poor at assessing the likelihood of risk. If the past few years have taught us anything, it is that the probability of a risk occurring is far more flexible in the formula Risk = Likelihood * Impact than we ever thought possible. The impacts of these risks have been catastrophic, and organizations need to be more adaptive in managing them to strengthen their strategic plans.
Frank Sewell,
Research Director, Vendor Management
Info-Tech Research Group
Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.
A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.
Identifying and managing a vendor’s potential strategic impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes affect strategic plans.
Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.
Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
Prioritize and classify your vendors with quantifiable, standardized rankings.
Prioritize focus on your high-risk vendors.
Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Impacts Tool.
Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market. Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.
This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.
This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.
The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.
When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.
Below are some things no one expected to happen in the last few years:
of IT professionals are more concerned about being a victim of ransomware than they were a year ago.
of Microsoft’s non-essential employees shifted to working from home in 2020, joining the 18% already remote.
of organizations invested in web conferencing technology to facilitate collaboration.
Source: Info-Tech Tech Trends Survey 2022
Make sure you have the right people at the table to identify and plan to manage impacts.
Very few people could have predicted that a global pandemic would interrupt business on the scale experienced today. Organizations should look at their lessons learned and incorporate adaptable preparations into their strategic planning moving forward.
The IT market is an ever-shifting environment. Larger companies often gobble up smaller ones to control their sectors. Incorporating plans to manage those shifts in ownership will be key to many strategic plans that depend on niche vendor solutions for success. Be sure to monitor the potentially affected markets on an ongoing cadence.
Organizations need to accept that shortages will recur periodically and that preparing for them will significantly increase the success potential of long-term strategic plans. Understand what your business needs to stock for project needs and where those supplies are located, and plan how to rapidly access and distribute them as required if supply chain disruptions occur.
For example:
Sometimes an organization has the right mindset to take advantage of the changes in the market but can fail to plan for the particulars.
When your strategic plan changes, you need to revisit all the steps in the processes to ensure a successful outcome.
It is important to identify potential risks to strategic plans to manage the risk and be agile enough in planning to adapt to the changing environments.
Info-Tech Insight
Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.
(Adapted from COSO)
Organizations build portions of their strategies around chosen vendors and should protect those plans against the risks of unforeseen acquisitions in the market.
Is your vendor solvent? Does it have enough staff to accommodate your needs? Has its long-term planning been affected by changes in the market? Is it unique in its space?
Organizations’ strategic plans need to be adaptable to avoid vendors’ negative actions causing an expedited shift in priorities.
For example, Philip's recall of ventilators impacted its products and the availability of its competitor’s products as demand overwhelmed the market.
Organizations need to become better at risk assessment and actively manage the identified risks to their strategic plans.
Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.
Strategic risk impacts are often unanticipated, causing unforeseen downstream effects. Anticipating the potential changes in the global IT market and continuously monitoring vendors’ risk levels can help organizations modify their strategic alignment with the new norms.
Review your strategic plans for new risks and evolving likelihood on a regular basis.
Keep in mind Risk = Likelihood x Impact (R=L*I).
Impact (I) tends to remain the same, while Likelihood (L) is a very flexible variable.
Organizations need to be reviewing their strategic risk plans considering the likelihood of incidents in the global market.
Pandemics, extreme weather, and wars that affect global supply chains are a current reality, not unlikely scenarios.
Sometimes disasters occur despite our best plans to manage them.
When this happens, it is important to document the lessons learned and improve our plans going forward.
Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Download the Strategic Risk Impact Tool
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Industry: Airline
Impact categories: Pandemic, Lockdowns, Travel Bans, Increased Fuel Prices
The pandemic prompted systemic change to the overall strategic planning of the airline industry.
Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market.
Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.
Olaganathan, Rajee. “Impact of COVID-19 on airline industry and strategic plan for its recovery with special reference to data analytics technology.” Global Journal of Engineering and Technology Advances, vol 7, no 1, 2021, pp. 033-046.
Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.
Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.
Organizations that take data seriously should:
Analytics is a journey, not a destination. This journey can eventually result in some level of sophisticated AI/machine learning in your organization. Every organization needs to mobilize its resources and enhance its analytics capabilities to quickly and incrementally add value to data products and services. However, most organizations fail to mobilize their resources in this way.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This phase helps you understand your organization's data landscape and current analytics environment so you gain a deeper understanding of your future analytics needs.
This phase introduces you to data operating model frameworks and provides a step-by-step guide on how to capture the right analytics operating model for your organization.
This phase helps you implement your chosen analytics operating model, as well as establish an engagement model and communications plan.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Achieve a clear understanding and case for data analytics.
A successful analytics operating model starts with a good understanding of your analytical needs.
1.1 Review the business context.
1.2 Understand your analytics needs.
1.3 Draft analytics ideas and use cases.
1.4 Capture minimum viable analytics.
Documentation of analytics products and services
Achieve a clear understanding of your organization's analytics capability and mapping across organizational functions.
Understand your organization's data landscape and current analytics environment to gain a deeper understanding of your future analytics needs.
2.1 Capture your analytics capabilities.
2.2 Map capabilities to a hub-and-spoke model.
2.3 Document operating model results.
Capability assessment results
Capture the right analytics operating model for your organization.
Explore data operating model frameworks.
Capture the right analytics operating model for your organization using a step-by-step guide.
3.1 Discuss your operating model results.
3.2 Review your organizational structure’s pros and cons.
3.3 Map resources to target structure.
3.4 Brainstorm initiatives to develop your analytics capabilities.
Target operating model
Formalize your analytics organizational structure and prepare to implement your chosen analytics operating model.
Implement your chosen analytics operating model.
Establish an engagement model and communications plan.
4.1 Document your target organizational structure and RACI.
4.2 Establish an analytics engagement model.
4.3 Develop an analytics communications plan.
Reporting and analytics responsibility matrix (RACI)
Analytics engagement model
Analytics communications plan
Analytics organizational chart
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Brainstorm opportunities to secure the DevOps pipeline using the CLAIM Framework.
Assess opportunities and formulate a strategy based on a cost/benefit analysis.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
A step-by-step approach to walk you through understanding the IT accessibility compliance requirements, building your roadmap, and communicating with your department. This storyboard will help you figure out what’s needed from IT to support the business and launch accessibility with your team.
Accessibility compliance can be overwhelming at first. Use this template to simplify the requirements for the IT managers and build out a roadmap.
Using the EN 301 549 V3.2.1 (2021-03) as a basis for digital accessibility conformance. Use this tool to build a priorities list of requirements that are applicable to your organization.
Use this pre-built slide deck to customize your accessibility communication to the IT department. It will help you build a shared vision for accessibility, a current state picture, and plans to build to the target future state.
Accessibility is an organizational directive; however, IT plays a fundamental role in its success. As business partners require support and expertise to assist with their accessibility requirements IT needs to be ready to respond. Even if your organization hasn't fully committed to an accessibility standard, you can proactively get ready by planting the seeds to change the culture. By building understanding and awareness of the significant impact technology has on accessibility, you can start to change behaviors.
Implementing an accessibility program requires many considerations: legal requirements; international guidelines, such as Web Content Accessibility Guidelines (WCAG); training for staff; ongoing improvement; and collaborating with accessibility experts and people with disabilities. It can be overwhelming to know where to start. The tendency is to start with compliance, which is a fantastic first step. For a sustained program use, change management practices are needed to change behaviors and build inclusion for people with disabilities.
15% of the world's population identify as having some form of a disability (not including others that are impacted, e.g. caretakers, family). Why would anyone want to alienate over 1.1 billion people?
Heather Leier-Murray
Senior Research Analyst, People & Leadership
Info-Tech Research Group
Merriam-Webster defines disability as a "physical, mental, cognitive, or developmental condition that impairs, interferes with, or limits a person's ability to engage in certain tasks or actions or participate in typical daily activities and interactions."(1)
The World Health Organization points out that a crucial part of the definition of disability is that it's not just a health problem, but the environment impacts the experience and extent of disability. Inaccessibility creates barriers for full participation in society.(2)
The likelihood of you experiencing a disability at some point in your life is very high, whether a physical or mental disability, seen or unseen, temporary or permanent, severe or mild.(2)
Many people acquire disabilities as they age yet may not identify as "a person with a disability."3 Where life expectancies are over 70 years of age, 11.5% of life is spent living with a disability. (4)
"Extreme personalization is becoming the primary difference in business success, and everyone wants to be a stakeholder in a company that provides processes, products, and services to employees and customers with equitable, person-centered experiences and allows for full participation where no one is left out."
– Paudie Healy, CEO, Universal Access
(1.) Merriam-Webster
(2.) World Health Organization, 2022
(3.) Digital Leaders, as cited in WAI, 2018
(4.) Disabled World, as cited in WAI, 2018
You know the push for accessibility is coming in your organization. You might even have a program started or approval to build one. But you're not sure if you and your team are ready to support and enable the organization on its accessibility journey.
Understanding where to start, where accessibility lives, and if or when you're done can be overwhelmingly difficult. Accessibility is an organizational initiative that IT enables; being able to support the organization requires a level of understanding of common obstacles.
Prepare your people for accessibility and inclusion, even if your organization doesn't have a formal standard yet. Take your accessibility from mandate to movement, i.e. from Phase 1 - focused on compliance to Phase 2 - driven by experience for sustained change.
Accessibility is a practice, not a project. Therefore, accessibility is an organizational initiative; however, IT support is critical. Use change management theory to guide the new behaviors, processes, and thinking to adopt accessibility beyond compliance. Determining where to start is challenging because the tendency is to start with tech or compliance; however, starting with the people is key. It must be a change in organizational culture.
90% of companies claim to prioritize diversity.
Source: Harvard Business Review, 2020
Over 30% of those that claim to prioritize diversity are focused on compliance.
Source: Harvard Business Review, 2022
Source: Angel Business Communications, 2022
Still, most businesses aren't meeting compliance standards. Even though legislation has been in place for over 30 years, a 2022 study by WebAIM of 1,000,000 homepages returned a 96.8% WCAG 2.0 failure rate.
Source: Institute for Disability Research, Policy, and Practice, 2022
Changing behaviors and mindsets is necessary to be experience driven and sustain accessibility.
"Compliance is the minimum. And when we look at web tech, people are still arguing about their positioning on the standards that need to be enforced in order to comply, forgetting that it isn't enough to comply."
-- Jordyn Zimmerman, M.Ed., Director of Professional Development, The Nora Project, and Appointee, President's Committee for People with Intellectual Disabilities.
To see more on the Info-Tech Accessibility Maturity Framework:
"As an organization matures, the impact of accessibility shifts. A good company will think of security at the very beginning. The same needs to be applied to accessibility thinking. At the peak of accessibility maturity an organization will have people with disabilities involved at the outset."
-- Cam Beaudoin, Owner, Accelerated Accessibility
1. Planning IT's accessibility requirements |
2. Change enablement of accessibility |
|
---|---|---|
Phase Steps |
|
|
Phase Outcomes |
List of business needs and priorities related to accessibility IT accessibility requirements for conformance Assessment of state of accessibility conformance Prioritization of accessibility initiatives for IT Remediation plan for IT related to accessibility conformance Accessibility commitment statement |
Team understanding of what, why, and how Accessibility Quick Cards Sustainment plan |
Accessibility is a practice, not a project. Therefore, accessibility is an organizational initiative; however, IT support is critical. Use change management theory to guide the new behaviors, processes, and thinking to adopt accessibility beyond compliance. Determining where to start is challenging. The tendency is to start with tech or compliance; however, starting with the people is key. It must be a change in organizational culture.
Compliance is the minimum; people and behavior changes are the hardest part and have the largest impact on accessibility. Preparing for and building awareness of the reasons for accessibility makes the necessary behavior changes easier. Communicate, communicate, and communicate some more.
Think about accessibility like you think about IT security. Use IT security concepts that you and your team are already familiar with to initiate the accessibility program.
People are learning a new way to behave and think; this can be an unsettling period. Patience, education, communication, support, and time are keys for success of the implementation of accessibility. There is a transition period needed; people will gradually change their practices and attitudes. Celebrate small successes as they arise.
Accessibility isn't a project as there is no end. Effective planning and continuous reinforcement of "the new way of doing things" is necessary to enable accessibility as the new status quo.
IT Manager Meeting Template
Use this meeting slide deck to work with IT managers to build out the accessibility remediation plan and commitment statement.
Departmental Meeting Template
Use this meeting slide deck to introduce the concept of accessibility and communicate IT goals and objectives.
Accessibility Quick Cards
Using the Info-Tech IT Management and Governance Framework to identify key activities to help improve and maintain the accessibility of your organization and your core IT processes.
Accessibility Compliance Tracking Tool
This tool will assist you in identifying remediation priorities applicable to your organization.
IT Benefits |
Business Benefits |
---|---|
|
|
Improve IT effectiveness and employee buy-in to change.
Measuring the effectiveness of your program helps contribute to a culture of continuous improvement. Having consistent measures in place helps to inform decisions and enables your plan to be iterative to take advantage of emerging opportunities.
Monitor employee engagement, overall stakeholder satisfaction with IT, and the overall end-customer satisfaction.
Remember, accessibility is not a project – just because measures are positive does not mean your work is done.
In phase 1 of this blueprint, we will help you establish metrics for your organization.
In phase 2, we will help you develop a sustainment for achieving those metrics.
Suggested Metrics |
---|
|
INDUSTRY: Technology
SOURCE: Microsoft.com
https://blogs.microsoft.com/accessibility/accessib...
Microsoft's accessibility journey starts with the goal of building a culture of accessibility and disability inclusion. They recognize that the starting point for the magnitude of organizational change is People.
"Accessibility in Action Badge"
Every employee at Microsoft is trained on accessibility to build understanding of why and how to be inclusive using accessibility. The program entails 90 minutes of virtual content.
Microsoft treats accessibility and inclusion like a business, managing and measuring it to ensure sustained growth and success. They have worked over the years to bust systemic bias company-wide and to build a program with accessibility criteria that works for their business.
The program Microsoft has built allows them to shift the accessibility lens earlier in their processes and listen to its users' needs. This allows them to continuously mature their accessibility program, which means continuously improving its users' experience.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
What does a typical guided implementation (GI) on this topic look like?
Phase 1 | Phase 2 | ||
---|---|---|---|
Call #1: Discuss motivation for the initiative and foundational knowledge requirements. |
Call #3: Identify current maturity and IT accountabilities. |
Call #6: Review key messages and next steps to prepare for departmental meeting. |
Call #8: Review sustainment plan and plan next steps. |
A GI is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is eight to ten calls over the course of four to six months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Pre-Work |
Day 1 |
Day 2 |
Day 3 |
Day 4 |
Day 5 |
|
---|---|---|---|---|---|---|
Understand Your Legislative Environment |
Understand Your Current State |
Define the |
Build the IT Accessibility Plan |
Prepare for Change Enablement |
Next Steps and |
|
Activities |
0.1 Make a list of the legislation you need to comply with |
1.1 Define the risks of inaction |
2.1 Define IT compliance accountabilities |
3.1 Assess current accessibility compliance and mitigation |
4.1 Prepare the roadmap |
5.1 Complete in-progress deliverables from previous four days |
Deliverables |
|
|
|
|
|
|
Phase 1 |
Phase 2 |
---|---|
1.1 Determine accessibility requirements of IT 1.2 Build IT accessibility plan |
2.1 Build awareness 2.2 Support new behaviors 2.3 Continuous reinforcement |
This phase will walk you through the following activities:
This phase involves the following participants:
1.1.1 Determine what the business needs from IT
1.1.2 Complete the Accessibility Maturity Assessment (optional)
1.1.3 Determine IT compliance requirements
1.1.4 Define target state
1.1.5 Create a list of goals and objectives
1.1.6 Finalize key metrics
1.1.7 Prepare a meeting for IT managers
1. Harvard Business Review, 2020
2. Harvard Business Review, 2022
IT typically works through maturity frameworks from the bottom to the top, progressing at each level until they reach the end. When it comes to IT accessibility initiatives, being especially thorough, thoughtful, and collaborative is critical to success. This will mean spending more time in the Developing, Defined, and Managed levels of maturity rather than trying to reach Optimized as quickly as you can. This may feel contrary to what IT historically considers as a successful implementation.
After initially ensuring your organization is compliant with regulations and standards, you will progress to building disciplined process and consistent standardized processes. Eventually you will build the ability for predictable process, and lastly, you'll optimize by continuously improving.
Depending on the level of maturity you are trying to achieve, it could take months or even years to implement. The important thing to understand, however, is that accessibility work is never done.
At all levels of the maturity framework, you must consider the interconnected aspects of people, process, and technology. However, as the organization progresses, the impact will shift from largely being focused on process and technology improvement to being focused on people.
Although there will be various motivating factors, aligning the drivers of your accessibility program provides direction to the program. Connecting the advantages of program drivers to organizational goals builds the confidence of senior leaders and decision makers, increasing the continued commitment to invest in accessibility programming.
Driver | Description | Benefits | |
---|---|---|---|
Initial | Compliance |
|
|
Developing | Experience |
|
|
Defined | Experience |
|
|
Managed | Experience |
|
|
Optimized | Incorporation |
|
|
Identify stakeholders through the following questions: |
Take a 360-degree view of potential internal and external stakeholders who might be impacted by the initiative. |
---|---|
|
|
There are four areas in the map, and the stakeholders within each area should be treated differently.
|
Each group of stakeholders draws attention and resources away from critical tasks.
By properly identifying your stakeholder groups, you can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy spectators and noisemakers while ensuring the needs of the mediators and players are met.
Type | Quadrant | Actions |
---|---|---|
Players | High influence, high interest | Actively Engage Keep them engaged through continuous involvement. Maintain their interest by demonstrating their value to its success. |
Mediators | High influence, low interest | Keep Satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust, and include them in important decision-making steps. In turn, they can help you influence other stakeholders. |
Noisemakers | Low influence, high interest | Keep InformedTry to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using mediators to help them. |
Spectators | Low influence, low interest | MonitorThey are followers. Keep them in the loop by providing clarity on objectives and status updates. |
Input
Output
Materials
Participants
Think about the positive and negative reactions you could face about implementing accessibility.
It's likely individuals will have an emotional reaction to change and may have different emotions at different times during the change process.
Plan for how to leverage support and deal with resistance to change by assessing people's emotional responses:
On the accessibility questionnaire, tab 2, choose the amount you agree or disagree with each statement. Answer the questions based on your knowledge of your current state organizationally.
Once you've answered all the questions, see the results on the tab 3, Accessibility Results. You can see your overall maturity level and the maturity level for each of six dimensions that are necessary to increase the success of an accessibility program.
Click through to tab 4, Recommendations, to see specific recommendations based on your results and proven research to progress through the maturity levels. Keep in mind that not all organizations will or should aspire to the "Optimize" maturity level.
Download the Accessibility Maturity Assessment
Input
Output
Materials
Participants
Before you start this activity, you may need to discuss with your organization's legal counsel to determine the legislation that applies to your organization.
Input
Output
Materials
Participants
Download the Accessibility Compliance Tracking Tool
*Note: If you've completed the Accessibility Business Case for IT blueprint you may already have this information compiled. Refer to activities 2.1.2 and 2.1.3.
Input
Output
Materials
Participants
SMART is a common framework for setting effective goals. Make sure your goals satisfy these criteria to ensure you can achieve real results.
S |
Specific: Is the goal clear, concrete, and well defined? |
---|---|
M |
Measurable: How will you know when the goal is met? |
A |
Achievable: Is the goal possible to achieve in a reasonable time? |
R |
Relevant: Does this goal align with your responsibilities and with departmental and organizational goals? |
T |
Time-based: Have you specified a time frame in which you aim to achieve the goal? |
*Note: If you've completed the Accessibility Business Case for IT blueprint you may already have this information compiled. Refer to activity 2.2.1.
Input
Output
Materials
Participants
Metric | Definition | Calculation |
---|---|---|
Overall end-customer satisfaction | The percentage of end customers who are satisfied with the IT department. | Number of end customers who are satisfied / Total number of end customers |
Requests for accommodation or assistive technology fulfilled | The percentage of accommodation/assistive technology requests fulfilled by the IT department. | Number of requests fulfilled / Total number of requests |
Employee engagement | The percentage of employees who are engaged within an organization. | Number of employees who are engaged / Total number of employees |
Overall compliance status | The percentage of accessibility controls in place in the IT department. | The number of compliance controls in place / Total number of applicable accessibility controls |
Finalize key metrics the organization will use to measure accessibility success.
Input
Output
Materials
Participants
*Note: If you've completed the Accessibility Business Case for IT blueprint you may already have this information compiled. Refer to activity 2.2.2.
Cascade messages down to IT managers next. This ensures they will have time to internalize the change before communicating it to others.
Communicate with and build the accessibility plan with IT managers by customizing Info-Tech's IT Manager Meeting Template, which is designed to effectively convey your key messages. Tailor the template to suit your needs.
It includes:
Download the IT Manager Meeting Template
Preparing for and building awareness of the reasons for accessibility make the necessary behavior changes easier.
Know your audience:
Download the IT Manager Meeting Template
Input
Output
Materials
Participants
1.2.1 Assess current accessibility compliance and mitigation
1.2.2 Decide on your priorities
1.2.3 Add priorities to the roadmap
1.2.4 Write an IT accessibility commitment statement
This step involves the following participants:
Outcomes of this step
Use the spreadsheet from activity 1.1.3 where you identified which controls apply to your organization.
Have managers work in groups to identify which controls (of the applicable ones) are currently being met and which ones have an existing mitigation plan.
Info-Tech Insight
Based on EN 301 549 V3.2.1 (2021-03) as a basis for digital accessibility conformance. This tool is designed to assist you in building a priorities list of requirements that are applicable to your organization. EN 301 549 is currently the most robust accessibility regulation and encompasses other regulations within it. Although EN 301 549 is the European Standard, other countries are leaning on it as the standard they aspire to as well.
Input
Output
Materials
Participants
Download the Accessibility Compliance Tracking Tool
Use the spreadsheet from activity 1.3.1.
Have managers work in the same groups to prioritize controls by assigning a quarterly timeline for compliance.
Input
Output
Materials
Participants
Download the Accessibility Compliance Tracking Tool
Don't overload your team. Make sure the timelines assigned in the breakout groups make sense and are realistic.
Download the Accessibility Compliance Tracking Tool
Input
Output
Materials
Participants
A commitment statement communicates why accessibility and disability inclusion are important and guides behaviors toward the ideal state. The statement will guide and align work, build accountability, and acknowledge the dedication of the leadership team to accessibility and disability inclusion. The statement will:
Take action! Writing the statement is only the first step. It takes more than words to build accessibility and make your work environment more disability inclusive.
Preparing for and building awareness of the reasons for accessibility make the necessary behavior changes easier.
"theScore strives to provide products and services in a way that respects the dignity and independence of persons with disabilities. We are committed to giving persons with disabilities the same opportunity to access our products and services and allowing them to benefit from the same services, in the same place and in a similar way as other clients. We are also committed to meeting the needs of persons with disabilities in a timely manner, and we will meet applicable legislative requirements for preventing and removing barriers."(1)
Apple Canada
"Apple Canada is committed to ensuring equal access and participation for people with disabilities. Apple Canada is committed to treating people with disabilities in a way that allows them to maintain their dignity and independence. Apple Canada believes in integration and is committed to meeting the needs of people with disabilities in a timely manner. Apple Canada will do so by removing and preventing barriers to accessibility and meeting accessibility requirements under the AODA and provincial and federal laws across Canada." (2)
Google Canada
"We are committed to meeting the accessibility needs of people with disabilities in a timely manner, and will do so by identifying, preventing and removing barriers to accessibility, and by meeting the accessibility requirements under the AODA." (3)
Source 1: theScore
Source 2: Apple Canada
Source 3: Google Canada.
Input
Output
Materials
Participants
Phase 1 | Phase 2 |
---|---|
1.1 Determine accessibility requirements of IT 1.2 Build IT accessibility plan | 2.1 Build awareness 2.2 Support new behaviors 2.3 Continuous reinforcement |
This phase will walk you through the following activities:
This phase involves the following participants:
Building awareness and focusing on experience helps move along the accessibility maturity framework. Shifting from mandate to movement.
In this phase, start to move beyond compliance. Build the IT team's understanding of accessibility, disability inclusion, and their role.
Communicate the following messages to your team:
Compliance is the minimum; the people and behavior changes are the harder part and have the largest impact on accessibility. Preparing for and building awareness of the reasons for accessibility make the necessary behavior changes easier. Communicate, communicate, and communicate some more.
Incremental Change:
|
Transitional Change:
|
Transformational Change:
|
Examples:
|
Examples:
|
Examples:
|
Invest time at the start to develop a detailed understanding of the impact of the change. This will help to create a plan that will simplify the change and save time. Evaluate the impact from a people, process, and technology perspective.
Leverage a design thinking principle: Empathize with the stakeholder – what will change?
People |
Process | Technology |
---|---|---|
|
|
|
Anticipate responses to change:
Quickly assess the size of change by answering these questions:
If you answered "Yes" to two or more questions, the change is bigger than you think. Your staff will feel the impact.
This step involves the following participants:
This phase is focused on communicating within IT. All communication has an overall goal. This outcome or purpose of communicating is often dependent on the type of influence the stakeholder wields within the organization as well as the type of impact the change will have on them. Consider each of the communication outcomes listed below.
How to establish key messages
Ground key messages in organizational strategy and culture. These should be the first places you look to determine the organization's key messages:
The intent of key messages is to convey important information in a way that is relatable and memorable, to promote reinforcement, and ultimately, to drive action.
Empathizing with the audience is key to anticipating and addressing objections as well as identifying benefits. Customize messaging based on audience attributes such as work model (e.g. hybrid), anticipated objections, what's in it for me?, and specific expectations.
Download the Communications Planner Tool
Input
Output
Materials
Participants
2.2.1 Prepare for IT department meeting
2.2.2 Practice delivery of your presentation
2.2.3 Hold department meeting
This step involves the following participants:
To effectively communicate change, answer questions before they're asked, whenever possible. To do this, outline at each stage of the change process what's happening next for the audience, as well as answer other anticipated questions. Pair key questions with core messages.
Examples of key questions by change stage include:
Download the Departmental Presentation Template
Input
Output
Materials
Participants
Using voice and body
Think about the message you are trying to convey and how your body can support that delivery. Hands, stance, frame – all have an impact on what might be conveyed.
If you want your audience to lean in and be eager about your next point, consider using a pause or softer voice and volume.
Be professional and confident
State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.
Present in a way that is genuine to you and your voice. Whether you have an energetic personality or calm and composed personality, the presentation should be authentic to you.
Connect with your audience
Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention.
Avoid reading from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.
You are responsible for the response of your audience. If they aren't engaged, it is on you as the communicator.
Input
Output
Materials
Participants
Input
Output
Materials
Participants
Download the Accessibility Quick Cards template
2.3.1 Establish a frequency and timeframe for communications
2.3.2 Obtain feedback and improve
2.3.3 Sustainment plan
This step involves the following participants:
Outcomes of this step
Don't forget: Cascade messages down through the organization to ensure those who need to deliver messages have time to internalize the change before communicating it to others. Include a mix of personal and organizational messages, but where possible, separate personal and organizational content into different communications.
Input
Output
Materials
Participants
Download the Communications Planner Tool
Make sure you have established feedback mechanisms to collect feedback on both the messages delivered and how they were delivered. Some ways to collect feedback include:
Feedback Mechanisms:
Who
The project team gathers feedback from:
What
Gather feedback on:
How
Use Info-Tech's Standard Focus Group Guide
Input
Output
Materials
Participants
Download the Communications Planner Tool
R | Responsible |
---|---|
A | Accountable |
C | Consulted |
I | Informed |
Sustainment is critical to success of accessibility
Identify resources required for sustainment components using metrics and input from implementation owners, subject matter experts, and frontline managers.
For example:
Estimate the budget required for resources based on past projects that used similar resources, and then estimate the time it will take until the change evolves into "business as usual" (e.g. 6 months, 12 months).
If you haven't already performed the Accessibility Maturity Assessment, complete it in the wake of the accessibility initiative to assess improvements and progress toward target future accessibility maturity.
As your accessibility program starts to scale out over a range of projects, revisit the assessment on a quarterly or bi-annual basis to help focus your improvement efforts across the six accessibility categories.
To drive continual improvement of your organizational accessibility and disability inclusion, continue to share progress, wins, challenges, feedback, and other accessibility related concerns with stakeholders. At the end of the day, IT's efforts to become a change leader and support organizational accessibility will come down to stakeholder perceptions based upon employee morale and benefits realized.
Download the Accessibility Maturity Assessment
Input
Output
Materials
Participants
The Accessibility Business Case for IT
IT Diversity and Inclusion Tactics
Implement and Mature Your User Experience Design Practice
"2021 State of Digital Accessibility." Level Access, n.d. Accessed 10 Aug. 2022
"Apple Canada Accessibility Policy & Plan." Apple Canada, 11 March 2019.
Casey, Caroline. "Do Your D&I Efforts Include People With Disabilities?" Harvard Business Review, 19 March 2020. Accessed 28 July 2022.
Digitalisation World. "Organisations failing to meet digital accessibility standards." Angel Business Communications, 19 May 2022. Accessed Oct. 2022.
"disability." Merriam-Webster.com Dictionary, Merriam-Webster,
"Disability." World Health Organization, 2022. Accessed 10 Aug 2022.
"Google Canada Corporation Accessibility Policy and Multi Year Plan." Google Canada, June 2020.
Hypercontext. "The State of High Performing Teams in Tech 2022." Hypercontext. 2022.
Lay-Flurrie, Jenny. "Accessibility Evolution Model: Creating Clarity in your Accessibility Journey." Microsoft, 2023. <https://blogs.microsoft.com/accessibility/accessibility-evolution-model/>.
Maguire, Jennifer. "Applause 2022 Global Accessibility Survey Reveals Organizations Prioritize Digital Accessibility but Fall Short of Conformance with WCAG 2.1 Standards." Business Wire, 19 May 2022.
"The Business Case for Digital Accessibility." W3C Web Accessibility Initiative (WAI), 9 Nov. 2018. Accessed 4 Aug. 2022.
"THESCORE's Commitment to Accessibility." theScore, May 2021.
"The WebAIM Million." Web AIM, 31 March 2022. Accessed 28 Jul. 2022.
Washington, Ella F. "The Five Stages of DEI Maturity." Harvard Business Review, November - December 2022. Accessed 7 Nov. 2022.
Web AIM. "The WebAIM Million." Institute for Disability Research, Policy, and Practice, 31 March 2022. Accessed 28 Jul. 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify the organization’s standing in terms of the enterprise architecture practice, and know the gaps and what the EA practice needs to fulfill to create a good governance framework.
Understand the EA fundamentals and then refresh them to better align the EA practice with the organization and create business benefit.
Analyze the IT operating model and identify EA’s role at each stage; refine it to promote effective EA engagement upfront in the early stages of the IT operating model.
Set up EA governing bodies to provide guidance and foster a collaborative environment by identifying the correct number of EA governing bodies, defining the game plan to initialize the governing bodies, and creating an architecture review process.
Create an EA policy to provide a set of guidelines designed to direct and constrain the architecture actions of the organization in the pursuit of its goals in order to improve architecture compliance and drive business value.
Define architecture standards to facilitate information exchange, improve collaboration, and provide stability. Develop a process to update the architectural standards to ensure relevancy and promote process transparency.
Craft a plan to engage the relevant stakeholders, ascertain the benefits of the initiative, and identify the various communication methods in order to maximize the chances of success.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Conduct stakeholder interviews to understand current state of EA practice and prioritize gaps for EA governance based on organizational complexity.
Prioritized list of actions to arrive at the target state based on the complexity of the organization
1.1 Determine organizational complexity.
1.2 Conduct an assessment of the EA governance components.
1.3 Identify and prioritize gaps.
1.4 Conduct senior management interviews.
Organizational complexity score
EA governance current state and prioritized list of EA governance component gaps
Stakeholder perception of the EA practice
Refine EA fundamentals to align the EA practice with the organization and identify EA touchpoints to provide guidance for projects.
Alignment of EA goals and objectives with the goals and objectives of the organization
Early involvement of EA in the IT operating model
2.1 Review the output of the organizational complexity and EA assessment tools.
2.2 Craft the EA vision and mission.
2.3 Develop the EA principles.
2.4 Identify the EA goals.
2.5 Identify EA engagement touchpoints within the IT operating model.
EA vision and mission statement
EA principles
EA goals and measures
Identified EA engagement touchpoints and EA level of involvement
Set up EA governing bodies to provide guidance and foster a collaborative environment by identifying the correct number of EA governing bodies, defining the game plan to initialize the governing bodies and creating an architecture review process.
Business benefits are maximized and solution design is within the options set forth by the architectural reference models while no additional layers of bureaucracy are introduced
3.1 Identify the number of governing bodies.
3.2 Define the game plan to initialize the governing bodies.
3.3 Define the architecture review process.
Architecture board structure and coverage
Identified architecture review template
Create an EA policy to provide a set of guidelines designed to direct and constrain the architecture actions of the organization in the pursuit of its goals in order to improve architecture compliance and drive business value.
Improved architecture compliance, which ties investments to business value and provides guidance to architecture practitioners
4.1 Define the scope.
4.2 Identify the target audience.
4.3 Determine the inclusion and exclusion criteria.
4.4 Craft an assessment checklist.
Defined scope
Inclusion and exclusion criteria for project review
Architecture assessment checklist
Define architecture standards to facilitate information exchange, improve collaboration, and provide stability.
Craft a communication plan to implement the new EA governance framework in order to maximize the chances of success.
Consistent development of architecture, increased information exchange between stakeholders
Improved process transparency
Improved stakeholder engagement
5.1 Identify and standardize EA work products.
5.2 Classifying the architectural standards.
5.3 Identifying the custodian of standards.
5.4 Update the standards.
5.5 List the changes identified in the EA governance initiative
5.6 Create a communication plan.
Identified set of EA work products to standardize
Architecture information taxonomy
Identified set of custodian of standards
Standard update process
List of EA governance initiatives
Communication plan for EA governance initiatives
"Enterprise architecture is not a technology concept, rather it is the foundation on which businesses orient themselves to create and capture value in the marketplace. Designing architecture is not a simple task and creating organizations for the future requires forward thinking and rigorous planning.
Architecture processes that are supposed to help facilitate discussions and drive option analysis are often seen as an unnecessary overhead. The negative perception is due to enterprise architecture groups being overly prescriptive rather than providing a set of options that guide and constrain solutions at the same time.
EA groups should do away with the direct and control mindset and change to a collaborate and mentor mindset. As part of the architecture governance, EA teams should provide an option set that constrains design choices, and also be open to changes to standards or best practices. "
Gopi Bheemavarapu, Sr. Manager, CIO Advisory Info-Tech Research Group
Info-Tech Insight
Enterprise architecture is critical to ensuring that an organization has the solid IT foundation it needs to efficiently enable the achievement of its current and future strategic goals rather than focusing on short-term tactical gains.
An architecture governance process is the set of activities an organization executes to ensure that decisions are made and accountability is enforced during the execution of its architecture strategy. (Hopkins, “The Essential EA Toolkit.”)
EA governance includes the following:
(TOGAF)
IT governance sets direction through prioritization and decision making, and monitors overall IT performance.
EA governance ensures that optimal architectural design choices are being made that focus on long-term value creation.
Effective EA governance ensures alignment between organizational investments and corporate strategic goals and objectives.
Architecture standards provide guidance to identify opportunities for reuse and eliminate redundancies in an organization.
Architecture review processes and assessment checklists ensure that solutions are within the acceptable risk levels of the organization.
EA governance is difficult to structure appropriately, but having an effective structure will allow you to:
Recent Info-Tech research found that organizations that establish EA governance realize greater benefits from their EA initiatives.
(Info-Tech Research Group, N=89)
Define key operational measures for internal use by IT and EA practitioners. Also, define business value measures that communicate and demonstrate the value of EA as an “enabler” of business outcomes to senior executives.
EA performance measures (lead, operational) | EA value measures (lag) | |
---|---|---|
Application of EA management process | EA’s contribution to IT performance | EA’s contribution to business value |
Enterprise Architecture Management
IT Investment Portfolio Management
Solution Development
Operations Management
Business Value
Industry Insurance
Source Info-Tech
The insurance sector has been undergoing major changes, and as a reaction, businesses within the sector have been embracing technology to provide innovative solutions.
The head of EA in a major insurance provider (henceforth to be referred to as “INSPRO01”) was given the mandate to ensure that solutions are architected right the first time to maximize reuse and reduce technology debt. The EA group was at a critical point – to demonstrate business value or become irrelevant.
The project management office had been accountable for solution architecture and had placed emphasis on short-term project cost savings at the expense of long term durability.
There was a lack of awareness of the Enterprise Architecture group within INSPRO01, and people misunderstood the roles and responsibilities of the EA team.
Info-Tech helped define the responsibilities of the EA team and clarify the differences between the role of a Solution Architect vs. Enterprise Architect.
The EA team was able to make the case for change in the project management practices to ensure architectures are reviewed and approved prior to implementation.
As a result, INSPRO01 saw substantial increases in reuse opportunities and thereby derived more value from its technology investments.
The success of any EA governance initiative revolves around adopting best practices, setting up repeatable processes, and establishing appropriate controls.
Our best-practice approach is grounded in TOGAF and enhanced by the insights and guidance from our analysts, industry experts, and our clients.
Value-focused. Focus EA governance on helping the organization achieve business benefits. Promote EA’s contribution in realizing business value.
Right-sized. Insert EA governance into existing process checkpoints rather than creating new ones. Clearly define EA governance inclusion criteria for projects.
Measured. Define metrics to measure EA’s performance, and integrate EA governance with other governance processes such as project governance. Also clearly define the EA governing bodies’ composition, domain, inputs, and outputs.
Balanced. Adopt architecture principles that strikes the right balance between business and technology.
Info-Tech’s architectural governance framework provides a value-focused, right-sized approach with a strong emphasis on process standardization, repeatability, and sustainability.
As you move through the project, capture your progress with a summary in the EA Governance Framework Template.
Download the EA Governance Framework Template document for use throughout this project.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Current state of EA governance | EA Fundamentals | Engagement Model | EA Governing Bodies | |
---|---|---|---|---|
Best-Practice Toolkit |
1.1 Determine organizational complexity 1.2 Conduct an assessment of the EA governance components 1.3 Identify and prioritize gaps |
2.1 Craft the EA vision and mission 2.2 Develop the EA principles 2.3 Identify the EA goals |
3.1 Build the case for EA engagement 3.2 Identify engagement touchpoints within the IT operating model |
4.1 Identify the number of governing bodies 4.2 Define the game plan to initialize the governing bodies 4.3 Define the architecture review process |
Guided Implementations |
|
|
|
|
Phase 1 Results:
|
Phase 2 Results:
|
Phase 3 Results:
|
Phase 4 Results:
|
EA Policy | Architectural Standards | Communication Plan | |
---|---|---|---|
Best-Practice Toolkit |
5.1 Define the scope of EA policy 5.2 Identify the target audience 5.3 Determine the inclusion and exclusion criteria 5.4 Craft an assessment checklist |
6.1 Identify and standardize EA work products 6.2 Classify the architectural standards 6.3 Identify the custodian of standards 6.4 Update the standards |
7.1 List the changes identified in the EA governance initiative 7.2 Identify stakeholders 7.3 Create a communication plan |
Guided Implementations |
|
|
|
Phase 5 Results:
|
Phase 6 Results:
|
Phase 7 Results:
|
Contact your account representative or email Workshops@InfoTech.com for more information.
Pre-workshop | Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | |
---|---|---|---|---|---|
Activities | Current state of EA governance | EA fundamentals and engagement model | EA governing bodies | EA policy | Architectural standards and communication plan |
1.1 Determine organizational complexity 1.2 Conduct an assessment of the EA governance components 1.3 Identify and prioritize gaps 1.4 Senior management interviews |
|
|
|
| |
Deliverables |
|
|
|
|
|
This phase will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
Info-Tech Insight
Correlation is not causation – an apparent problem might be a symptom rather than a cause. Assess the organization’s current EA governance to discover the root cause and go beyond the symptoms.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 1: Current State of EA Governance
Proposed Time to Completion: 2 weeks
Step 1.1: Determine organizational complexity
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Step 1.2: Assess current state of EA governance
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Determining organizational complexity is not rocket science. Use Info-Tech’s tool to quantify the complexity and use it, along with common sense, to determine the appropriate level of architecture governance.
1.1 2 hours
Step 1 - Facilitate
Download the EA Capability – Risk and Complexity Assessment Tool to facilitate a session on determining your organization’s complexity.
Download EA Organizational - Risk and Complexity Assessment Tool
Step 2 - Summarize
Summarize the results in the EA governance framework document.
Update the EA Governance Framework Template
EA governance is multi-faceted and it facilitates effective use of resources to meet organizational strategic objectives through well-defined structural elements.
EA Governance
Components of architecture governance
Next Step: Based on the organization’s complexity, conduct a current state assessment of EA governance using Info-Tech’s EA Governance Assessment Tool.
1.2 2 hrs
Step 1 - Facilitate
Download the “EA Governance Assessment Tool” to facilitate a session on identifying the best practices to be applied in your organization.
Download Info-Tech’s EA Governance Assessment Tool
Step 2 - Summarize
Summarize the identified best practices in the EA governance framework document.
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
INSPRO01 was planning a major transformation initiative. The organization determined that EA is a strategic function.
The CIO had pledged support to the EA group and had given them a mandate to deliver long-term strategic architecture.
The business leaders did not trust the EA team and believed that lack of business skills in the group put the business transformation at risk.
The EA group had been traditionally seen as a technology organization that helps with software design.
The EA team lacked understanding of the business and hence there had been no common language between business and technology.
Info-Tech helped the EA team create a set of 10 architectural principles that are business-value driven rather than technical statements.
The team socialized the principles with the business and technology stakeholders and got their approvals.
By applying the business focused architectural principles, the EA team was able to connect with the business leaders and gain their support.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Outcomes
This phase will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
Info-Tech Insight
A house divided against itself cannot stand – ensure that the EA fundamentals are aligned with the organization’s goals and objectives.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 3 weeks
Step 2.1: Develop the EA fundamentals
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Vision, mission, goals and measures, and principles form the foundation of the EA function.
The vision and mission statements provide strategic direction to the EA team. These statements should be created based on the business and technology drivers in the organization.
"The very essence of leadership is [that] you have a vision. It's got to be a vision you articulate clearly and forcefully on every occasion. You can't blow an uncertain trumpet." – Theodore Hesburgh
Articulates the desired future state of EA capability expressed in the present tense.
Example: To be recognized by both the business and IT as a trusted partner that drives [Company Name]’s effectiveness, efficiency, and agility.
Articulates the fundamental purpose of the EA capability.
Example: Define target enterprise architecture for [Company Name], identify solution opportunities, inform IT investment management, and direct solution development, acquisition, and operation compliance.
EA capability goals define specific desired outcomes of an EA management process execution. EA capability measures define how to validate the achievement of the EA capability goals.
Example:
Goal: Improve reuse of IT assets at [Company Name].
Measures:
EA principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting target-state enterprise architecture design, solution development, and procurement decisions.
Example:
Policies can be seen as “the letter of the law,” whereas EA principles summarize “the spirit of the law.”
EA capability goals, i.e. specific desired outcomes of an EA management process execution. Use COBIT 5, APO03 process goals, and metrics as a starting point.
Define key operational measures for internal use by IT and EA practitioners. Also, define business value measures that communicate and demonstrate the value of EA as an enabler of business outcomes to senior executives.
EA performance measures (lead, operational) | EA value measures (lag) | |
---|---|---|
Application of EA management process | EA’s contribution to IT performance | EA’s contribution to business value |
Enterprise Architecture Management
IT Investment Portfolio Management
Solution Development
Operations Management
Business Value
2.1 2 hrs
Download the three templates and hold a working session to facilitate a session on creating EA fundamentals.
Download the EA Vision and Mission Template, the EA Principles Template, and the EA Goals and Measures Template
Document the final vision, mission, principles, goals, and measures within the EA Governance Framework.
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
The EA group at INSPRO01 was being pulled in multiple directions with requests ranging from architecture review to solution design to code reviews.
Project level architecture was being practiced with no clarity on the end goal. This led to EA being viewed as just another IT function without any added benefits.
Info-Tech recommended that the EA team ensure that the fundamentals (vision, mission, principles, goals, and measures) reflect what the team aspired to achieve before fixing any of the process concerns.
The EA team was mostly comprised of technical people and hence the best practices outlined were not driven by business value.
The team had no documented vision and mission statements in place. In addition, the existing goals and measures were not tied to the business strategic objectives.
The team had architectural principles documented, but there were too many and they were very technical in nature.
With Info-Tech’s guidance, the team developed a vision and mission statement to succinctly communicate the purpose of the EA function.
The team also reduced and simplified the EA principles to make sure they were value driven and communicated in business terms.
Finally, the team proposed goals and measures to track the performance of the EA team.
With the fundamentals in place, the team was able to show the value of EA and gain organization-wide acceptance.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Info-Tech Insight
Perform due diligence prior to decision making. Use the EA Engagement Model to promote conversations between stage gate meetings as opposed to having the conversation during the stage gate meetings.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2 weeks
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Effective EA engagement revolves around three basic principles – generating business benefits, creating adaptable models, and being able to replicate the process across the organization.
Business Value Driven
Focus on generating business value from organizational investments.
Repeatable
Process should be standardized, transparent, and repeatable so that it can be consistently applied across the organization.
Flexible
Accommodate the varying needs of projects of different sizes.
Where these pillars meet: Advocates long-term strategic vs. short-term tactical solutions.
EA’s engagement in each stage within the plan, build, and run phases should be clearly defined and communicated.
Plan | Strategy Development | Business Planning | Conceptualization | Portfolio Management |
---|---|---|---|---|
↓ | ||||
Build | Requirements | Solution Design | Application Development/ Procurement | Quality Assurance |
↓ | ||||
Run | Deploy | Operate |
3.1 2-3 hr
Hold a working session with the participants to document the current IT operating model. Facilitate the activity using the following steps:
1. Map out the IT operating model.
2. Determine EA’s current role in the operating model.
Download the EA Engagement Model Template to document the organization’s current IT operating model.
Strategy Development
Also known as strategic planning, strategy development is fundamental to creating and running a business. It involves the creation of a longer-term game plan or vision that sets specific goals and objectives for a business.
R | Those in charge of performing the task. These are the people actively involved in the completion of the required work. | → | Business VPs, EA, IT directors | R |
A | The one ultimately answerable for the correct and thorough completion of the deliverable or task, and the one who delegates the work to those responsible. | → | CEO | A |
C | Those whose opinions are sought before a decision is made, and with whom there is two-way communication. | → | PMO, Line managers, etc. | C |
I | Those who are kept up to date on progress, and with whom there is one-way communication. | → | Development managers, etc. | I |
Next Step: Similarly define the RACI for each stage of the IT operating model; refer to the activity slide for prompts.
Plan |
Strategy Development C |
Business Planning C |
Conceptualization A |
Portfolio Management C |
---|---|---|---|---|
Build |
Requirements C |
Solution Design R |
Application Development/ Procurement R |
Quality Assurance I |
Run |
Deploy I |
Operate I |
Next Step: Define the role of EA in each stage of the IT operating model; refer to the activity slide for prompts.
3.2 2 hrs
Download the EA Engagement Model Template and hold a working session to define EA’s target role in each step of the IT operating model.
Download the EA Engagement Model Template
Document the target state role of EA within the EA Governance Framework document.
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
INSPRO01 had a high IT cost structure with looming technology debt due to a preference for short-term tactical gains over long-term solutions.
The business satisfaction with IT was at an all-time low due to expensive solutions that did not meet business needs.
INSPRO01’s technology landscape was in disarray with many overlapping systems and interoperability issues.
No single team within the organization had an end-to-end perspective all the way from strategy to project execution. A lot of information was being lost in handoffs between different teams.
This led to inconsistent design/solution patterns being applied. Investment decisions had not been grounded in reality and this often led to cost overruns.
Info-Tech helped INSPRO01 identify opportunities for EA team engagement at different stages of the IT operating model. EA’s role within each stage was clearly defined and documented.
With Info-Tech’s help, the EA team successfully made the case for engagement upfront during strategy development rather than during project execution.
The increased transparency enabled the EA team to ensure that investments were aligned to organizational strategic goals and objectives.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Outcomes
This phase will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
Info-Tech Insight
Use architecture governance like a scalpel rather than a hatchet. Implement governing bodies to provide guidance rather than act as a police force.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2 weeks
Step 4.1: Identify architecture boards and develop charters
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Step 4.2: Develop an architecture review process
Follow-up with an analyst call:
Then complete these activities…
With these tools & templates:
The primary purpose of architecture boards is to ensure that business benefits are maximized and solution design is within the options set forth by the architectural reference models without introducing additional layers of bureaucracy.
The optimal number of architecture boards required in an organization is a function of the following factors:
Commonly observed architecture boards:
Info-Tech Insight
Before building out a new governance board, start small by repurposing existing forums by adding architecture as an agenda item. As the items for review increase consider introducing dedicated governing bodies.
EA teams can be organized in three ways – distributed, federated, and centralized. Each model has its own strengths and weaknesses. EA governance must be structured in a way such that the strengths are harvested and the weaknesses are mitigated.
Distributed | Federated | Centralized | |
---|---|---|---|
EA org. structure |
|
|
|
Implications |
|
|
|
Architectural boards |
|
|
|
Level 1 | Architecture Review Board | IT and Business Leaders | ||||
Level 2 | Business Architecture Board | Data Architecture Board | Application Architecture Board | Infrastructure Architecture Board | Security Architecture Board | IT and Business Managers |
Level 3 | Architecture Working Groups | Architects |
Start with this:
Level 1 | Architecture Review Board |
Level 2 | Technical Architecture Committee |
Level 3 | Architecture Working Groups |
Change to this:
Architecture Review Board | IT and Business Leaders | ||||
Business Architecture Board | Data Architecture Board | Application Architecture Board | Infrastructure Architecture Board | Security Architecture Board | IT and Business Managers |
Architecture Working Groups | Architects |
The boards at each level should be set up with the correct agenda – ensure that the boards’ composition and activities reflect their objective. Use the entry criteria to communicate the agenda for their meetings.
Architecture Review Board | Technical Architecture Committee | |
---|---|---|
Objective |
|
|
Composition |
|
|
Activities |
|
|
Entry Criteria |
|
|
4.1 2 hrs
Hold a working session with the participants to identify the number of governing bodies. Facilitate the activity using the following steps:
Download the Architecture Board Charter Template to document this activity.
The charter represents the agreement between the governing body and its stakeholders about the value proposition and obligations to the organization.
4.2 3 hrs
Hold a working session with the stakeholders to define the charter for each of the identified architecture boards.
Download Architecture Board Charter Template
Update the EA Governance Framework document
The best-practice model presented facilitates the creation of sound solution architecture through continuous engagement with the EA team and well-defined governance checkpoints.
4.3 2 hours
Hold a working session with the participants to develop the architecture review process. Facilitate the activity using the following steps:
Download the Architecture Review Process Template for additional guidance regarding developing an architecture review process.
4.3 2 hrs
Download Architecture Review Process Template and facilitate a session to customize the best-practice model presented in the template.
Download the Architecture Review Process Template
Summarize the process changes and document the process flow in the EA Governance Framework document.
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
At INSPRO01, architecture governance boards were a bottleneck. The boards fielded all project requests, ranging from simple screen label changes to complex initiatives spanning multiple applications.
These boards were designed as forums for technology discussions without any business stakeholder involvement.
INSPRO01’s management never gave buy-in to the architecture governance boards since their value was uncertain.
Additionally, architectural reviews were perceived as an item to be checked off rather than a forum for getting feedback.
Architectural exceptions were not being followed through due to the lack of a dispensation process.
Info-Tech has helped the team define adaptable inclusion/exclusion criteria (based on project complexity) for each of the architectural governing boards.
The EA team was able to make the case for business participation in the architecture forums to better align business and technology investment.
An architecture dispensation process was created and operationalized. As a result architecture reviews became more transparent with well-defined next steps.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Info-Tech Insight
Use the EA policy to promote EA’s commitment to deliver value to business stakeholders through process transparency, stakeholder engagement, and compliance.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 3 weeks
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Architecture policy is a set of guidelines, formulated and enforced by the governing bodies of an organization, to guide and constrain architectural choices in pursuit of strategic goals.
Architecture compliance – promotes compliance to organizational standards through well-defined assessment checklists across architectural domains.
Business value – ensures that investments are tied to business value by enforcing traceability to business capabilities.
Architectural guidance – provides guidance to architecture practitioners on the application of the business and technology standards.
An enterprise architecture policy is an actionable document that can be applied to projects of varying complexity across the organization.
5.1 2.5 hrs
Step 1 - Facilitate
Download the EA Policy Template and hold a working session to draft the EA policy.
Download the EA Policy Template
Step 2 - Summarize
Update the EA Governance Framework Template
Architecture assessment checklist is a list of future-looking criteria that a project will be assessed against. It provides a set of standards against which projects can be assessed in order to render a decision on whether or not the project can be greenlighted.
Architecture checklists should be created for each EA domain since each domain provides guidance on specific aspects of the project.
Business Architecture:
Data Architecture:
Application Architecture:
Infrastructure Architecture:
Security Architecture:
5.2 2 hrs
Step 1 - Facilitate
Download the EA Assessment Checklist Template and hold a working session to create the architectural assessment checklists.
Download the EA Assessment Checklist Template
Step 2 - Summarize
Update the EA Governance Framework Template
Approved
Conditional Approval
Not Approved
Waivers are not permanent. Waiver terms must be documented for each waiver specifying:
5.4 3-4 hrs
Step 1 - Facilitate
Download the EA compliance waiver template and hold a working session to customize the best-practice process to your organization’s needs.
Download the EA Compliance Waiver Process Template
Step 2 - Summarize
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
EA program adoption across INSPRO01 was at its lowest point due to a lack of transparency into the activities performed by the EA group.
Often, projects ignored EA entirely as it was viewed as a nebulous and non-value-added activity that produced no measurable results.
There was very little documented information about the architecture assessment process and the standards against which project solution architectures were evaluated.
Additionally, there were no well-defined outcomes for the assessment.
Project groups were left speculating about the next steps and with little guidance on what to do after completing an assessment.
Info-Tech helped the EA team create an EA policy containing architecture significance criteria, assessment checklists, and reference to the architecture review process.
Additionally, the team also identified guidelines and detailed next steps for projects based on the outcome of the architecture assessment.
These actions brought clarity to EA processes and fostered better engagement with the EA group.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Outcomes
Info-Tech Insight
The architecture standard is the currency that facilitates information exchange between stakeholders. The primary purpose is to minimize transaction costs by providing a balance between stability and relevancy.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 4 weeks
Start with an analyst kick-off call:
Then complete these activities…
Review with analyst:
Then complete these activities…
With these tools & templates:
6.1 3 hrs
Instructions:
Hold a working session with the participants to identify and standardize work products. Facilitate the activity using the steps below.
As the EA function begins to grow and accumulates EA work products, having a well-designed folder structure helps you find the necessary information efficiently.
Describes the organizationally tailored architecture framework.
Defines the parameters, structures, and processes that support the enterprise architecture group.
An architectural presentation of assets in use by the enterprise at particular points in time.
Captures the standards with which new architectures and deployed services must comply.
Provides guidelines, templates, patterns, and other forms of reference material to accelerate the creation of new architectures for the enterprise.
Provides a record of governance activity across the enterprise.
6.2 5-6 hrs
Instructions:
Hold a working session with the participants to create a repository structure. Facilitate the activity using the steps below:
Identify
Assess
Document
Approve
Communicate
6.3 1.5 hrs
Step 1 - Facilitate
Download the standards update process template and hold a working session to customize the best practice process to your organization’s needs.
Download the Architecture Standards Update Process Template
Step 2 - Summarize
Summarize the objectives and the process flow in the EA governance framework document.
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
INSPRO01 didn’t maintain any centralized standards and each project had its own solution/design work products based on the preference of the architect on the project. This led to multiple standards across the organization.
Lack of consistency in architectural deliverables made the information hand-offs expensive.
INSPRO01 didn’t maintain the architectural documents in a central repository and the information was scattered across multiple project folders.
This caused key stakeholders to make decisions based on incomplete information and resulted in constant revisions as new information became available.
Info-Tech recommended that the EA team identify and standardize the various EA work products so that information was collected in a consistent manner across the organization.
The team also recommended an information taxonomy to store the architectural deliverables and other collateral.
This resulted in increased consistency and standardization leading to efficiency gains.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Outcomes
Info-Tech Insight
By failing to prepare, you are preparing to fail – maximize the likelihood of success for EA governance by engaging the relevant stakeholders and communicating the changes.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 1 week
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
The changes made to the EA governance components need to be reviewed, approved, and communicated to all of the impacted stakeholders.
Step 1: Hold a meeting with stakeholders to review, refine, and agree on the changes.
Step 2: Obtain an official approval from the stakeholders.
Step 3: Communicate the changes to the impacted stakeholders.
7.1 3 hrs
Hold a working session with the participants to create the EA governance framework as well as the communication plan. Facilitate the activity using the steps below:
Download the EA Governance Communication Plan Template and EA Governance Framework Template for additional instructions and to document your activities in this phase.
Industry Insurance
Source Info-Tech
The EA group followed Info-Tech’s methodology to assess the current state and has identified areas for improvement.
Best practices were adopted to fill the gaps identified.
The team planned to communicate the changes to the technology leadership team and get approvals.
As the EA team tried to roll out changes, they encountered resistance from various IT teams.
The team was not sure of how to communicate the changes to the business stakeholders.
Info-Tech has helped the team conduct a thorough stakeholder analysis to identify all the stakeholders who would be impacted by the changes to the architecture governance framework.
A comprehensive communication plan was developed that leveraged traditional email blasts, town hall meetings, and non-traditional methods such as team blogs.
The team executed the communication plan and was able to manage the change effectively.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Outcomes
Government of British Columbia. “Architecture and Standards Review Board.” Government of British Columbia. 2015. Web. Jan 2016. < http://www.cio.gov.bc.ca/cio/standards/asrb.page >
Hopkins, Brian. “The Essential EA Toolkit Part 3 – An Architecture Governance Process.” Cio.com. Oct 2010. Web. April 2016. < http://www.cio.com/article/2372450/enterprise-architecture/the-essential-ea-toolkit-part-3---an-architecture-governance-process.html >
Kantor, Bill. “How to Design a Successful RACI Project Plan.” CIO.com. May 2012. Web. Jan 2016. < http://www.cio.com/article/2395825/project-management/how-to-design-a-successful-raci-project-plan.html >
Sapient. “MIT Enterprise Architecture Guide.” Sapient. Sep 2004. Web. Jan 2016. < http://web.mit.edu/itag/eag/FullEnterpriseArchitectureGuide0.1.pdf >
TOGAF. “Chapter 41: Architecture Repository.” The Open Group. 2011. Web. Jan 2016. < http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap41.html >
TOGAF. “Chapter 48: Architecture Compliance.” The Open Group. 2011. Web. Jan 2016. < http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap48.html >
TOGAF. “Version 9.1.” The Open Group. 2011. Web. Jan 2016. http://pubs.opengroup.org/architecture/togaf9-doc/arch/
United States Secret Service. “Enterprise Architecture Review Board.” United States Secret Service. Web. Jan 2016. < http://www.archives.gov/records-mgmt/toolkit/pdf/ID191.pdf >
Virginia Information Technologies Agency. “Enterprise Architecture Policy.” Commonwealth of Virginia. Jul 2006. Web. Jan 2016. < https://www.vita.virginia.gov/uploadedfiles/vita_main_public/library/eapolicy200-00.pdf >
Alan Mitchell, Senior Manager, Global Cities Centre of Excellence, KPMG
Alan Mitchell has held numerous consulting positions before his role in Global Cities Centre of Excellence for KPMG. As a Consultant, he has had over 10 years of experience working with enterprise architecture related engagements. Further, he worked extensively with the public sector and prides himself on his knowledge of governance and how governance can generate value for an organization.
Ian Gilmour, Associate Partner, EA advisory services, KPMG
Ian Gilmour is the global lead for KPMG’s enterprise architecture method and Chief Architect for the KPMG Enterprise Reference Architecture for Health and Human Services. He has over 20 years of business design experience using enterprise architecture techniques. The key service areas that Ian focuses on are business architecture, IT-enabled business transformation, application portfolio rationalization, and the development of an enterprise architecture capability within client organizations.
Djamel Djemaoun Hamidson, Senior Enterprise Architect, CBC/Radio-Canada
Djamel Djemaoun is the Senior Enterprise Architect for CBC/Radio-Canada. He has over 15 years of Enterprise Architecture experience. Djamel’s areas of special include service-oriented architecture, enterprise architecture integration, business process management, business analytics, data modeling and analysis, and security and risk management.
Sterling Bjorndahl, Director of Operations, eHealth Saskatchewan
Sterling Bjorndahl is now the Action CIO for the Sun Country Regional Health Authority, and also assisting eHealth Saskatchewan grow its customer relationship management program. Sterling’s areas of expertise include IT strategy, enterprise architecture, ITIL, and business process management. He serves as the Chair on the Board of Directors for Gardiner Park Child Care.
Huw Morgan, IT Research Executive, Enterprise Architect
Huw Morgan has 10+ years experience as a Vice President or Chief Technology Officer in Canadian internet companies. As well, he possesses 20+ years experience in general IT management. Huw’s areas of expertise include enterprise architecture, integration, e-commerce, and business intelligence.
Serge Parisien, Manager, Enterprise Architecture at Canada Mortgage Housing Corporation
Serge Parisien is a seasoned IT leader with over 25 years of experience in the field of information technology governance and systems development in both the private and public sectors. His areas of expertise include enterprise architecture, strategy, and project management.
Alex Coleman, Chief Information Officer at Saskatchewan Workers’ Compensation Board
Alex Coleman is a strategic, innovative, and results-driven business leader with a proven track record of 20+ years’ experience planning, developing, and implementing global business and technology solutions across multiple industries in the private, public, and not-for-profit sectors. Alex’s expertise includes program management, integration, and project management.
L.C. (Skip) Lumley , Student of Enterprise and Business Architecture
Skip Lumley was formerly a Senior Principle at KPMG Canada. He is now post-career and spends his time helping move enterprise business architecture practices forward. His areas of expertise include enterprise architecture program implementation and public sector enterprise architecture business development.
CIOs today face increasing pressures, disruptive emerging technologies, talent shortages, and a slew of other challenges. What are their top concerns, priorities, and technology bets that will define the future direction of IT?
CIO responses to our Future of IT 2024 survey reveal key insights on spending projects, the potential disruptions causing the most concern, plans for adopting emerging technology, and how firms are responding to generative AI.
Map your organization’s response to the external environment compared to CIOs across geographies and industries. Learn:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Take the pulse of the IT industry and see how CIOs are planning to approach 2024.
Countries / Regions | Response % |
United States | 47.18% |
Canada | 11.86% |
Australia | 9.60% |
Africa | 6.50% |
China | 0.28% |
Germany | 1.13% |
United Kingdom | 5.37% |
India | 1.41% |
Brazil | 1.98% |
Mexico | 0.56% |
Middle East | 4.80% |
Asia | 0.28% |
Other country in Europe | 4.52% |
n=354
Half of CIOs hold a C-level position, 10% are VP-level, and 20% are director level
38% of respondents are from an organization with above 1,000 employees
40% of CIOs report an annual budget of more than $10 million
A range of industries are represented, with 29% of respondents in the public sector or financial services
How likely is it that the following factors will disrupt your business in the next 12 months?
Looking ahead to 2024, how will your organization's IT spending change compared to spending in 2023?
Top five technologies for new spending planned in 2024:
Top five technologies for new spending planned after 2024:
n=301
Info-Tech Insight
Three in four CIOs say they have no plans to invest in quantum computing, more than any other technology with no spending plans.
Rate your business interest in adopting the following generative AI applications:
There is interest across all types of generative AI applications. CIOs are least interested in visual media generators, rating it just 2.4 out of 5 on average.
n=251
Info-Tech Insight
Examples of generative AI solutions specific to the legal industry include Litigate, CoCounsel, and Harvey.
Most popular use cases for AI by end of 2024:
Fastest growing uses cases for AI in 2024:
n=218
Info-Tech Insight
The least popular use case for AI is to help define business strategy, with 45% saying they have no plans for it.
Info-Tech Insight
Almost half of CIOs say ChatGPT has been a catalyst for their business to adopt new AI initiatives.
Which of the following best describes your organization's approach to third-party generative AI tools (such as ChatGPT or Midjourney)?
Info-Tech Insight
Business concerns over intellectual property and sensitive data exposure led OpenAI to announce ChatGPT won't use data submitted via its API for model training unless customers opt in to do so. ChatGPT users can also disable chat history to avoid having their data used for model training (OpenAI).
Among organizations that plan to invest in AI in 2024, 30% still say there are no steps in place for AI governance. The most popular steps to take are to publish clear explanations about how AI is used, and to conduct impact assessments (n=170).
Among all CIOs, including those that do not plan to invest in AI next year, 37% say no steps are being taken toward AI governance today (n=243).
If you haven't already contributed to our Future of IT online survey, we are keeping the survey open to continue to collect insights and inform our research reports and agenda planning process. You can take the survey today. Those that complete the survey will be sent a complimentary Tech Trends 2024 report.
If you are receiving this for completing the Future of IT online survey, thank you for your contribution. If you are interested in further participation and would like to provide a complementary interview, please get in touch at brian.Jackson@infotech.com. All interview subjects must also complete the online survey.
If you've already completed an interview, thank you very much, and you can look forward to seeing more impacts of your contribution in the near future.
A CIO focus for the Future of IT
Data in this report represents respondents to the Future of IT online survey conducted by Info-Tech Research Group between May 11 and July 7, 2023.
Only CIO respondents were selected for this report, defined as those who indicated they are the most senior member of their organization's IT department.
This data segment reflects 355 total responses with 239 completing every question on the survey.
Further data from the Future of IT online survey and the accompanying interview process will be featured in Info-Tech's Tech Trends 2024 report this fall and in forthcoming Priorities reports including Applications, Data & EA, CIO, Infrastructure, and Security.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Scope an affordable, adoptable, and effective PPM solution with Info-Tech's Portfolio Manager 2017 workbook.
Learn how to use Info-Tech's Portfolio Manager 2017 workbook and create powerful reports.
Plan and implement an affordable, adoptable, and effective PPM solution with Info-Tech's Portfolio Manager 2017 workbook.
Develop an exit strategy from your home-grown solution to a commercial PPM toolset. In this video, we show a rapid transition from the Excel dataset shown on this page to a commercial solution from Meisterplan. Christoph Hirnle of Meisterplan is interviewed starting at 9 minutes.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Assess the current state of project portfolio management capability at your organization. The activities in this module will inform the next modules by exploring your organization’s current strengths and weaknesses and identifying areas that require improvement.
Set up the workbook to generate a fully functional project portfolio workbook that will give you a high-level view into your portfolio.
A high-level review of your current project portfolio capability is used to decide whether a homegrown PPM solution is an appropriate choice
Cost-benefit analysis is done to build a business case for supporting this choice
1.1 Review existing PPM strategy and processes.
1.2 Perform a cost-benefit analysis.
Confirmation of homegrown PPM solution as the right choice
Expected benefits for the PPM solution
Define a list of requirements for your PPM solution that meets the needs of all stakeholders.
A fully customized PPM solution in your chosen platform
2.1 Introduction to Info-Tech's Portfolio Manager 2017: inputs, outputs, and the data model.
2.2 Gather requirements for enhancements and customizations.
Trained project/resource managers on the homegrown solution
A wish list of enhancements and customizations
Determine an action plan regarding next steps for implementation.
Implement your homegrown PPM solution. The activities outlined in this step will help to promote adoption of the tool throughout your organization.
A set of processes to integrate the new homegrown PPM solution into existing PPM activities
Plans for piloting the new processes, process improvement, and stakeholder communication
3.1 Plan to integrate your new solution into your PPM processes.
3.2 Plan to pilot the new processes.
3.3 Manage stakeholder communications.
Portfolio Manager 2017 operating manual, which documents how Portfolio Manager 2017 is used to augment the PPM processes
Plan for a pilot run and post-pilot evaluation for a wider rollout
Communication plan for impacted PPM stakeholders
Complication
Insights
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Reveal the opportunities to heighten the user experience of your website through a deep understanding of the behaviors, emotions, and needs of your end users in order to design a receptive and valuable website.
Design a satisfying and receptive website by leveraging industry best practices and modern UX trends and ensuring the website is supported with reliable and scalable data and infrastructure.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
List the business objectives of your website.
Describe your user personas, use cases, and user workflow.
Identify current UX issues through simulations, website design, and system reviews.
Strong understanding of the business goals of your website.
Knowledge of the behaviors and needs of your website’s users.
Realization of the root causes behind the UX issues of your website.
1.1 Define the business objectives for the website you want to optimize
1.2 Define your end-user personas and map them to use cases
1.3 Build your website user workflow
1.4 Conduct a SWOT analysis of your website to drive out UX issues
1.5 Gauge the UX competencies of your web development team
1.6 Simulate your user workflow to identify the steps driving down UX
1.7 Assess the composition and construction of your website
1.8 Understand the execution of your website with a system architecture
1.9 Pinpoint the technical reason behind your UX issues
1.10 Clarify and prioritize your UX issues
Business objectives
End-user personas and use cases
User workflows
Website SWOT analysis
UX competency assessment
User workflow simulation
Website design assessment
Current state of web system architecture
Gap analysis of web system architecture
Prioritized UX issues
Design wireframes and storyboards to be aligned to high priority use cases.
Design a web system architecture that can sufficiently support the website.
Identify UX metrics to gauge the success of the website.
Establish a website design process flow.
Implementation of key design elements and website functions that users will find stimulating and valuable.
Optimized web system architecture to better support the website.
Website design process aligned to your current context.
Rollout plan for your UX optimization initiatives.
2.1 Define the roles of your UX development team
2.2 Build your wireframes and user storyboards
2.3 Design the target state of your web environment
2.4 List your UX metrics
2.5 Draw your website design process flow
2.6 Define your UX optimization roadmap
2.7 Identify and engage your stakeholders
Roles of UX development team
Wireframes and user storyboards
Target state of web system architecture
List of UX metrics
List of your suppliers, inputs, processes, outputs, and customers
Website design process flow
UX optimization rollout roadmap
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Evaluate and understand your current SQA capabilities, as well as the degree to which metric objectives are being met.
Identify and define SQA processes and metrics needed to meet quality objectives set by development teams and the business.
Build your SQA plan and optimization roadmap.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
To help you assess and understand your current SQA capabilities as well as the degree to which metric objectives are being met.
An analysis of current SQA practices to provide insight into potential inefficiencies, opportunities, and to provide the business with sufficient rationale for improving current quality assurance initiatives.
1.1 Conduct a high-level assessment of where to focus your current state analysis.
1.2 Document your high-level development process.
1.3 Create a RACI chart to understand roles and responsibilities.
1.4 Perform a SIPOC-MC analysis for problem areas identified in your SDLC.
1.5 Identify the individual control points involved with passing software artifacts through SDLC stages being assessed.
1.6 Identify problem areas within your SDLC as they relate to SQA.
Understanding of current overall development process and where it is most weak in the context of quality assurance
Understanding of assigned roles and responsibilities across development teams, including individuals who are involved with making quality-related decisions for artifact hand-off
Identification of problem areas within SQA process for further analysis
To help you identify and define SQA processes and metrics needed to meet quality objectives set out by development teams and the business.
A revised list of key SQA tasks along with metrics and associated tolerance limits used universally for all development projects.
2.1 Establish SQA metrics and tolerance limits across your SDLC.
2.2 Determine your target state for SQA processes within the define/design stage of the SDLC.
2.3 Determine your target state for SQA processes within the development stage of the SDLC.
2.4 Determine your target state for SQA processes within the testing stage of the SDLC.
2.5 Determine your target state for SQA processes within the deploy/release stage of the SDLC.
Identification of the appropriate metrics and their associated tolerance limits to provide insights into meeting quality goals and objectives during process execution
Identification of target state SQA processes that are required for ensuring quality across all development projects
Based on discovered inefficiencies, define optimization initiatives required to improve your SQA practice.
Optimization initiatives and associated tasks required to address gaps and improve SQA capabilities.
3.1 Determine optimization initiatives for improving your SQA process.
3.2 Gain the full scope of effort required to implement your SQA optimization initiatives.
3.3 Identify the enablers and blockers of your SQA optimization.
3.4 Define your SQA optimization roadmap.
Prioritized list of optimization initiatives for SQA
Assessment of level of effort for each SQA optimization initiative
Identification of enablers and blockers for optimization initiatives
Identification of roadmap timeline for implementing optimization initiatives
Realize the benefits of a diverse workforce by embedding inclusion into work practices, behaviors, and values, ensuring accountability throughout the department.
Understand what it means to be inclusive: reassess work practices and learn how to apply leadership behaviors to create an inclusive environment
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Learn, evaluate, and understand what it means to be inclusive, examine biases, and apply inclusive leadership behaviors.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Equip managers to become more effective with managing remote teams.
The workbook serves as a reference guide participants will use to support formal training.
Many organizations are developing plans to allow employees more flexible work options, including remote work. Use these resources to help managers and employees make the most of remote work arrangements.
Describe the benefits of virtual teams.
Create a plan for adopting effective management practices and setting clear expectations with virtual teams.
Identify potential solutions to the challenges of managing performance and developing members of virtual teams.
Create an action plan to increase effectiveness in managing virtual teams.
People managers who manage or plan to manage virtual teams.
Two three-hour sessions
Section 1 |
Section 2 |
||
---|---|---|---|
10 min |
Welcome: Overview & Introductions
|
10 min |
Welcome: Overview & Introductions
|
50 min |
1.1 Introduction to virtual teams
|
55 min |
2.1 Managing wellbeing in a virtual team context
|
5 min |
Break |
5 min | Break |
45 min |
1.2 Laying the foundation for a virtual team
|
60 min |
2.2 Managing performance in a virtual team context
|
10 min |
Break |
10 min | Break |
55 min |
1.2 Laying the foundation for a virtual team
|
40 min |
Action planning & conclusion
|
5 min |
Session 1 Wrap-Up |
Review all slides and adjust the language or content as needed to suit your organizational context and culture.
The pencil icon to the left denotes slides requiring customization of the slide and/or the speaker’s notes, e.g. adding in an organization-specific process.
Customization instructions are found in the notes pane.
Practical foundations for managing teams in a remote environment
Most organizations are planning some combination of remote and onsite work in 2022.
Source: IT Talent Trends, 2022; n=199
Most organizations are planning some combination of remote and onsite work in 2022 – the highest reported plans for WFH were hybrid, balanced, and partial work-from-home. This builds on our findings in the IT Talent Trends 2022 report.
What percentage of roles in IT are capable of being performed remotely permanently?
IT Talent Trends, 2022; n=207
80% of respondents estimated that 50 to 100% of IT roles can be performed remotely.
A virtual team is any team that has members that are not colocated and relies on technology for communications.
Before we start, it will be useful to review what we mean by the term “virtual team.” For our purposes we will be defining a virtual team as any team that has members that are not colocated and relies on technology for communications.
There are a wide variety of virtual work arrangements and a variety of terms used to describe them. For example, some common terms include:
Our definition of virtual work covers all of these terms. It is also distance neutral, meaning that it applies equally to teams that are dispersed globally or regionally or even those working in the same cities but dispersed throughout different buildings. Our definition also applies whether virtual employees work full time or part time.
The challenges facing managers arise as soon as some team members are not colocated and have to rely on technology to communicate and coordinate work. Greater distances between employees can complicate challenges (e.g. time zone coordination), but the core challenges of managing virtual teams are the same whether those workers are merely located in different buildings in the same city or in different buildings on different continents.
Working on your own, take five minutes to figure out what kind of virtual team you lead.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
Benefits to the organization |
Benefits to employees |
---|---|
Operational continuity in disaster situations that prevent employees from coming into the office. |
Cost savings: Employees who WFH half the time can save $2,500 to $4,000 per year (Global Workplace Analytics, 2021). |
Cost savings: Organizations save ~$11,000 annually per employee working from home half the time (Global Workplace Analytics, 2021). |
Time savings: Employees who WFH half the time save on average 11 workdays per year (Global Workplace Analytics, 2021). |
Increased attraction: 71% of employees would likely choose one employer over another based on WFH offerings (Owl Labs, 2021). |
Improved wellbeing: 83% employees agree that WFH would make them happier. 80% agree that WFH would decrease their stress. 81% agree that WFH would improve their ability to manage their work-life balance. (Owl Labs, 2021) |
Increased retention: 74% of employees would be less likely to leave their employer if they could WFH (Owl Labs, 2021). |
Increased flexibility: 32% of employees rated the “ability to have a flexible schedule” as the biggest benefit of WFH (OWL Labs, 2021). |
Increased productivity: 50% of employees report they would maintain or increase their productivity while working from home (Glassdoor Team, 2020). |
|
Increased engagement: Offsite employees tend to have higher overall engagement than onsite employees (McLean & Company Engagement Survey, 2020). |
Remote work arrangements are becoming more and more common, and for good reason: there are a lot of benefits to the organization – and to employees.
Perhaps one of the most common reasons for opting for remote-work arrangements is the potential cost savings. One study found that organizations could save about $11,000 per employee working from home half the time (Global Workplace Analytics, 2021).
In addition, supporting remote-work arrangements can attract employees. One study found that 71% of employees would likely choose one employer over another based on WFH offerings (Owl Labs, 2019).
There are also improvements to productivity. Fifty percent of employees report they would maintain or increase their productivity while working from home (Glassdoor Team, 2020).
Remote work also has benefits to employees.
As with organizations, employees also benefit financially from remote work arrangements, saving between $2,500 and $4,000 and on average 11 working days while working from home half of the time.
Most employees agree that working from home makes them happier, reduces stress, and provides an improved work-life balance through increased flexibility.
Many of these barriers can be addressed by changing traditional mindsets and finding alternative ways of working, but the traditional approach to work is so entrenched that it has been hard to make the shift.
Many organizations are still grappling with the challenges of remote work. Some are just perceived challenges, while others are quite real.
Limited innovation and a lack of informal interaction are a potential consequence of failing to properly adapt to the remote-work environment.
Leaders also face challenges with remote work. Losing in-person supervision has led to the lack of trust and a perceived drop in productivity.
A study conducted 2021 asked remote workers to identify their biggest struggle with working remotely. The top three struggles remote workers report facing are unplugging after work, loneliness, and collaborating and/or communicating.
Seeing the struggles remote workers identify is a good reminder that these employees have a unique set of challenges. They need their managers to help them set boundaries around their work; create feelings of connectedness to the organization, culture, and team; and be expert communicators.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
Laying the foundations for a virtual team
Inform |
Interact | Involve |
---|---|---|
↓ Down |
Connect |
↑ Up |
Tell employees the whys |
Get to know employees |
Solicit input from employees |
Effectively managing a virtual team really comes down to adopting management approaches that will engage virtual employees.
Managing a virtual team does not actually require a new management style. The basics of effective management are the same in both colocated and virtual teams; however, the emphasis on certain behaviors and actions we take often differs. Managing a virtual team requires much more thoughtfulness and planning in our everyday interactions with our teams as we cannot rely on the relative ease of face-to-face interactions available to colocated teams.
The 3i’s Engaging Management Model is useful when interacting with all employees and provides a handy framework for more planful interactions with virtual employees.
Think of your management responsibilities in these three buckets – they are the most important components of being an effective manager. We’re first going to look at inform and involve before moving on to interact.
Inform: Relay information down from senior management and leaders to employees. Communicate the rationale behind decisions and priorities, and always explain how they will directly affect employees.
Why is this important? According to McLean & Company’s Engagement Survey data, employees who say their managers keep them well informed about decisions that affect them are 3.4 times more likely to be engaged (Source: McLean & Company, 2020; N=77,363). Your first reaction to this might be “I already do this,” which may very well be the case. Keep in mind, though, we sometimes tend to communicate on a “need-to-know basis,” especially when we are stressed or short on time. Engaging employees takes more. Always focus on explaining the “why?” or the rationale behind business decisions.
It might seem like this domain should be the least affected, since important company announcements probably continue in a remote environment. But remember that information like that also flows informally. And even in formal settings, there are question-and-answer opportunities. Or maybe your employee might come to your office to ask for more details. Virtual team members can’t gather around the watercooler. They don’t have the same opportunities to hear information in passing as people who are colocated do, so managers need to make a concerted effort to share information with virtual team members in a clear and timely way.
Swinging over to the other end, we have involve: Involve your employees. Solicit information and feedback from employees and collaborate with them.
However, it’s not enough to just solicit their feedback and input; you also need to act on it.
Make sure you involve your employees in a meaningful way. Such collaboration makes employees feel like a valued part of the team. Not to mention that they often have information and perspectives that can help make your decisions stronger!
Employees who say their department leaders act on feedback from them are 3.9 times more likely to be engaged than those whose leaders don’t. (Source: McLean & Company, 2020; N=59,779). That is a huge difference!
Keeping virtual employees engaged and feeling connected and committed to the organization requires planful and regular application of the 3i’s model.
Finally, Interact: Connect with employees on a personal level; get to know them and understand who they are on a personal and professional level.
Why? Well, over and above the fact that it can be rewarding for you to build stronger relationships with your team, our data shows that human connection makes a significant difference with employees. Employees who believe their managers care about them as a person are 3.8 times more likely to be engaged than those who do not (Source: McLean & Company, 2017; N=70,927).
And you might find that in a remote environment, this is the area that suffers the most, since a lot of these interactions tend to be unscripted, unscheduled, and face to face.
Typically, if we weren’t in the midst of a pandemic, we’d emphasize the importance of allocating some budget to travel and get some face-to-face time with your staff. Meeting and interacting with team members face to face is crucial to building trusting relationships, and ultimately, an effective team, so given the context of our current circumstances, we recommend the use of video when interacting with your employees who are remote.
Relay information down from senior management to employees.
Ensure they’ve seen and understand any organization-wide communication.
Share any updates in a timely manner.
Connect with employees on a personal level.
Ask how they’re doing with the new work arrangement.
Express empathy for challenges (sick family member, COVID-19 diagnosis, etc.).
Ask how you can support them.
Schedule informal virtual coffee breaks a couple of times a week and talk about non-work topics.
Get information from employees and collaborate with them.
Invite their input (e.g. have a “winning remotely” brainstorming session).
Escalate any challenges you can’t address to your VP.
Give them as much autonomy over their work as possible – don’t micromanage.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
Clear expectations are important in any environment, remote or not. But it is much harder to do in a remote environment. The barrier to seeking clarification is so much higher (For example, email vs. catching someone in hallway, or you can’t notice that a colleague is struggling without them asking).
Communication – This is one area where the importance actually changes in a remote context. We’ve been talking about a lot of practices that are the same in importance whether you’re in an office or remote, and maybe you just enact them differently. But clarity around communication processes is actually tremendously more important in a remote environment.
Suggested best practices: Hold daily team check-ins and hold separate individual check-ins. Increase frequency of these.
With organizational expectations set, we need to establish team expectations around how we collaborate and communicate.
Today there is no lack of technology available to support our virtual communication. We can use the phone, conference calls, videoconferencing, Skype, instant messaging, [insert organization-specific technological tools.], etc.
However, it is important to have a common understanding of which tools are most appropriate when and for what.
What are some of the communication channel techniques you’ve found useful in your informal interactions with employees or that you’ve seen work well between employees?
[Have participants share any technological tools they find useful and why.]
Whenever we interact, we make the following kinds of social exchanges. We exchange:
We need to make sure that these exchanges are happening as each team member intends. To do this, we have to be sensitive to what information is being conveyed, what emotions are involved in the interaction, and how we are motivating each other to act through the interaction. Every interaction will have intended and unintended effects on others. No one can pay attention to all of these aspects of communication all the time, but if we develop habits that are conducive to successful exchanges in all three areas, we can become more effective.
In addition to being mindful of the exchange in our communication, as managers it is critical to build trusting relationships and rapport with employees as we saw in the 3i's model. However, in virtual teams we cannot rely on running into someone in the kitchen or hallway to have an informal conversation. We need to be thoughtful and deliberate in our interactions with employees. We need to find alternative ways to build these relationships with and between employees that are both easy and accepted by ourselves and employees. Because of that, it is important to set communication norms and really understand each other’s preferences. For example:
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
Section 2.1
Balancing wellbeing and performance in a virtual team context
44% of employees reported declined mental wellbeing since the start of the pandemic.
"If one of our colleagues were to fall, break their leg, and get a cast, colleagues would probably rally around that person signing their cast. But, really, we don’t view the health of our brain the same as we do the health of our body."
– Centre for Addiction and Mental Health (CAMH) Employee
Despite being over two years into the pandemic, we are still seeing its effect on the physical and mental health of employees.
The mental health aspect has been often overlooked by organizations, but in order to have a safe, happy, and productive team, you need to give mental health the same level of focus as physical heath. This requires a change in mindset in order for you as a leader to support your team's mental wellbeing during the pandemic and beyond.
Employees report increasingly high levels of stress from the onset of COVID-19, stating that it has been the most stressful time in their careers.
(Qualtrics, 2020)
Similarly, employees’ anxiety levels have peaked because of the pandemic and the uncertainty it brings.
(Qualtrics, 2020)
The stress and uncertainty about the future caused by the pandemic and its fallout are posing the biggest challenges to employees.
Organizations shutting down operations, moving to fully remote, or requiring some of their employees to be on site based on the current situation causes a lot of anxiety as employees are not able to plan for what is coming next.
Adding in the loss of social networks and in-person interactions exacerbates the problem employees are facing. As leaders, it is your job to understand and mitigate these challenges wherever possible.
New Barriers |
Old Barriers |
---|---|
|
|
Organizational barriers to mental wellbeing are sadly not new. Workloads, stigma around mental health, lack of sick days, and limits to benefits for mental health supports were challenges before the pandemic. Adding in the new barriers can very easily result in a tipping point for many employees who are simply not equipped to deal with or supported in dealing with the added burden of remote work in a post-pandemic world.
To provide the needed support to your employees, it’s important to be mindful of the key considerations.
The physical body; ensuring a person has the freedom, opportunities, and resources needed to sustainably maintain bodily health.
The psychological ability to cope with information, emotions, desires, and stressors (e.g. change, threats, etc.) in a healthy and balanced way. Essential for day-to-day living and functioning.
The state of personal and professional relationships, including personal and community engagement. The capability for genuine, authentic, and mutually affirming interactions with others.
The state of a person’s finances; ensuring that a person feels capable to handle their financial situation and behaviors. The ability to live productively without the weight of financial stress.
As a manager, you need to be mindful of all of these. Create an atmosphere where people are able to come to you for help if they are struggling in one of these areas. For example, some people might be more comfortable raising physical safety or comfort concerns (personal protective equipment, ergonomics) than concerns about mental health. Or they might feel like their feelings of loneliness are not appropriate to bring into their professional life.
Wellbeing is a delicate subject, and most of the time, people are reluctant to talk about it. It requires vulnerability. And here’s the thing about it: Your staff will not drive a change in your team around making these topics more acceptable. It has to be the manager. You have to be the one to not just tell but show them that it’s OK to talk about this
As a leader, your focus should be on encouraging the right behaviors on your team and in yourself.
Show empathy; allowing room for emotion and showing you are willing and able to listen goes a long way to establishing trust.
A growth mindset applies to resilience too. A person with a growth mindset is more likely to believe that even though they’re struggling now, they will get through it.
Infuse fun – schedule social check-ins. This is not wasted time, or time off work – it is an integral part of the workday. We have less of it now organically, so you must bring it back deliberately. Remember that theme? We are deliberately reinfusing important organic elements into the workday.
The last item, empowerment, is interesting – being clear on accountability. Have clear performance expectations. It might sound like telling people what to do would be disempowering, but it’s the opposite. By clarifying the goals of what they need to achieve, you empower them to invent their own “how,” because you and they are both sure they will arrive at the place that you agreed on. We will talk more about this in performance management.
Emphasize the importance of wellbeing with what you do. If you do not model self-care behavior, people will follow what you do, not what you say.
Lead by example – Live the behaviors you want to see in your employees. If you show confidence, positivity, and resiliency, it will filter down to your team.
Encourage open communication – Have regular meetings where your team is able to set the agenda, or allow one-on-ones to be guided by the employee. Make sure these are scheduled and keep them a priority.
Acknowledge the situation – Pretending things are normal doesn’t help the situation. Talk about the stress that the team is facing and express confidence that you will get through it together.
Promote wellbeing – Take time off, don’t work when you’re sick, and you will be better able to support your team!
Reduce stigma – Call it out when you see it and be sure to remind people of and provide access to any supports that the organization has.
Going back to the idea of a growth mindset – this may be uncomfortable for you as a manager. So here’s a step-by-step guide that over time you can morph into your own style.
With your team – be prepared to share first and to show it is OK to be vulnerable and address wellbeing seriously.
As a leader, it is important to be on the lookout for warning signs of burnout and know when to step in and direct individuals to professional help.
Poor work performance – They struggle to maintain work performance, even after you’ve worked with them to create coping strategies.
Overwhelmed – They repeatedly tell you that they feel overwhelmed, very stressed, or physically unwell.
Frequent personal disclosure – They want to discuss their personal struggles at length on a regular basis.
Trouble sleeping and focusing – They tell you that they are not sleeping properly and are unable to focus on work.
Frequent time off – They feel the need to take time off more frequently.
Strained relationships – They have difficulty communicating effectively with coworkers; relationships are strained.
Substance abuse – They show signs of substance abuse (e.g. drunk/high while working, social media posts about drinking during the day).
Keeping an eye out for these signs and being able to step in before they become unmanageable can mean the difference between keeping and losing an employee experiencing burnout.
If you’ve got managers under you, be mindful of their unique stressors. Don’t forget to check in with them, too.
If you are a manager, remember to take care of yourself and check in with your own manager about your own wellbeing.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
A survey indicated that, overall, remote employees showed less satisfaction with manager interactions compared to other non-remote employees.
In many cases, we have put people into virtual roles because they are self-directed and self-motivated workers who can thrive with the kind of autonomy and flexibility that comes with virtual work. As managers, we should expect many of these workers to be proactively interested in how they are performing and in developing their careers.
It would be a mistake to take a hands-off approach when managing virtual workers. A recent survey indicated that, overall, remote employees showed less satisfaction with manager interactions compared to other non-remote employees. It was also one of the aspects of their work experience they were least satisfied with overall (Gallup, State of the American Workplace, 2017). Simply put, virtual employees are craving more meaningful conversations with their managers.
While conversations about performance and development are important for all employees (virtual or non-virtual), managers of remote teams can have a significant positive impact on their virtual employees’ experience and engagement at work by making efforts to improve their involvement and support in these areas.
During this module we will work together to identify ways that each of us can improve how we manage the performance of our virtual employees. At the end of the module everyone will create an action plan that they can put in place with their own teams. In the next module, we go through a similar set of activities to create an action plan for our interactions with employees about their development.
[Include a visualization of your existing performance management process in the slide. Walk the participants through the process to remind them of what is expected. While the managers participating in the training should know this, there may be different understandings of it, or it might just be the case that it’s been a while since people looked at the official process. The intention here is merely to ensure everyone is on the same page for the purposes of the activities that follow.]
Now that we’ve reviewed performance management at a high level, let’s dive into what is currently happening with the performance management of virtual teams.
I know that you have some fairly extensive material at your organization around how to manage performance. This is fantastic. And we’re going to focus mainly on how things change in a virtual context.
When measuring progress, how do you as a manager make sure that you are comfortable not seeing your team physically at their desks? This is the biggest challenge for remote managers.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
When assisting your employees with their goals, think about the organization’s overall mission and goals to help you determine team and individual goals.
Sometimes it’s difficult to get employees thinking about goals and they need assistance from managers. It’s also important to be clear on team goals to help guide employees in setting individual ones.
The basic idea is to show people how their individual day-to-day work contributes to the overall success of the organization. It gives them a sense of purpose and a rationale, which translates to motivation. And also helps them problem solve with more autonomy.
You’re giving people a sense of the importance of their own contribution.
Tailor performance goals to address any root causes of poor performance.
For example:
Focus on results: Be flexible about how and when work gets done, as long as team members are hitting their targets.
Encourage your team members to unplug: If they’re sending you emails late at night and they haven’t made an alternate work hours agreement with you, encourage them to take time away from work.
How well tasks are accomplished
Related to specific employee actions, skills, or attitudes
How much work gets done
Holistic measures demonstrate all the components required for optimal performance. This is the biggest driver in having comfort as a manager of a remote team and avoiding micromanagement. Typically these are set at the organizational level. You may need to adjust for individual roles, etc.
Metrics come in different types. One way to ensure your metrics capture the full picture is to use a mix of different kinds of metrics.
Some metrics are quantitative: they describe quantifiable or numerical aspects of the goal. This includes timeliness. On the other hand, qualitative metrics have to do with the final outcome or product. And behavioral metrics have to do with employees' actions, skills, or attitudes. Using different kinds of metrics together helps you set holistic measures, which capture all the components of optimal performance toward your goal and prevent gaming the system.
Let's take an example:
A courier might have an objective to do a good job delivering packages. An example of a quantitative measure might be that the courier is required to deliver X number of packages per day on time. The accompanying metrics would be the number of packages delivered per day and the ratio of packages delivered on time vs. late.
Can you see a problem if we use only these quantitative measures to evaluate the courier's performance?
Wait to see if anyone volunteers an answer. Discuss suggestions.
That's right, if the courier's only goal is to deliver more packages, they might start to rush, may ruin the packages, and may offer poor customer service. We can help to guard against this by implementing qualitative and behavioral measures as well. For example, a qualitative measure might be that the courier is required to deliver the packages in mint condition. And the metric would be the number of customer complaints about damaged packages or ratings on a satisfaction survey related to package condition.
For the behavioral aspect, the courier might be required to provide customer-centric service with a positive attitude. The metrics could be ratings on customer satisfaction surveys related to the courier's demeanor or observations by the manager.
It’s crucial to acknowledge that an employee might have an “off week” or need time to balance work and life – things that can be addressed with performance management (PM) techniques. Managers should move into the process for performance improvement when:
Always use video calls instead of phone calls when possible so that you don’t lose physical cues and body language.
Adding HR/your leader to a meeting invite about performance may cause undue stress. Think through who needs to participate and whether they need to be included in the invite itself.
Ensure there are no misunderstandings by setting context for each discussion and having the employee reiterate the takeaways back to you.
Don’t assume the intent behind the behavior(s) being discussed. Instead, just focus on the behavior itself.
Be sure to adhere to any relevant HR policies and support systems. Working with HR throughout the process will ensure none are overlooked.
There are a few best practices you should follow when having performance conversations:
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
As we have seen, our virtual employees crave more meaningful interactions with their managers. In addition to performance conversations, managers should also be having regular discussions with their employees about their employee development plans. One key component of these discussions is career planning. Whether you are thinking shorter term – how to become better at their current role – or longer term – how to advance beyond their current role – discussions about employee development are a great way to engage employees. Employees are ultimately responsible for creating and executing their own development plans, but managers are responsible for making sure that employees have thought through these plans and helping employees identify opportunities for executing those plans.
To help us think about our own employee development practices, identify challenges they pose when working with virtual employees, and create solutions to these challenges, it is useful to think about employee development opportunities according to three types:
According to McLean & Company, organizations should use the “70-20-10” rule as a rough guideline when working with employees to create their development plans: 10% of the plan should be dedicated to formal training opportunities, 20% to relational learning, and 70% to experiential learning. Managers should work with employees to identify their performance and career goals, ensure that their development plans are aligned with these goals, and include an appropriate mixture of all three kinds of development opportunities.
To help identify challenges and solutions, think about how virtual work arrangements will impact the employee’s ability to leverage each type of opportunity at our organization.
Here are some examples that can help us start thinking about the kinds of challenges virtual employees on our team face:
Now that we have considered some general examples of challenges and solutions, let’s look at our own employee development practices and think about the practical steps we can take as managers to improve employee development for our virtual employees.
[Customize this slide according to your organization’s own policies and processes for employee development. Provide useful images that outline this on the slide, and in these notes describe the processes/policies that are in place. Note: In some cases policies or processes may not be designed with virtual employees or virtual teams in mind. That is okay for the purposes of this training module. In the following activities participants will discuss how they apply these policies and processes with their virtual teams. If your organization is interested in adapting its policies/processes to better support virtual workers, it may be useful to record those conversations to supplement existing policies later.]
Now that we have considered some general examples of challenges and solutions, let’s look at our own employee development practices and think about the practical steps we can take as managers to improve employee development for our virtual employees.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
If you would like additional support, have our analysts guide you through an info-tech workshop or guided implementation.
Contact your account representative for more information
workshops@infotech.com
1-888-670-8889
First, let’s take a moment to summarize the key things we have learned today:
Is there anything that anyone has learned that is not on this list and that they would like to share with the group?
Finally, were there any challenges identified today that were not addressed?
[Note to facilitator: Take note of any challenges not addressed and commit to getting back to the participants with some suggested solutions.]
Train managers to navigate the interpersonal challenges associated with change management and develop their communication and leadership skills. Upload this LMS module into your learning management system to enable online training.
Management skills training is needed, but organizations are struggling to provide training that makes a long-term difference in the skills managers use in their day to day.
Many training programs are ineffective because they offer the wrong content, deliver it in a way that is not memorable, and are not aligned with the IT department’s business objectives.
Assess and improve remote work performance with our ready-to-use tools.
April, Richard. “10 KPIs Every Sales Manager Should Measure in 2019.” HubSpot, 24 June 2019. Web.
Banerjea, Peter. “5 Powerful Strategies for Managing a Remote Sales Team.” Badger - Maps for field sales, n.d. Web.
Bibby, Adrianne. “5 Employers’ Awesome Quotes about Work Flexibility.” FlexJobs, 9 January 2017. Web.
Brogie, Frank. “The 14 KPIs every field sales rep should strive to improve.” Repsly, 2018. Web.
Dunn, Julie. “5 smart tips for leading field sales teams.” LevelEleven, March 2015. Web.
Edinger, Scott. “How great sales leaders coach.” Forbes, 2013. Web.
“Employee Outlook: Employee Views on Working Life.” CIPD, April 2016. Web.
Hall, Becki. “The 5 biggest challenges facing remote workers (and how to solve them).” interact, 7 July 2017. Web.
Hofstede, Geert. “National Cultural Dimensions.” Hofstede Insights, 2012. Web.
“Inventory of U.S. Greenhouse Gas Emissions and Sinks: 1990-2014 (EPA 430-R-16-002).” Environmental Protection Agency (EPA), 15 April 2016.
“Latest Telecommuting Statistics.” Global Workplace Analytics, June 2021. Web.
Knight, Rebecca. “How to manage remote direct reports.” Harvard Business Review, 2015. Web.
“Rewards and Recognition: 5 ways to show remote worker appreciation.” FurstPerson, 2019. Web.
Palay, Jonathan. "How to build your sales management cadence." CommercialTribe, 22 March 2018. Web.
“Sales Activity Management Matrix.” Asian Sales Guru, 2019. Web.
Smith, Simone. “9 Things to Consider When Recognizing Remote Employees.” hppy, 2018. Web.
“State of Remote Work 2017.” OWL Labs, 2021. Web.
“State of the American Workplace.” Gallup, 2017. Web.
“Telework Savings Potential.” Global Workplace Analytics, June 2021. Web.
“The Future of Jobs Employment Trends.” World Economic Forum, 2016. Web.
“The other COVID-19 crisis: Mental health.” Qualtrics, 14 April 2020. Web.
Thompson, Dan. “The straightforward truth about effective sales leadership.” Sales Hacker, 2017. Web.
Tsipursky, Gleb. “Remote Work Can Be Better for Innovation Than In-Person Meetings.” Scientific American, 14 Oct. 2021. Web.
Walsh, Kim. “New sales manager? Follow this guide to crush your first quarter.” HubSpot, May 2019. Web.
“What Leaders Need to Know about Remote Workers: Surprising Differences in Workplace Happiness and Relationships.” TINYpulse, 2016.
Zenger, Jack, and Joe Folkman. “Feedback: The Leadership Conundrum.” Talent Quarterly: The Feedback Issue, 2015.
Anonymous CAMH Employee
Imposing a traditional gating and governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your traditional project gating and governance approach to be Agile friendly.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This deck is a guide to creating your own Agile-friendly project gating and governance approach using Info-Tech’s Agile Gating Framework.
Modify Info-Tech’s Gates 3 and 3A Checklists to meet your organization’s needs, and then use them to determine when Agile projects are ready to enter and exit the RRVC phase.
Modify Info-Tech’s Agilometer to meet your organization’s needs, and then use it to determine the level of support and oversight the project will need.
Modify Info-Tech’s Agile Project Status Report to meet your organization’s needs, and then use it to monitor in-flight Agile projects.
Use Info-Tech’s Project Burndown Chart to monitor the progress of your in-flight Agile projects.
Use Info-Tech’s Traditional to Agile Gating Artifact Mapping tool to modify your gating artifacts for Agile projects.
Phase 1: Establish Your Gating and Governance Purpose
Phase 2: Understand and Adapt Info-Tech’s Agile Gating Framework
Most project gating and governance approaches are designed for traditional (Waterfall) delivery methods. However, Agile delivery methods call for a different way of working that doesn’t align well with these approaches.
Applying traditional project gating and governance to Agile projects is like trying to fit a square peg in a round hole. Not only will it make Agile project delivery less efficient, but in the extreme, it can lead to outright project failure and even derail your organization’s Agile transformation.
If you want Agile to successfully take root in your organization, be prepared to rethink your current gating and governance practices. This document presents a framework that you can use to rework your approach to provide both effective oversight and support for your Agile projects.
Alex Ciraco
Principal Research Director, Application Delivery and Management Info-Tech Research Group |
Your Challenge
|
Common Obstacles
|
Info-Tech’s Approach
|
Imposing a traditional governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your project gating and governance approach to be Agile friendly.
1. Establish Your Gating and Governance Purpose | 2. Understand and Adapt Info-Tech’s Agile Gating Framework | 3. Complete your Agile Gating Framework | |
Phase Steps |
1.1 Understand How We Gate and Govern Projects 1.2 Compare Traditional to Agile Delivery 1.3 Realize What Traditional Gating Looks Like and Why |
2.1 Understand How Agile Manages Risk and Ensures Value Delivery 2.2 Introducing Info-Tech’s Agile Gating Framework 2.3 Create Your Agilometer 2.4 Create an Agile-Friendly Project Status Report 2.5 Select Your Agile Health Check Tool |
3.1 Map Your Traditional Gating Artifacts to Agile Delivery 3.2 Determine Your Now, Next, Later Roadmap for Implementation |
Phase Outcomes |
|
|
|
Agilometer ToolCreate your customized Agilometer tool to determine project support and oversight needs. |
Gates 3 and 3A ChecklistsCreate your customized checklists for projects at Gates 3 and 3A. |
||
Agile-Friendly Project Status ReportCreate your Agile-friendly project status report to monitor progress. |
Artifact Mapping ToolMap your traditional gating artifacts to their Agile replacements. |
Phase 1 1.1 Understand How We Gate and Govern Projects 1.2 Compare Traditional to Agile Delivery 1.3 Realize What Traditional Gating Looks Like And Why | Phase 2 2.1 Understand How Agile Manages Risk and Ensures Value Delivery 2.2 Introducing Info-Tech’s Agile Gating Framework 2.3 Create Your Agilometer 2.4 Create Your Agile-Friendly Project Status Report 2.5 Select Your Agile Health Check Tool | Phase 3 3.1 Map Your Traditional Gating Artifacts to Agile Delivery 3.2 Determine Your Now, Next, Later Roadmap for Implementation |
73% of organizations created their project gating framework before adopting or considering Agile delivery practices. (Athens Journal of Technology and Engineering)
71% of survey respondents felt an Agile-friendly gating approach improves both productivity and product quality. (Athens Journal of Technology and Engineering) |
Moving to an Agile-friendly gating approach has many benefits:
|
|
Don’t make the mistake of asking an Agile project to follow a traditional phase-gate approach to project delivery! |
Before reworking your gating approach, you need to consider two important questionsAnswering these questions will help guide your new gating process to both be Agile friendly and meet your organization’s needs
|
|
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assess current capabilities and define an ideal target state.
Understand the different collection solutions to identify which best supports needs.
Begin analyzing and acting on gathered intelligence.
Stand up an intelligence dissemination program.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the concepts of ESM, determine the scope of the ESM program, and get buy-in.
Determine the current state for ESM and identify the gaps.
Create customer journey maps, identify an ESM pilot, and finalize the action plan for the pilot.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand what ESM is and how it can improve customer service.
Determine the scope of your ESM initiative and identify who the stakeholders are for this program.
Understanding of ESM concepts.
Understanding of the scope and stakeholders for your ESM initiative.
Plan for getting buy-in for the ESM program.
1.1 Understand the concepts and benefits of ESM.
1.2 Determine the scope of your ESM program.
1.3 Identify your stakeholders.
1.4 Develop an executive buy-in presentation.
1.5 Develop a general communications presentation.
Executive buy-in presentation
General communications presentation
Assess your current state with respect to culture, governance, skills, and tools.
Identify your strengths and weaknesses from the ESM assessment scores.
Understanding of your organization’s current enablers and constraints for ESM.
Determination and analysis of data needed to identify strengths or weaknesses in culture, governance, skills, and tools.
2.1 Understand your organization’s mission and vision.
2.2 Assess your organization’s culture, governance, skills, and tools.
2.3 Identify the gaps and determine the necessary foundational action items.
ESM assessment score
Foundational action items
Define and choose the top services at the organization.
Create customer journey maps for the chosen services.
List of prioritized services.
Customer journey maps for the prioritized services.
3.1 Make a list of your services.
3.2 Prioritize your services.
3.3 Build customer journey maps.
List of services
Customer journey maps
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Outline your plan, form your team, and plan marketing tech stack support.
Set lead flow thresholds, define your ideal customer profile and lead generation engine components, and weight, score, test, and refine them.
Apply your lead scoring model to your lead management app, test it, validate the results with sellers, apply advanced methods, and refine.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Drive an aligned vision for lead scoring.
Attain an aligned vision for lead scoring.
Identify the steering committee and project team and clarify their roles and responsibilities.
Provide your team with an understanding of how leads score through the marketing funnel.
1.1 Outline a vision for lead scoring.
1.2 Identify steering committee and project team members.
1.3 Assess your tech stack for lead scoring and seek advice from Info-Tech analysts to modernize where needed.
1.4 Align on marketing pipeline terminology.
Steering committee and project team make-up
Direction on tech stack to support lead generation
Marketing pipeline definitions alignment
Define the buyer journey and map the lead generation engine.
Align the vision for your target buyer and their buying journey.
Identify the assets and activities that need to compose your lead generation engine.
2.1 Establish a buyer persona.
2.2 Map your buyer journey.
2.3 Document the activities and assets of your lead generation engine.
Buyer persona
Buyer journey map
Lead gen engine assets and activities documented
Build and test your lead scoring model.
Gain team alignment on how leads score and, most importantly, what constitutes a sales-accepted lead.
Develop a scoring model from which future iterations can be tested.
3.1 Understand the Lead Scoring Grid and set your thresholds.
3.2 Identify your ideal customer profile, attributes, and subattribute weightings – run tests.
Lead scoring thresholds
Ideal customer profile, weightings, and tested scores
Test profile scoring
Align on engagement attributes.
Develop a scoring model from which future iterations can be tested.
4.1 Weight the attributes of your lead generation engagement model and run tests.
4.2 Apply weightings to activities and assets.
4.3 Test engagement and profile scenarios together and make any adjustments to weightings or thresholds.
Engagement attributes and weightings tested and complete
Final lead scoring model
Apply the model to your tech platform.
Deliver better qualified leads to Sales.
5.1 Apply model to your marketing management/campaign management software and test the quality of sales-accepted leads in the hands of sellers.
5.2 Measure overall lead flow and conversion rates through your marketing pipeline.
5.3 Apply lead nurturing and other advanced methods.
Model applied to software
Better qualified leads in the hands of sellers
EXECUTIVE BRIEF
As B2B organizations emerge from the lowered demands brought on by COVID-19, they are eager to convert marketing contacts to sales-qualified leads with even the slightest signal of intent, but many sales cycles are wasted when sellers receive unqualified leads. Delivering highly qualified leads to sellers is still more art than science, and it is especially challenging without a way to score a contact profile and engagement. While most marketers capture some profile data from contacts, many will pass a contact over to Sales without any engagement data or schedule a demo with a contact without any qualifying profile data. Passing unqualified leads to Sales suboptimizes Sales’ resources, raises the costs per lead, and often results in lost opportunities. Marketers need to develop a lead scoring methodology that delivers better qualified leads to Field Sales scored against both the ideal customer profile (ICP) and engagement that signals lower-funnel buyer interest. To be successful in building a compelling lead scoring solution, marketers must work closely with key stakeholders to align the ICP asset/activity with the buyer journey. Additionally, working early in the design process with IT/Marketing Operations to implement lead management and analytical tools in support will drive results to maximize lead conversion rates and sales wins.
Jeff Golterman
Managing Director
SoftwareReviews Advisory
The affordability and ease of implementation of digital marketing tools have driven global adoption to record levels. While many marketers are fine-tuning the lead generation engine components of email, social media, and web-based advertising to increase lead volumes, just 32% of companies pass well-qualified leads over to outbound marketers or sales development reps (SDRs). At best, lead gen costs stay high, and marketing-influenced win rates remain suboptimized. At worst, marketing reputation suffers when poorly qualified leads are passed along to sellers.
Most marketers lack a methodology for lead scoring, and some lack alignment among Marketing, Product, and Sales on what defines a qualified lead. In their rush to drive lead generation, marketers often fail to “define and align” on the ICP with stakeholders, creating confusion and wasted time and resources. In the rush to adopt B2B marketing and sales automation tools, many marketers have also skipped the important steps to 1) define the buyer journey and map content types to support, and 2) invest in a consistent content creation and sourcing strategy. The wrong content can leave prospects unmotivated to engage further and cause them to seek alternatives.
To employ lead scoring effectively, marketers need to align Sales, Marketing, and Product teams on the definition of the ICP and what constitutes a Sales-accepted lead. The buyer journey needs to be mapped in order to identify the engagement that will move a lead through the marketing lead generation engine. Then the project team can score prospect engagement and the prospect profile attributes against the ICP to arrive at a lead score. The marketing tech stack needs to be validated to support lead scoring, and finally Sales needs to sign off on results.
Lead scoring is a must-have capability for high-tech marketers. Without lead scoring, marketers will see increased costs of lead gen, decreased SQL to opportunity conversion rates, decreased sales productivity, and longer sales cycles.
Leading marketers who successfully implement a lead scoring methodology develop it collaboratively with stakeholders across Marketing, Sales, and Product Management. Leaders will engage Marketing Operations, Sales Operations, and IT early to gain support for the evaluation and implementation of a supporting campaign management application and for analytics to track lead progress throughout the Marketing and Sales funnels. Leverage the Marketing Lead Scoring Toolkit to build out your version of the model and to test various scenarios. Use the slides contained within this storyboard and the accompanying toolkit as a means to align key stakeholders on the ICP and to weight assets and activities across your marketing lead generation engine.
Lead scoring weighs the value of a prospect’s profile against the ICP and renders a profile score. The process then weighs the value of the prospects activities against the ideal call to action (CTA) and renders an activity score. Combining the profile and activity scores delivers an overall score for the value of the lead to drive the next step along the overall buyer journey.
EXAMPLE: SALES MANAGEMENT SOFTWARE
SoftwareReviews Advisory Insight:
A significant obstacle to quality lead production is disagreement on or lack of a documented definition of the ideal customer profile. Marketers successful in lead scoring will align key stakeholders on a documented definition of the ICP as a first step in improving lead scoring.
Up to 66% of businesses don’t practice any type of lead scoring.
“ With lead scoring, you don’t waste loads of time on unworthy prospects, and you don’t ignore people on the edge of buying.”
“The benefits of lead scoring number in the dozens. Having a deeper understanding of which leads meet the qualifications of your highest converters and then systematically communicating with them accordingly increases both ongoing engagement and saves your internal team time chasing down inopportune leads.”
Optimizing Sales Resources Using Lead Scoring
“On average, organizations that currently use lead scoring experience a 77% lift in lead generation ROI, over organizations that do not currently use lead scoring.”
Average Lead Generation ROI by Use of Lead Scoring
1. Drive Aligned Vision for Lead Scoring |
2. Build and Test Your Lead Scoring Model |
3. Apply to Your Tech Platform and Validate, Nurture, and Grow |
|
Phase |
|
|
|
Phase Outcomes |
|
|
|
The workbook walks you through a step-by-step process to:
Consider core functions and form a cross-functional lead scoring team. Document the team’s details here.
Set your initial threshold weightings for profile and engagement scores.
Establish Your Ideal Customer Profile
Identify major attributes and attribute values and the weightings of both. You’ll eventually score your leads against this ICP.
Record and Weight Lead Gen Engine Activities
Identify the major activities that compose prospect engagement with your lead gen engine. Weight them together as a team.
Test Lead Profile Scenarios
Test actual lead profiles to see how they score against where you believe they should score. Adjust threshold settings in Tab 2.
Test Activity Engagement Scores
Test scenarios of how contacts navigate your lead gen engine. See how they score against where you believe they should score. Adjust thresholds on Tab 2 as needed.
Review Combined Profile and Activity Score
Review the combined scores to see where on your lead scoring matrix the lead falls. Make any final adjustments to thresholds accordingly.
DIY Toolkit | Guided Implementation | Workshop | Consulting |
---|---|---|---|
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." |
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." |
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." |
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
|
|
|
|
Phase 1 |
Phase 2 |
Phase 3 |
---|---|---|
Call #1: Collaborate on vision for lead scoring and the overall project. Call #2: Identify the steering committee and the rest of the team. Call #3: Discuss app/tech stack support for lead scoring. Understand key marketing pipeline terminology and the buyer journey. Call #4: Discuss your ICP, apply weightings, and run test scenarios. |
Call #5: Discuss and record lead generation engine components. Call #6: Understand the Lead Scoring Grid and set thresholds for your model. Call #7: Identify your ICP, apply weightings to attributes, and run tests. |
Call #8: Weight the attributes of engagement activities and run tests. Review the application of the scoring model on lead management software. Call #9: Test quality of sales-accepted leads in the hands of sellers. Measure lead flow and conversion rates through your marketing pipeline. Call #10: Review progress and discuss nurturing and other advanced topics. |
A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization. For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst. Your engagement managers will work with you to schedule analyst calls.
Day 1 |
Day 2 |
Day 3 |
Day 4 |
Day 5 |
|
---|---|---|---|---|---|
Drive Aligned Vision for Lead Scoring |
Buyer Journey and Lead Gen Engine Mapping |
Build and Test Your Lead Scoring Model |
Align on Engagement Attributes |
Apply to Your Tech Platform |
|
Activities |
1.1 Outline a vision for lead scoring. 1.2 Identify steering committee and project team members. 1.3 Assess your tech stack for lead scoring and seek advice from Info-Tech analysts to modernize where needed. 1.4 Align on marketing pipeline terminology. |
2.1 Establish a buyer persona (if not done already). 2.2 Map your buyer journey. 2.3 Document the activities and assets of your lead gen engine. |
3.1 Understand Lead Scoring Grid and set your thresholds. 3.2 Identify ICP attribute and sub-attribute weightings. Run tests. |
4.1 Weight the attributes of your lead gen engagement model and run tests. 4.2 Apply weightings to activities and assets. 4.3 Test engagement and profile scenarios together and adjust weightings and thresholds as needed. |
5.1 Apply model to your campaign management software and test quality of sales-accepted leads in the hands of sellers. 5.2. Measure overall lead flow and conversion rates through your marketing pipeline. 5.3 Apply lead nurturing and other advanced methods. |
Deliverables |
|
|
|
|
|
Phase 1 |
Phase 2 |
Phase 3 |
---|---|---|
1.1 Establish a cross-functional vision for lead scoring 1.2 Asses your tech stack for lead scoring (optional) 1.3 Catalog your buyer journey and lead gen engine assets |
2.1 Start building your lead scoring model 2.2 Identify and verify your IPC and weightings 2.3 Establish key lead generation activities and assets |
3.1 Apply model to your marketing management software 3.2 Test the quality of sales-accepted leads 3.3 Apply advanced methods |
This phase will walk you through the following activities:
This phase involves the following stakeholders:
Activities
1.1.1 Identify stakeholders critical to success
1.1.2 Outline the vision for lead scoring
1.1.3 Select your lead scoring team
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
1 hour
Input | Output |
|
|
Materials | Participants |
|
|
B2B marketers that lack agreement among Marketing, Sales, Inside Sales, and lead management supporting staff of what constitutes a qualified lead will squander precious time and resources throughout the customer acquisition process.
1 hour
Input | Output |
|
|
Materials | Participants |
|
|
While SMBs can implement some form of lead scoring when volume is very low and leads can be scored by hand, lead scoring and effective lead management cannot be performed without investment in digital platforms and lead management software and integration with customer relationship management (CRM) applications in the hands of inside and field sales staff. Marketers should plan and budget for the right combination of applications and tools to be in place for proper lead management.
Title |
Key Stakeholders Within a Lead Generation/Scoring Initiative |
---|---|
Lead Scoring Sponsor |
|
Lead Scoring Initiative Manager |
|
Business Leads |
|
Digital, Marketing/Sales Ops/IT Team |
|
Steering Committee |
|
Marketers managing the lead scoring initiative must include Product Marketing, Sales, Inside Sales, and Product Management. And given that world-class B2B lead generation engines cannot run without technology enablement, Marketing Operations/IT – those that are charged with enabling marketing and sales – must also be part of the decision making and implementation process of lead scoring and lead generation.
30 minutes
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Scoring Workbook
Consider the core team functions when composing the lead scoring team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned lead management/scoring strategy. Don’t let your core team become too large when trying to include all relevant stakeholders. Carefully limit the size of the team to enable effective decision making while still including functional business units.
Required Skills/Knowledge |
Suggested Team Members |
---|---|
Business |
|
|
|
IT |
|
|
|
Other |
|
|
|
Our model assumes you have:
1.2.1 A marketing application/campaign management application in place that accommodates lead scoring.
1.2.2 Lead management software integrated with the sales automation/CRM tool in the hands of Field Sales.
1.2.3 Reporting/analytics that spans the entire lead generation pipeline/funnel.
Refer to the following three slides if you need guidance in these areas.
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
SoftwareReviews Advisory Insight:
Marketers that collaborate closely with Marketing Ops/IT early in the process of lead scoring design will be best able to assess whether current marketing applications and tools can support a full lead scoring capability.
A thorough evaluation takes months – start early
A thorough evaluation takes months – start early
Access the Info-Tech blueprint Select and Implement a CRM Platform, along with analyst inquiry support during the requirements definition, vendor evaluation, and vendor selection phases. Use the SoftwareReviews CRM Data Quadrant during vendor evaluation and selection.
A thorough evaluation takes weeks – start early
Activities
1.3.1 Review marketing pipeline terminology
1.3.2 Describe your buyer journey
1.3.3 Describe your awareness and lead generation engine
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
30 minutes
Stage |
Characteristics |
Actions |
Contact |
|
Nurture SDR Qualify Send to Sales Close |
MQL |
|
|
SQL |
|
|
Oppt’y |
|
|
Win |
|
SoftwareReviews Advisory Insight:
Score leads in a way that makes it crystal clear whether they should be ignored, further nurtured, further qualified, or go right into a sellers’ hands as a super hot lead.
2 hours
On the following slide:
SoftwareReviews Advisory Insight:
Establishing a buyer journey is one of the most valuable tools that, typically, Product Marketing produces. Its use helps campaigners, product managers, and Inside and Field Sales. Leading marketers keep journeys updated based on live deals and characteristics of wins.
[Persona name] ([levels it includes from arrows above]) Buyer’s Journey for [solution type] Vendor Selection
* For guidance on best practices in engaging industry analysts, contact your engagement manager to schedule an inquiry with our expert in this area. during that inquiry, we will share best practices and recommended analyst engagement models.
2 hours
On the following slide:
SoftwareReviews Advisory Insight:
Marketing’s primary mission is to deliver marketing-influenced wins (MIWs) to the company. Building a compelling awareness and lead gen engine must be done with that goal in mind. Leaders are ruthless in testing – copy, email subjects, website navigation, etc. – to fine-tune the engine and staying highly collaborative with sellers to ensure high value lead delivery.
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
1.1 Establish a cross-functional vision for lead scoring 1.2 Asses your tech stack for lead scoring (optional) 1.3 Catalog your buyer journey and lead gen engine assets | 2.1 Start building your lead scoring model 2.2 Identify and verify your IPC and weightings 2.3 Establish key lead generation activities and assets | 3.1 Apply model to your marketing management software 3.2 Test the quality of sales-accepted leads 3.3 Apply advanced methods |
This phase will walk you through the following activities:
This phase involves the following participants:
Activities
2.1.1 Understand the Lead Scoring Grid
2.1.2 Identify thresholds
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
30 minutes
30 minutes
We have set up a model Lead Scoring Grid – see Lead Scoring Workbook, tab 2, “Identify Thresholds.”
Set your thresholds within the Lead Scoring Workbook:
SoftwareReviews Advisory Insight:
Clarify that all-important threshold for when a lead passes to your expensive and time-starved outbound sellers.
Activities
2.2.1 Identify your ideal customer profile
2.2.2 Run tests to validate profile weightings
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
2 hours
SoftwareReviews Advisory Insight:
Marketers who align with colleagues in areas such as Product Marketing, Sales, Inside Sales, Sales Training/Enablement, and Product Managers and document the ICP give their organizations a greater probability of lead generation success.
SoftwareReviews Advisory Insight:
Keep your model simple in the interest of fast implementation and to drive early learnings. The goal is not to be perfect but to start iterating toward success. You will update your scoring model even after going into production.
2 hours
Activities
2.3.1 Establish activities, attribute values, and weights
2.3.2 Run tests to evaluate activity ratings
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
2 hours
SoftwareReviews Advisory Insight:
Use data from actual closed deals and the underlying activities to build your model – nothing like using facts to inform your key decisions. Use common sense and keep things simple. Then update further when data from new wins appears.
2 hours
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
1.1 Establish a cross-functional vision for lead scoring 1.2 Asses your tech stack for lead scoring (optional) 1.3 Catalog your buyer journey and lead gen engine assets | 2.1 Start building your lead scoring model 2.2 Identify and verify your IPC and weightings 2.3 Establish key lead generation activities and assets | 3.1 Apply model to your marketing management software 3.2 Test the quality of sales-accepted leads 3.3 Apply advanced methods |
This phase will walk you through the following activities:
This phase involves the following participants:
Activities
3.1.1 Apply final model to your lead management software
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
3 hours
Activities
3.2.1 Achieve sales lead acceptance
3.2.2 Measure and optimize
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
1 hour
Stage | Characteristics | Actions |
Contact |
| Nurture SDR Qualify Send to Sales Close |
MQL |
| |
SQL |
| |
Oppt’y |
| |
Win |
|
SoftwareReviews Advisory Insight:
Marketers that collaborate with Sales – and in this case, a group of sellers as a sales advisory team – well in advance of sales acceptance to design lead scoring will save time during this stage, build trust with sellers, and make faster decisions related to lead management/scoring.
Ongoing
Analytics will also drive additional key insights across your lead gen engine:
Activities
3.3.1 Employ lead nurturing strategies
3.3.2 Adjust your model over time to accommodate more advanced methods
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
SoftwareReviews Advisory Insight:
Nurturing success combines the art of crafting engaging copy/experiences and the science of knowing just where a prospect is within your lead gen engine. Great B2B marketers demonstrate the discipline of knowing when to drive engagement and/or additional profile attribute capture using intent while not losing the prospect to over-profiling.
Ongoing
SoftwareReviews Advisory Insight:
When nurturing, choose/design content as to what “intent” it satisfies. For example, a head-to-head comparison with a key competitor signals “Selection” phase of the buyer journey. Content that helps determine what app-type to buy signals “Solution”. A company video, or a webinar replay, may mean your buyer is “educating themselves.
Ongoing
Advanced Methods
ABM |
Account-Based Marketing |
---|---|
B2B |
Business to Business |
CMO |
Chief Marketing Officer |
CRM |
Customer Relationship Management |
ICP |
Ideal Customer Profile |
MIW |
Marketing-Influenced Win |
MQL |
Marketing-Qualified Lead |
SDR |
Sales Development Representative |
SQL |
Sales-Qualified Lead |
Arora, Rajat. “Mining the Real Gems from you Data – Lead Scoring and Engagement Scoring.” LeadSquared, 27 Sept. 2014. Web.
Doyle, Jen. “2012 B2B Marketing Benchmark Report: Research and insights on attracting and converting the modern B2B buyer.” MarketingSherpa, 2012. Web.
Doyle, Jen, and Sergio Balegno. “2011 MarketingSherpa B2B Marketing Benchmark Survey: Research and Insights on Elevating Marketing Effectiveness from Lead Generation to Sales Conversion.” MarketingSherpa, 2011.
Kirkpatrick, David. “Lead Scoring: CMOs realize a 138% lead gen ROI … and so can you.” marketingsherpa blog, 26 Jan 2012. Web.
Moser, Jeremy. “Lead Scoring Is Important for Your Business: Here’s How to Create Scoring Model and Hand-Off Strategy.” BigCommerce, 25 Feb. 2019. Web.
Strawn, Joey. “Why Lead Scoring Is Important for B2Bs (and How You Can Implement It for Your Company.” IndustrialMarketer.com, 17 Aug. 2016. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Evaluate the current state, stakeholder capacity, and target audience of engagement actions.
Review impact to engagement drivers in order to prioritize and select tactics for addressing each.
Designate owners of tactics, select measurement tools and cadence, and communicate engagement actions.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Analyze your project history to identify and fill gaps in your estimation practices.
Allocate time across project phases to validate and refine estimates and estimate assumptions.
Implement a lessons learned process to provide transparency to your sponsors and confidence to your teams.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Track key performance indicators on past projects to inform goals for future projects.
Developed Project History List.
Refined starting estimates that can be adjusted accurately from project to project.
1.1 Build project history.
1.2 Analyze estimation capabilities.
1.3 Identify estimation goals.
Project History List
T-Shirt Sizing Health Check
Estimate Tracking Plan
Outline the common attributes required to complete projects.
Identify the commonly forgotten attributes to ensure comprehensive scoping early on.
Refined initial estimate based on high-level insights into work required and resources available.
2.1 Develop a list of in-scope project attributes.
2.2 Identify leadership priorities for deliverables and attributes.
2.3 Track team and skill responsibilities for attributes.
Identified list or store of past project attributes and costs
Attribute List and Estimated Cost
Required Skills List
Set clear processes for tracking the health of your estimate to ensure it is always as accurate as possible.
Define check-in points to evaluate risks and challenges to the project and identify trigger conditions.
An estimation process rooted in organizational memory and lessons learned.
Project estimates that are consistently reevaluated to predict and correct challenges before they can drastically affect your projects.
3.1 Determine Milestone Check-In Points.
3.2 Develop Lessons Learned Meeting Agendas.
3.3 Identify common risks and past lessons learned.
3.4 Develop contingency tracking capabilities.
Project Lessons Learned Template
Historic Risks and Lessons Learned Master Template
Contingency Reserve and Risk Registers
Bridge the gap between death march projects and bloated and uncertain estimates by communicating expectations and assumptions clearly to your sponsors.
Clear estimation criteria and assumptions aligned with business priorities.
Post-mortem discussion items crucial to improving project history knowledge for next time.
4.1 Identify leadership risk priorities.
4.2 Develop IT business alignment.
4.3 Develop hand-off procedures and milestone approval methods.
4.4 Create a list of post-mortem priorities.
Estimation Quotation
Risk Priority Rankings
Hand-Off Procedures
Post-mortem agenda planning
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Securing your hybrid workforce should be an opportunity to get started on the zero trust journey. Realizing the core features needed to achieve this will assist you determine which of the options is a good fit for your organization.
Every organization's strategy to secure their hybrid workforce should include introducing zero trust principles in certain areas. Our unique approach:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
The storyboard contains two easy-to-follow steps on securing your hybrid workforce with zero trust, from assessing the suitability of SASE/SSE to taking a step in building a zero trust roadmap.
Use this tool to identify your next line of action in securing your hybrid workforce by assessing key components that conforms to the ideals and principles of Zero Trust.
Use this document to request proposals from select vendors.
Remote connections like VPNs were not designed to be security tools or to have the capacity to handle a large hybrid workforce; hence, organizations are burdened with implementing controls that are perceived to be "security solutions." The COVID-19 pandemic forced a wave of remote work for employees that were not taken into consideration for most VPN implementations, and as a result, the understanding of the traditional network perimeter as we always knew it has shifted to include devices, applications, edges, and the internet. Additionally, remote work is here to stay as recruiting talent in the current market means you must make yourself attractive to potential hires.
The shift in the network perimeter increases the risks associated with traditional VPN solutions as well as exposing the limitations of the solution. This is where zero trust as a principle introduces a more security-focused strategy that not only mitigates most (if not all) of the risks, but also eliminates limitations, which would enhance the business and improve customer/employee experience.
There are several ways of achieving zero trust maturity, and one of those is SASE, which consolidates security and networking to better secure your hybrid workforce as implied trust is thrown out of the window and verification of everything becomes the new normal to defend the business.
Victor Okorie
Senior Research Analyst, Security and Privacy
Info-Tech Research Group
CISOs are looking to zero trust to fill the gaps associated with their traditional remote setup as well as to build an adaptable security strategy. Some challenges faced include:
The zero trust journey may seem tedious because of a few obstacles like:
Info-Tech provides a three-service approach to helping organizations better secure their hybrid workforce.
Securing your hybrid workforce should be an opportunity to get started on the zero trust journey. Realizing the core features needed to achieve this will assist you in determining which of the options is a good fit for your organization.
The pandemic has shown there is no going back to full on-prem work, and as such, security should be looked at differently with various considerations in mind.
Understand that current hybrid solutions are susceptible to various forms of attack as the threat attack surface area has now expanded with users, devices, applications, locations, and data. The traditional perimeter as we know it has expanded beyond just the corporate network, and as such, it needs a more mature security strategy.
Onboarding and offboarding have been done remotely, and with some growth recorded, the size of companies has also increased, leading to a scaling issue.
Employees are now demanding remote work capabilities as part of contract negotiation before accepting a job.
Attacks have increased far more quickly during the pandemic, and all indications point to them increasing even more.
Scarce available security personnel in the job market for hire.
The number of breach incidents by identity theft.
Source: Security Magazine, 2022.
IT security teams want to adopt zero trust.
Source: Cybersecurity Insiders, 2019.
$1.07m |
$1.76m |
235 |
---|---|---|
Increase in breaches related to remote work |
Cost difference in a breach where zero trust is deployed |
Days to identify a breach |
The average cost of a data breach where remote work was a factor rose by $1.07 million in 2021. COVID-19 brought about rapid changes in organizations, and digital transformation changes curbed some of its excesses. Organizations that did not make any digital transformation changes reported a $750,000 higher costs compared to global average. |
The average cost of a breach in an organization with no zero trust deployed was $5.04 million in 2021 compared to the average cost of a breach in an organization with zero trust deployed of $3.28 million. With a difference of $1.76 million, zero trust makes a significant difference. |
Organizations with a remote work adoption rate of 50% took 235 days to identify a breach and 81 days to contain that breach – this is in comparison to the average of 212 days to identify a breach and 75 days to contain that breach. |
Source: IBM, 2021.
The convergence and consolidation of security and network brought about the formation of secure access service edge (SASE – pronounced like "sassy"). Digital transformation, hybrid workforce, high demand of availability, uninterrupted access for employees, and a host of other factors influenced the need for this convergence that is delivered as a cloud service.
The capabilities of a SASE solution being delivered are based on certain criteria, such as the identity of the entity (users, devices, applications, data, services, location), real-time context, continuous assessment and verification of risk and "trust" throughout the lifetime of a session, and the security and compliance policies of the organization.
SASE continuously identifies users and devices, applies security based on policy, and provides secure access to the appropriate and requested application or data regardless of location.
The traditional perimeter security using the castle and moat approach is depicted in the image here. The security shields valuable resources from external attack; however, it isn't foolproof for all kinds of external attacks. Furthermore, it does not protect those valuable resources from insider threat.
This security perimeter also allows for lateral movement when it has been breached. Access to these resources is now considered "trusted" solely because it is now behind the wall/perimeter.
This approach is no longer feasible in our world today where both external and internal threats pose continuous risk and need to be contained.
TRADITIONAL INFRASTRUCTURE |
||||
---|---|---|---|---|
NETWORK |
SECURITY |
AUTHENTICATION |
IDENTITY |
ACCESS |
|
|
|
|
|
SASE | ||||
---|---|---|---|---|
NETWORK | SECURITY | AUTHENTICATION | IDENTITY | ACCESS |
|
|
|
|
|
ZERO TRUST |
|
---|---|
TENETS OF ZERO TRUST |
ZERO TRUST PILLARS |
|
|
Securing your hybrid workforce should be an opportunity to get started on the zero trust journey. Realizing the core features needed to achieve this will help you determine which of the options is a good fit for your organization.
PHASE 1
PHASE 2 Assess the benefits of adopting SASE or zero trust |
Vendors will try to control the narrative in terms of what they can do for you, but it's time for you to control the narrative and identify pain points to IT and the business, and with that, to understand and define what the vendor solution can do for you. |
---|---|
PHASE 2 Assess the benefits of adopting SASE or zero trust |
Vendors will try to control the narrative in terms of what they can do for you, but it's time for you to control the narrative and identify pain points to IT and the business, and with that, to understand and define what the vendor solution can do for you. |
IT leaders need to examine different areas of their budget and determine how the adoption of a SASE solution could influence several areas of their budget breakdown.
Determining the SASE cost factors early could accelerate the justification the business needs to move forward in making an informed decision.
01- Infrastructure |
|
---|---|
02- Administration |
|
03- Inbound |
|
04- Outbound |
|
04- Data Protection |
|
06- Monitoring |
|
1. Current state and future mitigation |
2. Assess the benefits of moving to SASE/zero trust |
|
---|---|---|
Phase Steps |
1.1 Limitations of legacy infrastructure 1.2 Zero trust principle as a control 1.3 SASE as a driver of zero trust |
2.1 Sourcing out a SASE/SSE vendor 2.2 Build a zero trust roadmap |
Phase Outcomes |
Identify and prioritize risks of current infrastructure and several ways to mitigate them. |
RFP template and build a zero trust roadmap. |
The internet is the new corporate network, which opens the organization up to more risks not protected by the current security stack. Using Info-Tech's methodology of zero trust adoption is a sure way to reduce the attack surface, and SASE is one useful tool to take you on the zero trust journey.
Securing your hybrid workforce via zero trust will inevitably include (but is not limited to) technological products/solutions.
SASE and SSE features sit as an overlay here as technological solutions that will help on the zero trust journey by aggregating all the disparate solutions required for you to meet zero trust requirements into a single interface. The knowledge and implementation of this helps put things into perspective of where and what our target state is.
It is critical to choose a solution that addresses the security problems you are actually trying to solve.
Don't allow the solution provider to tell you what you need – rather, start by understanding your capability gaps and then go to market to find the right partner.
Take advantage of the RFP template to source a SASE or SSE vendor. Additionally, build a zero trust roadmap to develop and strategize initiatives and tasks.
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
Zero Trust and SASE Suitability Tool
Identify critical and vulnerable DAAS elements to protect and align them to business goals.
Zero Trust Program Gap Analysis Tool
Perform a gap analysis between current and target states to build a zero trust roadmap.
Secure Your Hybrid Workforce With Zero Trust Communication deck
Present your zero trust strategy in a prepopulated document that summarizes the work you have completed as a part of this blueprint.
Phase 1 | Phase 2 |
---|---|
1.1 Limitations of legacy infrastructure 1.2 Zero trust principle as a control 1.3 SASE as a driver of zero trust | 2.1 Sourcing out a SASE/SSE vendor 2.2 Build a zero trust roadmap |
Ensure you minimize or eliminate weak points on all layers.
There are many limitations that make it difficult for traditional VPNs to adapt to an ever-growing hybrid workforce.
The listed limitations are tied to associated risks of legacy infrastructure as well as security components that are almost non-existent in a VPN implementation today.
VPNs were designed for small-scale remote access to corporate network. An increase in the remote workforce will require expensive hardware investment.
Users and attackers are not restricted to specific network resources, and with an absence of activity logs, they can go undetected.
Due to the reduction in or lack of visibility, threat detections are poorly managed, and responses are already too late.
Limited number of locations for VPN hardware to be situated as it can be expensive.
The increase in the hybrid workforce requires the risk perimeter to be expanded from the corporate network to devices and applications. VPNs are built for privacy, not security.
Hybrid workforces are here to stay, and adopting a strategy that is adaptable, flexible, simple, and cost-effective is a recommended road to take on the journey to bettering your security and network.
Download the Zero Trust - SASE Suitability Assessment Tool
Zero trust/"always verify" is applied to identity, workloads, devices, networks, and data to provide a greater control for risks associated with traditional network architecture.
Zero trust identity and access will lead to a mature IAM process in an organization with the removal of implicit trust.
With a zero trust network architecture (ZTNA), both the remote and on-prem network access are more secure than the traditional network deployment. The software-defined parameter ensures security on each network access.
With zero trust principle applied on identity, workload, devices, network, and data, the threat surface area which births some of the risks identified earlier will be significantly reduced.
Scaling, visibility, network throughput, secure connection from anywhere, micro-segmentation, and a host of other benefits to improve your hybrid workforce.
Security and network initiatives of a zero trust roadmap converged into a single pane of glass.
Security and network converged into a single pane of glass giving you some of the benefits and initiatives of a zero trust implemented architecture in one package.
The identity-centric nature of SASE solutions helps to improve your IAM maturity as it applies the principle of least privilege. The removal of implicit trust and continuous verification helps foster this more.
With ZTNA, both the remote and on-prem network access are more secure than the traditional network deployment. The software defined parameter ensures security on each network access.
Secure web gateway, cloud access security broker, domain name system, next-generation firewall, data loss prevention, and ZTNA protect against data leaks, prevent lateral movement, and prevent malicious actors from coming in.
Reduced costs and complexity of IT, faster user experience, and reduced risk as a result of the scalability, visibility, ease of IT administration, network throughput, secure connection from anywhere, micro-segmentation, and a host of other benefits will surely improve your hybrid workforce.
These features of SASE and zero trust mitigate the risks associated with a traditional VPN and reduce the threat surface area. With security at the core, network optimization is not compromised.
Otherwise known as security service edge (SSE)
Security service edge is the convergence of all security services typically found in SASE. At its core, SSE consists of three services which include:
SSE components are also mitigations or initiatives that make up a zero trust roadmap as they comply with the zero trust principle, and as a result, they sit up there with SASE as an overlay/driver of a zero trust implementation. SSE's benefits are identical to SASE's in that it provides zero trust access, risk reduction, low costs and complexity, and a better user experience. The difference is SSE's sole focus on security services and not the network component.
SASE |
|
---|---|
NETWORK FEATURES |
SECURITY FEATURES |
|
|
Zero Trust |
SASE | ||
---|---|---|---|
Pros |
Cons |
Pros |
Cons |
|
|
|
|
Use the dashboard to understand the value assessment of adopting a SASE product or building a zero trust roadmap.
This tool will help steer you on a path to take as a form of mitigation/control to some or all the identified challenges.
Phase 1 | Phase 2 |
---|---|
1.1 Limitations of legacy infrastructure 1.2 Zero trust principle as a control 1.3 SASE as a driver of zero trust | 2.1 Sourcing out a SASE/SSE vendor 2.2 Build a zero trust roadmap |
2.1.1 Use the RFP template to request proposal from vendors
2.1.2 Use SoftwareReviews to compare vendors
Download the RFP Template
2.2.1 Assess the maturity of your current zero trust implementation
2.2.2 Understand business needs and current security projects
2.2.3 Set target maturity state with timeframe
CIO, CISO, IT manager, Infosec team, executives.
Zero Trust Roadmap
Download the Zero Trust Security Benefit Assessment tool
Download the Zero Trust Program Gap Analysis Tool
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop
Contact your account representative for more information
workshops@infotech.com
1-888-670-8889
To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Zero Trust - SASE Suitability Assessment Tool
Assess current security capabilities and build a roadmap of tasks and initiatives that close maturity gaps.
Build an Information Security Strategy
Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations. This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current state assessment, prioritizing initiatives, and building out a security roadmap.
Determine Your Zero Trust Readiness
IT security was typified by perimeter security. However, the way the world does business has mandated a change to IT security. In response, zero trust is a set of principles that can add flexibility to planning your IT security strategy.
Use this blueprint to determine your zero trust readiness and understand how zero trust can benefit both security and the business.
Mature Your Identity and Access Management Program
Many organizations are looking to improve their identity and access management (IAM) practices but struggle with where to start and whether all areas of IAM have been considered. This blueprint will help you improve the organization's IAM practices by following our three-phase methodology:
"2021 Data Breach Investigations Report." Verizon, 2021. Web.
"Fortinet Brings Networking and Security to the Cloud" Fortinet, 2 Mar. 2021. Web.
"A Zero Trust Strategy Has 3 Needs – Identify, Authenticate, and Monitor Users and Devices on and off the Network." Fortinet, 15 July 2021. Web.
"Applying Zero Trust Principles to Enterprise Mobility." CISA, Mar. 2022. Web.
"CISA Zero Trust Maturity Model." CISA, Cybersecurity Division, June 2021. Web.
"Continuous Diagnostics and Mitigation Program Overview." CISA, Jan. 2022. Web.
"Cost of a Data Breach Report 2021 | IBM." IBM, July 2021. Web.
English, Melanie. "5 Stats That Show The Cost Saving Effect of Zero Trust." Teramind, 29 Sept. 2021. Web.
Hunter, Steve. "The Five Business Benefits of a Zero Trust Approach to Security." Security Brief - Australia, 19 Aug. 2020. Web.
"Improve Application Access and Security With Fortinet Zero Trust Network Access." Fortinet, 2 Mar. 2021. Web.
"Incorporating zero trust Strategies for Secure Network and Application Access." Fortinet, 21 Jul. 2021. Web.
Jakkal, Vasu. "Zero Trust Adoption Report: How Does Your Organization Compare?" Microsoft, 28 July 2021. Web.
"Jericho Forum™ Commandments." The Open Group, Jericho Forum, May 2007. Web.
Schulze, Holger. "2019 Zero Trust Adoption Report." Cybersecurity Insiders, 2019. Web.
"67% of Organizations Had Identity-Related Data Breaches Last Year." Security Magazine, 22 Aug. 2022. Web.
United States, Executive Office of the President Joseph R. Biden, Jr. "Executive Order on Improving the Nation's Cybersecurity." The White House, 12 May 2021. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Perform a measured value assessment for building and managing a minimum-viable PMO.
Focus on the minimum required to maintain accuracy of portfolio reporting and effectiveness in managing projects.
Emphasize reporting high-level project status as a way to identify and address issues to achieve the best results with the least effort.
Free PMs to focus on actually managing the project while still delivering accurate portfolio metrics.
Ensure project manager compliance with the portfolio reporting process by incorporating activities that create value.
Evaluate success and identify opportunities for further improvement.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Define goals and success criteria.
Finalize agenda.
Gather information: update project and resource lists (Info-Tech recommends using the Project Portfolio Workbook).
More efficiently organized and executed workshop.
Able to better customize and tailor content to your specific needs.
1.1 Discuss specific pain points with regards to project manager allocations
1.2 Review project lists, tools and templates, and other documents
1.3 Map existing strategies to Info-Tech’s framework
Understanding of where efforts must be focused in workshop
Assessment of what existing tools and templates may need to be included in zero-allocation workbook
Revisions that need to be made based on existing strategies
Assess current state (including review of project and resource lists).
Discuss and analyze SWOT around project and portfolio management.
Define target state.
Define standards / SOP / processes for project and portfolio management.
Gain perspective on how well your processes match up with the amount of time your project managers have for their PM duties.
Determine the value of the time and effort that your project teams are investing in project management activities.
Begin to define resource optimized processes for zero-allocation project managers.
Ensure consistent implementation of processes across your portfolio.
Establish project discipline and best practices that are grounded in actual project capacity.
2.1 Perform and/or analyze Minimum-Viable PMO Needs Assessment
2.2 SWOT analysis
2.3 Identify target allocations for project management activities
2.4 Begin to define resource optimized processes for zero-allocation project managers
Current state analysis based on Minimum-Viable PMO Needs Assessment
Overview of current strengths, weaknesses, opportunities and threats
Target state analysis based on Minimum-Viable PMO Needs Assessment
A refined Minimum-Viable Project and Portfolio Management SOP
Select and customize project and portfolio management toolkit.
Implement (test/pilot) toolkit and processes.
Customize project manager training plan.
Evaluate and refine toolkit and processes as needed.
Ensure consistent implementation of processes across your portfolio.
Establish project discipline and best practices that are grounded in actual project capacity.
A customized training session that will suit the needs of your project managers.
3.1 Customize the Zero-Allocation Toolkit to accommodate the needs of your projects
3.2 Test toolkit on projects currently underway
3.3 Tweak project manager training to suit the needs of your team
Customized Zero-Allocation Project Management Workbook
A tested and standardized copy of the workbook
A customized training session for your project managers (to take place on Day 4 of Info-Tech’s workshop)
Communicate project and portfolio management SOP to Project Managers.
Deliver project manager training: standards for portfolio reporting and toolkit.
Equip project managers to improve their level of discipline and documentation without spending more time in record keeping and task management.
Execute a successful training session that clearly and succinctly communicates your minimal and resource-optimized processes.
4.1 Project Manager Training, including communication of the processes and standard templates and reports that will be adopted by all project managers
Educated and disciplined project managers, aware of the required processes for portfolio reporting
Debrief from the training session.
Plan for ongoing evaluation and improvement.
Evaluate and refine toolkit and processes if needed.
Answer any remaining questions.
Assess portfolio and project manager performance in light of the strategy implemented.
Understanding of how to keep living documents like the workbook and SOP up to date.
Clearly defined next steps.
5.1 Review the customized tools and templates
5.2 Send relevant documentation to relevant stakeholders
5.3 Schedule review call
5.4 Schedule follow-up call with analysts to discuss progress in six months
Finalized workbook and processes
Satisfied and informed stakeholders
Scheduled review call
Scheduled follow-up call
Use Info-Tech’s tactical, practical training materials to deliver training that is:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This deck presents a behind-the-scenes explanation for the training materials, enabling a facilitator to deliver the training.
The modules are complete with presentation slides, speaker’s notes, and accompanying participant workbooks and provide everything you need to deliver the training to your team.
Each workbook is tailored to the presentation slides in its corresponding facilitation guide. Some workbooks have additional materials, such as role play scenarios, to aid in practice. Every workbook comes with example entries to help participants make the most of their training.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Attend training on the specific topics necessary for each individual management team.
Each workshop consists of four days, one 3-hour training session per day. One module is delivered per day, selecting from the following pool of topics:
Master Time
Accountability
Your Role in the Organization
Your Role in Decision Making
Manage Conflict Constructively
Effective Communication
Performance Management
Coaching & Feedback
Managers learn about best practices, practice their application, and formulate individual skill development plans.
1.1 Training on one topic per day, for four days (selected from a pool of eight possible topics)
Completed workbook and action plan
Ninety-eight percent of managers say they need more training, but 93% of managers already receive some level of manager training. Unfortunately, the training typically provided, although copious, is not working. More of the same will never get you better outcomes. How many times have you sat through training that was so long, you had no hope of implementing half of it? How many times have you been taught best practices, with zero guidance on how to apply them? To truly support our managers, we need to rethink manager training. Move from fulfilling an HR mandate to providing truly trainee-centric instruction. Teach only the right skills – no fluff – and encourage and enable their application in the day to day. |
|
Jane Kouptsova |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
IT departments often promote staff based on technical skill, resulting in new managers feeling unprepared for their new responsibilities in leading people. The success of your organization hinges on managers’ ability to lead their staff; by failing to equip new managers adequately, you are risking the productivity of your entire department. |
Despite the fact that $14 billion is spent annually on leadership training in the US alone (Freedman, 2016), only one in ten CIOs believe their department is very effective at leadership, culture, and values (Info-Tech, 2019). Training programs do not deliver results due to trainee overwhelm, ineffective skill development, and a lack of business alignment. |
Use Info-Tech’s tactical, practical approach to management training to deliver training that:
|
Info-Tech Insight
When it comes to manager training, more is not more. Attending training is not equal to being trained. Even good information is useless when it doesn’t get applied. If your role hasn’t required you to use your training within 48 hours, you were not trained on the most relevant skills.
Engaged teams are:
Engaged teams are driven by managers:
|
87% of middle managers wish they had more training when they were first promoted
98% of managers say they need more training
IT must take notice:
IT as an industry tends to promote staff on the basis of technical skill. As a result, new managers find themselves suddenly out of their comfort zone, tasked with leading teams using management skills they have not been trained in and, more often than not, having to learn on the job. This is further complicated because many new IT managers must go from a position of team member to leader, which can be a very complex transition.
99% of companies offer management training* 93% of managers attend it* $14 billion spent annually in the US on leadership training** |
Fewer than one in ten CIOs believe their IT department is highly effective at leadership, culture, and values. |
1. Information Overload
Seventy-five percent of managers report that their training was too long to remember or to apply in their day to day (Grovo, 2016). Trying to cover too much useful information results in overwhelm and does not deliver on key training objectives.
2. Limited Implementation
Thirty-three percent of managers find that their training had insufficient follow-up to help them apply it on the job (Grovo, 2016). Learning is only the beginning. The real results are obtained when learning is followed by practice, which turns new knowledge into reliable habits.
3. Lack of departmental alignment
Implementing training without a clear link to departmental and organizational objectives leaves you unable to clearly communicate its value, undermines your ability to secure buy-in from attendees and executives, and leaves you unable to verify that the training is actually improving departmental effectiveness.
MOVE FROM |
TO |
---|---|
1. Information Overload |
Timely, tailored topics The more training managers attend, the less likely they are to apply any particular element of it. Combat trainee overwhelm by offering highly tactical, practical training that presents only the essential skills needed at the managers’ current stage of development. |
2. Limited Implementation |
Skills-focused framework Many training programs end when the last manager walks out of the last training session. Ensure managers apply their new knowledge in the months and years after the training by relying on a research-based framework that supports long-term skill building. |
3. Lack of Departmental Alignment |
Outcome-based measurement Setting organizational goals and accompanying metrics ahead of time enables you to communicate the value of the training to attendees and stakeholders, track whether the training is delivering a return on your investment, and course correct if necessary. |
Manager training is only useful if the skills it builds are implemented in the day-to-day. Research supports three drivers of successful skill building from training: |
Habits |
---|---|
Organizational Support |
The training modules include committing to implementing new skills on the job and scheduling opportunities for feedback. |
Learning Structure |
Training activities are customizable, flexible, and accompanied by continuous learning self-evaluation. |
Personal Commitment |
Info-Tech’s methodology builds in activities that foster accountability and an attitude of continuous improvement. |
Learning |
Info-Tech Insight
When it comes to manager training, stop thinking about learning, and start thinking about practice. In difficult situations, we fall back on habits, not theoretical knowledge. If a manager is only as good as their habits, we need to support them in translating knowledge into practice.
Set up your first-time managers for success by leveraging Info-Tech’s training to focus on three key areas of management:
Each of these areas:
Info-Tech Insight
There is no such thing as “effective management training.” Various topics will be effective at different times for different roles. Delivering only the highest-impact learning at strategic points in your leadership development program will ensure the learning is retained and translates to results.
Each topic corresponds to a module, which can be used individually or as a series in any order.
Choose topics that resonate with your managers and relate directly to their day-to-day tasks. Training on topics that may be useful in the future, while interesting, is less likely to generate lasting skill development.
Info-Tech Best Practice
This blueprint is not a replacement for formal leadership or management certification. It is designed as a practical, tactical, and foundational introduction to key management capabilities.
Practical facilitation guides equip you with the information, activities, and speaker’s notes necessary to deliver focused, tactical training to your management team. |
The participant’s workbook guides trainees through applying the three drivers of skill building to solidify their training into habits. |
Linking manager training with measurable outcomes allows you to verify that the program is achieving the intended benefits, course correct as needed, and secure buy-in from stakeholders and participants by articulating and documenting value.
Use the metrics suggested below to monitor your training program’s effectiveness at three key stages:
Program Metric |
Calculation |
---|---|
Program enrolment and attendance |
Attendance at each session / Total number enrolled in session |
First-time manager (FTM) turnover rate |
Turnover rate: Number of FTM departures / Total number of FTMs |
FTM turnover cost |
Number of departing FTMs this year * Cost of replacing an employee |
Manager Effectiveness Metric |
Calculation |
Engagement scores of FTM's direct reports |
Use Info-Tech's Employee Engagement surveys to monitor scores |
Departures as a result of poor management |
Number of times "manager relationships" is selected as a reason for leaving on an exit survey / Total number of departures |
Cost of departures due to poor management |
Number of times "manager relationships" is selected as a reason for leaving on an exit survey * Cost associated with replacing an employee |
Organizational Outcome Metric |
Calculation |
On-target delivery |
% projects completed on-target = (Projects successfully completed on time and on budget / Total number of projects started) * 100 |
Business stakeholder satisfaction with IT |
Use Info-Tech’s business satisfaction surveys to monitor scores |
High-performer turnover rate |
Number of permanent, high-performing employee departures / Average number of permanent, high-performing employees |
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
---|---|---|---|
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” | “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” | “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” | “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” |
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
Call #1: Scope requirements, objectives, and your specific challenges. |
Call #2: Review selected modules and discuss training delivery. |
Call #3: Review training delivery, discuss lessons learned. Review long-term skill development plan. |
A Guided Implementation (GI) is a series
of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is 1 to 3 calls over the course of several months, depending on training schedule.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | |
---|---|---|---|---|
3-Hour Training Session |
3-Hour Training Session |
3-Hour Training Session |
3-Hour Training Session |
|
Activities | Training on topic 1 (selected from a pool of 8 possible topics) |
Training on topic 2 (selected from a pool of 8 possible topics) |
Training on topic 3 (selected from a pool of 8 possible topics) |
Training on topic 4 (selected from a pool of 8 possible topics) |
Deliverables | Completed workbook and action plan |
Completed workbook and action plan |
Completed workbook and action plan |
Completed workbook and action plan |
Pool of topics:
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
|
|
|
Outcomes of this phase:
1-3 hours
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Effective communication can make or break your IT team’s effectiveness and engagement and a manager’s reputation in the organization. Effective stakeholder management and communication has a myriad of benefits – yet this is a key area where IT leaders continue to struggle.
There are multiple ways in which you communicate with your staff. The tactics you will learn in this section will help you to:
Benefits:
35% Of organizations say they have lost an employee due to poor internal communication (project.co, 2021).
59% Of business leaders lose work time to mistakes caused by poor communication (Grammarly, 2022).
$1.2 trillion Lost to US organizations as a result of poor communication (Grammarly, 2022).
Operations |
Human Resources |
Finance |
Marketing |
---|---|---|---|
Increases production by boosting revenue. |
Reduces the cost of litigation and increases revenue through productivity improvements. |
Reduces the cost of failing to comply with regulations. |
Increases attraction and retention of key talent. |
Learning outcomes:
Main goal: Become a better communicator across a variety of personal styles and work contexts.
Key objectives:
Info-Tech Insight
First-time IT managers face specific communication challenges that come with managing people for the first time: learning to communicate a greater variety of information to different kinds of people, in a variety of venues. Tailored training in these areas helps managers focus and fast-track critical skill development.
Meaningful performance measures help employees understand the rationale behind business decisions, help managers guide their staff, and clarify expectations for employees. These factors are all strong predictors of team engagement:
Talent Management Outcomes |
Organizational Outcomes |
---|---|
Performance measure are key throughout the talent management process. Candidates:
Employees:
Promotions and Evaluations:
|
Performance measures benefit the organization by:
|
Learning outcomes:
Main goal: Become proficient in setting, tracking, and communicating around performance management goals.
Key objectives:
Info-Tech Insight
Goal and metric development holds special significance for first-time IT managers because it now impacts not only their personal performance, but that of their employees and their team collectively. Training on these topics with a practical team- and employee-development approach is a focused way to build these skills.
COACHING is a conversation in which a manager asks an employee questions to guide them to solve problems themselves, instead of just telling them the answer. |
||
Coaching increases employee happiness, and decreases turnover.1 |
Coaching promotes innovation.2 |
Coaching increases employee engagement, effort and performance.3 |
FEEDBACK is information about the past, given in the present, with the goal of influencing behavior or performance for the future. It includes information given for reinforcement and redirection. |
||
Honest feedback enhances team psychological safety.4 |
Feedback increases employee engagement.5 |
Feedback boosts feelings of autonomy and drives innovation.6 |
Learning outcomes:
Main goal: Get prepared to coach and offer feedback to your staff as appropriate.
Key objectives:
Info-Tech Insight
First-time managers often shy away from giving coaching and feedback, stalling their team’s performance. A focused and practical approach to building these skills equips new managers with the tools and confidence to tackle these challenges as soon as they arise.
Managers who don’t understand the business cannot effect positive change. The greater understanding that IT managers have of business context, the more value they provide to the organization as seen by the positive relationship between IT’s understanding of business needs and the business’ perception of IT value.
To understand your role in the business, you need to know who your stakeholders are and what value you and your team provide to the organization. Knowing how you help each stakeholder meet their wants needs and goals means that you have the know-how to balance experience and outcome-based behaviors. This is the key to being an attentive leader.
The tactics you will learn in this section will help you to:
Benefits:
Learning outcomes:
Main goal: Understand how your role and the role of your team serves the business.
Key objectives:
Info-Tech Insight
Before training first-time IT managers, take some time as the facilitator to review how you will serve the wants and needs of those you are training and your stakeholders in the organization.
To understand your role in the decision-making process, you need to know what is expected of you and you must understand what goes into making a good decision. The majority of managers report they have no trouble making decisions and that they are good decision makers, but the statistics say otherwise. This ease at decision making is due to being overly confident in their expertise and an inability to recognize their own ignorance.1
The tactics you will learn in this section will help you to:
20% Of respondents say their organizations excel at decision making (McKinsey, 2018).
87% “Diverse teams are 87% better at making decisions” (Upskillist, 2022).
86% of employees in leadership positions blame the lack of collaboration as the top reason for workplace failures (Upskillist, 2022).
Managers tend to rely on their own intuition which is often colored by heuristics and biases. By using a formal decision-making process, these pitfalls of intuition can be mitigated or avoided. This leads to better decisions.
First-time managers are able to apply this framework when making decision recommendations to management to increase their likelihood of success, and having a process will improve their decisions throughout their career and the financial returns correlated with them.
Employees are able to recognize bias in the workplace, even when management can’t. This affects everything from how involved they are in the decision-making process to their level of effort and productivity in implementing decisions. Without employee support, even good decisions are less likely to have positive results. Employees who perceive bias:
Innovation |
|
---|---|
Brand Reputation |
|
Engagement |
|
Learning outcomes:
Main goal: Understand how to successfully perform your role in the decision process.
Key objectives:
Info-Tech Insight
Before training a decision-making framework, ensure it is in alignment with how decisions are made in your organization. Alternatively, make sure leadership is on board with making a change.
If you are successful in your talent acquisition, you likely have a variety of personalities and diverse individuals within your IT organization and in the business, which means that conflict is inevitable. However, conflict does not have to be negative – it can take on many forms. The presence of conflict in an organization can actually be a very positive thing: the ability to freely express opinions and openly debate can lead to better, more strategic decisions being made.
The effect that the conflict is having on individuals and the work environment will determine whether the conflict is positive or counterproductive.
As a new manager you need to know how to manage potential negative outcomes of conflict by managing difficult conversations and understanding how to respond to conflict in the workplace.
The tactics you will learn in this section will help you to:
Benefits:
When you face a difficult conversation you…
40% Of employees who experience conflict report being less motivated as a result (Acas, 2021).
30.6% Of employees report coming off as aggressive when trying to resolve a conflict
(Niagara Institute, 2022).
Learning outcomes:
Main goal: Effectively manage your time and know which tasks are your priority and which tasks to delegate.
Key objectives:
Info-Tech Insight
Conflict does not have to be negative. The presence of conflict in an organization can actually be a very positive thing: the ability to freely express opinions and openly debate can lead to better, more strategic decisions being made.
How effective leaders average their time spent across the six key roles: | Leaders with effective time management skills spend their time across six key manager roles: strategy, projects, management, operations, innovation, and personal. While there is no magic formula, providing more value to the business starts with little practices like:
|
Strategy 23% | |
Projects 23% | |
Management 19% | |
Operations 19% | |
Innovation 13% | |
Personal 4% |
Too many interruptions in a day to stay focused. |
Too busy to focus on strategic initiatives. |
Spending time on the wrong things. |
Learning outcomes:
Main goal: Become a better communicator across a variety of personal styles and work contexts.
Key objectives:
Info-Tech Insight
There is a right and wrong way to manage your calendar as a first-time manager and it has nothing to do with your personal preference.
Improves culture and innovation |
Improves individual performance |
Increases employee engagement |
Increases profitability |
---|---|---|---|
Increases trust and productivity |
Enables employees to see how they contribute |
Increases ownership employees feel over their work and outcomes |
Enables employees to focus on activities that drive the business forward |
Employee empowerment is the number one driver of employee engagement. The extent to which you can hold employees accountable for their own actions and decisions is closely related to how empowered they are and how empowered they feel; accountability and empowerment go hand in hand. To feel empowered, employees must understand what is expected of them, have input into decisions that affect their work, and have the tools they need to demonstrate their talents.
Learning outcomes:
Main goal: Create a personal accountability plan and learn how to hold yourself and your team accountable.
Key objectives:
Info-Tech Insight
Accountability is about focusing on the results of a task, rather than just completing the task. Create team accountability by keeping the team focused on the result and not “doing their jobs.” First-time managers need to clearly communicate expectations and evaluation to successfully develop team accountability.
A key feature of this blueprint is built-in guidance on transferring your managers’ new knowledge into practical skills and habits they can fall back on when their job requires it.
The Participant Workbooks, one for each module, are structured around the three key principles of learning transfer to help participants optimally structure their own learning:
Info-Tech Insight
Participants should use this workbook throughout their training and continue to review it for at least three months after. Practical skills take an extended amount of time to solidify, and using the workbook for several months will ensure that participants stay on track with regular practice and check-ins.
Cultural alignment |
It is critical that the department leadership team understand and agree with the best practices being presented. Senior team leads should be comfortable coaching first-time managers in implementing the skills developed through the training. If there is any question about alignment with departmental culture or if senior team leads would benefit from a refresher course, conduct a training session for them as well. |
---|---|
Structured training |
Ensure the facilitator takes a structured approach to the training. It is important to complete all the activities and record the outputs in the workbook where appropriate. The activities are structured to ensure participants successfully use the knowledge gained during the workshop to build practical skills. |
Attendees |
Who should attend the training? Although this training is designed for first-time IT managers, you may find it helpful to run the training for the entire management team as a refresher and to get everyone on the same page about best practices. It is also helpful for senior leadership to be aware of the training because the attendees may come to their supervisors with requests to discuss the material or coaching around it. |
Info-Tech Insight
Participants should use this workbook throughout their training and continue to review it for at least three months after. Practical skills take an extended amount of time to solidify, and using the workbook for several months will ensure that participants stay on track with regular practice and check-ins.
1-3 hours
Prior to facilitating your first session, ensure you complete the following steps:
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
1-3 hours
Complete these steps in preparation for delivering the training to your first-time managers:
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
|
|
|
Outcomes of this phase:
3 hours
When you are ready, deliver the training. Ensure you complete all activities and that participants record the outcomes in their workbooks.
Tips for activity facilitation:
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
|
|
|
Outcomes of this phase:
0.5 hours
After the training, send an email to attendees thanking them for participating and summarizing key next steps for the group. Use the template below, or write your own:
“Hi team,
I want to thank you personally for attending the Communicate Effectively training module. Our group led some great discussion.
A reminder that the next time you will reconvene as a group will be on [Date] to discuss your progress and challenges to date.
Additionally, your manager is aware and supportive of the training program, so be sure to follow through on the commitments you’ve made to secure the support you need from them to build your new skills.
I am always open for questions if you run into any challenges.
Regards,
[Your name]”
Input | Output |
---|---|
|
|
Materials | Participants |
|
0.5 hours
An important part of the training is securing organizational support, which includes support from your trainees’ supervisors. After the trainees have committed to some action items to seek support from their supervisors, it is important to express your support for this and remind the supervisors of their role in guiding your first-time managers. Use the template below, or write your own, to remind your trainees’ supervisors of this at the end of training (if you are going through all three modules in a short period of time, you may want to wait until the end of the entire training to send this email):
“Hi team,
We have just completed Info-Tech’s first-time manager training with our new manager team. The trainees will be seeking your support in developing their new skills. This could be in the form of coaching, feedback on their progress, reviewing their development plan, etc.
Supervisor support is a crucial component of skill building, so I hope I can count on all of you to support our new managers in their learning. If you are not sure how to handle these requests, or would like a refresher of the material our trainees covered, please let me know.
I am always open for questions if you run into any challenges.
Regards,
[Your name]”
Input | Output |
---|---|
|
|
Materials | Participants |
|
Brad Armstrong, Senior Engineering Manager, Code42 Software I am a pragmatic engineering leader with a deep technical background, now focused on building great teams. I'm energized by difficult, high-impact problems at scale and with the cloud technologies and emerging architectures that we can use to solve them. But it's the power of people and organizations that ultimately lead to our success, and the complex challenge of bringing all that together is the work I find most rewarding. |
|
We thank the expert contributors who chose to keep their contributions anonymous. |
360Solutions, LLC. “The High Cost of Poor Communication: How to Improve Productivity and Empower Employees Through Effective Communication.” 360Solutions, 2009. Web.
Ali, M., B. Raza, W. Ali, and N. Imtaiz. Linking Managerial Coaching with Employees’ Innovative Work Behaviors through Affective Supervisory Commitment: Evidence from Pakistan. International Review of Management and Marketing, vol. 10, no. 4, 2020, pp. 11-16.
Allen, Frederick E. “The Terrible Management Technique That Cost Microsoft Its Creativity.” Forbes.com, 3 July 2012. Web.
Allen, Renee. “Generational Differences Chart.” West Midland Family Center, n.d. Web.
American Management Association. “Leading the Four Generations at Work.” American Management Association, Sept. 2014. Web.
Aminov, Iskandar, Aaron De Smet, Gregor Jost, and David Mendelsohn. “Decision making in the age of urgency.” McKinsey & Company, 30 April 2019. Web.
AON Hewitt. “Aon Hewitt Study Reveals Strong Link Between Employee Engagement and Employee Perceptions of Total Rewards. Honest Leader Communication Also Influences Engagement.” PR Newswire, 8 April 2015. Web.
Armstrong, Brad. “How to Fail as a New Engineering Manager.” Noteworthy - The Journal Blog, 19 Feb. 2018. Web.
Asmus, Mary Jo. “Coaching vs. Feedback.” Aspire-CS, 9 Dec. 2009. Web.
Baldwin, Timothy T., et al. “The State of Transfer of Training Research: Moving Toward More Consumer-Centric Inquiry.” Human Resource Development Quarterly, vol. 28, no. 1, March 2017, pp. 17-28. Crossref, doi:10.1002/hrdq.21278.
Batista, Ed. “Building a Feedback-Rich Culture from the Middle.” Ed Batista, April 2015. Web.
Bilalic, Merim, Peter McLeod, and Fernand Gobet. Specialization Effect and Its Influence on Memory and Problem Solving in Expert Chess Players. Wiley Online Journal, 23 July 2009, doi: https://doi.org/10.1111/j.1551-6709.2009.01030.x
Blume, Brian D., et al. “Transfer of Training: A Meta-Analytic Review.” Journal of Management, vol. 36, no. 4, July 2010, pp. 1065-105. Crossref, doi:10.1177/0149206309352880.
BOH Training Guide. Wild Wing, Jan. 2017. Web.
Bosler, Shana. “9 Strategies to Create Psychological Safety at Work.” Quantum Workplace, 3 June 2021. Web.
Building Communication Skills. ACQUIRE Project/EngenderHealth, n.d. Web.
Bucaro, Frank C. “The real issue in conflict is never about things…” Frank Bucaro blog, 7 March 2014. Web.
Burke, Lisa A., and Holly M. Hutchins. “Training Transfer: An Integrative Literature Review.” Human Resource Development Review, vol. 6, no. 3, Sept. 2007, pp. 263-96. Crossref, doi:10.1177/1534484307303035.
Caprino, Kathy. “Separating Performance Management from Compensation: New Trend for Thriving Organizations.” Forbes, 13 Dec. 2016. Web.
Caprino, Kathy. “Why the Annual Review Process Damages Employee Engagement.” Forbes, 1 March 2016. Web.
Carpineanu, Silvana. “7 Mistakes You Might Be Making When Writing A Meeting Agenda.” Time Doctor, 12 January 2021. Web.
Cecchi-Dimeglio, Paola. “How Gender Bias Corrupts Performance Reviews, and What to Do About It.” Harvard Business Review, 12 April 2017. Web.
Chartered Institute of Personnel and Development (CIPD). “PESTLE Analysis.” Chartered Institute of Personnel and Development, 2010. Web.
Chiaburu, Dan S., et al. “Social Support in the Workplace and Training Transfer: A Longitudinal Analysis: Social Support and Training Transfer.” International Journal of Selection and Assessment, vol. 18, no. 2, June 2010, pp. 187-200. Crossref, doi:10.1111/j.1468-2389.2010.00500.x.
Christensen, Ulrik Juul. “How to Teach Employees Skills They Don’t Know They Lack.” Harvard Business Review, 29 Sept. 2017. Web.
CIPD. “Rapid evidence assessment of the research literature on the effect of goal setting on workplace performance.” Charted Institute of Personnel and Development, Dec. 2016. Web.
CIPD. Annual Survey Report: Learning & Development 2015. Charted Institute of Personnel and Development, 2015. Web.
Communication and Organizational Skills: NPHW Training Manual. Population Health Research Institute (PHRI), 17 Sept. 2015. Web.
Cookson, Phil. “It’s time to see performance management as a benefit, not a burden.” CIPD. 17 March 2017. Web.
Communication Statistics 2021. Project.co, 2021. Web.
Connors, Roger. “Why Accountability?” The Oz Principle, Partners In Leadership, 2014.
Coutifaris, Constantinos G. V., and Adam M. Grant “Taking Your Team Behind the Curtain: The Effects of Leader Feedback-Sharing and Feedback-Seeking on Team Psychological Safety.” Organization Science, vol. 33,
no. 4, 2021, pp. 1574-1598. https://doi.org/10.1287/orsc.2021.1498
Coy, Charles. “Peer Feedback: 6 Tips for Successful Crowdsourcing.” Rework, 25 June 2014. Web.
“CQ Learn What Really Matters.” CQ Evidence-Based Management Learning Platform, n.d. Web.
Darwant, Sarah. Coaching Training Course Book. Elite Training, 2012. Web.
De Smet, Aaron, et al. How Companies Manage the Front Line Today: McKinsey Survey Results. McKinsey, Feb. 2010. Web.
DeNault, Charles. “Employee Coaching Survey Results: Important and Engaging.” Saba, 22 April 2015. Web.
Dermol, Valerij, and Tomaž Čater. “The Influence of Training and Training Transfer Factors on Organisational Learning and Performance.” Personnel Review, vol. 42, no. 3, April 2013, pp. 324–48. Crossref, doi:10.1108/00483481311320435.
dgdotto. “Fail to Plan, Plan to Fail.” visual.ly, 30 April 2013. Web.
Duggan, Kris. “Why the Annual Performance Review is Going Extinct.” Fast Company, 20 Oct. 2015. Web.
Duhigg, Charles. “What Google Learned From Its Quest to Build the Perfect Team.” The New York Times, 25 Feb. 2016. Web.
Earley, P. Christopher, and Randall S. Peterson. “The Elusive Cultural Chameleon: Cultural Intelligence as a New Approach to Intercultural Training for the Global Manager.” Academy of Management Learning & Education, vol. 3, no. 1, March 2004, pp. 100-15. Crossref, doi:10.5465/amle.2004.12436826.
Edmondson, Amy. “Psychological Safety and Learning Behavior in Work Teams.” Administrative Science Quarterly, vol. 44, no. 2, June 1999, pp. 350-383. Web.
“Effective Employee Communications Fosters Corporate Reputation.” The Harris Poll, 10 June 2015. Web.
Eichenwald, Kurt. “How Microsoft Lost its Mojo: Steve Ballmer and Corporate American’s Most Spectacular Decline.” Vanity Fair, 24 July 2012. Web.
Essential Supervisory Skills. University of Washington, 2016. Web.
“Estimating the Costs of Workplace Conflict.” Acas, 11 May 2021. Web.
Falcone, Paul. “Viewpoint: How to Redesign Your Performance Appraisal Template.” Society for Human Resource Management, 7 June 2017. Web.
Fermin, Jeff. “Statistics On The Importance Of Employee Feedback.” Officevibe, 7 Oct. 2014. Web.
Filipkowski, Jenna, et al. Building a Coaching Culture with Millennial Leaders. Human Capital Institute, 18 Sept. 2017. Web.
First Time Manager Training to Help New Managers Develop Essential Skills. The Ken Blanchard Companies, n.d. Web.
Fisher, Dan. Feedback vs. Coaching, What’s the Difference? Menemsha Group, 28 June 2018. Web.
Freedman, Erica. “How to Build an Internal Leadership Development Program.” Chief Executive, 2016. Web.
"Futureproof Your Organization with These 8 Manager Effectiveness Metrics.” Visier Inc., 8 Aug. 2017. Web.
Gallo, Amy. “How to Manage Your Former Peers.” Harvard Business Review, Dec. 2012. Web.
Gandhi, Vipula. “Want to Improve Productivity? Hire Better Managers.” Gallup, 3 Aug. 2018. Web.
Gallup. State of the Global Workplace. 1st edition, Gallup Press, 2017. Web.
Global Workplace Analytics. “Latest Telecommuting Statistics.” Global Workplace Analytics. Sept. 2013. Web.
Goldsmith, Marshall. “Try Feedforward Instead of Feedback.” Leader to Leader Institute, 5 April 2011. Web.
Goldsmith, Marshall. "11 Guidelines for Influencing Top Decision Makers." Marshall Goldsmith, n.d. Web.
Goldsmith, Marshall. "I Know Less Than You Do – and It’s Okay!" Marshall Goldsmith, n.d. Web.
Goldsmith, Marshall. "Is It Worth It to Add Value? Not Always." Marshall Goldsmith, n.d. Web.
Goler, L., J. Gale, and A. Grant. “Let’s Not Kill Performance Evaluations Yet.” Harvard Business Review, Nov. 2016. Web.
Good Manager, Bad Manager. Grovo, 2016. Web.
Google People Operations. “Guide: Understand Team Effectiveness.” Google, n.d. Web.
Google’s New Manager Student Workbook. re:Work with Google, n.d. Web.
Google’s New Manager Training Facilitator Guide. re:Work with Google, n.d. Web.
Gossen, Paul. A Coaching Culture Transformation ~ Case Study. Athena Training and Consulting, 1 April 2011. Web.
Goudreau, Jenna. “How to Communicate in the New Multi-Generational Office.” Forbes Magazine, Feb. 2013. Web.
Govaerts, Natalie, and Filip Dochy. “Disentangling the Role of the Supervisor in Transfer of Training.” Educational Research Review, vol. 12, June 2014, pp. 77-93. Crossref, doi:10.1016/j.edurev.2014.05.002.
Grenchus, Gabrielle. “Keep employees engaged with clear priorities and crowdsourced recognition.” IBM thinkLeaders. 8 June 2015. Web.
Grossman, Rebecca, and Eduardo Salas. “The Transfer of Training: What Really Matters: The Transfer of Training.” International Journal of Training and Development, vol. 15, no. 2, June 2011, pp. 103-20. Crossref, doi:10.1111/j.1468-2419.2011.00373.x.
Grote, Dick. “3 Popular Goal-Setting Techniques Managers Should Avoid.” Harvard Business Review. 2 Jan. 2017. Web.
Hall, John. “Why Accountability Is Vital To Your Company.” Forbes, 6 Oct. 2019. Web.
Hancock, Bryan, et al. “The Fairness Factor in Performance Management.” McKinsey, 5 April 2018. Web.
Harkins, Phil. “10 Leadership Techniques for Building High-Performing Teams.” Linkage Inc., 2014. Web.
HCI. Building a Coaching Culture with Managers and Leaders. Human Capital Institute, 2016. Web.
Heathfield, Susan M. “Tips to Create Successful Performance Appraisal Goals.” The Balance, Aug. 2016. Web.
Hills, Jan. Brain-Savvy Business: 8 Principles From Neuroscience and How to Apply Them. Head Heart + Brain, 2016. Print.
Hoffman, Mitchell, and Steven Tadelis. People Management Skills, Employee Attrition, and Manager Rewards: An Empirical Analysis. p. 96.
“How to Create an Effective Feedback Culture.” eXplorance Inc. Feb. 2013. Web.
“Importance of Performance Management Process & Best Practices To Optimize Monitoring Performance Work Reviews/Feedback and Goal Management.” SAP Success Factors, n.d. Web.
Jacobson, Darcy. “How Bad Performance Management Killed Microsoft’s Edge.” Globoforce Blog, 5 July 2012. Web.
Jaidev, Uma Pricilda, and Susan Chirayath. Pre-Training, During-Training and Post-Training Activities as Predictors of Transfer of Training. no. 4, 2012, p. 18.
Jensen, Michael C. “Paying People to Lie: The Truth about the Budgeting Process.” European Financial Management, vol. 9, no. 3, 2003, pp. 379-406. Print.
Kahneman, Daniel, and Ram Charan. HBR's 10 Must Reads on Making Smart Decisions. Harvard Business Review, 26 March 2013. Ebook.
Kirkpatrick, J., and W. Kirkpatrick. “The Kirkpatrick Four Levels: A Fresh Look After 50 Years 1959-2009.” Kirkpatrickpartners.com, 2009. Web.
Kirwan, Cyril. Improving Learning Transfer. Routledge, 2016.
Kline, Theresa J.B., and Lorne M. Sulsky. “Measurement and Assessment Issues in Performance Appraisal.” Canadian Psychology, vol. 50, no. 3, 2009, pp. 161-171. Proquest. Web.
Kowalski, Kyle. “Create a Daily Routine with Calendar Time Blocking (+ 7 Pro Tips).” Sloww, 29 May 2018. Web.
Krentz, Susanna E., et al. ”Staying on Course with Strategic Metrics.” Healthcare Financial Management, vol. 60, no. 5, 2006, pp. 86-94. Proquest. Web.
Kuligowski, Kiely. Tips for First-Time Managers. 15 Feb. 2019. Web.
Laker, Dennis R., and Jimmy L. Powell. “The Differences between Hard and Soft Skills and Their Relative Impact on Training Transfer.” Human Resource Development Quarterly, vol. 22, no. 1, March 2011, pp. 111-22. Crossref, doi:10.1002/hrdq.20063.
Lawrence, Paul. “Managerial coaching – A literature review.” International Journal of Evidence Based Coaching and Mentoring, vol. 15, no. 2, 2017, pp. 43-66. Web.
Ledford, Gerald E. Jr., George Benson, and Edward E. Lawler III. “Cutting-Edge Performance Management.” WorldatWork Research, Aug. 2016. Web.
Lee, W.R.; Choi, S.B.; Kang, S.-W. How Leaders’ Positive Feedback Influences Employees’ Innovative Behavior: The Mediating Role of Voice Behavior and Job Autonomy. Sustainability, vol. 13, no. 4, 2021, pp. 1901. https://doi.org/10.3390/su13041901
Leopold, Till Alexander, Vesselina Ratcheva, and Saadia Zahidi. The Future of Jobs. World Economic Forum, 2016. Web.
Levy, Dan. “How to Build a Culture That Embraces Feedback.” Inc. Magazine, March 2014. Web.
Lighthouse Research & Advisory. “Insights from the CHRO Panel at Workhuman 2017.” Lighthouse Research & Advisory, June 2017. Web.
Lipman, Victor. “For New Managers, Boundaries Matter (A Lot).” Forbes, 19 March 2018. Web.
Lipman, Victor. “The Hardest Thing For New Managers.” Forbes, 1 June 2016. Web.
Lipman, Victor. “The Move To New Manager May Be The Hardest Transition In Business.” Forbes, 2 Jan. 2018. Web.
Lyons, Rich. “Feedback: You Need To Lead It.” Forbes, 10 July 2017. Web.
“Managing Email Effectively.” MindTools, n.d. Web.
Managing Performance Workbook. Trainer Bubble, 16 Feb. 2013. Web.
Mayfield, Clifton, et al. “Psychological Collectivism and Team Effectiveness: Moderating Effects of Trust and Psychological Safety.” Journal of Organizational Culture, Communications and Conflict, vol. 20, no. 1, Jan. 2016, pp. 78-94. Web.
McAlpin, Kevin and Hans Vaagenes. “Critical Decision Making.” Performance Coaching International. 17 Nov. 2017. Web.
McCoy, Jim. “How to Align Employee Performance with Business Strategy.” Workforce Management, vol. 86, no. 12, 2007, pp. S5. Proquest. Web.
“Measuring Time-To-Full Productivity.” FeverBee, n.d. Web.
Meister, Jeanne. The 2020 Workplace: How Innovative Companies Attract, Develop, and Keep Tomorrow's Employees Today. HarperBusiness, 2010. Print.
Meyer, Erin. “The Four Keys To Success With Virtual Teams.” Forbes Magazine, 19 Aug. 2010. Web.
Morris, Donna. “Death to the Performance Review: How Adobe Reinvented Performance Management and Transformed Its Business.” WorldatWork, 2016, p. 10. Web.
Myers-Briggs Company. “New Research: Time Spent on Workplace Conflict Has Doubled Since 2008.” Yahoo! Finance, 18 Oct. 2022. Web.
Murdoch, Elisabeth. “Elisabeth Murdoch's MacTaggart lecture: full text.” The Guardian, 23 Aug. 2012. Web.
NASA Governance and Strategic Management Handbook (NPD 1000.0B). NASA, June 2014. Web.
NASA Space Flight Program and Project Management Handbook (NASA/SP-2014-3705). NASA, Sept. 2014. Web.
New Manager Training: Management & Leadership Skills. Schulich School of Business, n.d. Web.
O’Hanlon, Margaret. “It’s a Scandal! Manager Training Exposed! [Implementation Part 4].” Compensation Cafe, 16 Feb. 2012. Web.
Ordonez, Lisa D., et al. “Goals Gone Wild: The Systematic Side Effects of Over-Prescribing Goal Setting.” Social Science Research Network. Harvard Business School, 11 Feb. 2009. Web.
Paczka, Nina. “Meeting in the Workplace | 2023 Statistics.” LiveCareer, 25 July 2022. Web.
Pavlou, Christina. “How to Calculate Employee Turnover Rate | Workable.” Recruiting Resources: How to Recruit and Hire Better, 13 July 2016. Web.
Performance Management 101 Workbook. Halogen Software, 2015. Web.
Personal Development and Review. Oxford Learning Institute, n.d. Web.
Personal Development Plan. MindTools, 2014. Web.
Porath, Christine, et al. “The Effects of Civility on Advice, Leadership, and Performance.” Journal of Applied Psychology, vol. 44, no. 5, Sept. 2015, pp. 1527-1541. Web.
Project Management Institute. “PMI’s Pulse of The Profession: In-Depth Report.” PMI, May 2013. Web. June 2015.
Quay, C. C., and A. Yusof. “The influence of employee participation, rewards and recognition, job security, and performance feedback on employee engagement.” Issues and Perspectives in Business and Social Sciences, vol. 2, no. 1, 2022, pp. 20. https://doi.org/10.33093/ipbss.2022.2.1.3
Quinn, R. E., and J. Rohrbaugh. “A spatial model of effectiveness criteria: Towards a competing values approach to organizational analysis.” Management Science, vol. 29, 1983, pp. 363–377.
Re:Work Guide: Develop and Support Managers. re:Work with Google, n.d. Web.
Reardon, Kathleen Kelley. “7 Things to Say When a Conversation Turns Negative.” Harvard Business Review, 11 May 2016. Web.
Reh, F. John. “Here Is a List of Mistakes New Managers Make and How to Avoid Them.” The Balance Careers, 30 Dec. 2018. Web.
Richards, Leigh. “Why Is Employee Empowerment a Common Cornerstone of Organizational Development & Change Programs?” Houston Chronicle, Hearts Newspapers, LLC. 5 July 2013. Web.
Robson, Fiona. Southwood School – A Case Study: Performance Management Systems. Society for Human Resource Management, 2009. Crossref, doi:10.4135/9781473959552.
Rock, David, and Beth Jones. “Why More and More Companies are Ditching Performance Ratings.” Harvard Business Review, 8 Sept. 2015. Web.
Rock, David. “SCARF: A Brain-Based Model for Collaborating With and Influencing Others.” NeuroLeadership Journal, 2008. Web..
Romão, Soraia, Neuza Ribeiro, Daniel Roque Gomes, and Sharda Singh. “The Impact of Leaders’ Coaching Skills on Employees’ Happiness and Turnover Intention.” Administrative Sciences, vol. 12, no. 84, 2022. https://doi.org/10.3390/ admsci12030084
Romero, Joseluis. “Yes - you can build a feedback culture.” Skills 2 Lead, Aug. 2014. Web.
Runde, Craig E., and Tim A. Flanagan. “Conflict Competent Leadership.” Leader to Leader, Executive Forum, Winter 2008. PDF.
Saks, Alan M., and Lisa A. Burke-Smalley. “Is Transfer of Training Related to Firm Performance?: Transfer and Firm Performance.” International Journal of Training and Development, vol. 18, no. 2, June 2014, pp. 104–15. Crossref, doi:10.1111/ijtd.12029.
Saks, Alan M., et al. “The Transfer of Training: The Transfer of Training.” International Journal of Training and Development, vol. 18, no. 2, June 2014, pp. 81–83. Crossref, doi:10.1111/ijtd.12032.
Salomonsen, Summer. Grovo’s First-Time Manager Microlearning® Program Will Help Your New Managers Thrive in 2018. Grovo, 2018. Web.
Schwartz, Dan. “3 Topics Every New Manager Training Should Include.” Training Industry, 12 April 2017. Web.
Scott, Dow, Tom McMullen, and Mark Royal. “Retention of Key Talent and the Role of Rewards.” WorldatWork, June 2012. Web.
“Seeking Agility in Performance Management.” Human Resource Executive, 2016. Web.
“Should You Always Involve Your Team in Decision Making?” Upskillist, 25 April 2022. Web.
“SHRM Workplace Forecast.” The Top Workplace Trends According to HR Professionals, May 2013. Web.
Singhal, Nikhyl. “Eight Tips for First Time Managers.” Medium, 20 Aug. 2017. Web.
Singhania, Prakriti, et al. “2020 Global Marketing Trends.” Deloitte, 2019. Web.
SMART Goals: A How to Guide. University of California, n.d. Web.
Smith, Benson, and Tony Rutigliano. “Scrap Your Performance Appraisal System.” Gallup, 2002. Article.
“State of the Modern Meeting 2015.” BlueJeans, Aug. 2015. Web.
Sternberg, Larry, and Kim Turnage. “Why Make Managers A Strategic Priority?” Great Leadership, 12 Oct. 2017. Web.
Sullivan, Dr. John. “Facebook’s Difference: A Unique Approach For Managing Employees.”TLNT, Sept. 2013. Web.
Tal, David. “A 'Culture of Coaching' Is Your Company's Most Important Ingredient for Success.” Entrepreneur, 27 Sept. 2017. Web.
Tenut, Jeff. “How Management Development Training Reduces Turnover.” DiscoverLink, 3 July 2018. Web.
“The 5 Biggest Biases That Affect Decision-Making.” NeuroLeadership Institute, 2 August 2022. Web.
“The Different Impact of Good and Bad Leadership.” Barna Group, 2015. Web.
“The Engaged Workplace.” Gallup, 2017. Web.
“The Individual Development Plan Guide.” Wildland Fire Leadership Development Program, April 2010, p. 15.
The State of Business Communication. Grammarly, 2022. Web.
Thomas, Kenneth. “Conflict and Conflict Management.” The Handbook of Industrial and Organizational Psychology, Rand McNally, 1976. In “The Five Conflict-Handling Modes.” The Myers Briggs Company, n.d. PDF.
Thompson, Rachel. “What Is Stakeholder Management?” MindTools, n.d. Web.
Tollet, Francoise. “Distracted? Learn how to (re)focus.” Business Digest, 12 July 2021. Podcast.
Tonhauser, Cornelia, and Laura Buker. Determinants of Transfer of Training: A Comprehensive Literature Review, p. 40.
Towers Watson. “Clear Direction in a Complex World: How Top Companies Create Clarity, Confidence and Community to Build Sustainable Performance.” Change and Communication ROI Study Report, 2011-2012. Web.
Trudel, Natalie. “Improve Your Coaching Skills by Understanding the Psychology of Feedback.” TLNT, 12 July 2017. Web.
“Understanding When to Give Feedback.” Harvard Business Review, Dec. 2014. Web.
Vacassin, Daniel. “There are no 'good' performance management systems – there are just good line managers.” LinkedIn, 4 Oct. 2016. Web.
van der Locht, Martijn, et al. “Getting the Most of Management Training: The Role of Identical Elements for Training Transfer.” Personnel Review, vol. 42, no. 4, May 2013, pp. 422–39. Crossref, doi:10.1108/PR-05-2011-0072.
Vaughan, Liam. “Banks Find New Ways to Measure Staff.” Financial News, 10 Jan. 2011. Web.
Watkins, Michael, et al. “Hit the Ground Running:Transitioning to New Leadership Roles.” IMD Business School, May 2014. Web.
Whitney, Kelley. “Kimberly-Clark Corp.: Redesigning Performance Management.” Talent Management Magazine, vol. 2, no. 1, 2006. Web.
“Whole Foods 2015 Report.” The Predictive Index, n.d. Web.
“Whole Foods Market Reports Fourth Quarter and Fiscal Year 2016 Results.” Whole Foods, 2 Feb. 2016. Web.
Wisniewski, Dan. “Here's why everybody hates meetings.” HR Morning, 14 Dec. 2012. Web.
Woolum, Janet, and Brent Stockwell. Aligning Performance Measurement to Mission, Goals, and Strategy Workbook. Arizona State University, Jan. 2016. Web.
Worall, Les, et al. The Quality of Working Life. Chartered Management Institute, 2016. Web.
“Workplace Conflict Statistics: How We Approach Conflict at Work.” Niagara Institute, 11 Aug. 2022. Web.
“You Waste a Lot of Time at Work Infographic.” Atlassian, 23 August 2012. Web.
Zenger, Jack, and Joe Folkman. “Feedback: The Leadership Conundrum.” Talent Quarterly: The Feedback Issue, 2015. Web.
Zuberbühler, P., et al. “Development and validation of the coaching-based leadership scale and its relationship with psychological capital, work engagement, and performance.” Current Psychology, vol. 42, no. 10, 2021, pp. 1-22.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify data integration pains and needs and use them to collect effective business requirements for the integration solution.
Determine technical requirements for the integration solution based on the business requirement inputs.
Determine your need for a data integration proof of concept, and then design the data model for your integration solution.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Explain approach and value proposition.
Review the common business drivers and how the organization is driving a need to optimize data integration.
Understand Info-Tech’s approach to data integration.
Current integration architecture is understood.
Priorities for tactical initiatives in the data architecture practice related to integration are identified.
Target state for data integration is defined.
1.1 Discuss the current data integration environment and the pains that are felt by the business and IT.
1.2 Determine what the problem statement and business case look like to kick-start a data integration improvement initiative.
1.3 Understand data integration requirements from the business.
Data Integration Requirements Gathering Tool
Understand what the business requires from the integration solution.
Identify the common technical requirements and how they relate to business requirements.
Review the trends in data integration to take advantage of new technologies.
Brainstorm how the data integration trends can fit within your environment.
Business-aligned requirements gathered for the integration solution.
2.1 Understand what the business requires from the integration solution.
2.2 Identify the common technical requirements and how they relate to business requirements.
Data Integration Requirements Gathering Tool
Data Integration Trends Presentation
Learn about the various integration patterns that support organizations’ data integration architecture.
Determine the pattern that best fits within your environment.
Improvement initiatives are defined.
Improvement initiatives are evaluated and prioritized to develop an improvement strategy.
A roadmap is defined to depict when and how to tackle the improvement initiatives.
3.1 Learn about the various integration patterns that support organizations’ data integration architecture.
3.2 Determine the pattern that best fits within your environment.
Integration Reference Architecture Patterns
Data Integration POC Template
Data Integration Mapping Tool
"Point-to-point integration is an evil that builds up overtime due to ongoing business changes and a lack of integration strategy. At the same time most businesses are demanding consistent, timely, and high-quality data to fuel business processes and decision making.
A good recipe for successful data integration is to discover the common data elements to share across the business by establishing an integration platform and a canonical data model.
Place yourself in one of our use cases and see how you fit into a common framework to simplify your problem and build a data-centric integration environment to eliminate your data silos."
Rajesh Parab, Director, Research & Advisory Services
Info-Tech Research Group
Data is one of the most important assets in a modern organization. Contained within an organization’s data are the customers, the products, and the operational details that make an organization function. Every organization has data, and this data might serve the needs of the business today.
However, the only constant in the world is change. Changes in addresses, amounts, product details, partners, and more occur at a rapid rate. If your data is isolated, it will quickly become stale. Getting up-to-date data to the right place at the right time is where data-centric integration comes in.
"Data is the new oil." – Clive Humby, Chief Data Scientist Source: Medium, 2016
To keep up with increasing business demands and profitability targets and decreasing cost targets, organizations are processing and exchanging more data than ever before.
To get more value from their information, organizations are relying on more and more complex data sources. These diverse data sources have to be properly integrated to unlock the full potential of your data:
The most difficult integration problems are caused by semantic heterogeneity (Database Research Technology Group, n.d.).
80% of business decisions are made using unstructured data (Concept Searching, 2015).
85% of businesses are struggling to implement the correct integration solution to accurately interpret their data (KPMG, 2014).
Integrating large volumes of data from the many varied sources in an organization has incredible potential to yield insights, but many organizations struggle with creating the right structure for that blending to take place, and data silos form.
Data-centric integration capabilities can break down organizational silos. Once data silos are removed and all the information that is relevant to a given problem is available, problems with operational and transactional efficiencies can be solved, and value from business intelligence (BI) and analytics can be fully realized.
Data has massive potential to bring insight to an organization when combined and analyzed in creative ways.
It is difficult to bring data together from different sources to generate insights and prevent stale data.
Answer: Info-Tech’s Data Integration Onion Framework summarizes an organization’s data environment at a conceptual level, and is used to design a common data-centric integration environment.
59% Of managers said they experience missing data every day due to poor distribution results in data sets that are valuable to their central work functions. (Experian, 2016)
42% Reported accidentally using the wrong information, at least once a week. (Computerworld, 2017)
37% Of the 85% of companies trying to be more data driven, only 37% achieved their goal. (Information Age, 2019)
"I never guess. It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts." – Sir Arthur Conan Doyle, Sherlock Holmes
90% Of all company generated data is “dark.” Getting value out of dark data is not difficult or costly. (Deloitte Insights, 2017)
5% As data sits in a database, up to 5% of customer data changes per month. (Data.com, 2016)
"Most traditional machine learning techniques are not inherently efficient or scalable enough to handle the data. Machine learning needs to reinvent itself for big data processing primarily in pre-processing of data." – J. Qiu et al., 2016
1. Disconnect from the business
Poor understanding of the integration problem and requirements lead to integrations being built that are not effective for quality data.
50% of project rework is attributable to problems with requirements. (Info-Tech Research Group)
45% of IT professionals admit to being “fuzzy” about the details of a project’s business objectives. (Blueprint Software Systems Inc., 2012)
2. Lack of strategy
90% Of organizations will lack an integration strategy through to 2018. (Virtual Logistics, 2017)
Integrating data without a long-term plan is a recipe for point-to-point integration spaghettification:
3. Data complexity
Data architects and other data professionals are increasingly expected to be able to connect data using whatever interface is provided, at any volume, and in any format – all without affecting the quality of the data.
36% Of developers report problems integrating data due to different standards interpretations. (DZone, 2015)
Most organizations don’t have the foresight to design their architecture correctly the first time. In a perfect world, organizations would design their application and data architecture to be scalable, modular, and format-neutral – like building blocks.
Benefits of a loosely coupled architecture:
However, this is rarely the case. Most architectures are more like a brick wall – permanent, hard to add to and subtract from, and susceptible to weathering.
Problems with a tightly coupled architecture:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
From choosing the right data for the right problem to evaluating your progress toward data-driven people decisions, follow these steps to build your foundation to people analytics.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the importance of developing an enterprise application CoE, define its scope, and identify key stakeholders.
Gather high-level requirements to determine the ideal future state.
Assess the required capabilities to reach the ideal state CoE.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand the importance of developing a CoE for enterprise applications.
Determine how to best align the CoE mandate with business objectives.
Complete a CoE project charter to gain buy-in, build a project team, and track project success.
Key stakeholders identified.
Project team created with defined roles and responsibilities.
Project charter finalized to gain buy-in.
1.1 Evaluate business needs and priorities.
1.2 Identify key stakeholders and the project team.
1.3 Align CoE with business priorities.
1.4 Map current state CoE.
Project vision
Defined roles and responsibilities
Strategic alignment of CoE and the business
CoE current state schematic
Gain a thorough understanding of pains related to the lack of application governance.
Identify and recycle existing CoE practices.
Visualize the CoE enhancement process.
Visualize your ideal state CoE.
Requirements to strengthen the case for the enterprise application CoE.
CoE value-add refinery.
Future potential of the CoE.
2.1 Gather requirements.
2.2 Map the CoE enhancement process.
2.3 Sketch future state CoE.
Classified pains, opportunities, and existing practices
CoE refinery model
Future state CoE sketch
Assess required capabilities and resourcing.
List and prioritize CoE initiatives.
Track and monitor CoE performance.
Next steps for the enterprise application CoE.
CoE resourcing plan.
CoE benefits realization tracking.
3.1 Build CoE capabilities.
3.2 Identify risks and mitigation efforts.
3.3 Prioritize and track CoE initiatives.
3.4 Finalize stakeholder presentation.
CoE potential capabilities
Risk management plan
CoE initiatives roadmap
CoE stakeholder presentation
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define the current state of your data protection practices by documenting the backup process and identifying problems and opportunities for the desired state.
Understand the business priorities.
Determine the desired state.
Explore the component of governance required.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Push the boundaries of conventional thinking and consider IT innovations that truly transform the business.
A list of innovative IT opportunities that your IT department can use to transform the business
1.1 Discuss the objectives of ARP and what they mean to IT departments.
1.2 Identify drivers for change.
1.3 Review IT strategy.
1.4 Augment your IT opportunities list.
Revised IT vision
List of innovative IT opportunities that can transform the business
Partner with the business to reprioritize projects and initiatives for the post-pandemic world.
Assessment of the organization’s new and existing IT opportunities and alignment with business objectives
2.1 Assess alignment of current and new IT initiatives with business objectives.
2.2 Review and update prioritization criteria for IT projects.
Preliminary list of IT initiatives
Revised project prioritization criteria
Identify IT budget deficits resulting from pandemic response and discover opportunities to support innovation through new staff and training.
Prioritized shortlist of business-aligned IT initiative and projects
3.1 Classify initiatives into project categories using ROM estimates.
3.2 Identify IT budget needs for projects and ongoing services.
3.3 Identify needs for new staff and skills training.
3.4 Determine business benefits of proposed projects.
3.5 Prioritize your organization’s projects.
Prioritized shortlist of business-aligned IT initiatives and projects
Tie IT expenditures to direct transfers or link them to ARP grant opportunities.
Action plan to obtain ARP funding
4.1 Tie projects to direct transfers, where applicable.
4.2 Align list of projects to indirect ARP grant opportunities.
4.3 Develop an action plan to obtain ARP funding.
4.4 Discuss required approach to project governance.
Action plan to obtain ARP funding
Project governance gaps
As a software space, strategic portfolio management lacks a unified definition. In the same way that it took many years for project portfolio management to stabilize as a concept distinct from traditional enterprise project management, strategic portfolio management is experiencing a similar period of formational uncertainty. Unpacking what’s truly new and valuable in helping to define strategy and drive strategic outcomes versus what’s just repackaged as SPM is an important first step, but it's not an easy undertaking.
In this concise publication, we will cut through the marketing to unpack what strategic portfolio management is, and what makes it distinct from similar capabilities. We’ll help to situate you in the space and assess the extent to which your tooling needs can be met by a strategic portfolio management offering.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
In this concise publication we introduce you to strategic portfolio management and consider the extent to which your organization can leverage an SPM application to help drive strategic outcomes.
Use this Excel workbook to determine if your organization can benefit from the features and functionality of an SPM approach or whether you need something more like a traditional project portfolio management tool.
Travis Duncan
Research Director, PPM and CIO Strategy
Info-Tech Research Group
While the market is eager to get users into what they're calling "strategic portfolio management," there's a lot of uncertainty out there about what this market is and how it's different from other, more established portfolio disciplines – most significantly, project portfolio management.
Indeed, if you look at how the space is covered within the industry, you'll encounter a dog's breakfast of players, a comparison of apples and oranges: Jira in the same quadrants as Planisware, Smartsheets in the same profiles as Planview and ServiceNow. While each of the individual players is impressive, their areas of focus are unique and the extent to which they should be compared together under the category of strategic portfolio management is questionable.
It speaks to some of the grey area within the SPM space more generally, which is at a bit of a crossroads: Will it formally shed the guardrails of its antecedents to become its own space, or will it devolve into a bait and switch through which capabilities that struggled to gain much traction beyond IT settings seek to infiltrate the business and grow their market share under a different name?
Part of it is up to the rest of us as users and potential customers. Clarifying what we need before we jump into something simply because our prior attempts failed will help determine whether we need a unique space for strategic portfolio management or whether we simply need to do portfolio management more strategically.
Your Challenge | Common Obstacles | Info-Tech's Approach |
|
|
|
Info-Tech Insight
In the same way that it took many years for PPM to stabilize as a concept distinct from traditional enterprise project management, strategic portfolio management is experiencing a similar period of formational uncertainty. In a space that can be all things to all users, clarify your actual needs before jumping onto a bandwagon and ending up with something that you don't need, and that the organization can't adopt.
While the concept of 'strategic portfolio management' has been written about within project portfolio management circles for nearly 20 years, SPM, as a distinct organizational competence and software category, is a relatively new and largely vendor-driven capability.
First emerging in the discourse during the mid-to-late 2010s, SPM has evolved from its roots in traditional enterprise project portfolio management. Though, as we will discuss, it has other antecedents not limited to PPM.
In this publication, we'll unpack what SPM is, how it is distinct (and, in turn, how it is not distinct) from PPM and other capabilities, and we will consider the extent to which your organization can and should leverage an SPM application to help drive strategic outcomes.
–The increasing need to deliver value from digital initiatives is giving rise to strategic portfolio management, a digital investment management discipline that enables strategy realization in complex dynamic environments."
– OnePlan, "Is Strategic Portfolio Management the Future of PPM?"
Only 2% of business leaders are confident that they will achieve 80% to 100% of their strategic objectives.
Source: Smith, 2022
SPM is a new stage in the history of project portfolio management more generally. While it's emerging as a distinct capability, and it borrows from capabilities beyond PPM, unpacking its distinctiveness is best done by first understanding its source.
Triggers for the emergence of strategic portfolio management in the discourse include the pace of technology-introduced change, the waning of enterprise project management, and challenges around enterprise PPM tool adoption.
Project Portfolio Management | Differentiator | Strategic Portfolio Management |
---|---|---|
Work-Level (Tactical) | Primary Orientation | High-Level (Strategic) |
CIO | Accountable for Outcomes | CxO |
Project Manager | Responsible for Outcomes | Product Management Organization |
Project Managers, PMO Staff | Targeted Users | Business Leaders, ePMO Staff |
Project Portfolio(s) | Essential Scope | Multi-Portfolio (Project, Application, Product, Program, etc.) |
IT Project Delivery and Business Results Delivery | Core Focus | Business Strategy and Change Delivery |
Project Scope | Change Impact Sensitivity | Enterprise Scope |
IT and/or Business Benefit | Language of Value | Value Stream |
Project Timelines | Main View | Strategy Roadmaps |
Resource Capacity | Primary Currency | Money |
Work-Assignment Details | Modalities of Planning | Value Milestones & OKRs |
Work Management | Modalities of Execution | Governance (Project, Product, Strategy, Program, etc.) |
Project Completion | Definitions of "Done" | Business Capability Realization |
Info-Tech Insight
The distinction between the two capabilities is not necessarily as black and white as the table above would have it (some "PPM" tools offer what we're identifying above as "SPM" capabilities), but it can be helpful to think in these binaries when trying to distinguish the two capabilities. At the very least, SPM broadens its scope to target more executive and business users, and functions best when it's speaking at a higher level, to a business audience.
Perhaps the biggest evolution from traditional PPM that strategic portfolio management promises is that it casts a wider net in terms of the types of work it tracks (and how it tracks that work) and the types of portfolios it accommodates.
Not bound to the concepts of "projects" and a "project portfolio" specifically, SPM broadens its scope to encompass capabilities like product and product portfolio management, enterprise architecture management, security and risk management, and more.
"An SPM tool will capture business strategy, business capabilities, operating models, the enterprise architecture and the project portfolio with unmatched visibility into how they all relate. This will give...a robust understanding of the impact of a proposed IT change " and enable IT and business to act like cocreators driving innovation."
– Paula Ziehr
Sixty one percent of leaders acknowledge their companies struggle to bridge the gap between creating a strategy and executing on that strategy.
Source: StrategyBlocks, 2020
ePMO or Strategy Realization Office | Senior Leadership and Executive Stakeholders | Business Leads and IT Directors and Managers |
---|---|---|
SPM tools are best facilitated through enterprise PMOs or strategy realization offices. After all, in enterprises, these are the entities charged with the planning, execution, and tracking of strategy.
Their roles within the tool typically entail:
|
As those with the accountability and authority to drive the organization's strategy, you could argue that these stakeholders are the primary stakeholders for an SPM tool.
Their roles within the tool typically entail:
|
SPM targets more business users as well as senior IT managers and directors.
Their roles within the tool typically entail:
|
Name | Description |
Analytics and Reporting | SPM should provide access to real-time dashboards and data interpretation, which can be exported as reports in a range of formats. |
Strategy Mapping and Road Mapping | SPM should provide access to up-to-date timeline views of strategies and initiatives, including the ability to map such things as dependencies, market needs, funding, priorities, governance, and accountabilities. |
Value Tracking and Measurement | SPM should include the ability to forecast, track, and measure return on investment for strategic investments. This includes accommodations for various paradigms of value delivery (e.g. traditional value delivery and measurement, OKRs, as well as value mapping and value streams). |
Ideation and Innovation Management | SPM should include the ability to facilitate innovation management processes across the organization, including the ability to support stage gates from ideation through to approval; to articulate, socialize, and test ideas; perform impact assessments; create value canvas and OKR maps; and prioritize. |
Multi-Portfolio Management | SPM should include the ability to perform various modalities of portfolio management and portfolio optimization, including project portfolio management, applications portfolio management, asset portfolio management, etc. |
Interoperability/APIs | An SPM tool should enable seamless integration with other applications for data interoperability. |
Name | Description |
Product Management | SPM can include product-management-specific functionality, including the ability to connect product families, roadmaps, and backlogs to enterprise goals and priorities, and track team-level activities at the sprint, release, and campaign levels. |
Enterprise Architecture Management | SPM can include the ability to define and map the structure and operation of an organization in order to effectively coordinate various domains of architecture and governance (e.g. business architecture, data architecture, application architecture, security architecture, etc.) in order to effectively plan and introduce change. |
Security and Risk Management | SPM can include the ability to identify and track enterprise risks and ensure compliance controls are met. |
Lean Portfolio Management | SPM can include the ability to plan and report on portfolio performance independent from task level details of product, program, or project delivery. |
Investment and Financial Management | SPM can include the ability to forecast, track, and report on financials at various levels (strategy, product, program, project, etc.). |
Multi-Methodology Delivery | SPM can include the ability to plan and execute work in a way that accommodates various planning and delivery paradigms (predictive, iterative, Kanban, lean, etc.). |
1. SPM accommodates various ways of working. |
|
2. SPM puts the focus on value and change. |
|
3. SPM fosters a coherent approach to demand management. |
|
1. The space is rife with IT buzzwords and, as a concept, is sometimes used as a repackaging of failing concepts. |
|
2. Some solutions that identify as SPM are not. |
|
3. SPM tools may have a capacity blind spot. |
|
Download Info-Tech's Strategic Portfolio Management Needs Assessment
10 to 20 minutes
This screenshot shows a sample output from the assessment. Based upon your inputs, you'll be grouped within three ranges:
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
If the analysis in the previous slides suggested you can benefit from an SPM tool, you can quick-start your vendor evaluation process with SoftwareReviews.
SoftwareReviews has extensive coverage of not just the SPM space, but of the project portfolio management (pictured to the top right) and project management spaces as well. So, from the tactical to the strategic, SoftwareReviews can help you find the right tools.
Further, as you settle in on a shortlist, you can begin your vendor analysis using our rapid application selection methodology (see framework on bottom right). For more information see our The Rapid Application Selection Framework blueprint.
Info-Tech's Rapid Application Selection Framework (RASF)
Develop a Project Portfolio Management Strategy
Drive IT project throughput by throttling resource capacity.
Prepare an Actionable Roadmap for your PMO
Turn planning into action with a realistic PMO timeline.
Maintain an Organized Portfolio
Align portfolio management practices with COBIT (APO05: Manage Portfolio)
Angliss, Katy, and Pete Harpum. Strategic Portfolio Management: In the Multi-Project and Program Organization. Book. Routledge. 30 Dec. 2022.
Anthony, James. "95 Essential Project Management Statistics: 2022 Market Share & Data Analysis." Finance Online. 2022. Web. Accessed 21 March 2022
Banham, Craig. "Integrating strategic planning with portfolio management." Sopheon. Webinar. Accessed 6 Feb. 2023.
Garfein, Stephen J. "Executive Guide to Strategic Portfolio Management: roadmap for closing the gap between strategy and results." PMI. Conference Paper. Oct. 2007. Accessed 6 Feb. 2023.
Garfein, Stephen J. "Strategic Portfolio Management: A smart, realistic and relatively fast way to gain sustainable competitive advantage." PMI. Conference Paper. 2 March 2005. Accessed 6 Feb. 2023.
Hontar, Yulia. "Strategic Portfolio Management." PPM Express. Blog 16 June 2022. Accessed 6 Feb. 2023.
Milsom, James. "6 Strategic Portfolio Management Trends for 2023." i-nexus. Blog. 25 Jan. 2022. Accessed 6 Feb. 2023.
Milsom, James. "Strategic Portfolio Management 101." i-nexus. 8 Dec. 2021. Blog . Accessed 6 Feb. 2023.
OnePlan, "Is Strategic Portfolio Management the Future of PPM?" YouTube. 17 Nov. 2022. Accessed 6 Feb. 2023.
OnePlan. "Strategic Portfolio Management for Enterprise Agile." YouTube. 27 May 2022. Accessed 6 Feb. 2023.
Piechota, Frank. "Strategic Portfolio Management: Enabling Successful Business Outcomes." Shibumi. Blog . 31 May 2022. Accessed 6 Feb. 2023.
ServiceNow. "Strategic Portfolio Management—The Thing You've Been Missing." ServiceNow. Whitepaper. 2021. Accessed 6 Feb. 2023.
Smith, Shepherd, "50+ Eye-Opening Strategic Planning Statistics" ClearPoint Strategy. Blog. 13 Sept. 2022. Accessed 6 Feb. 2023.
SoftwareAG. "What is Strategic Portfolio Management (SPM)?" SoftwareAG. Blog. Accessed 6 Feb. 2023.
Stickel, Robert. "What It Means to be Adaptive." OnePlan. Blog. 24 May 2021. Accessed 6 Feb. 2023.
UMT360. "What is Strategic Portfolio Management?" YouTube. Webinar. 22 Oct. 2020. Accessed 6 Feb. 2023.
Wall, Caroline. "Elevating Strategy Planning through Strategic Portfolio Management." StrategyBlocks. Blog. 26 Feb. 2020. Accessed 6 Feb. 2023.
Westmoreland, Heather. "What is Strategic Portfolio Management." Planview. Blog. 19 Oct 2002. Accessed 6 Feb. 2023.
Wiltshire, Andrew. "Shibumi Included in Gartner Magic Quadrant for Strategic Portfolio Management for the 2nd Straight Year." Shibumi. Blog. 20 Apr. 2022. Accessed 6 Feb. 2023.
Ziehr, Paula. "Keep your eye on the prize: Align your IT investments with business strategy." SoftwareAG. Blog. 5 Jul. 2022. Accessed 6 Feb. 2023.
Agile and Service Management are not necessarily at odds; find the integration points to solve specific problems.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand how service management integrates with Agile software development practices, and how to solve the most common challenges to work efficiently and deliver business value.
Use this tool to identify your stakeholders to engage when working on the service management integration.
Use this tool to identify which of your current practices might already be aligned with Agile mindset and which might need adjustment. Identify integration challenges with the current service management practices.
Many organizations believe that once they have implemented Agile that they no longer need any service management framework, like ITIL. They see service management as "old" and a roadblock to deliver products and services quickly. The culture clash is obvious, and it is the most common challenge people face when trying to integrate Agile and service management. However, it is not the only challenge. Agile methodologies are focused on optimized delivery. However, what happens after delivery is often overlooked. Operations may not receive proper communication or documentation, and processes are cumbersome or non-existent. This is a huge paradox if an organization is trying to become nimbler. You need to find ways to integrate your Agile practices with your existing Service Management processes.
Renata Lopes
Senior Research Analyst
Organizational Transformation Practice
Info-Tech Research Group
Agile and Service Management are not necessarily at odds Find the integration points to solve specific problems.
46% of respondents identified inconsistent processes and practices across teams as a challenge.
Source: Digital.ai, 2021
43% of respondents identified Culture clashes as a challenge.
Source: Digital.ai, 2021
Agile development is an umbrella term for several iterative and incremental development methodologies to develop products.
In order to achieve Agile development, organizations will adopt frameworks and methodologies like Scaled Agile Framework (SAFe), Scrum, Large Scaled Scrum (LeSS), DevOps, Spotify Way of Working (WoW), etc.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Deciding which service desk metrics to track and how to analyze them can be daunting. Use this deck to narrow down your goal-oriented metrics as a starting point and set your own benchmarks.
For each metric, consider adding the relevant overall goal, audience, cadence, and action. Use the audience and cadence of the metric to split your tracked metrics into various dashboards. Your final list of metrics and reports can be added to your service desk SOP.
When establishing a suite of metrics to track, it’s tempting to start with the metrics measured by other organizations. Naturally, benchmarking will enter the conversation. While benchmarking is useful, measuring you organization against others with a lack of context will only highlight your failures. Furthermore, benchmarks will highlight the norm or common practice. It does not necessarily highlight best practice.
Keeping the limitations of benchmarking in mind, establish your own metrics suite with action-based metrics. Define the audience, cadence, and actions for each metric you track and pair them with business goals. Measure only what you need to.
Slowly improve your metrics process over time and analyze your environment using your own data as your benchmark.
Benedict Chang
Research Analyst, Infrastructure & Operations
Info-Tech Research Group
Info-Tech Insight
Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.
Current Metrics Suite
19% Effective
36% Some Improvement Necessary
45% Significant Improvement Necessary
Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622
Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622
They can be the first step to reach an end goal, but if benchmarks are observed in isolation, it will only highlight your failures.
This does not account for all the unique variables that make up an IT organization.
For example, benchmarks that include cost and revenue may include organizations that prioritize first-call resolution (FCR), but the variables that make up this benchmark model will be quite different within your own organization.
Info-Tech Insight
Benchmarks reflect the norm and common practice, not best practice.
Being above or below the norm is neither a good nor a bad thing.
Determining what the results mean for you depends on what’s being measured and the unique factors, characteristics, and priorities in your organization.
If benchmark data is a priority within your IT organization, you may look up organizations like MetricNet, but keep the following in mind:
Review the collected benchmark data
See where IT organizations in your industry typically stand in relation to the overall benchmark.
Assess the gaps
Large gaps between yourself and the overall benchmark could indicate areas for improvement or celebration. Use the data to focus your analysis, develop deeper self-awareness, and prioritize areas for potential concern.
Benchmarks are only guidelines
The benchmark source data may not come from true peers in every sense. Each organization is different, so always explore your unique context when interpreting any findings.
Use metrics that drive productive change and improvement. Track only what you need to report on.
Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.
Establish internal benchmarks by analyzing the trends from your own data to set baselines.
Act on the results of your metrics by adjusting targets and measuring success.
Audience - Who is this metric tracked for?
Goal - Why are you tracking this metric? This can be defined along with the CSFs and KPIs.
Cadence - How often are you going to view, analyze, and action this metric?
Action - What will you do if this metric spikes, dips, trends up, or trends down?
Critical success factors (CSFs) are high-level goals that help you define the direction of your service desk. Key performance indicators (KPIs) can be treated as the trend of metrics that will indicate that you are moving in the direction of your CSFs. These will help narrow the data you have to track and action (metrics).
CSFs, or your overall goals, typically revolve around three aspects of the service desk: time spent on tickets, resources spent on tickets, and the quality of service provided.
Critical success factor | Key performance indicator |
---|---|
High End-User Satisfaction | Increasing CSAT score on transactional surveys |
High end-user satisfaction score | |
Proper resolution of tickets | |
Low time to resolve | |
Low Cost per Ticket | Decreasing cost per ticket (due to efficient resolution, FCR, automation, self-service, etc.) |
Improve Access to Self-Service (tangential to improve customer service) | High utilization of knowledgebase |
High utilization of portal |
Download the Service Desk Metrics Workbook
Example metrics:
Critical success factor | Key performance indicator | Metric | Cadence | Audience | Action |
---|---|---|---|---|---|
High End-User Satisfaction | Increasing CSAT score on transactional surveys | Monthly average of ticket satisfaction scores | Monthly | Management | Action low scores immediately, view long-term trends |
High end-user satisfaction score | Average end-user satisfaction score from annual survey | Annually | IT Leadership | View IT satisfaction trends to align IT with business direction | |
Proper resolution of tickets | Number of tickets reopened | Weekly | Service Desk Technicians | Action reopened tickets, look for training opportunities | |
SLA breach rate | Daily | Service Desk Technicians | Action reopened tickets, look for training opportunities | ||
Low time to resolve | Average TTR (incidents) | Weekly | Management | Look for trends to monitor resources | |
Average TTR by priority | Weekly | Management | Look for TTR solve rates to align with SLA | ||
Average TTR by tier | Weekly | Management | Look for improperly escalated tickets or shift-left opportunities |
Download the Service Desk Metrics Workbook
Example metrics:
Metric | Who Owns the Data? | Efforts to Track? | Dashboards |
---|---|---|---|
Monthly average of ticket satisfaction scores | Service Desk | Low | Monthly Management Meeting |
Average end-user satisfaction score | Service Desk | Low | Leadership Meeting |
Number of tickets reopened | Service Desk | Low | Weekly Technician Standup |
SLA breach rate | Service Desk | Low | Daily Technician Standup |
Average TTR (incidents) | Service Desk | Low | Weekly Technician Standup |
Average TTR by priority | Service Desk | Low | Weekly Technician Standup |
Average TTR by tier | Service Desk | Low | Weekly Technician Standup |
Average TTR (SRs) | Service Desk | Low | Weekly Technician Standup |
Number of tickets reopened | Service Desk | Low | Daily Technician Standup |
Download the Service Desk Metrics Workbook
Metrics are typically focused on transactional efficiency and process effectiveness and not what was achieved against the customers’ need and satisfaction.
Understand the relationships between performance and metrics management to provide the end-to-end service delivery picture you are aiming to achieve.
ITSM solutions offer an abundance of metrics to choose from. The most common ones are typically built into the reporting modules of the tool suite.
Do not start tracking everything. Choose metrics that are specifically aligned to your organization’s desired business outcomes.
Don’t ignore the correlation and context between the suites of metrics chosen and how one interacts and affects the other.
Measuring metrics in isolation may lead to an incomplete picture or undesired technician behavior. Tension metrics help complete the picture and lead to proper actions.
An arbitrary target on a metric that is consistently met month over month is useless. Each metric should inform the overall performance by combining capable service level management and customer experience programs to prove the value IT is providing to the organization.
This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management, to create a sustainable service desk.
Take Control of Infrastructure and Operations Metrics
Make faster decisions and improve service delivery by using the right metrics for the job.
Analyze Your Service Desk Ticket Data
Take a data-driven approach to service desk optimization.
IT Diagnostics: Build a Data-Driven IT Strategy
Our data-driven programs ask business and IT stakeholders the right questions to ensure you have the inputs necessary to build an effective IT strategy.
Hybrid work is here, but there is no consensus among industry leaders on how to do it right. IT faces the dual challenge of supporting its own employees while enabling the success of the broader organization. In the absence of a single best practice to adopt, how can IT departments make the right decisions when it comes to the new world of hybrid?
Read this concise report to learn:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Read this report to learn how IT departments are using the latest trends in hybrid work for greater IT effectiveness. Understand what work models are best for IT, how IT can support a remote organization, and how hybrid work changes team dynamics.
The pandemic has catapulted hybrid work to the forefront of strategic decisions an organization needs to make. According to our State of Hybrid Work in IT survey conducted in July of 2022, nearly all organizations across all industries are continuing some form of hybrid or remote work long-term (n=518). Flexible work location options are the single greatest concern for employees seeking a new job. IT departments are tasked with not only solving hybrid work questions for their own personnel but also supporting a hybrid-first organization, which means significant changes to technology and operations.
Faced with decisions that alter the very foundation of how an organization functions, IT leaders are looking for best practices and coming up empty. The world of work has changed quickly and unexpectedly. If you feel you are “winging it” in the new normal, you are not alone.
95% of organizations are continuing some form of hybrid or remote work.
n=518
47% of respondents look at hybrid work options when evaluating a new employer, vs. 46% who look at salary.
n=518
Your organization, your employees, your goals – your hybrid work
The days of a “typical” workplace have passed. When it comes to the new world of hybrid work, there is no best-of-breed example to follow.
Among the flood of contradictory decisions made by industry leaders, your IT organization must forge its own path, informed by the needs of your employees and your organizational goals.
All IT work models can support the broader organization. However, IT is more effective in a hybrid work mode.
Stay informed on where your industry is headed, but learn from, rather than follow, industry leaders.
All industries reported primarily using partial, balanced & full hybrid work models.
All industries reported some fully remote work, ranging from 2-10% of organizations surveyed.
Construction and healthcare & life sciences did not require any fully in-office work. Other industries, between 1-12% required fully in-office work.
The uncomfortable truth about hybrid work is that there are many viable models, and the “best of breed” depends on who you ask. In the post-pandemic workspace, for every work location model there is an industry leader that has made it functional. And yet this doesn’t mean that every model will be viable for your organization.
In the absence of a single best practice, rely on an individualized cost-benefit assessment rooted in objective feasibility criteria. Every work model – whether it continues your status quo or overhauls the working environment – introduces risk. Only in the context of your particular organization does that risk become quantifiable.
Don’t make the mistake of emulating the tech giants, unless they are your direct competition. Instead, look to organizations that have walked your path in terms of scope, organizational goals, industry, and organizational structure.
External |
Internal |
---|---|
Political Economic Social Technological Legal Environmental |
Operations Culture Resources Risk Benefit Employee Preferences |
Comparative
Your competitors
Info-Tech Insight
Remember, your competitors are not just those who compete for the same customers but also those who compete for your employees.
IT has two roles: to effectively support the broader organization and to function effectively within the department. It therefore has two main stakeholder relationships: the organization it supports and the employees it houses. Hybrid work impacts both. Don't make the mistake of overweighting one relationship at the expense of the other. IT will only function effectively when it addresses both.
IT and the organization
|
Diagnostic tool: Business Vision |
IT and its employees
|
Diagnostic tool: |
|
|
Small <100 |
Medium 101-5,000 |
Large >5,000 |
Employees |
100% of industries, organizational sizes, and position levels reported some form of hybrid or remote work.
5% | 21% | 30% | 39% | 5% |
No Remote |
Partial Hybrid |
Balanced Hybrid |
Full Hybrid |
Full Remote Work |
28% | 27% | 22% | 26% | 13% | 4% |
None |
Internet/home phone |
Just internet |
Home office setup |
Home utilities |
Other |
n=518
Home office setup: One-time lump-sum payment
Home utilities: Gas, electricity, lights, etc.
Other: Office supplies, portion of home rent/mortgage payments, etc.
Section 1
The promise of hybrid work for IT department effectiveness and the costs of making it happen
In this section:
IT’s effectiveness, meaning its ability to enable organizational goal attainment, is its ultimate success metric. In the post-pandemic world, this indicator is intimately tied to IT’s work location model, as well as IT’s ability to support the work location model used by the broader organization.
In 2022, 90% of organizations have embraced some form of hybrid work (n=516). And only a small contingent of IT departments have more than 90% of roles still working completely in office, with no remote work offered (n=515).
This outcome was not unexpected, given the unprecedented success of remote work during the pandemic. However, the implications of this work model were far less certain. Would productivity remain once the threat of layoffs had passed? Would hybrid work be viable in the long term, once the novelty wore off? Would teams be able to function collaboratively without meeting face to face? Would hybrid allow a great culture
to continue?
All signs point to yes. For most IT departments, the benefits of hybrid work outweigh its costs. IT is significantly more effective when some degree of remote or hybrid work is present.
Remote Work Effectiveness Paradox
When IT itself works fully onsite, lower effectiveness is reported (6.2). When IT is tasked with supporting fully, 100% remote organizations (as opposed to being fully remote only within IT), lower effectiveness is reported then as well (5.9). A fully remote organization means 100% virtual communication, so the expectations placed on IT increase, as do the stakes of any errors. Of note, hybrid work models yield consistent effectiveness scores when implemented at both the IT and organizational levels.
Despite the challenges initially posed by hybrid and remote organizations, IT has thrived through the pandemic and into this newly common workplace.
Most organizations have experienced an unchanged or increased level of service requests and incidents. However, for the majority of organizations, service desk support has maintained (58%) or improved (35%). Only 7% of IT organizations report decreased service desk support.
Is your service desk able to offer the same level of support compared to the pre-pandemic/pre-hybrid work model?
How has the volume of your service requests/incidents changed?
Has hybrid work impacted your customer satisfaction scores?
It is interesting to note that service request volumes have evolved similarly across industries, mirroring the remarkable consistency with which hybrid work has been adopted across disparate fields, from construction to government.
Of note are two industries where the volume of service requests mostly increased: government and media, information, telecom & technology.
With the global expansion of digital products and services through the pandemic, it’s no surprise to see volumes increase for media, information, telecom & technology. With government, the shift from on premises to rapid and large-scale hybrid or remote work for administrative and knowledge worker roles likely meant additional support from IT to equip employees and end users with the necessary tools to carry out work offsite.
How has the volume of your service requests/incidents changed?
Hybrid and remote work have been associated with greater productivity and organizational benefits since before the pandemic. During emergency remote work, doubts arose about whether productivity would be maintained under such extreme circumstances and were quickly dispelled. The promise of remote productivity held up.
Now, cautiously entering a “new normal,” the question has emerged again. Will long-term hybrid work bring the same benefits?
The expectations have held up, with hybrid work benefits ranging from reduced facilities costs to greater employee performance.
Organizational hybrid work may place additional strain on IT,
but it is clear IT can handle the challenge. And when it does,
the organizational benefits are tremendous.
88% of respondents reported increased or consistent Infrastructure & Operations customer satisfaction scores.
What benefits has the organization achieved as a result of moving to a hybrid work model?
Of the organizations surveyed, the vast majority reported significant changes to both the process and the technology side of IT operations. Four key processes affected by the move to hybrid were:
Within Infrastructure & Operations, the area with the greatest degree
of change was network architecture (reported by 44% of respondents), followed closely by service desk (41%) and recovery workspaces and mitigations (40%).
63% of respondents reported changes to conference room technology to support hybrid meetings.
IT Infrastructure & Operations changes, upgrades, and modernization
What process(es) had the highest degree of change in response to supporting hybrid work?
Forty-five percent of respondents reported significant changes to deployment as a result of hybrid work, with an additional 42% reporting minor changes. Only 13% of respondents stated that their deployment processes remained unchanged following the shift to hybrid work.
With the ever-increasing globalization of business, deployment modernization practices such as the shift to zero touch are no longer optional or a bonus. They are a critical part of business operation that bring efficiency benefits beyond just supporting hybrid work.
The deployment changes brought on by hybrid span across industries. Even in manufacturing, with the greatest proportion of respondents reporting “no change” to deployment practices (33%), most organizations experienced some degree of change.
Has a hybrid work model led you to make any changes to your deployment, such as zero touch, to get equipment to end users?
Over half of respondents reported significantly decreased reliance on printed copies as a result of hybrid. While these changes were on the horizon for many organizations even before the pandemic, the necessity of keeping business operations running during lockdowns meant that critical resources could be invested in these processes. As a result, digitization has leapt forward.
This represents an opportunity for businesses to re-evaluate their relationships with printing vendors. Resources spent on printing can be reduced or reallocated, representing additional savings as a result of moving to hybrid. Additionally, many respondents report a willingness – and ability – from vendors to partner with organizations in driving innovation and enabling digitization.
With respect to changes pertaining to hard copies/printers as a result of your hybrid work model:
The majority (63%) of respondents reported making significant changes to conference room technology as a result of hybrid work. A significant proportion (30%) report that such changes were not needed, but this includes organizations who had already set up remote communication.
An important group is the remaining 8% of respondents, who cite budgetary restrictions as a key barrier in making the necessary technology upgrades. Ensure the business case for communication technology appropriately reflects the impact of these upgrades, and reduce the impact of legacy technology where possible:
Have you made changes/upgrades
to the conference room technology to support hybrid meetings?
(E.g. Some participants joining remotely, some participants present in a conference room)
Metrics
|
Resources Create a Work-From-Anywhere IT Strategy Stabilize Infrastructure & Operations During Work-From-Anywhere Sustain Work-From-Home in the New Normal |
For a comprehensive list of resources, visit
Info-Tech’s Hybrid Workplace Research Center
Section 2
Cultivate the dream team in a newly hybrid world
In this section:
Since before the pandemic, the intangibles of having a job that works with your lifestyle have been steadily growing in importance. Considerations like flexible work options, work-life balance, and culture are more important to employees now than they were two years ago, and employers must adapt.
Salary alone is no longer enough to recruit the best talent, nor is it the key to keeping employees engaged and productive. Hybrid work options are the single biggest concern for IT professionals seeking new employment, just edging out salary. This means employers must not offer just some work flexibility but truly embrace a hybrid environment.
What are you considering when looking at a potential employer?
Declining economic conditions suggest that a talent market shift may be imminent. Moving toward a recession may mean less competition for top talent, but this doesn't mean hybrid will be left behind as a recruitment tactic.
Just over half of IT organizations surveyed are considering expanding hybrid work or moving to fully remote work even in a recession. Hybrid work is a critical enabler of organizational success when resources are scarce, due to the productivity benefits and cost savings it has demonstrated. Organizations that recognize this and adequately invest in hybrid tools now will have equipped themselves with an invaluable tool for weathering a recession storm, should one come.
What impact could a potential recession in the coming year have on your decisions around your work location?
The potential for a recession has a greater impact on the workforce decisions of small organizations. They likely face greater financial pressures than medium and large-sized organizations, pressures that could necessitate halting recruitment efforts or holding firm on current salaries and health benefits.
A reliance on intangible benefits, like the continuation of hybrid work, may help offset some of negative effects of such freezes, including the risk of lower employee engagement and productivity. Survey respondents indicated that hybrid work options (47%) were slightly more important to them than salary/compensation (46%) and significantly more important than benefits (29%), which could work in favor of small organizations in keeping the critical employees needed to survive an economic downturn.
Small |
Medium | Large |
90% | 82% | 66% |
Currently considering some form of hiring/salary freeze or cutbacks, if a recession occurs
NOTES
n=520
Small: <101 employees
Medium: 101-5000 employees
Large: >5,000 employees
One advantage of hybrid over remote work is the ability to maintain an in-office presence, which provides a failsafe should technology or other barriers stand in the way of effective distance communication. To take full advantage of this, teams should coordinate tasks with location, so that employees get the most out of the unique benefits of working in office and remotely.
Activities to prioritize for in-office work:
Activities to prioritize for remote work:
As a leader, what are your greatest concerns with hybrid work?
When it comes to leading a hybrid team, there is no ignoring the impact of distance on communication and team cohesion. Among leaders’ top concerns are employee wellbeing and the ability to pick up on signs of demotivation among team members.
The top two tactics used by managers to mitigate these concerns center on increasing communication:
Tactics most used by highly effective IT departments
The most effective hybrid team management tools focus on overcoming the greatest obstacle introduced by remote work: barriers to communication and connection.
The most effective IT organizations use a variety of tactics. For managers looking to improve hybrid team effectiveness, the critical factor is less the tactic used and more the ability to adapt their approach to their team’s needs and incorporate team feedback. As such, IT effectiveness is linked to the total number of tactics used by managers.
IT department effectiveness
Not all hybrid work models are created equal. IT leaders working with hybrid teams have many decisions to make, from how many days will be spent in and out of office to how much control employees get over which days they work remotely.
Employee and manager preferences are largely aligned regarding the number of days spent working remotely or onsite: Two to three days in office is the most selected option for both groups, although overall manager preferences lean slightly toward more time spent in office.
Comparison of leader and employee preference for days in-office
Do employees have a choice in the days they work in office/offsite?
For most organizations, employees get a choice of which days they spend working remotely. This autonomy can range from complete freedom to a choice between several pre-approved days depending on team scheduling needs.
Organizations’ success in establishing hybrid team autonomy varies greatly post pandemic. Responses are roughly equally split between staff feeling more, less, or the same level of autonomy as before the pandemic. Evaluated in the context of most organizations continuing a hybrid approach, this leads to the conclusion that not all hybrid implementations are being conducted equally effectively when it comes to employee empowerment.
As an employee, how much control do you have over the decisions related to where, when, and how you work currently?
A strong case can be made for fostering autonomy and empowerment on hybrid teams. Employees who report lower levels of control than before the pandemic also report lower engagement indicators, such as trust in senior leadership, motivation, and intention to stay with the organization. On the other hand, employees experiencing increased levels of control report gains in these areas.
The only exception to these gains is the sense of team connectedness, which employees experiencing more control report as lower than before the pandemic. A greater sense of connectedness among employees reporting decreased control may be related to more mandatory in-office time or a sense of connection over shared team-level disengagement.
These findings reinforce the need for hybrid teams to invest in team building and communication practices and confirm that significant benefits are to be had when a sense of autonomy can be successfully instilled.
Employees who experience less control than before the pandemic report lowered engagement indicators ... except sense of connectedness
Employees who experience more control than before the pandemic report increased engagement indicators ... except sense of connectedness
The Power of Intentionality When the pandemic hit, technology was not in question. Flexible work options had been available and widely used, and the technology to support them was in place. The leadership team turned their focus to ensuring their culture survived and thrived. They developed a laser-focused approach for engaging their employees by giving their leaders tools to hold conversations. The dialogue was ongoing to allow the organization to adapt to the fast pace of changing conditions. Every tactic, plan, and communication started with the question, “What outcome are we striving for?” With a clear outcome, tools were created and leaders supported to drive the desired outcome. |
“We knew we had the technology in place. Our concern was around maintaining our strong culture and ensuring continued engagement and connection with our employees.” – Lisa Gibson, Chief of Staff, Microsoft Canada |
Metrics
| Resources Webinar: Effectively Manage Remote Teams Build a Better Manager: Manage Your People |
For a comprehensive list of resources, visit
Info-Tech’s Hybrid Workplace Research Center
BE INTENTIONAL
|
INVOLVE EMPLOYEES
|
ALLOW CHOICE
|
BE TRANSPARENT
|
Info-Tech Insight
Hybrid and remote teams require more attention, connection, and leadership from managers. The shift from doing the day-to-day to effectively leading is critical for the success of nontraditional work models. As hybrid and remote work become engrained in society, organizations must ensure that the concept of the “working manager” is as obsolete as the rotary telephone.
“8 Unexpected Benefits of Online Learning for Development.” Center for Creative Leadership (CCL), 14 Oct. 2020. Accessed 5 Nov. 2021.
“2021 Global Workplace Report.” NTT, 2021. Accessed 6 July 2022.
“Advantages of Online Learning for Leadership Development: What Our Research Says.” CCL, 8 Dec. 2020. 5 Nov. 2021.
“Annual Work Trend Index Report – Great Expectations: Making Hybrid Work Work.” Microsoft WorkLab, 2022. Accessed 6 July 2022.
Aten, Jason. “Google’s Employees Return to the Office Today. This Former Exec Says Hybrid Work Won’t Last.” Inc.Com, 4 April 2022. Web.
Bariso, Justin. “Google Spent 2 Years Researching What Makes a Great Remote Team. It Came Up With These 3 Things.” Inc.Com, 8 April 2019. Web.
Berger, Chloe. “What Is ‘Hybrid Guilt’? Going to Office Part-Time May Be Worst Option.” Fortune, 22 Aug. 2022. Web.
Brodkin, Jon. “After Remote-Work Ultimatum, Musk Reveals Plan to Cut 10% of Tesla Jobs.” Ars Technica, 3 June 2022. Web.
Brown, Brené, host. “Brené with Scott Sonenshein on Why We’ll Never Be the Same Again (and Why It’s Time to Talk About It).” Dare to Lead with Brené Brown, 11 April 2022. Brené Brown, https://brenebrown.com/podcast/why-well-never-be-the-same-again-and-why-its-time-to-talk-about-it/.
Burgess, Mark. “Most Asset Managers Operating Under Hybrid Work Model: Survey.” Advisor’s Edge, 13 Sept. 2022. Web.
Caminiti, Susan. “Workers Want Hybrid but Say It’s Exhausting Them. Here’s How Companies Can Fix That.” CNBC, 8 Feb. 2022. Web.
Capossela, Chris. “The next Chapter of Our Hybrid Workplace: Update on Our Washington State Work Sites.” The Official Microsoft Blog, 14 Feb. 2022. Web.
Carrigan, John. “Meta Embraces ‘Work From Anywhere’ Ahead of Return to Office.” Human Resources Director, 25 March 2022. Web.
Chaturvedi, H., and Ajoy Kumar Dey. The New Normal: Reinventing Professional Life and Familial Bonding in the Post COVID 19 Era. Bloomsbury Publishing, 2021.
Commonwealth of Massachusetts. “Alternative Work Options.” Mass.Gov, n.d. Accessed 17 Sept. 2022.
Commonwealth of Massachusetts. “Hybrid Work for Commonwealth Employees.” Mass.Gov, n.d. Accessed 17 Sept. 2022.
“COVID-19 and the Future of Business.” IBM, 21 Sept. 2020. Web.
Daniel, Will. “The Layoffs at Tesla Show That White-Collar Workers Are Screwed, Hedge Funder Famous from ‘The Big Short’ Predicts.” Fortune, 29 June 2022. Web.
D’Auria, Gemma, and Aaron De Smet. “Leadership in a Crisis: Responding to Coronavirus.” McKinsey, 16 March 2020. Web.
Dave, Paresh. “Google Mandates Workers Back to Silicon Valley, Other Offices from April 4.” Reuters, 3 March. 2022. Web.
Delaney, Kevin. “What We Know Now About the Business Impact of Hybrid Work.” Time, 6 Sept. 2022. Web.
Dobson, Sarah. “Legal Considerations for Hybrid Work.” Canadian HR Reporter, 15 Sept. 2022. Web.
Dondo, Jean. “Hybrid Work Is the Way for More Than a Quarter of Canadian Investment Firms.” Wealth Professional, 14 Sept. 2022. Web.
Elias, Jennifer. “Twitter to Reopen Offices March 15, Though Remote Work Remains an Option.” CNBC, 3 March 2022. Web.
Esade Business & Law School. “Leadership After Covid-19: Learning To Navigate The Unknown Unknowns.” Forbes, 30 March 2021. Web.
“Famous Companies Without Offices.” The Hoxton Mix, 19 Oct. 2021. Web.
Gerdeman, Dina. “COVID Killed the Traditional Workplace. What Should Companies Do Now?” HBS Working Knowledge, 8 March 2021. Web.
Gleason, Mike. “Apple’s Hybrid Work Plans Draw Worker Pushback.” SearchUnifiedCommunications, TechTarget, 24 Aug. 2022. Web.
Gleeson, Brent. “13 Tips For Leading And Managing Remote Teams.” Forbes, 26 Aug. 2020. Web.
Gratton, Lynda. “How to Do Hybrid Right.” Harvard Business Review, 1 May 2021. Web.
“Guide: Understand team effectiveness.” re:Work, Google, n.d. Accessed 5 Nov. 2021.
Hardy, Karen. “Your Business Has Decided on Hybrid Work… Now What?” CIO, 12 Sept. 2022. Web.
Hirsch, Arlene S. “How to Boost Employee Performance in a Hybrid Work Environment.” SHRM, 6 Sept. 2022. Web.
“How to Get Hybrid Work Right.” CBRE Canada, 14 June 2022. Web.
“Hybrid Work: When Freedom Benefits from Rules.” Audi, 12 Sept. 2022. Accessed 18 Sept. 2022.
“Hybrid Workplace | Global Culture Report.” O.C. Tanner, 2022, Web.
“Intel Is Hiring for Various Roles with Temporary Remote Work Benefits.” SightsIn Plus, 11 June 2022. Web.
Iyer, Viswanathan. “Council Post: Hybrid Work: Beyond The Point Of No Return.” Forbes, 14 Sept. 2022. Web.
Johnson, Ricardo. “Securing Hybrid Work All Starts with Zero-Trust.” SC Media, 29 Aug. 2022. Web.
Jones, Jada. “The Rules of Work Are Changing, and Hybrid Work Is Winning.” ZDNET, 1 Sept. 2022. Web.
Kowitt, Beth. “Inside Google’s Push to Nail Hybrid Work and Bring Its 165,000-Person Workforce Back to the Office Part-Time.” Fortune, 17 May 2022. Web.
Kumra, Gautam, and Diaan-Yi Lin. “The Future of (Hybrid) Work.” McKinsey, 2 Sept. 2022. Web.
Lagowska, Urszula, et al. “Leadership under Crises: A Research Agenda for the Post-COVID-19 Era.” Brazilian Administration Review, vol. 17, no. 2, Aug. 2020. Web.
Larson, Barbara Z., et al. “A Guide to Managing Your (Newly) Remote Workers.” Harvard Business Review, 18 March 2020. Web.
“Leadership During COVID-19: Resources for Times of Uncertainty.” CCL, n.d. Accessed 5 Nov. 2021.
“Managing Remote Employees: How to Lead From a Distance.” CCL, 7 April 2020. Accessed 5 Nov. 2021.
“Managing Remote Teams.” Know Your Team, n.d. Web. Accessed 5 Nov. 2021.
Mayhem, Julian. “Virtual Leadership - Essential Skills for Managing Remote Teams.” VirtualSpeech, 4 Nov. 2020. Web.
McKendrick, Joe. “Keeping Hybrid Workers In Sync, Digitally And In-Person.” Forbes, 22 Aug. 2022. Web.
McKenna, Karissa, et al. “Webinar: Build Leadership Skills for the New World of Work.” CCL, 15 June 2020. Accessed 5 Nov. 2021.
Mearian, Lucas. “Microsoft Edges Back to ‘Normal’ with Workplace Reopening Plan.” Computerworld, 14 Feb. 2022. Web.
“Meta Careers.” Meta, n.d. Accessed 17 Sept. 2022.
Miller, Mark. “5 Tips to Make Your Hybrid Work Model More Effective.” Entrepreneur, 25 Aug. 2022. Web.
Nica, Irina. “How to Manage a Remote Team: 14 Effective Tips for Your Business.” Business 2 Community, 8 July 2021. Web.
O’Halloran, Joe. “Organisations Struggle to Support IT in a Hybrid Work Model.” ComputerWeekly.com, 17 June 2022. Web.
Ong, Ivan. “Council Post: Why Hybrid Work Is The Way To Go.” Forbes, 12 Sept. 2022. Web.
Osborne, Charlie. “The End of Fully Remote Work? Google Begins Shift to the Hybrid Office.” ZDNet. 3 March 2022. Web.
Pazzanese, Christina. “Back to Office? Stay Remote? Go Hybrid?” Harvard Gazette, 24 Aug. 2022. Web.
“PinFlex.” Pinterest Careers, n.d. Accessed 17 Sept. 2022.
Rand, Ben. “Does Hybrid Work Actually Work? Insights from 30,000 Emails.” Harvard Business School – Working Knowledge, 6 Sept. 2022. Web.
“Remote Locations, Working with Flexibility.” Amazon.jobs, n.d. Accessed 17 Sept. 2022.
Renjen, Punit. “The Heart of Resilient Leadership: Responding to COVID-19.” Deloitte Insights, 16 March 2020. Web.
Shih, Clara. “Keeping Hybrid Employees Engaged.” Harvard Business Review, 11 Aug. 2022. Web.
Singerman, Michelle. “Is the Hybrid Work Model Working? CPAs Spill the Beans.” Chartered Professional Accountants Canada, 24 Aug. 2022. Web.
Stern, Stefan. “Hybrid Working: Why the Office-Home Balance Is Still a Challenge.” Financial Times, 4 Sept. 2022.
Subramaniam, Vanmala, et al. “Ready to Go Back to the Office? Employers and Workers Are Divided over the Fate of Remote Work.” The Globe and Mail, 1 Sept. 2022. Web.
Tong, Goh Chiew. “Inflation and Hybrid Work ‘skyrocketed’ Demand for Flexible Workspace, WeWork Says.” CNBC, 6 Sept. 2022. Web.
Tsipursky, Gleb. “Commentary: The Psychology behind Why Some Leaders Are Resisting a Hybrid Work Model.” Fortune, 8 June 2021. Web.
Turner, Jack. “Tesla Doubles Down on Remote Working Ban, Tracks Office Attendance.” Tech.Co, 3 July 2022. Web.
“Virtual Leadership Styles for Remote Businesses.” Maryville Online, 4 Feb. 2021. Web.
“Webinar: How Leaders Can Build Organizational Resilience.” CCL, 15 June 2020. Accessed 5 Nov. 2021.
“Why GitLab Uses the Term All-Remote to Describe Its 100% Remote Workforce.” GitLab, 2022. Accessed 17 Sept. 2022.
Wigert, Ben, and Sangeeta Agrawal. “Returning to the Office: The Current, Preferred and Future State of Remote Work.” Gallup, 31 Aug. 2022. Web.
Wingard, Jason. “Elon Musk’s Big Bet Against Remote Work: Will Tesla Win?” Forbes, 4 June 2022. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assess current state and plan the scope of the SAM program, team, and budget.
Define processes for software requests, procurement, receiving, and deployment.
Define processes for software inventory, maintenance, harvest and redeployment, and retirement.
Build processes for audits and plan the implementation.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Assess current state and plan the scope of the SAM program, team, and budget.
Current state assessment
Defined roles and responsibilities
SAM budget plan
1.1 Outline SAM challenges and objectives.
1.2 Assess current state.
1.3 Identify roles and responsibilities for SAM team.
1.4 Identify metrics and reports.
1.5 Identify SAM functions to centralize vs. decentralize.
1.6 Plan SAM budget process.
Current State Assessment
RACI Chart
Defined metrics and reports
SAM Budget Workbook
Define processes for software requests, procurement, receiving, and deployment.
Defined standards for software procurement
Documented processes for software receiving and deployment
2.1 Determine software standards.
2.2 Define procurement process for new contracts.
2.3 Define process for contract renewals and additional procurement scenarios.
2.4 Design process for receiving software.
2.5 Design deployment workflow.
2.6 Define process for non-standard software requests.
Software standards
Standard Operating Procedures
SAM Process Workflows
Define processes for software inventory, maintenance, harvest and redeployment, and retirement.
Defined process for conducting software inventory
Maintenance and patch policy
Documented workflows for software harvest and redeployment as well as retirement
3.1 Define process for conducting software inventory.
3.2 Define policies for software maintenance and patches.
3.3 Map software license harvest and reallocation process.
3.4 Define policy for retiring software.
Standard Operating Procedures
Patch management policy
SAM Process Workflows
Build processes for audits, identify tool requirements, and plan the implementation.
Defined process for internal and external audits
Tool requirements
Communication and implementation plan
4.1 Define and document the internal audit process.
4.2 Define and document the external audit process.
4.3 Document tool requirements.
4.4 Develop a communication plan.
4.5 Prepare an FAQ list.
4.6 Identify SAM policies.
4.7 Develop a SAM roadmap to plan your implementation.
Audit response templates
Tool requirements
Communication plan
End-user FAQ list
Software Asset Management Policy
Implementation roadmap
“Organizations often conflate software asset management (SAM) with license tracking. SAM is not merely knowing how many licenses you require to be in compliance; it’s asking the deeper budgetary questions to right-size your software spend.
Software audits are a growing concern for businesses, but proactive reporting and decision making supported by quality data will mitigate audit risks. Value is left on the table through underused or poor-quality data, so active data management must be in play. A dedicated ITAM tool can assist with extracting value from your license data.
Achieving an optimized SAM program is a transformative effort, but the people, processes, and technology need to be in place before that can happen.” (Sandi Conrad, Senior Director, Infrastructure & Operations Practice, Info-Tech Research Group)
A strong SAM program will benefit all aspects of the business.
Data and reports gained through SAM will enable data-driven decision making for all areas of the business.
Don’t just track licenses; manage them to create value from data.
Gathering and monitoring license data is just the beginning. What you do with that data is the real test.
Win the audit battle without fighting.
Conduct internal audits to minimize surprises when external audits are requested.
You can estimate the return even without tools or data.
Benefit | Calculate the return |
---|---|
Compliance
How many audits did you have in the past three years? How much time did you spend in audit response? |
Suppose you had two audits each year for the last three years, each with an average $250,000 in settlements.
A team of four with an average salary of $75,000 each took six months to respond each year, allocating 20% of their work time to the audit. You could argue annual audits cost on average $530,000. Increasing ITAM maturity stands to reduce that cost significantly. |
Efficiency
How much do you spend on software and maintenance by supplier? |
Suppose you spent $1M on software last year. What if you could reduce the spend by just 10% through better practices?
SAM can help reduce the annual spend by simplifying support, renegotiating contracts based on asset data, reducing redundancy, and reducing spend. |
54% — A study by 1E found that only 54% of organizations believe they can identify all unused software in their organization.
28% — On average, 28% of deployed software is unused, with a wasted cost of $224 per PC on unused software (1E, 2014).
53% — Express Metrix found that 53% of organizations had been audited within the past two years. Of those, 72% had been audited within the last 12 months.
Manage risk. If licensing terms are not properly observed, the organization is at risk of legal and financial exposure, including illegal software installation, loss of proof of licenses purchased, or breached terms and conditions.
Control and predict spend. Unexpected problems related to software assets and licenses can significantly impact cash flow.
Less operational interruptions. Poor software asset management processes could lead to failed deployments, software update interruptions, viruses, or a shutdown of unlicensed applications.
Avoid security breaches. If data is not secure through software patches and security, confidential information may be disclosed.
More informed decisions. More accurate data on software assets improves transparency and informs decision making.
Improved contract management. Automated tools can alert you to when contracts are up for renewal to allow time to plan and negotiate, then purchase the right amount of licenses.
Avoid penalties. Conduct internal audits and track compliance to avoid fees or penalties if an external audit occurs.
Reduced IT support. Employees should require less support from the service desk with proper, up to date, licensed software, freeing up time for IT Operations to focus on other work.
Enhanced productivity. By rationalizing and standardizing software offerings, more staff should be using the same software with the same versioning, allowing for better communication and collaboration.
Configuration Management
76% more effective |
Service Catalog
74% more effective |
||
Quality Management
63% more effective |
Data Quality
62% more effective |
||
Performance Measurement
61% more effective |
Organizational Change Management
60% more effective |
||
Portfolio Management
59% more effective |
Enterprise Architecture
58% more effective |
Why? Good SAM processes are integral to both service management and configuration management
(Source: Info-Tech Research Group, IT Management and Governance Diagnostic; N=972 organizations) (High asset management effectiveness was defined as those organizations with an effectiveness score of 8 or above.)Focus on software asset management essentials
Phase 1 Assess & Plan |
Phase 2 Procure, Receive & Deploy |
Phase 3 Manage, Redeploy & Retire |
Phase 4 Build supporting processes |
||||
1.1 |
Assess current state |
2.1 |
Request & procure |
3.1 |
Manage & maintain contracts |
4.1 |
Compliance & audits |
1.2 |
Build team and define metrics |
2.2 |
Receive & deploy |
3.2 |
Harvest or retire |
4.2 |
Communicate & build roadmap |
1.3 |
Plan & budget | ||||||
Deliverables | |||||||
Standard Operating Procedures (SOP) | |||||||
SAM maturity assessment | Process workflows | Process workflows | Audit response templates | ||||
RACI chart | Software standards | Patch management policy | Communication plan & FAQ template | ||||
SAM metrics | SAM policies | ||||||
SAM budget workbook |
Visa, Inc. is the largest payment processing company in the world, with a network that can handle over 40,000 transactions every minute.
In 2006, Visa launched a formal IT asset management program, but it was not until 2011 that it initiated a focus on SAM. Joe Birdsong, the SAM director, first addressed four major enterprise license agreements (ELAs) and compliance issues. The SAM team implemented a few dedicated SAM tools in conjunction with an aggressive approach to training.
The proactive approach taken by Visa used a three-pronged strategy: people, process, and tools. The process included ELA negotiations, audit responses, and software license rationalization exercises.
According to Birdsong, “In the past three years, SAM has been credited with saving Visa over $200 million.”
SAM Standard Operating Procedures (SOP) |
SAM Maturity Assessment |
SAM Visio Process Workflows |
SAM Budget Workbook |
Additional SAM Policy Templates |
Software Asset Management Policy |
SAM Communication Plan |
SAM FAQ Template |
GI | Measured Value (Assuming 260 workdays in a year) |
---|---|
Phase 1: Assess & Plan |
|
Phase 2: Procure, Receive & Deploy |
|
Phase 3: Manage, Redeploy & Retire |
|
Phase 4: Build Supporting Processes and Tools |
|
Total savings | $330,325 |
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Phase 1: Assess & plan | Phase 2: Procure, receive & deploy | Phase 3: Manage, redeploy & retire | Phase 4: Build supporting processes | |
---|---|---|---|---|
Best-Practice Toolkit |
Step 1.1: Assess current state Step 1.2: Build team and define metrics Step 1.3: Plan and budget |
Step 2.1: Request and procure Step 2.2: Receive and deploy |
Step 3.1: Manage and maintain contracts Step 3.2: Harvest, redeploy, or retire |
Step 4.1: Compliance and audits Step 4.2: Communicate and build roadmap |
Guided Implementations |
|
|
|
|
Onsite Workshop | Module 1:
Assess & Plan |
Module 2:
Map Core Processes: Procure, Receive & Deploy |
Module 3:
Map Core Processes: Manage, Redeploy & Retire |
Module 4:
Prepare for audit, build roadmap and communications |
Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | |
---|---|---|---|---|
Activities |
Assess & Plan1.1 Outline SAM challenges and objectives 1.2 Assess current state 1.3 Identify roles and responsibilities for SAM team 1.4 Identify metrics and reports 1.5 Identify SAM functions to centralize vs. decentralize 1.6 Plan SAM budget process |
Map Core Processes: Procure, Receive & Deploy2.1 Determine software standards 2.2 Define procurement process for new contracts 2.3 Define process for contract renewals and additional procurement scenarios 2.4 Design process for receiving software 2.5 Design deployment workflow 2.6 Define process for non-standard software requests |
Map Core Processes: Manage, Redeploy & Retire3.1 Define process for conducting software inventory 3.2 Define policies for software maintenance and patches 3.3 Map software license harvest and reallocation process 3.4 Define policy for retiring software |
Build Supporting Processes4.1 Define and document the internal audit process 4.2 Define and document the external audit process 4.3 Develop a communication plan 4.4 Prepare an FAQ list 4.5 Identify SAM policies 4.6 Develop a SAM roadmap to plan your implementation |
Deliverables |
|
|
|
|
Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.
This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.
This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.
Visa implemented an IT asset management program in 2006. After years of software audit teams from large firms visiting and leaving expensive software compliance bills, the world’s leading payment processing company decided it was time for a change.
Upper management recognized that it needed to combat audits. It had the infrastructure in place and the budget to purchase SAM tools that could run discovery and tracking functions, but it was lacking the people and processes necessary for a mature SAM program.
Visa decided to fight fire with fire. It initially contracted the same third-party audit teams to help build out its SAM processes. Eventually, Visa formed a new SAM team that was led by a group of former auditors.
The former auditors recognized that their role was not technology based, so a group of technical individuals were hired to help roll out various SAM tools.
The team rolled out tools like BDNA Discover and Normalize, Flexera FlexNet Manager, and Microsoft SCCM.
To establish an effective SAM team, diverse talent is key. Visa focused on employees that were consultative but also technical. Their team needed to build relationships with teams within the organization and externally with vendors.
Most importantly, the leaders of the team needed to think like auditors to better prepare for audits. According to Joe Birdsong, SAM Director at Visa, “we want to be viewed as a team that can go in and help right-size their environment and better understand licensing to help teams make better decisions.”
The SAM team was only the beginning.
Phase 1: Assess & Plan | This step will walk you through the following activities: | This step involves the following participants: | |
1.1 | Assess current state |
|
|
1.2 | Build team and define metrics | ||
1.3 | Plan & budget |
Participants: CIO/CFO, IT Director, Asset Manager, Purchasing, Service Desk Manager, Security (optional), Operations (optional)
Drivers of effective SAM | Results of effective SAM | |
Contracts and vendor licensing programs are complex and challenging to administer without data related to assets and their environment. | → | Improved access to accurate data on contracts, licensing, warranties, installed software for new contracts, renewals, and audit requests. |
Increased need to meet compliance requires a formal approach to tracking and managing assets. | → | Encryption, software application controls, and change notifications all contribute to better asset controls and data security. |
Cost cutting is on the agenda, and management is looking to reduce overall IT spend in the organization in any possible way. | → | Reduction of software spend through data for better forecasting, planning, and licensing rationalization and harvesting. |
Audits are time consuming, disruptive to project timelines and productivity, and costly. | → | Respond to audits with a formalized process, accurate data, and minimal disruption using always-available reporting. |
Participants: CIO/CFO, IT Director, Asset Manager, Service Manager (optional)
Document: Document in the Standard Operating Procedures.
By improving how you manage your licenses and audit requests, you will not only provide benefits through a mature SAM program, you will also improve your service desk and disaster recovery functions.
Maturity | People & Policies | Processes | Technology |
---|---|---|---|
Chaos |
|
|
|
Reactive |
|
|
|
Controlled |
|
|
|
Proactive |
|
|
|
Optimized |
|
|
|
Phase 1: Assess & Plan | This step will walk you through the following activities: | This step involves the following participants: | |
1.1 | Assess current state |
|
|
1.2 | Build team and define metrics | ||
1.3 | Plan & budget |
Roles and responsibilities should be adapted to fit specific organizational requirements based on its size, structure, and distribution and the scope of the program. Not all roles are necessary and in small organizations, one or two people may fulfill multiple roles.
Senior Management Sponsor – Ensures visibility and support for the program.
IT Asset Manager – Responsible for management of all assets and maintaining asset database.
Software Asset Manager – Responsible for management of all software assets (a subset of the overall responsibility of the IT Asset Manager).
SAM Process Owner – Responsible for overall effectiveness and efficiency of SAM processes.
Asset Analyst – Maintains up-to-date records of all IT assets, including software version control.
Many organizations simply do not have a large enough staff to hire a full-time software asset manager. The role will need to be championed by an internal employee.
Avoid filling this position with a temporary contract; one of the most difficult operational factors in SAM implementation and continuity is constant turnover and organizational shifts. Hiring a software asset manager on contract might get the project going faster, but without the knowledge gained by doing the processes, the program won’t have enough momentum to sustain itself.
Make sure your SAM team is diverse. The SAM team will need to be skilled at achieving compliance, but there is also a need for technically skilled individuals to maximize the function of the SAM tool(s) at your organization.
1.2.1 Complete a RACI chart for your organization
Participants: CIO/CFO, IT Director, SAM Manager, SAM Team, Service Desk Manager
Document: Document in the Standard Operating Procedures.
Determine the roles and responsibilities for your SAM program. Record the results in a RACI (responsible, accountable, consulted, informed) chart such as the example below.
SAM Processes and Tasks | CIO | CFO | SAM Manager | IT Director | Service Management Team | IT Ops | Security | Finance | Legal | Project Manager |
---|---|---|---|---|---|---|---|---|---|---|
Policies/Governance | A | C | R | R | I | I | C | I | R | I |
Strategy | A | C | R | R | I | I | I | I | C | |
Risk Management/Asset Security | A | C | R | R | C | R | C | C | C | |
Data Entry/Quality | I | I | A | R | R | |||||
Compliance Auditing | R | C | A | R | I | I | I | I | ||
Education & Training | R | I | A | C | I | I | ||||
Contract Lifecycle Management | R | R | A | R | C | C | C | C | R | C |
Workflows | R | C | A | R | I | I | I | R | I | C/I |
Budgeting | R | R | R | A | C | R | ||||
Software Acquisition | R | I | A | R | I | C | R | C | C | |
Controls/Reporting | R | I | A | R | I | I | C | I | ||
Optimize License Harvesting | I | I | A | R | I | C | C |
Trying to achieve goals without metrics is like trying to cook without measuring your ingredients. You might succeed, but you’ll have no idea how to replicate it.
The metrics you track depend on your maturity level. As your organization shifts in maturity, the metrics you prioritize for tracking will shift to reflect that change. Example:
Metric category | Low maturity metric | High maturity metric |
---|---|---|
Compliance | % of software installed that is unauthorized | % of vendors in effective licensing position (ELP) report |
Quantity | % of licenses documented in ITAM tool | % of requests made through unauthorized channels |
CSF = Goal, or what success looks like
KPI = How achievement of goal will be defined
Metric = Numerical measure to determine if KPI has been achieved
CSF/Goal | KPI | Metrics |
---|---|---|
Improve accuracy of software budget and forecasting |
|
|
Avoid over purchasing software licenses and optimize use of existing licenses |
|
|
Improve accuracy of data |
|
|
Improved service delivery |
|
|
1.2.2 Brainstorm metrics and KPIs
Participants: CIO, IT Director, SAM Manager, SAM Team
Document: Document in the Standard Operating Procedures.
Use the table below as an example.
Goal/CSF | KPI | Metric |
---|---|---|
Improve license visibility | Increase accuracy and completeness of SAM data |
|
Reduce software costs | Reduce number of unused software licenses by 20% |
|
Reduce shadow IT | Reduce number of unauthorized software purchases and installations by 10% |
|
Asset managers require data to manage how licenses are distributed throughout the organization. Are there multiple versions of the same application deployed? What proportion of licenses deployed are assigned to employees who are no longer at the organization? What are the usage patterns for applications?
Service desk technicians need real-time data on licenses currently available to deploy to machines that need to be imaged/updated, otherwise there is a risk of breaching a vendor agreement.
Business managers and executives need reports to make strategic decisions. The reports created for business stakeholders need to help them align business projects or business processes with SAM metrics. To determine which reports will provide the most value, start by looking at business goals and determining the tactical data that will help inform and support these goals and their progress.
1.2.3 Identify reports and metrics to track regularly
Participants: CIO, IT Director, SAM Manager, SAM Team
Document: Document in the Standard Operating Procedures.
Example:
Stakeholder | Purpose | Report | Frequency |
---|---|---|---|
Asset Manager |
|
Operational budget spent to date | Monthly |
Capital budget spent to date | Monthly | ||
Contracts coming due for renewal | Quarterly | ||
Software harvested for redeployment | Quarterly | ||
Number of single applications being managed | Annually | ||
CFO |
|
Software purchased, operational & capital | Monthly |
Software accrued for future purchases | Monthly | ||
Contracts coming due for renewal
|
Quarterly | ||
CIO |
|
Software deployments and redeployments | Monthly |
Software rollouts planned | Quarterly | ||
% of applications patched | Quarterly | ||
Money saved | Annually | ||
Number of contracts & apps managed | Quarterly |
Phase 1: Assess & Plan | This step will walk you through the following activities: | This step involves the following participants: | |
1.1 | Assess current state |
|
|
1.2 | Build team and define metrics | ||
1.3 | Plan & budget |
Many infrastructure managers and business managers are unaware of how software licensing can impact projects. For example, changes in core infrastructure configuration can have big impacts from a software licensing perspective.
1.3.1 Identify functions for centralization
Participants: CIO, IT Director, SAM Manager, SAM Team
Document: Document in the Standard Operating Procedures.
Example:
Centralized Functions
|
Decentralized functions
|
After employee salaries (38%), the four next largest spend buckets have historically been infrastructure related. Adding salaries and external services, the average annual infrastructure and operations spend is over 50% of all IT spend.
The largest portion of that spend is on software license and maintenance. As of 2016, software accounted for the roughly the same budget total as voice communications, data communications, and hardware combined. Managing software contracts is a crucial part of any mature budgeting process.
A sophisticated software asset management program will be able to uncover hidden costs, identify opportunities for rationalization, save money through reharvesting unused licenses, and improve forecasting of software usage to help control IT spending.
While some asset managers may not have experience managing budgets, there are several advantages to the ITAM function owning the budget:
Finance needs to be involved. Their questions may cover:
The SAM Budget Workbook is designed to assist in developing and justifying the budget for software assets for the upcoming year.
|
1.1.3 |
Determine the maturity of your SAM program
Using the SAM Maturity Assessment Tool, fill out a series of questions in a survey to assess the maturity of your current SAM program. The survey assesses seven categories that will allow you to align your strategy to your results. |
|
1.2.3 |
Define SAM reports to track metrics
Identify key stakeholders with reporting needs, metrics to track to fulfill reporting requirements, and a frequency for producing reports. |
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Step 1.1: Assess current state | Step 1.2: Build team and define metrics | Step 1.3: Plan and budget |
Start with an analyst kick-off call:
|
Review findings with analyst:
|
Review findings with analyst:
|
Then complete these activities…
|
Then complete these activities…
|
Then complete these activities…
|
With these tools & templates:
|
With these tools & templates:
|
With these tools & templates:
|
Visa formed a SAM team in 2011 to combat costly software audits.
The team’s first task was to use the available SAM data and reconcile licenses deployed throughout the organization.
Organizations as large as Visa constantly run into issues where they are grossly over or under licensed, causing huge financial risk.
Data collection and analysis were used as part of the license rationalization process. Using a variety of tools combined with a strong team allowed Visa to perform the necessary steps to gather license data and analyze usage.
One of the key exercises was uniting procurement and deployment data and the teams responsible for each.
End-to-end visibility allowed the data to be uniform. As a result, better decisions about license rationalization can be made.
By improving its measurement of SAM data, Visa was able to dedicate more time to analyze and reconcile its licenses. This led to improved license management and negotiations that reflected actual usage.
By improving license usage through rationalization, Visa reduced the cost of supporting additional titles.
The SAM team also performed license reclamation to harvest and redistribute licenses to further improve usage. The team’s final task was to optimize audit responses.
Phase 2: Procure, Receive & Deploy | This step will walk you through the following activities: | This step involves the following participants: | |
2.1 | Request & Procure |
|
|
2.2 | Receive & Deploy |
Procurement and SAM must collaborate on software purchases to ensure software purchases meet business requirements and take into account all data on existing software and licenses to optimize the purchase and contract. Failure to work together can lead to unnecessary software purchases, overspending on purchases, and undesirable contract terms.
SAM managers must collaborate with Procurement when purchasing software.
SAM managers should:
|
Procurement must commit to be involved in the asset management process.
Procurement should:
|
Centralized negotiation and purchasing of software can ensure that the SAM team has visibility and control over the procurement process to help prevent overspending and uncontrolled agreements.
It may be necessary to procure some software locally if organizations have multiple locations, but try to centrally procure and manage the biggest contracts from vendors that are likely to audit the organization. Even with a decentralized model, ensure all teams communicate and that contracts remain visible centrally even if managed locally.
One of the major challenges involved in implementing SAM is uniting multiple datasets and data sources across the enterprise. A conversation with each major business unit will help with the creation of software procurement standards that are acceptable to all.
2.1.1 Identify central standard enterprise offerings
Participants: CIO, IT Director, SAM Manager, SAM Team
Document: Document in the Standard Operating Procedures.
Standard enterprise offerings
|
Localized or non-standard software |
The more prestigious the asset tier, the higher the degree of data capture, support, and maintenance required.
E.g. An enterprise application that needs to be available 24/7, such as a learning management system, should be classified as a gold tier to ensure it has 24/7 support.
2.1.2 Identify standard software images for your organization
Participants: Asset Manager, Purchasing, Service Desk Manager, Operations (optional)
Document: Document in the Standard Operating Procedures.
Not everyone is ready to embrace the cloud for all solutions; make sure to align cloud strategy to business requirements. Work closely with IT executives to determine appropriate contract terms, licensing options, and tracking processes.
Vendors make changes to bundles and online services terms on a regular basis. Ensure you document your agreed upon terms to save your required functionality as vendor standard offerings change.
Download the Own the Cloud: Strategy and Action Plan blueprint for more guidance
Licensed | Open Source | Shareware | |
---|---|---|---|
License Structure | A software supplier is paid for the permission to use their software. | The software is provided free of charge, but is still licensed. | The software is provided free of charge, but is still licensed. Usage may be on a trial basis, with full usage granted after purchase. |
Source Code | The source code is still owned by the supplier. | Source code is provided, allowing users to change and share the software to suit their needs. | Source code is property of the original developer/supplier. |
Technical Support | Technical support is included in the price of the contract. | Technical support may be provided, often in a community-based format from other developers of the open-source software in question. | Support may be limited during trial of software, but upgraded once a purchase is made. |
Open-source software should be managed in the same manner as commercial software to understand licensing requirements and be aware of any changes to these agreements, such as commercialization of such products, as well as any rules surrounding source code.
2.1.3 Define procurement policy
Participants: Asset Manager, Purchasing, Service Desk Manager, Operations (optional)
Document: Document in the Standard Operating Procedures.
Define and document policies that will apply to IT software purchases, including policies around:
Use the example below as guidance and document in the SOP.
2.1.4 Identify financial thresholds for approvals and requests
Participants: Asset Manager, Purchasing, CIO, CFO, IT Director
Document: Document in the Standard Operating Procedures.
Identify and classify financial thresholds for contracts requiring approval. For each category of contract value, identify who needs to authorize the request. Discuss and document any other approvals necessary. An example is provided below.
Example:
Requests for authorization will need to be directed based on the following financial thresholds:
Contract value | Authorization |
---|---|
<$50,000 | IT Director |
$50,000 to $250,000 | CIO |
$250,000 to $500,000 | CIO and CFO |
>$500,000 | Legal review |
A poorly defined software procurement workflow can result in overspending on unnecessary software licensing throughout the year. This can impact budgeting and any potential software refreshes, as businesses will often rely on purchasing what they can afford, not what they need.
The procurement workflow may involve the Service Desk, procurement team, and asset manager.
The following elements should be accounted for:
2.1.5 Build new contract procurement workflow
Participants: Asset Manager, Purchasing, Service Desk Manager, Operations (optional)
Document: Document in the Standard Operating Procedures.
Additionally, information regarding what licenses are being used for certain services may yield insight into potential redundancies. For example, two separate departments may have each have a different application deployed that supports the same service. This presents an opportunity for savings based on bulk licensing agreements, not to mention a simplified support environment by reducing the number of titles deployed in your environment.
Participants: IT Director/CIO, Asset Manager, Purchasing, Service Desk Manager, Operations (optional)
Document: Document in the Standard Operating Procedures.
2.1.6 Build additional procurement workflows
Participants: Asset Manager, Purchasing, Service Desk Manager, Operations (optional)
Document: Document in the Standard Operating Procedures.
Build procurement workflows and define policies and procedures for additional purchasing scenarios beyond new contracts.
This may include:
Use the sample workflows in the Standard Operating Procedures as a guide.
Contract negotiations too often come down to a question of price. While you want to avoid overpaying for licenses, a worse offense is getting a steep discount for a bundle of applications where the majority will go unused.
Vendors will try to sell a full stack of software at a steep discount to give the illusion of value. Often organizations bite off more than they can chew. | → | When auditors come knocking, the business may be in compliance, but being over-licensed is a dangerous state to be in. | → | Organizations end up over-licensed and in possession of numerous “shelfware” apps that sit on the proverbial shelf collecting dust while drawing expensive maintenance and licensing fees from the business. |
Leverage Info-Tech’s research, Master Contract Review and Negotiation for Software Agreements, to review your software contracts to leverage your unique position during negotiations and find substantial cost savings.
Phase 2: Procure, Receive & Deploy | This step will walk you through the following activities: | This step involves the following participants: | |
2.1 | Request & Procure |
|
|
2.2 | Receive & Deploy |
While most software will be received through email and download, in some cases physical software may be received through courier or mail. Ensure processes and procedures are defined for both cases.
All licenses, documentation, and digital media for authorized and supported software should be collected and stored in a central, secure location to minimize risk of theft, loss, or unauthorized installation or duplication of software.
The ITAM database should contain an up-to-date record of all software assets, including their associated:
The database allows you to view software that is installed and associated licenses.
A definitive media library (DML) is a single logical storage area, which may consist of one or more locations in which definitive authorized versions of all software configuration items are securely stored and protected.
The DML consists of file storage as well as physical storage of CDs and DVDs and must be continually updated to contain the latest information about each configuration item.
The DML is used to organize content and link to automated deployment to easily install software.
The DML will usually contain the most up-to-date versions to minimize errors created by having unauthorized, old, or problematic software releases being deployed into the live IT environment. The DML can be used for both full-packed product (FPP) software and in-house developed software, providing formalized data around releases of in-house software.
Your DML should have a way to separate archived, new, and current software to allow for optimal organization of files and code, to ensure the correct software is installed, and to prepare for automated deployment through the service catalog.
New software hasn’t been tested yet. Make it available for testing, but not widely available.
Keep a record for archived software, but do not make it available for install.
Current software is regularly used and should be available for install.
2.2.1 Identify software storage locations
Participants: Asset Manager, IT Director
Document: Document in the Standard Operating Procedures.
2.2.2 Design the workflow for receiving software
Participants: Asset Manager, Purchasing, Service Desk Manager, Operations (optional)
Document: Document in the Standard Operating Procedures.
Releases: A collection of authorized changes to an IT service. Releases are divided into:
Define the process for deploying software to users.
Include the following in your workflow:
Rollouts or upgrades of large quantities of software will likely be managed as projects.
These projects should include project plans, including resources, timelines, and detailed procedures.
Define the process for large-scale deployment if it will differ from the regular deployment process.
2.2.3 Document deployment workflows for desktop and large-scale deployment
Participants: Asset Manager, Service Desk Manager, Release & Deployment Manager
Document: Document in the Standard Operating Procedures.
Software should be approved and deployed based on approved standards to minimize over-deployed software and manage costs appropriately. A list of standard software improves the efficiency of the software approval process.
Additionally, create a list of unauthorized software including titles not to be installed under any circumstances. This list should be designed with feedback from your end users and technical support staff. Front-line knowledge is crucial to identifying which titles are causing major problems.
2.2.4 Determine software categories for deployment
Participants: IT Director, Asset Manager, Purchasing (optional), Service Desk Manager (optional), Release & Deployment Manager (optional)
Document: Document in the Standard Operating Procedures.
Category | Definition | Software titles |
---|---|---|
Pre-approved/standard |
|
|
Approved by role |
|
|
Unapproved/requires review |
|
|
Unauthorized |
|
|
Software requiring review will need to be managed on a case-by-case basis, with approval dependent on software evaluation and business need.
The evaluation and approval process may require input from several parties, including business analysts, Security, technical team, Finance, Procurement, and the manager of the requestor’s department.
2.2.5 Document process for non-standard software requests
Participants: Asset Manager, Service Desk Manager, Release & Deployment Manager
Document: Document in the Standard Operating Procedures.
Define the review and approval process for non-standard software requests.
Use the workflow on the previous slide as a guide to map your own workflow process and document the steps in the Standard Operating Procedures.
The following assessments may need to be included in the process:
BMW is a large German automotive manufacturer that employs over 100,000 people. It has over 7,000 software products deployed across 106,000 clients and servers in over 150 countries.
When the global recession hit in 2008, the threat of costly audits increased, so BMW decided to boost its SAM program to cut licensing costs. It sought to centralize inventory data from operations across the globe.
A new SAM office was established in 2009 in Germany. The SAM team at BMW began by processing all the accumulated license and installation data from operations in Germany, Austria, and the UK. Within six months, the team had full visibility of all licenses and software assets.
Compliance was also a priority. The team successfully identified where they could make substantial reductions in support and maintenance costs as well as remove surplus costs associated with duplicate licensing.
BMW overcame a massive data centralization project to achieve 100% visibility of its global licensing estate, an incredible achievement given the scope of the operation.
BMW experienced efficiency gains due to transparency and centralized management of licenses through the new SAM office.
Additionally, internal investment in training and technical knowledge has helped BMW continuously improve the program. This has resulted in ongoing cost reductions for the manufacturer.
|
2.1.5 |
Build software procurement workflow for new contracts
Use the sample workflow to document your own process for procurement of new software contracts. |
|
2.2.4 |
Create a list of pre-approved, approved, and unapproved software titles
Build definitions of software categories to inform software standards and brainstorm examples of each category. |
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Step 2.1: Request and procure | Step 2.2: Receive and deploy |
Start with an analyst kick-off call:
| Review findings with analyst:
|
Then complete these activities…
| Then complete these activities…
|
With these tools & templates:
| With these tools & templates:
|
Phase 3: Manage, Redeploy & Retire | This step will walk you through the following activities: | This step involves the following participants: | |
3.1 | Manage & Maintain Software |
|
|
3.2 | Harvest, Redeploy, or Retire |
Many organizations fail to track their software inventory effectively; the focus often remains on hardware due to its more tangible nature. However, annual software purchases often account for a higher IT spend than annual hardware purchases, so it’s important to track both.
Have and maintain a list of supported software to guide what new software will be approved for purchase and what current software should be retained on the desktops, servers, and other processing devices.
A baseline inventory tells you exactly what software you have deployed and where it is being used. This can help to determine how to best optimize software and license usage.
A software inventory will allow you to:
Take preventive action to avoid unauthorized software usage through regular software inventory and license management:
3.1.1 Define process for regular software inventory
Participants: IT Director, Asset Manager
Document: Document in the Standard Operating Procedures.
While maintenance efforts are typically focused around hardware, software maintenance – including upgrades and patches – must be built into the software asset management process to ensure software remains compliant with security and regulatory requirements.
The integration between patch management and asset management is incredibly valuable from a technology point of view. IT asset management (ITAM) tools create reports on the characteristics of deployed software. By combining these reports with a generalized software updater, you can automate most simple patches to save your team’s efforts for more-critical incidents. Usage reports can also help determine which applications should be reviewed and removed from the environment.
3.1.2 Define software maintenance and patching policies
Participants: IT Director, Asset Manager, Release Manager (optional), Security (optional)
Document: Document in the Standard Operating Procedures.
Review the software maintenance guidelines in this section and in the SOP template. Discuss each policy and revise and document in accordance with your policies.
Discuss and document patch management policies:
The patch management policy helps to ensure company computers are properly patched with the latest appropriate updates to reduce system vulnerability and to enhance repair application functionality. The policy aids in establishing procedures for the identification of vulnerabilities and potential areas of functionality enhancements, as well as the safe and timely installation of patches. The patch management policy is key to identifying and mitigating any system vulnerabilities and establishing standard patch management practices.
Use Info-Tech’s Patch Management Policy template to get started.
Phase 3: Manage, Redeploy & Retire | This step will walk you through the following activities: | This step involves the following participants: | |
3.1 | Manage & Maintain Software |
|
|
3.2 | Harvest, Redeploy, or Retire |
Unused software licenses are present in nearly every organization and result in wasted resources and software spend. Recycling and reharvesting licenses is a critical process within software asset management to save your organization money.
When computers are no longer in use and retired, the software licenses installed on the machines may be able to be reused.
License recycling involves reusing these licenses on machines that are still in use or for new employees.
License harvesting involves more actively identifying machines with licenses that are either not in use or under utilized, and recovering them to be used elsewhere, thus reducing overall software spend on new licenses.
Know the stipulations of your end-user license agreement (EULA) before harvesting and reallocating licenses. There may be restrictions on how often a license can be recycled in your agreement.
Define a standard reharvest timeline. For example, every 90 days, your SAM team can perform an internal audit using your SAM tool to gather data on software usage. If a user has not used a title in that time period, your team can remove that title from that user’s machine. Depending on the terms and conditions of the contract, the license can either be retired or harvested and reallocated.
Ensure you have exception rules built in for software that’s cyclical in its usage. For example, Finance may only use tax software during tax season, so there’s no reason to lump it under the same process as other titles.
It’s important to note that in addition to this process, you will need a software usage policy that supports your license harvest process.
3.2.1 Build license harvest and reallocation workflow
Participants: IT Director, Asset Manager, Service Desk Manager
Document: Document in the Standard Operating Procedures.
“Time and time again, I keep hearing stories from schools on how IT budgets are constantly being squeezed, but when I dig a little deeper, little or no effort is being made on accounting for software that might be on the kit we are taking away.” (Phil Goldsmith, Managing Director – ScrumpyMacs)
3.2.2 Document process for software retirement
Participants: IT Director, Asset Manager, Operations
Document: Document in the Standard Operating Procedures.
|
3.1.2 |
Define policies for software maintenance and patches
Discuss best practices and define policies for conducting regular software maintenance and patching. |
|
3.2.1 |
Map your software license harvest and reallocation process
Build a process workflow for harvesting and reallocating unused software licenses. |
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Step 3.1: Manage and maintain software | Step 3.2: Harvest, redeploy, or retire |
Start with an analyst kick-off call:
| Review findings with analyst:
|
Then complete these activities…
| Then complete these activities…
|
With these tools & templates:
| With these tools & templates:
|
The overarching goal of any SAM program is compliance to prevent costly audit fines. The SAM team at Visa was made up of many individuals who were former auditors.
To deal with audit requests from vendors, “understand how auditors do things and understand their approach,” states Joe Birdsong, SAM Director at Visa.
Vendors are always on the lookout for telltale signs of a lucrative audit. For Visa, the key was to understand these processes and learn how to prepare for them.
Vendors typically look for the following when evaluating an organization for audit:
Ultimately, an audit is an attack on the relationship between the vendor and organization. According to Birdsong: “Maybe they haven’t really touched base with your teams and had good contact and relationship with them, and they don’t really know what’s going on in your enterprise.”
By understanding the motivations behind potential audits, Visa was able to form a strategy to increase transparency with the vendor.
Regular data collection, almost real-time reporting, and open, quick communication with the vendor surrounding audits made Visa a low-risk client for vendors.
Buy-in from management is also important, and the creation of an official SAM strategy helps maintain support. Thanks to its proactive SAM program, Visa saved $200 million in just three years.
Phase 4: Build supporting processes & tools | This step will walk you through the following activities: | This step involves the following participants: | |
4.1 | Compliance & audits |
|
|
4.2 | Communicate & build roadmap |
By improving your software asset management program’s maturity, you will drive savings for the business that go beyond the negotiating table.
Recognize the classic signs of each stage of audit response maturity to identify where your organization currently stands and where it can go.
Being prepared for an audit is critical. Internal preparation will not only help your organization reduce the risk associated with an audit but will also improve daily operations through focusing on diligent documentation and data collection.
Conducting routine internal audits will help prepare your organization for the real deal and may even prevent the audit from happening altogether. Hundreds of thousands of dollars can be saved through a proactive audit strategy with routine documentation in place.
“You want to get [the] environment to a level where you’re comfortable sharing information with [a] vendor. Inviting them in to have a chat and exposing numbers means there’s no relationship there where they’re coming to audit you. They only come to audit you when they know there’s a gain to be had, otherwise what’s the point of auditing?
I want customers to get comfortable with licensing and what they’re spending, and then there’s no problem exposing that to vendors. Vendors actually appreciate that.” (Ben Brand, SAM Practice Manager, Insight)
“The supreme art of war is to subdue the enemy without fighting.” – Sun Tzu
Performing routine checks on your license compliance will drastically reduce the risk that your organization gets hit with a costly fine. Maintaining transparency and demonstrating compliance will fend off audit-hungry vendors.
4.1.1 Document process and procedures for internal audits
Participants: CIO and/or IT Director, Asset Manager, IT Managers
Document: Document in the Standard Operating Procedures.
Define and document a process for conducting internal software audits.
Include the following:
Example:
Being prepared for an audit is critical. Internal preparation will not only help your organization reduce the risk associated with an audit but will also improve daily operations through focusing on diligent documentation and data collection.
Certain triggers exist that indicate a higher risk of an audit occurring. It is important to recognize these warning signs so you can prepare accordingly.
Health of organization
If your organization is putting out fires and a vendor can sense it, they’ll see an audit as a highly lucrative exercise.
Decrease in customer spend
A decrease in spend means that an organization has a high chance of being under-licensed.
License complexity
The more complex the license, the harder it is to remain in compliance. Some vendors are infamous for their complex licensing agreements.
Taking these due diligence steps will pay dividends downstream, reducing the risk of negative results such as release of confidential information.
Even if you cannot get a third-party NDA signed, the negotiation process should delay the overall audit process by at least a month, buying your organization valuable time to gather license data.
4.1.2 Define external audit process
Participants: CIO and/or IT Director, Asset Manager, IT Managers
Document: Document in the Standard Operating Procedures.
Define and document a process for responding to external software audit requests.
Include the following:
Use the Software Audit Scoping Email Template to create an email directed at your external (or internal) auditors. Send the audit scoping email several weeks before an audit to determine the audit’s scope and objectives. The email should include:
The email will help focus your preparation efforts and initiate your relationship with the auditors.
Approximately a week before the audit, you should email the internal leadership to communicate information about the start of the audit. Use the Software Audit Launch Email Template to create this email, including:
For more guidance on preparing for a software audit, see Info-Tech’s blueprint: Prepare and Defend Against a Software Audit.
A large American financial institution with 1,300 banking centers in 12 states, 28,000 end users, and 108,000 assets needed to improve its asset management program.
The bank had employed numerous ITAM tools, but IT staff identified that its asset data was still fragmented. There was still incomplete insight into what assets the banked owned, the precise value of those assets, their location, and what they’re being used for.
The bank decided to establish an asset management program that involved internal audits to gather more-complete data sets.
With the help of a vendor, the bank implemented cradle-to-grave asset tracking and lifecycle management, which provided discovery of almost $80 million in assets.
The bank also assembled an ITAM team and a dedicated ITAM manager to ensure that routine internal audits were performed.
The team was instrumental in establishing standardization of IT policies, hardware configuration, and service requirements.
Phase 4: Build supporting processes & tools | This step will walk you through the following activities: | This step involves the following participants: | |
4.1 | Compliance & audits |
|
|
4.2 | Communicate & build roadmap |
Communication is crucial to the integration and overall implementation of your SAM program. If staff and users do not understand the purpose of processes and policies, they will fail to provide the desired value.
An effective communication plan will:
Why:
|
When:
|
Participants: CIO, IT Director, Asset Manager, Service Desk Manager
Document: Document in the SAM Communication Plan.
Group | Benefits | Impact | Method | Timeline |
---|---|---|---|---|
Executives |
|
|
||
End Users |
|
|
||
IT |
|
|
Document: Document FAQ questions and answers in the SAM FAQ Template.
ITAM imposes changes to end users throughout the business and it’s normal to expect questions about the new program. Prepare your team ahead of time by creating a list of FAQs.
Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but be sure to modify and adapt policies to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation and involvement from the committees and departments to whom it will pertain.
Use Info-Tech’s Software Asset Management Policy template to define and document the purpose, scope, objectives, and roles and responsibilities for your organization's software asset management program.
The template allows you to customize policy requirements for:
…as well as consequences for non-compliance.
Asset Security Policy
End-User Devices Acceptable Use Policy
Purchasing Policy
Release Management Policy
Internet Acceptable Use Policy
|
One of the most difficult decisions to make when implementing a SAM program is: “where do we start?”
It’s not necessary to deploy a comprehensive SAM program to start. Build on the essentials to become more mature as you grow.
To integrate SAM effectively, a clear implementation roadmap needs to be designed. Prioritize “quick wins” to demonstrate success to the business early and to gain buy-in from your team. Short-term gains should be designed to support long-term goals of your SAM program.
Q1 | Q2 | Q3 | Q4 |
|
|
|
|
Advertising the increased revenue that is gained from good SAM practices is a powerful way to gain project buy-in.
Reflect on the outcomes of implementing SAM to target areas for improvement and share knowledge gained within and beyond the SAM team. Some questions to consider include:
|
4.2.1 |
Develop a communication plan to convey the right messages
Identify stakeholders requiring communication and formulate a message and delivery method for each. |
|
4.2.5 |
Develop a SAM roadmap to plan your implementation
Outline the tasks necessary for the implementation of this project and prioritize to build a project roadmap. |
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Step 4.1: Compliance & audits | Step 4.2: Communicate & build roadmap |
Start with an analyst kick-off call:
|
Review findings with analyst:
|
Then complete these activities…
|
Then complete these activities…
|
With these tools & templates:
|
With these tools & templates:
|
2013 Software Audit Industry Report.” Express Metrix, 2013. Web.
7 Vital Trends Disrupting Today’s Workplace: Results and Data from 2013 TINYpulse Employee Engagement Survey.” TINYpulse, 2013. Web.
Beaupoil, Christof. “How to measure data quality and protect against software audits.” Network World, 6 June 2011.
Begg, Daniel. “Effective Licence Position (ELP) – What is it really worth?” LinkedIn, 19 January 2016.
Boehler, Bernhard. “Advanced License Optimization: Go Beyond Compliance for Maximum Cost Savings.” The ITAM Review, 24 November 2014.
Bruce, Warren. “SAM Baseline – process & best practice.” Microsoft. 2013 Australia Partner Conference.
Case Study Top 20 U.S. Bank Tackles Asset Management.” Pomeroy, 2012. Web.
Cherwell Software Software Audit Industry Report.” Cherwell Software, 2015. Web.
Conrad, Sandi. “SAM starter kit: everything you need to get started with software asset management. Conrad & Associates, 2010.
Corstens, Jan, and Diederik Van der Sijpe. “Contract risk & compliance software asset management (SAM).” Deloitte, 2012.
Deas, A., T. Markowitzm and E. Black. “Software asset management: high risk, high reward.” Deloitte, 2014.
Doig, Chris. “Why you should always estimate ROI before buying enterprise software” CIO, 13 August 2015.
Fried, Chuck. “America Needs An Education On Software Asset Management (SAM).” LinkedIn. 16 June 2015.
Lyons, Gwen. “Understanding the Drivers Behind Application Rationalization Critical to Success.” Flexera Software Blog, 31 October 2012.
Metrics to Measure SAM Success: eight ways to prove your SAM program is delivering business benefits.” Snow Software White Paper, 2015.
Microsoft. “The SAM Optimization Model.” Microsoft Corporation White Paper, 2010.
Miller, D. and M. Oliver. “Engaging Stakeholders for Project Success.” Project Management Institute White Paper, 2015.
Morrison, Dan. “5 Common Misconceptions of Software Asset Management.” SoftwareOne. 12 May 2015.
O’Neill, Leslie T. “Visa Case Study: SAM in the 21st Century.” International Business Software Managers Association (IBSMA), 30 July 2014.
Reducing Hidden Operating Costs Through IT Asset Discovery.” NetSupport Inc., 2011.
SAM Summit 2014, 23-25 June 2014, University of Chicago Gleacher Center Conference Facilities, Chicago, MI.
Saxby, Heather. “20 Things Every CIO Needs to Know about Software Asset Management.” Crayon Software Experts, 13 May 2015.
The 2016 State of IT: Managing the money monsters for the coming year.” Spiceworks, 2016.
The Hidden Cost of Unused Software.” A 1E Report, 1E.com: 2014. Web.
What does it take to achieve software license optimization?” Flexera White Paper, 2013.
Michael Dean
Director, User Support Services Des Moines University |
Simon Leuty
Co-Founder Livingstone Tech |
||
Clare Walsh
PR Consultant Adesso Tech Ltd. |
Alex Monaghan
Director, Presales EMEA Product Support Solutions |
Ben Brand
SAM Practice Manager Insight |
Michael Swanson
President ISAM |
||
Bruce Aboudara
SVP, Marketing & Business Development Scalable Software |
Will Degener
Senior Solutions Consultant Scalable Software |
Peter Gregorowicz
Associate Director, Network & Client Services Vancouver Community College |
Peter Schnitzler
Operations Team Lead Toyota Canada |
||
David Maughan
Head of Service Transition Mott MacDonald Ltd. |
Brian Bernard
Infrastructure & Operations Manager Lee County Clerk of Court |
Leticia Sobrado
IT Data Governance & Compliance Manager Intercept Pharmaceuticals |
The challenge
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Our concise executive brief shows you why you should develop a sound business continuity practice in your company. We'll show you our methodology and the ways we can help you in completing this.
Choose a medium-sized department and build a team. Identify that department's processes, dependencies, and alternatives.
Define an objective impact scoring scale for your company. Have the business estimate the impact of downtime and set your recovery targets.
The need for clarity is critical. In times when you need the plans, people will be under much higher stress. Build the workflow for the steps necessary to rebuild. Identify gaps and brainstorm on how to close them. Prioritize solutions that mitigate the remaining risks.
Present the results of the pilot and propose the next steps. Assign BCM teams or people within each department. Update and maintain the overall BCMS documentation.
These can help with the creation of your BCP.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Follow the seven steps outlined in this blueprint to design a VIP support model that best suits your organization, then communicate and evaluate the service to ensure it delivers results.
This template is designed to assist with documenting your service desk procedures for handling VIP or executive tickets. It can be adapted and customized to reflect your specific support model and procedures.
This Visio template provides an example of a VIP support process, with every step involved in resolving or fulfilling VIP service desk tickets. Use this as an example to follow and a template to document your own process.
This template can be customized to use as an executive presentation to communicate and market the service to VIP users and ensure everyone is on the same page.
Research Director,
Infrastructure & Operations
Info-Tech Research Group
In a perfect world, executives wouldn’t need any special treatment because the service desk could rapidly resolve every ticket, regardless of the submitter, keeping satisfaction levels high across the board.
But we know that’s not the case for most organizations. Executives and VIPs demand higher levels of service because the reality in most companies is that their time is worth more. And any IT leader who’s had a VIP complain about their service knows that their voice also carries more weight than that of a regular dissatisfied user.
That said, most service desks feel strapped for resources and don’t know how to improve service for VIPs without sacrificing service to the rest of the organization.
The key is to stop being reactive to VIP demands and formalize your VIP service procedures so that you can properly set expectations for the service, monitor and measure it, and continually evaluate it to make changes if necessary.
A VIP offering doesn’t have to mean a white glove concierge service, either – it could simply mean prioritizing VIP tickets differently. How do you decide which level of service to offer? Start by assessing your specific needs based on demand, gather requirements from relevant stakeholders, choose the right approach to fit your business needs and capabilities, clearly define and document all aspects of the service then communicate it so that everyone is on the same page as to what is in and out of scope, and continually monitor and evaluate the service to make changes and improvements as needed.
Your Challenge
|
Common Obstacles
|
Info-Tech's Approach
|
The reality for most organizations is that VIPs need special treatment. But providing VIP service shouldn’t come at the expense of good service delivery for the rest of the organization. To be successful with your approach, formalize the VIP offering to bring consistency and clear expectations for both users and the IT staff delivering the service.
Providing VIP support helped this company grow |
Allocating a dedicated VIP technician slowed down service delivery for this company |
|
Situation |
A SaaS company looking to build and scale its services and customers decided to set up a VIP support program, which involved giving their most valuable customers white glove treatment to ensure they had a great experience, became long-term customers, and thus had a positive influence on others to build up the company’s customer base. | VIPs were receiving executive-level support with a dedicated person for VIP tickets. The VIPs were happy with the service, but the VIP technician’s regular work was frequently impeded by having to spend most of her time doing white glove activities. The service desk found that in some cases, more critical work was slipping as a result of prioritizing all executive tickets. |
Resolution |
First, they defined who would receive VIP support, then they clearly defined the service, including what VIP support
includes, who gets the service, and what their SLAs for service are. They found that the program was an effective way to
focus their limited resources on the customers with the highest value potential to increase sales. While this model differs from an IT service desk VIP support program, the principles of dedicating resources to provide elevated support to your most important and influential customers for the benefit and growth of the company as a whole remain the same. |
The service desk decided to remove the VIP function. They demonstrated that the cost per contact was too high for dedicated executive support, and reallocating that dedicated technician to the service desk would improve the resolution time of all business incidents and requests. VIPs could still receive prioritized support through the escalation process, but they would contact the regular service desk with their issues. VIPs approved the change, and as a result of removing the dedicated support function, the service desk reduced average incident resolution times by 28% and request fulfillment times by 33%. |
Service Desk VIP Procedures TemplateUse this template to assist with documenting your service desk procedures for handling VIP or executive tickets. |
VIP Support Process Workflow ExampleUse this Visio template to document your process for resolving or fulfilling VIP tickets, from when the ticket is submitted to when it’s closed. |
VIP Support Service Communication TemplateUse this template to customize your executive presentation to communicate and market the service to VIP users. |
The reality for most organizations is that VIPs need special treatment. But providing VIP service shouldn’t be at the expense of good service delivery for the rest of the organization. To be successful with your approach, formalize the VIP offering to bring consistency and clear expectations for both users and the IT staff delivering the service.
Insight 1 |
VIP service doesn’t have to mean concierge service. There are different levels and models of VIP support that range in cost and level of service provided. Carefully evaluate your needs and capacity to choose the approach that works best for your organization. |
Insight 2 |
This service is for your most valued users, so design it right from the start to ensure their satisfaction. Involve stakeholders from the beginning, incorporate their feedback and requirements, keep them well-informed about the service, and continually collect and act on feedback to deliver the intended value. |
Insight 3 |
Intentional, continual monitoring and measurement of the program must be part of your strategy. If your metrics or feedback show that something isn’t working, fix it. If you find that the perceived value isn’t worth the high cost of the program, make changes. Even if everything seems to be working fine, identify ways to improve it or make it more efficient. |
Step overview:
VIP support from the service desk usually refers to an elevated level of service (i.e. faster, after-hours, off-site, and/or with more experienced resources) that is provided to those at the executive level of the organization.
A VIP typically includes executives across the business (e.g. CIO, CEO, CxO, VPs) and sometimes the executive assistants who work directly with them. However, it can also include non-executive-level but critical business roles in some organizations.
The level of VIP service provided can differ from receiving prioritization in the queue to having a dedicated, full-time technician providing “white glove” service.
You don’t have to use the term “VIP”, as long as you clearly define the terms you are using. Some organizations use the term “VIR” to refer to very important roles rather than people, and some define “critical users” to reflect who should receive prioritized service, for example.
VIP tickets are prioritized in the same way as every other ticket – with an assessment by impact and urgency. This allows every ticket to be prioritized appropriately according to how big the impact of the issue is and how quickly it needs to be resolved – regardless of who the submitter is. This means that VIPs with very urgent issues will still receive immediate support, as would a non-VIP user with a critical issue.
Don’t design a VIP service solely out of fear that VIPs will be unhappy with the standard level of support the service desk provides. In some cases, it is better to focus your efforts on improving your standard support for everyone rather than only for a small percentage of users, especially if providing that elevated VIP support would further deteriorate service levels for the rest of the organization.
If you’re already informally bumping VIP tickets up the queue, this may be the most appropriate model for you. Bring formalization to your process by clearly defining exactly where VIP tickets fit in your prioritization matrix to ensure they are handled consistently and that VIPs are aware of the process.
This type of model is essential in many large enterprises where the success of the company can depend on VIPs having access to dedicated support to minimize downtime as much as possible. However, it also requires the highest level of planning and dedication to get right. Without carefully documented processes and procedures and highly trained staff to support the model, it will fail to deliver the expected benefits.
Step overview:
Analyze your ticket data and reports to understand how well you’re currently meeting SLAs, your average response and resolution times, and the volume and type of requests you get from VIPs in order to understand the need for changing your current model. If you don’t have the ticket data to inform your assessment, leverage Info-Tech’s Service Desk Ticket Analysis Tool.
Use this tool to identify trends and patterns in your ticket data. The ticket summary dashboard contains multiple reports analyzing how tickets come in, who requests them, who resolves them, and how long it takes to resolve them.
If you need help understanding how well your current staff is able to handle your current ticket volume, leverage Info-Tech’s Service Desk Staffing Calculator to analyze demand and ticket volume trends. While not specifically designed to analyze VIP tickets, you could run the assessment separately for VIP volume if you have that data available.
Use this tool to help you estimate the optimal resource allocation to support your demand over time.
Follow your organization’s requirements gathering process to identify and prioritize stakeholders, conduct stakeholder interviews, and identify, track, and prioritize their requirements and expectations for service delivery.
If your organization does not have a defined requirements gathering process or template, leverage Info-Tech tools and templates:
The Improve Requirements Gathering blueprint can be adapted from software requirements gathering to service desk.
The PMO Requirements Gathering Tool can be adapted from interviewing stakeholders on their PMO requirements to service desk requirements.
Don’t guess at what your VIPs need or want – ask them and involve them in the service design. Many IT leaders sacrifice overall service quality to prioritize VIPs, thinking they expect immediate service. However, they later find out that the VIPs just assumed the service they were receiving was the standard service and many of their issues can wait.
Info-Tech's CIO Business Vision program is a low-effort, high-impact program that will give you detailed report cards on the organization’s satisfaction with IT’s core services. Use these insights to understand your key business stakeholders, find out what is important to them, and improve your interactions.
Info-Tech’s End User Satisfaction Program helps you measure end-user satisfaction and importance ratings of core IT services, IT communications, and business enablement to help you decide which IT service capabilities need to be addressed to meet the demands of the business.
Learn more about Info-Tech’s CIO Business Vision or End User Satisfaction Program .
Step overview:
The table below is a rough guide for how the results of your assessments may line up to the most appropriate model for your organization:
If you’re in the position of deciding how to improve service to VIPs, it’s unlikely that you will end up choosing the “same service” model. If your data analysis tells you that you are currently meeting every metric target for all users, this may actually indicate that you’re overstaffed at the service desk.
Step overview:
When a designated VIP user contacts the service desk with a question, incident, or service request, their ticket will be prioritized over non-VIP tickets following the prioritization matrix. This process has been designed in accordance with business needs and requirements, as defined VIP users have more urgent demands on their time and the impact of downtime is greater as it has the potential to impact the business. However, all tickets, VIP tickets included, must still be prioritized by impact and urgency. Incidents that are more critical will still be resolved before VIP tickets in accordance with the prioritization process.
VIP support is a team of dedicated field technicians available to provide an elevated level of service including deskside support for executives and designated VIP users. VIP users have the ability to contact the VIP support service through a dedicated phone number and will receive expedited ticket handling and resolution by dedicated Tier 2 specialists with experience dealing with executives and their unique needs and requirements. This process has been designed in accordance with business needs and requirements.
Use a visual workflow to document the process for resolving or fulfilling VIP tickets, from when the ticket is submitted to when it gets closed.
Your workflow should address the following:
Use the VIP Support Process Workflow Example as a template to map out your own process.
Define all aspects of the service so that every VIP request will follow the same standardized process and VIPs will have clear expectations for the service they receive. This may include:
If VIP user requests receive enhanced priority, for example, define exactly how those requests should be prioritized using your prioritization matrix. An example is found below and in the Service Desk VIP Procedures Template.
This template is designed to assist with documenting your service desk procedures for handling VIP or executive tickets. The template is not meant to cover all possible VIP support models but is an example of one support model only. It should be adapted and customized to reflect your specific support model and procedures.
Download the Service Desk VIP Procedures Template
Step overview:
If you did your due diligence, the VIP service launch won’t be a surprise to executives. However, it’s critical to
continue the engagement and communicate the details of the service well to ensure there are no misperceptions about the
service when it launches.
This step isn’t only for the launch of new services. Even if you’re enhancing or right-sizing an existing VIP service, take the opportunity to market the improvements, remind users of the correct processes, and collect feedback.
This template can be customized to use as an executive presentation to communicate and market the service to VIP users. It includes:
If you’re launching a dedicated concierge service for VIPs, highlight the exclusivity of the service in your marketing to draw users in. For example, if eligible VIPs get a separate number to call, expedited SLAs, or access to more tenured service desk experts, promote this added value of the service.
Download the VIP Support Service Communication Template
Step overview:
Targeted metrics to evaluate the success of the VIP program will be critical to understanding and demonstrating whether the service is delivering the intended value. Track key metrics to:
If your data definitively shows the VIP offering delivers enhanced service levels, publish these results to business leadership. A successful VIP service is a great accomplishment to market and build credibility for the service desk.
Download Define Service Desk Metrics that Matter and the Service Desk Metrics Workbook for help defining CSFs, KPIs, and key metrics
Step overview:
Executives are happy, resolution times are on target – now what? Even if everything seems to be working well, never stop monitoring, measuring, and evaluating the service. Not only can metrics change, but there can also always be ways to improve service.
Download Info-Tech’s Build a Continual Improvement Program blueprint to help you build a process around continual improvement, and use the Continual Improvement Register tool to help you identify and prioritize improvement initiatives.
Don’t limit your continual improvement efforts to the VIP service. Once you’ve successfully elevated the VIP service, look to how you can apply elements of that service to elevate support to the rest of the organization. For example, through providing a roaming service desk, a concierge desk, a Genius-Bar-style walk-in service, etc.
This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management to create a sustainable service desk.
This project will help you build a strategy to shift service support left to optimize your service desk operations and increase end-user satisfaction.
This project will help you build a continual improvement plan for the service desk to review key processes and services and manage the progress of improvement initiatives.
This project will help you deliver a targeted customer service training program to your IT team to enhance their customer service skills when dealing with end users, improve overall service delivery, and increase customer satisfaction.
Munger, Nate. “Why You Should Provide VIP Customer Support.” Intercom, 13 Jan. 2016. Accessed Jan. 2023.
Ogilvie, Ryan. “We Did Away With VIP Support and Got More Efficient.” HDI, 17 Sep. 2020. Accessed Jan. 2023.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Parse specific technology drivers out of the formal enterprise digital strategy.
Review and understand potential enabling applications.
Use the drivers and an understanding of enabling applications to put together an execution roadmap that will support the digital strategy.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Review and validate the formal enterprise digital strategy.
Confirmation of the goals, objectives, and direction of the organization’s digital strategy.
1.1 Review the initial digital strategy.
1.2 Determine gaps.
1.3 Refine digital strategy scope and vision.
1.4 Finalize digital strategy and validate with stakeholders.
Validated digital strategy
Enumerate relevant technology drivers from the digital strategy.
List of technology drivers to pursue based on goals articulated in the digital strategy.
2.1 Identify affected process domains.
2.2 Brainstorm impacts of digital strategy on technology enablement.
2.3 Distill critical technology drivers.
2.4 Identify KPIs for each driver.
Affected process domains (based on APQC)
Critical technology drivers for the digital strategy
Relate your digital strategy drivers to specific, actionable application areas.
Understand the interplay between the digital strategy and impacted application domains.
3.1 Build and review current application inventory for digital.
3.2 Execute fit-gap analysis between drivers and current state inventory.
3.3 Pair technology drivers to specific enabling application categories.
Current-state application inventory
Fit-gap analysis
Understand how different applications support the digital strategy.
Understand the art of the possible.
Knowledge of how applications are evolving from a features and capabilities perspective, and how this pertains to digital strategy enablement.
4.1 Application spotlight: customer experience.
4.2 Application spotlight: content and collaboration.
4.3 Application spotlight: business intelligence.
4.4 Application spotlight: enterprise resource planning.
Application spotlights
Create a concrete, actionable roadmap of application and technology initiatives to move the digital strategy forward.
Clear, concise articulation of application roadmap for supporting digital that can be communicated to the business.
5.1 Build list of enabling projects and applications.
5.2 Create prioritization criteria.
5.3 Build the digital strategy application roadmap.
5.4 Socialize the roadmap.
5.5 Delineate responsibility for roadmap execution.
Application roadmap for the digital strategy
RACI chart for digital strategy roadmap execution
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
See if a custom-of-the-shelf process optimization makes sense.
Determine the right (level of) governance for your implementation.
Prepare for the overall implementation journey and gather your requirements. Then conduct a stage-gate assessment of this phase.
Conduct a stage-gate assessment after every step below.
Review your dispositions to ensure they align with your goals.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
IT leaders who get personally involved in recruitment see better results. Read this section to learn how leader are getting involved, and how to take the first steps.
Heading into 2020, flexible work is table stakes. Read this section to learn what organizations offer and how you can take advantage of opportunities your competitors are missing.
Ethics and transparency are emerging as key considerations for employees. How can you build a culture that supports this? Read this section to learn how.
Your staff is the biggest line item in your budget, but are you using data to make decisions about your people they way you do in other areas of the business? Read this section to learn how analytics can be applied to the workforce no matter what level you are starting at.
With the rapid pace of technological change, it is becoming increasingly harder to hire skilled people for critical roles. Read this section to learn how some IT departments are turning to in-house training to fill the skill gap.
What do an employee's last few days with your company look like? For most organizations, they are filled with writing rushed documentation, hosting last-minute training sessions and finishing up odd jobs. Read this section to understand the crucial opportunity most IT departments are missing when it comes to departing staff.
With COVID-19's rapid spread through populations, governments are looking for technology tools that can augment the efforts of manual contact tracing processes. How the system is designed is crucial to a positive outcome.
Mobile contact tracing apps that use a decentralized design approach will be the most likely to be adopted by a wide swath of the population.
There are some key considerations to realize from the way different governments are approaching contact tracing:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Discover a proven process for your RFPs. Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP. Our 7-phase process prevents a bad RFP from taking your time, money, and resources.
Use this tool to assist you and your team in documenting the requirements for your RFP. Use the results of this tool to populate the requirements section of your RFP.
Configure this time-saving suite of tools to your organizational culture, needs, and most importantly the desired outcome of your RFP initiative. This suite contains four unique RFP templates. Evaluate which template is appropriate for your RFP. Also included in this suite are a response evaluation guidebook and several evaluation scoring tools along with a template to report the RFP results to stakeholders.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Problem Identification
Current process mapped and requirements template configured
1.1 Overview and level-setting
1.2 Identify needs and drivers
1.3 Define and prioritize requirements
1.4 Gain business authorization and ensure internal alignment
Map Your Process With Gap Identification
Requirements Template
Map Your Process With Gap Identification
Requirements Template
Map Your Process With Gap Identification
Requirements Template
Map Your Process With Gap Identification
Requirements Template
Define Success Target
Baseline RFP and evaluation templates
2.1 Create and issue RFP
2.2 Evaluate responses/proposals and negotiate the agreement
2.3 Purchase goods and services
RFP Calendar Tool
RFP Evaluation Guidebook
RFP Respondent Evaluation Tool
Configure Templates
Configured Templates
3.1 Assess and measure
3.2 Review templates
Long-Form RFP Template
Short-Form RFP Template
Excel-Based RFP Template
Lack of RFP Process Causes...
|
Solution: RFP Process |
|
||
Requirements
|
Templates, Tools, Governance
|
Vendor Management
|
“A bad request for proposal (RFP) is the gift that keeps on taking – your time, your resources, your energy, and your ability to accomplish your goal. A bad RFP is ineffective and incomplete, it creates more questions than it answers, and, perhaps most importantly, it does not meet your organization’s expectations.”
Steven Jeffery
Principal Research Director, Vendor Management
Co-Author: The Art of Creating a Quality RFP
Info-Tech Research Group
A well planned and executed sourcing strategy that focuses on solid requirements, evaluation criteria, and vendor management will improve vendor performance.
Your challenge is to determine the best sourcing tool to obtain vendor information on capabilities, solution(s), pricing and contracting: RFI, RFP, eRFX.
Depending on your organization’s knowledge of the market, your available funding, and where you are in the sourcing process, there are several approaches to getting the information you need.
An additional challenge is to answer the question “What is the purpose of our RFX?”
If you do not have in-depth knowledge of the market, available solutions, and viable vendors, you may want to perform an RFI to provide available market information to guide your RFP strategy.
If you have defined requirements, approved funding, and enough time, you can issue a detailed, concise RFP.
If you have “the basics” about the solution to be acquired and are on a tight timeframe, an “enhanced RFI” may fit your needs.
This blueprint will provide you with the tools and processes and insights to affect the best possible outcome.
70 Days is the average duration of an IT RFP. The average number of evaluators is 5-6 4 Is the average number of vendor submissions, each requiring an average of two to three hours to review. (Source: Bonfire, 2019. Note: The 2019 Bonfire report on the “State of the RFP” is the most recent published.) |
“IT RFPs take the longest from posting to award and have the most evaluators. This may be because IT is regarded as a complex subject requiring complex evaluation. Certainly, of all categories, IT offers the most alternative solutions. The technology is also changing rapidly, as are the requirements of IT users – the half-life of an IT requirement is less than six months (half the requirements specified now will be invalid six months from now). And when the RFP process takes up two of those months, vendors may be unable to meet changed requirements when the time to implement arrives. This is why IT RFPs should specify the problem to be resolved rather than the solution to be provided. If the problem resolution is the goal, vendors are free to implement the latest technologies to meet that need.” (Bonfire, “2019 State of the RFP”) |
Vendors’ win rate
44%Vendors only win an average of 44% of the RFPs they respond to (Loopio, 2022). |
High cost to respond
3-5%Vendors budget 3-5% of the anticipated contract value to respond (LinkedIn, 2017, Note: LinkedIn source is the latest information available). |
Time spent writing response
23.8 hoursVendors spend on average 23.8 hours to write or respond to your RFP (Marketingprofs, 2021). |
Stress, because roles and responsibilities aren’t clearly defined and communication is haphazard, resulting in strained relationships. Confusion, because you don’t know what the expected or desired results are. Directionless, because you don’t know where the team is going. Uncertainty, with many questions of your own and many more from other team members. Frustration, because of all the questions the vendors ask as a result of unclear or incomplete requirements. Exhaustion, because reviewing RFP responses of insufficient quality is tedious. Disappointment in the results your company realizes. (Source: The Art of Creating a Quality RFP) |
Without a well defined, consistent RFP process, with input from all key stakeholders, the organization will not achieve the best possible results from its sourcing efforts.
Vendors are choosing to not respond to RFPs due to their length and lack of complete requirements.
Be clear and concise in stating your requirements and include, in addition to IT requirements, procurement, security, legal, and risk requirements.
Consider adding vendor management requirements to manage the ongoing relationship post contract.
Consider the RFP Evaluation Process as you draft the RFP, including weighting the RFP components. Don’t underestimate the level of effort required to effectively evaluate responses – write the RFP with this in mind.
Provide strict, prescriptive instructions detailing how the vendor should submit their responses. Controlling vendor responses will increase your team’s efficiency in evaluations while providing ease of reference responses across multiple vendors.
Key deliverables:
Info-Tech provides you with the tools you need to go to market in the most efficient manner possible, with guidance on how to achieve your goals.
|
Long-Form RFP Template
For when you have complete requirements and time to develop a thorough RFP. |
Short-Form RFP Template
When the requirements are not as extensive, time is short, and you are familiar with the market. |
||
Lean RFP Template
When you have limited time and some knowledge of the market and wish to include only a few vendors. |
Excel-Form RFP Template
When there are many requirements, many options, multiple vendors, and a broad evaluation team. |
IT Benefits
|
Mutual IT and Business Benefits
|
Business Benefits
|
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is seven to twelve calls over the course of four to six months.
What does a typical GI on this topic look like?
Phase 1 |
Phase 2 |
Phase 3 |
Phase 4 |
Phase 5 |
Phase 6 |
Phase 7 |
Call #1: Identify the need | Call #3: Gain business authorization | Call #5: Negotiate agreement strategy | Call #7: Assess and measure performance | |||
Call #2: Define business requirements | Call #4: Review and perform the RFX or RFP | Call #6: Purchase goods and services |
Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
Day 1 | Day 2 | Day 3 | |
Activities |
Answer “What problem do we need to solve?”1.1 Overview and level-setting 1.2 Identify needs and drivers 1.3 Define and prioritize requirements 1.4 Gain business authorization and ensure internal alignment |
Define what success looks like?2.1 Create and issue RFP 2.2 Evaluate responses/ proposals and negotiate the agreement. 2.3 Purchase goods and services |
Configure Templates3.1 Assess and measure 3.2 Review tools |
Deliverables |
|
|
|
Steps
1.1 Establish the need to either purchase goods/services (RFP) or acquire additional information from the market (RFI). |
Identify the need based on business requirements, changing technology, increasing vendor costs, expiring contracts, and changing regulatory requirements.
Agreement on the need to go to market to make a purchase (RFP) or to acquire additional information (RFI) along with a high-level agreement on requirements, rough schedule (is there time to do a full blown RFP or are you time constrained, which may result in an eRFP) and the RFP team is identified.
Identify NeedPhase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
|
Steps
2.1 Define and classify the technical, business, financial, legal, and support and security requirements for your business. |
A detailed list of required business, technical, legal and procurement requirements classified as to absolute need(s), bargaining and concession need(s), and “nice to haves.”
Define Business Requirements
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
“Concentrate on the needs of the organization and not the wants of the individuals when creating requirements to avoid scope creep.” (Donna Glidden, ITRG Research Director)
Leverage the “ABCD” approach found in our Prepare for Negotiations More Effectively blueprint:
https://tymansgrpup.com/research/ss/prepare-for-negotiations-more-effectively
Input: List of all requirements from IT and IT Security, Business, Sourcing/Procurement, Risk Management, and Legal
Output: Prioritized list of RFP requirements approved by the stakeholder team
Materials: The RFP Requirements Worksheet
Participants: All stakeholders impacted by the RFP: IT, IT Security, the Business, Sourcing/ Procurement, Risk Management, Legal
Download the RFP Requirements Worksheet
Steps
3.1 Obtain business authorization from the business, technology, finance and Sourcing/Procurement |
Approval by all key stakeholders to proceed with the issuing of the RFP and to make a purchase as a result.
Gain Business Authorization
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
Gain authorization for your RFP from all relevant stakeholders
Obtaining cross-function alignment will clear the way for contract, SOW, and budget approvals and not waste any of your and your vendor’s resources in performing an RFP that your organization is not ready to implement or invest financial and human resources in. |
Steps
4.1 Build your RFP 4.2 Decide RFI or not 4.3 Create your RFP 4.4 Receive & answer questions 4.5 Perform Pre-Proposal Conference 4.6 Evaluate responses |
RFP package is issued to vendors and includes the date of the Pre-Proposal Conference, which should be held shortly after RFP release and includes all parties.
SME’s/stakeholders participate in providing answers to RFP contact for response to vendors.
Create and Issue Your RFP/RFI
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
Step 1
|
Step 2
|
Step 3
|
Step 4
|
Step 5
|
Step 6
|
At the beginning of your RFP creation process consider how your requirements will impact the vendor’s response. Concentrate on the instructions you provide the vendors and how you wish to receive their responses. View the RFP through the lens of the vendors and envision how they are going to respond to the proposal.
Limiting the number of requirements included in the RFP will increase the evaluation team’s speed when reviewing vendors’ responses. This is accomplished by not asking questions for common features and functionality that all vendors provide. Don’t ask multiple questions within a question. Avoid “lifting” vendor-specific language to copy into the RFP as this will signal to vendors who their competition might be and may deter their participation. Concentrate your requirement questions to those areas that are unique to your solution to reduce the amount of time required to evaluate the vendors’ response.
Inconsistent formatting of vendor responses prevents an apples-to-apples evaluation between vendor responses. Evaluation teams are frequently challenged and are unable to evaluate vendors’ responses equally against each other for the following reasons:
Challenges
|
Prevention
|
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
As the name implies, a request for information (RFI) is a tool for collecting information from vendors about the companies, their products, and their services. We find RFIs useful when faced with a lot of vendors that we don’t know much about, when we want to benchmark the marketplace for products and services, including budgetary information, and when we have identified more potential vendors than we care to commit a full RFP to.
RFIs are simpler and less time-consuming than RFPs to prepare and evaluate, so it can make a lot of sense to start with an RFI. Eliminating unqualified vendors from further consideration will save your team from weeding through RFP responses that do not meet your objectives. For their part, your vendors will appreciate your efforts to determine up-front which of them are the best bets before asking them to spend resources and money producing a costly proposal.
While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations.
A Lean RFP is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.
Don’t rely solely on the internet to qualify vendors; use an RFI to acquire additional information before finalizing an RFP.
Download the Lean RFP Template
Download the RFP Evaluation Tool
Input
|
Output
|
Materials
|
Participants
|
Case StudyA Lean RFP saves time |
INDUSTRY: Pharmaceutical
|
|
Challenge
|
Solution
|
Results
|
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
Input: List duration in days of key activities, RFP Calendar and Key Date Tool, For all vendor-inclusive meetings, include the dates on your RFP calendar and reference them in the RFP
Output: A timeline to complete the RFP that has the support of each stakeholder involved in the process and that allows for a complete and thorough vendor response.
Materials: RFP Calendar and Key Date Tool
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the RFP Calendar and Key Date Tool
Create and issue your RFP, which should contain at least the following:
|
|
Dictating to the vendors the format of their response will increase your evaluation efficiency
Narrative Response:Create either a Word or Excel document that provides the vendor with an easy vehicle for their response. This template should include the question identifier that ties the response back to the requirement in the RFP. Instruct vendors to include the question number on any ancillary materials they wish to include. Pricing Response:Create a separate Excel template that the vendors must use to provide their financial offer. This template should include pricing for hardware, software, training, implementation, and professional services, as well as placeholders for any additional fees. Always be flexible in accepting alternative proposals after the vendor has responded with the information you requested in the format you require. |
Input: Identify pricing components for hardware, software, training, consulting/services, support, and additional licenses (if needed)
Output: Vendor Pricing Tool
Materials: RFP Requirements Worksheet, Pricing template
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management
Download the Vendor Pricing Tool
Use the Short-Form RFP Template for simple, non-complex solutions that are medium to low dollar amounts that do not require numerous requirements.
We recommend the Long-Form RFP Template for highly technical and complex solutions that are high dollar and have long implementation duration.
Leverage the Excel-Form RFP Tool for requirements that are more specific in nature to evaluate a vendor’s capability for their solution. This template is designed to be complete and inclusive of the RFP process, e.g., requirements, vendor response, and vendor response evaluation scoring.
Like tools in a carpenters’ tool box or truck, there is no right or wrong template for any job. Take into account your organization culture, resources available, time frame, policies, and procedures to pick the right tool for the job. (Steve Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)
1-2 hours
Input: List of technical, legal, business, and data security requirements
Output: Full set of requirements, prioritized, that all participants agree to
Materials: Short-Form RFP Template, Vendor Pricing Tool, Supporting exhibits
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the Short-Form RFP Template
1-3 hours
Input: List of technical, legal, business, and data security requirements
Output: Full set of requirements, prioritized, that all stakeholders agree to
Materials: Long-Form RFP Template, Vendor Pricing Tool, Supporting exhibits
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the Long-Form RFP Template
Several weeks
Input: List of technical, legal, business, and data security requirements
Output: Full set of requirements, prioritized, that all stakeholders agree to
Materials: Excel-Form RFP Template, Vendor Pricing Tool, Supporting exhibits
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the Excel-Form RFP Template
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
|
|
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
“Using a Pre-Proposal Conference allows you to reinforce that there is a level playing field for all of the vendors…that each vendor has an equal chance to earn your business. This encourages and maximizes competition, and when that happens, the customer wins.” (Phil Bode, Principal Research Director, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)
Modify this agenda for your specific organization’s culture | |
(Source: The Art of Creating a Quality RFP, Jeffery et al., 2019) |
|
Allow your executive or leadership sponsor to leave the Pre-Proposal Conference after they provide their comments to allow them to continue their day while demonstrating to the vendors the importance of the project.
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
|
The first, by response, is when the evaluator reviews each vendor’s response in its entirety.
The second, reviewing by objective, is when the evaluator reviews each vendor’s response to a single objective before moving on to the next.
By Response
|
By Objective
|
||
|
|
|
|
You cannot eliminate bias completely – the best you can do is manage it by identifying these biases with the team and mitigating their influence in the evaluation process.
VendorThe evaluator only trusts a certain vendor and is uncomfortable with any other vendor.
|
Account RepresentativesRelationships extend beyond business, and an evaluator doesn't want to jeopardize them.
|
|
TechnicalA vendor is the only technical solution the evaluator is looking for, and they will not consider anything else.
|
PriceAs humans, we can justify anything at a good price.
|
When your evaluation team includes a member of the C-suite or senior leadership, ensure you give them extra time to sufficiently review the vendor's responses. | When your questions require a definitive “Yes”/“True” or “No”/“False” responses, we recommend giving the maximum score for “Yes”/“True” and the minimum score for “No”/“False”. | |
Increase your efficiency and speed of evaluation by evaluating the mandatory requirements first. If a vendor's response doesn't meet the minimum requirements, save time by not reviewing the remainder of the response. | Group your RFP questions with a high-level qualifying question, then the supporting detailed requirements. The evaluation team can save time by not evaluating a response that does not meet a high-level qualifying requirement. |
Define your ranking scale to ensure consistency in ratingsWithin each section of your RFP are objectives, each of which should be given its own score. Our recommended approach is to award on a scale of 0 to 5. With such a scale, you need to define every level. Below are the recommended definitions for a 0 to 5 scoring scale.
|
Obtain Alignment on Weighting the Scores of Each Section
|
Example RFP Section Weights
(Source: The Art of Creating a Quality RFP, Jeffery et al., 2019) |
Protect your organization's reputation within the vendor community with a fair and balanced process.
|
Do not alter the evaluation weights after responses are submitted.
|
1 hour
Input: RFP responses, Weighted Scoring Matrix, Vendor Response Scorecard
Output: One or two finalists for which negotiations will proceed
Materials: RFP Evaluation Guidebook
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management
Download the RFP Evaluation Guidebook
1-4 hours
Input: Each vendor’s RFP response, A copy of the RFP (less pricing), A list of the weighted criteria incorporated into a vendor response scorecard
Output: A consolidated ranked and weighted comparison of the vendor responses with pricing
Materials: Vendor responses, RFP Evaluation Tool
Participants: Sourcing/Procurement, Vendor management
Download the RFP Evaluation Tool
Input: Consolidated vendor pricing responses, Consolidated vendor RFP responses, Current spend within your organization for the product/service, if available, Budget
Output: A completed TCO model summarizing the financial results of the RFP showing the anticipated costs over the term of the agreement, taking into consideration the impact of renewals.
Materials: Vendor TCO Tool, Vendor pricing responses
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement
Download the Vendor TCO Tool
1-2 hours
Input: Vendor Response Scorecard from each stakeholder, Consolidated RFP responses and pricing, Any follow up questions or items requiring further vendor clarification.
Output: An RFP Response Evaluation Summary that identifies the finalists based on pre-determined criteria.
Materials: RFP Evaluation Tool from each stakeholder, Consolidated RFP responses and pricing.
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management
Download the Consolidated Vender RFP Response Evaluation Summary
Download the Vendor Recommendation Presentation
Input
| Output
| Materials
| Participants
|
|
Templates/ToolsRFP templates and tools are found in a variety of places, such as previous projects, your favorite search engine, or by asking a colleague. |
SourcingRegardless of the source of these documents, you must take great care and consideration to sanitize any reference to another vendor, company, or name of the deal. |
ReviewThen you must carefully examine the components of the deal before creating your final documents.Popular RFP templates include:
|
Steps
5.1 Perform negotiation process |
A negotiated agreement or agreements that are a result of competitive negotiations.
Negotiate Agreement(s)
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
You should evaluate your RFP responses first to see if they are complete and the vendor followed your instructions.
Info-Tech InsightBe certain to include any commitments made in the RFP, presentations, and proposals in the agreement – dovetails to underperforming vendor. | Leverage Info-Tech's negotiation process research for additional information | Negotiate before you select your vendor:
Info-Tech InsightProviding contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation. |
Steps
6.1 Purchase Goods & Services |
A purchase order that completes the RFP process.
The beginning of the vendor management process.
Purchase Goods and Services
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
Prepare to purchase goods and services by completing all items on your organization’s onboarding checklist.
|
As a customer, honoring your contractual obligations and commitments will ensure that your organization is not only well respected but considered a customer of choice.
Steps
7.1 Assess and measure performance against the agreement |
A list of what went well during the period – it’s important to recognize successes
A list of areas needing improvement that includes:
Purchase Goods and Services
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
To be an objective vendor manager, you should also assess and measure your company’s performance along with the vendor’s performance.
Upon completion of this blueprint, guided implementation, or workshop, your team should have a comprehensive, well-defined end-to-end approach to performing a quality sourcing event. Leverage Info-Tech’s industry-proven tools and templates to provide your organization with an effective approach to maintain your negotiation leverage, improve the ease with which you evaluate vendor proposals, and reduce your risk while obtaining the best market value for your goods and services.
Additionally, your team will have a foundation to execute your vendor management principles. These principles will assist your organization in ensuring you receive the perceived value from the vendor as a result of your competitive negotiations.
Contact your account representative for more information.
DO
|
DON'T
|
“2022 RFP Response Trends & Benchmarks.” Loopio, 2022. Web.
Corrigan, Tony. “How Much Does it Cost to Respond to an RFP?” LinkedIn, March 2017. Accessed 10 Dec. 2019
“Death by RFP:7 Reasons Not to Respond.” Inc. Magazine, 2013. Web.
Jeffery, Steven, George Bordon, and Phil Bode. The Art of Creating a Quality RFP, 3rd ed. Info-Tech Research Group, 2019.
“RFP Benchmarks: How Much Time and Staff Firms Devote to Proposals.” MarketingProfs, 2020. Web.
“State of the RFP 2019.” Bonfire, 2019. Web.
“What Vendors Want (in RFPs).” Vendorful, 2020. Web.
Prepare for Negotiations More Effectively
|
|
Understand Common IT Contract Provisions to Negotiate More Effectively
|
|
Jump Start Your Vendor Management Initiative
|
Continuous assessment and optimization of your Workday enterprise resource planning (ERP) is critical to the success of your organization.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. Take a proactive approach to optimize your enterprise applications. Strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user satisfaction, measure module satisfaction, and vendor relations to create an optimization plan that will drive a cohesive technology strategy that delivers results.
The Get the Most out of Workday Workbook serves as the holding document for the different elements of the Get the Most out Workday blueprint. Use each assigned tab to input the relevant information for the process of optimizing Workday.
Use this tool provide Info-Tech with information surrounding your ERP application(s). This inventory will be used to create a custom Application Portfolio Assessment (APA) for your ERP. The template includes demographics, application inventory, departments to be surveyed and data quality inclusion.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Define your workday application vision.
Set the foundation for optimizing Workday by building a cross-functional team, aligning with organizational strategy, inventorying current system state, defining your timeframe, and exploring current costs.
1.1 Identify stakeholders and build your optimization team.
1.2 Build an ERP strategy model.
1.3 Inventory current system state.
1.4 Define optimization timeframe.
1.5 Understand Workday costs.
Workday optimization team
Workday business model
Workday optimization goals
System inventory and data flow
Application and business capabilities list
Workday optimization timeline
Map current-state capabilities.
Measure the state of your current Workday system to understand where it is not performing well.
2.1 Assess Workday capabilities.
2.2 Review your satisfaction with the vendor/product and willingness for change.
Workday capability gap analysis
Workday user satisfaction (application portfolio assessment)
Workday SoftwareReviews survey results
Workday current costs
Assess Workday.
Explore underperforming areas to:
Uncover where user satisfaction is lacking and possible root causes.
Identify process and workflows that are creating issues for end users and identify improvement options.
Understand where data issues are occurring and explore how you can improve these.
Identify integration points and explore if there are any areas of improvement.
Investigate your relationship with the vendor and product, including that relative to others.
Identify any areas for cost optimization (optional).
3.1 Prioritize optimization opportunities.
3.2 Discover optimization initiatives.
Product and vendor satisfaction opportunities
Capability and feature optimization opportunities
Process optimization opportunities
Integration optimization opportunities
Data optimization opportunities
Workday cost-saving opportunities
Build the optimization roadmap.
Understanding where you need to improve is the first step, now understand where to focus your optimization efforts, build out next steps and put a timeframe in place.
4.1 Build your optimization roadmap.
Workday optimization roadmap
HR, finance, and planning systems are the core foundation of enterprise resource systems (ERP) systems. These are core tools that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business.
Workday is expensive, benefits can be difficult to quantify, and optimization can be difficult to navigate. Over time, technology evolves, organizational goals change, and the health of these systems is often not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.
Too often organizations jump into selecting replacement systems without understanding the health of their systems. We can do better than this.
IT leaders need to take a proactive approach to continually monitor and optimize their enterprise applications. Strategically realign business goals, identify business application capabilities, complete a process assessment, evaluate user satisfaction, measure module satisfaction, and improve vendor relations to create an optimization plan that will drive a cohesive technology strategy that delivers results.
Lisa Highfield
Research Director, Enterprise Applications
Info-Tech Research Group
Your Workday systems are critical to supporting the organization’s business processes. They are expensive. Direct benefits and ROI can be hard to measure.
Workday application portfolios are often behemoths to support. With complex integration points and unique business processes, stabilization is the norm.
Application optimization is essential to staying competitive and productive in today’s digital environment.
Balancing optimization with stabilization is one of the most difficult decisions for Workday application leaders.
Competing priorities and often unclear enterprise application strategies make it difficult to make decisions about what, how, and when to optimize.
Enterprise applications involve large numbers of processes, users, and evolving vendor roadmaps.
Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.
In today’s changing world, it is imperative to evaluate your applications for optimization and to look for opportunities to capitalize on rapidly expanding technologies, integrated data, and employee solutions that meet the needs of your organization.
Assess your Workday applications and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.
Validate capabilities, user satisfaction, and issues around data, vendor management, and costs to build out an overall roadmap and optimization strategy.
Pull this all together to prioritize optimization efforts and develop a concrete roadmap.
Info-Tech Insight
Workday is investing heavily in expanding and deepening its finance and expanded product offerings, but we cannot stand still on our optimization efforts. Understand your product(s), processes, user satisfaction, integration points, and the availability of data to business decision makers. Examine these areas to develop a personalized Workday optimization roadmap that fits the needs of your organization. Incorporate these methodologies into an ongoing optimization strategy aimed at enabling the business, increasing productivity, and reducing costs.
Workday enterprise resource planning (ERP) facilitates the flow of information across business units. It allows for the seamless integration of data across financial and people systems to create a holistic view of the enterprise to support decision making.
In many organizations, Workday is considered the core people systems and is becoming more widely adopted for finance and a full ERP system.
ERP systems are considered the lifeblood of organizations. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.
ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.
Workday
Workday has many modules that work together to facilitate the flow of information across the business. Workday’s unique data platform allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making.
In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.
Workday operates in many industry verticals and performs well in service organizations.
An ERP system:
Product Description
Evolution of Workday
Workday HCM 2006
Workday Financial Management 2007
Workday 10 (Finance & HCM) 2010
Workday Student (Higher Education) 2011
Workday Cloud (PAAS) 2017
Acquisition of Adaptive Insights 2018
Acquisition of VNDLY 2021
Vendor Description
Employees: 12,500
Headquarters: Pleasanton, CA
Website: workday.com
Founded: 2005
Presence: Global, Publicly Traded
77% of clients were satisfied with the product’s business value created. 78% of clients were satisfied that the cost is fair relative to value, and 95% plan to renew. (SoftwareReviews, 2022)
Workday has seen steady growth working with over 50% of Fortune 500 companies. 4,100 of those are HCM and finance customers. It has seen great success in service industries and has a 95% gross retention rate. (Diginomica)
Workday reported a 40% year-over-year increase in Workday Financial Management deployments for both new and existing customers, as accelerated demand for Workday cloud-based continues. (Workday, June 2021)
Workday continues to invest in Workday Finance
Recent Finance-Related Acquisitions
Workday challenges and dissatisfaction
Organizational
People and teams
Technology
Data
Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.
Info-Tech Insight
While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.
Enterprise Application Optimization - 124%
Product - 65%
Enterprise Application Selection - 76%
Agile - 79%
(Info-Tech case data, 2022; N=3,293)
We are seeing Applications leaders’ priorities change year over year, driven by a shift in their approach to problem solving. Leaders are moving from a process-centric approach to a collaborative approach that breaks down boundaries and brings teams together.
Application Portfolio Management - 13%
Business Process Management - 4%
Software Development Lifecycle -25%
(Info-Tech case data, 2022; N=3,293)
Software development lifecycle topics are tactical point solutions. Organizations have been “shifting left” to tackle the strategic issues such as product vision and Agile mindset to optimize the whole organization.
“A successful application optimization strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.” – Norelus, Pamidala, and Senti, 2020
1. Map Current-State Capabilities | 2. Assess Your Current State | 3. Identify Key Optimization Areas | 4. Build Your Optimization Roadmap | |
---|---|---|---|---|
Phase Steps |
|
|
|
|
Phase Outcomes |
|
|
|
|
Identify and prioritize your Workday optimization goals.
Assess IT-enabled user satisfaction across your Workday portfolio.
Complete an assessment of processes, user satisfaction, data quality, and vendor management.
MANAGED AP AUTOMATION with OneSource Virtual
TripAdvisor + OneSource
INDUSTRY: Travel
SOURCE: OneSource Virtual, 2017
TripAdvisor needed a solution that would decrease administrative labor from its accounting department.
“We needed something that was already compatible with our Workday tenant, that didn’t require a lot of customizations and would be an enhancement to our processes.” – Director of Accounting Operations, Scott Garner
Requirements included:
TripAdvisor chose to outsource its accounts payable services to OneSource Virtual (OSV).
OneSource Virtual offers the comprehensive finance and accounting outsourcing solutions needed to improve efficiency, eliminate paper processes, reduce errors, and improve cash flow.
Managed AP services include scanning and auditing all extracted invoice data for accuracy, transmitting AP files with line-item details from invoices, and creating full invoice images in Workday.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Diagnostics and consistent frameworks used throughout all four options
A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 4 to 6 months.
Phase 1
Call #1: Scope requirements, objectives, and your specific challenge.
Phase 2
Call #2:
Call #3:
Phase 3
Call #4: Understand product satisfaction and vendor management.
Call #5: Review APA results.
Call #6: Understand Workday optimization opportunities.
Call #7: Determine the right Workday path for your organization.
Phase 4
Call #8: Build out optimization roadmap and next steps.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
---|---|---|---|---|---|
Define Your Workday Application Vision | Map Current State | Assess Workday | Build Your Optimization Roadmap | Next Steps and Wrap-Up (offsite) | |
Activities | 1.1 Identify Stakeholders and Build Your Optimization Team 1.2 Build an ERP Strategy Model 1.3 Inventory Current System State 1.4 Define Optimization Timeframe 1.5 Understand Workday Costs | 2.1 Assess Workday Capabilities 2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change | 3.1 Prioritize Optimization Opportunities 3.2 Discover Optimization Initiatives | 4.1 Build Your Optimization Roadmap | 5.1 Complete In-progress Deliverables From Previous Four Days. 5.2 Set Up Review Time for Workshop Deliverables and to Discuss Next Steps. |
Deliverables |
|
|
|
|
Phase 1
1.1 Identify Stakeholders and Build Your Optimization Team
1.2 Build an ERP Strategy Model
1.3 Inventory Current System State
1.4 Define Optimization Timeframe
1.5 Understand Workday Costs
Phase 2
2.1 Assess Workday Capabilities
2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change
Phase 3
3.1 Prioritize Optimization Opportunities
3.2 Discover Optimization Initiatives
Phase 4
4.1 Build Your Optimization Roadmap
This phase will guide you through the following activities:
This phase involves the following participants:
1.1.1 Identify Stakeholders Critical to Success
1.1.2 Map Your Workday Optimization Stakeholders
1.1.3 Determine Your Workday Optimization Team
Map Current State Capabilities
Step 1.1
Step 1.2
Step 1.3
Step 1.4
Step 1.5
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
Title | Role Within the Project Structure |
---|---|
Organizational Sponsor |
|
Project Manager |
|
Business Unit Leaders |
|
Optimization Team |
|
Steering Committee |
|
Info-Tech Insight
Do not limit project input or participation. Include subject-matter experts and internal stakeholders at stages within the project. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to create your ERP optimization strategy.
1 hour
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.
Sponsor | End User | IT | Business | |
---|---|---|---|---|
Description | An internal stakeholder who has final sign-off on the ERP project. | Front-line users of the ERP technology. | Back-end support staff who are tasked with project planning, execution, and eventual system maintenance. | Additional stakeholders that will be impacted by any ERP technology changes. |
Examples |
|
|
|
|
Values | Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation. | End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor. | IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data. | Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives. |
Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.
1 hour
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
Consider the core team functions when putting together the project team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, and Operations) to create a well-aligned ERP optimization strategy.
Don’t let your project team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units such as Human Resources, Operations, Manufacturing, Marketing, Sales, Service, and Finance as well as IT.
Required Skills/Knowledge | Suggested Project Team Members |
---|---|
|
|
|
|
|
|
1 hour
Note: Depending on your initiative and size of your organization, the size of this team will vary.
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
1.2.1 Explore Organizational Goals and Business Needs
1.2.2 Discover Environmental Factors and Technology Drivers
1.2.3 Consider Potential Barriers to Achieving Workday Optimization
1.2.4 Set the Foundation for Success
1.2.5 Discuss Workday Strategy and Develop Your ERP Optimization Goals
Map Current State Capabilities
Step 1.1
Step 1.2
Step 1.3
Step 1.4
Step 1.5
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
Your corporate strategy:
Your IT strategy:
ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just need to occur at the executive level but at each level of the organization.
Begin by conducting interviews of your executive team. Interview the following leaders:
INTERVIEWS MUST UNCOVER:
Business Needs | Business Drivers | |
---|---|---|
Definition | A business need is a requirement associated with a particular business process. | A business need is a requirement associated with a particular business process. |
Examples |
|
|
Info-Tech Insight
One of the biggest drivers for ERP adoption is the ability to make quicker decisions from timely information. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.
60 minutes
Record this information in the Get the Most Out of Your Workday Workbook.
Organizational Goals
Business Needs
Download the Get the Most Out of Your Workday Workbook
Organizational Goals
Business Needs
Technology Drivers | Environmental Factors | |
---|---|---|
Definition | Technology drivers are technological changes that have created the need for a new ERP enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge. | These external considerations are factors that take place outside of the organization and impact the way business is conducted inside the organization. These are often outside the control of the business. Look three to five years ahead, what challenges will the business face? Where will you have to adapt and pivot? How can we prepare for this? |
Examples |
|
|
Info-Tech Insight
A comprehensive plan that takes into consideration organizational goals, departmental needs, technology drivers, and environmental factors will allow for a collaborative approach to defining your Workday strategy.
30 minutes
Record this information in the Get the Most Out of Your Workday Workbook.
External Considerations
Technology Considerations
Functional Requirements
Download the Get the Most Out of Your Workday Workbook
There are several different factors that may stifle the success of an ERP implementation. Organizations that are creating an ERP foundation must scan their current environment to identify internal barriers and challenges.
Common Internal Barriers
Management Support | Organizational Culture | Organizational Structure | IT Readiness | |
---|---|---|---|---|
Definition | The degree of understanding and acceptance toward ERP systems. | The collective shared values and beliefs. | The functional relationships between people and departments in an organization. | The degree to which the organization’s people and processes are prepared for a new ERP system. |
Questions |
|
|
|
|
Impact |
|
|
|
|
1-3 hours
Record this information in the Get the Most Out of Your Workday Workbook.
Functional Gaps
Technical Gaps
Process Gaps
Barriers to Success
Download the Get the Most Out of Your Workday Workbook
Organizational Goals
Barriers
(Epizitone and Olugbara, 2019; CC BY 4.0)
Info-Tech Insight
Complement your ability to deliver on your critical success factors with the capabilities of your implementation partner to drive a successful ERP implementation.
“Implementation partners can play an important role in successful ERP implementations. They can work across the organizational departments and layers creating a synergy and a communications mechanism.” – Ayogeboh Epizitone, Durban University of Technology
1-3 hours
Record this information in the Get the Most Out of Your Workday Workbook.
Business Benefits
IT Benefits
Organizational Benefits
Enablers of Success
Download the Get the Most Out of Your Workday Workbook
Benefits can be realized internally and externally to the organization or department and have different drivers of value.
Organizational Goals
Increased Revenue
Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.
Reduced Costs
Reduction of overhead. The ways in which an application limits the operational costs of business functions.
Enhanced Services
Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.
Reach Customers
Application functions that enable and improve the interaction with customers or produce market information and insights.
Business Value Matrix
30 minutes
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
1.3.1 Inventory Workday Applications and Interactions
1.3.2 Draw Your Workday System Diagram
1.3.3 Inventory Your Workday Modules and Business Capabilities (or Business Processes)
1.3.4 Define Your Key Workday Optimization Modules and Business Capabilities
Map Current-State Capabilities
Step 1.1
Step 1.2
Step 1.3
Step 1.4
Step 1.5
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
1-3+ hours
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
When assessing the current application portfolio that supports your ERP, the tendency will be to focus on the applications under the ERP umbrella. These relate mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from, ERP or similar applications.
1-3+ hours
Download the Get the Most Out of Your Workday Workbook
In business architecture, the primary view of an organization is known as a business capability map.
A business capability defines what a business does to enable value creation, rather than how.
Business capabilities:
A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.
Value stream defined:
Value Streams:
Design Product
Produce Product
Sell Product
Customer Service
Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates. There are two types of value streams: core value streams and support value streams.
Taking a value stream approach to process mapping allows you to move across departmental and system boundaries to understand the underlying business capability.
Some mistakes organizations make are over-customizing processes, or conversely, not customizing when required. Workday provides good baseline process that work for most organizations. However, if a process is broken or not working efficiently take the time to investigate it, including underlying policies, roles, workflows, and integrations.
Operating Processes | ||||
---|---|---|---|---|
1. Develop vision and strategy | 2. Develop and manage products and services | 3. Market and sell products and services | 4. Deliver physical products | 5. Deliver services |
Management and Support Processes | ||||
6. Manage customer service | ||||
7. Develop and manage human capital | ||||
8. Manage IT | ||||
9. Manage financial resources | ||||
10. Acquire, construct, and manage assets | ||||
11. Manage enterprise risk, compliance, remediation, and resiliency | ||||
12. Manage external relationships | ||||
13. Develop and manage business capabilities |
(APQC)
If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes.
APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.
A process classification framework is helpful for organizations to effectively define their processes and manage them appropriately.
Use Info-Tech’s related industry resources or publicly available process frameworks (such as APQC) to develop and map your business processes.
These processes can then be mapped to supporting applications and modules. Policies, roles, and workflows also play a role and should be considered in the overall functioning.
APQC’s Process Classification Framework
(APQC)
Level 1 | Level 2 | Level 3 | Level 4 |
---|---|---|---|
Market and sell products and services | Understand markets, customers, and capabilities | Perform customer and market intelligence analysis | Conduct customer and market research |
Market and sell products and services | Develop a sales strategy | Develop a sales forecast | Gather current and historic order information |
Deliver services | Manage service delivery resources | Manage service delivery resource demand | Develop baseline forecasts |
? | ? | ? | ? |
Info-Tech Insight
Focus your initial assessment on the level-1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners.
You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.
An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of ERP and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output.
From your developed processes and your Workday license agreements you will be able to pinpoint the scope for investigation, including the processes and modules.
1-3+ hours
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
1-3+ hours
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
1.4.1 Define Workday Key Dates, and Workday Optimization Roadmap Timeframe and Structure
Step 1.1
Step 1.2
Step 1.3
Step 1.4
Step 1.5
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
1-3+ hours
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
1.5.1 Document Costs Associated With Workday
Step 1.1
Step 1.2
Step 1.3
Step 1.4
Step 1.5
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
1-3 hours
Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
Phase 1
1.1 Identify Stakeholders and Build Your Optimization Team
1.2 Build an ERP Strategy Model
1.3 Inventory Current System State
1.4 Define Optimization Timeframe
1.5 Understand Workday Costs
Phase 2
2.1 Assess Workday Capabilities
2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change
Phase 3
3.1 Prioritize Optimization Opportunities
3.2 Discover Optimization Initiatives
Phase 4
4.1 Build Your Optimization Roadmap
This phase will guide you through the following activities:
This phase involves the following participants:
2.1.1 Rate Capability Relevance to Organizational Goals
2.1.2 Complete a Workday Application Portfolio Assessment
2.1.3 (Optional) Assess Workday Process Maturity
Step 2.1
Step 2.2
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
3 hours
Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around Workday.
Option 2: Create a survey manually.
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
3 hours
Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around Workday.
Option 2: Create a survey manually.
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
Process Assessment
Strong
Moderate
Weak
1.1 Financial Planning and Analysis
1.2 Accounting and Financial Close
1.3 Treasury Management
1.4 Financial Operations
1.5 Governance, Risk & Compliance
2.1 Core HR
Description | All aspects related to financial operations | ||
---|---|---|---|
Key Success Indicators | Month-end reporting in 5 days | AR at risk managing down (zero over 90 days) | Weekly operating cash flow updates |
Timely liquidity for claims payments | Payroll audit reporting and insights reporting | 90% of workflow tasks captured in ERP | |
EFT uptake | Automated reconciliations | Reduce audit hours required | |
Current Pain Points | A lot of voided and re-issued checks | NIDPP | Integration with banks; can’t get the information back into existing ERP |
There is no payroll integration | No payroll automation and other processes | Lack of integration with HUB | |
Not one true source of data | Incentive payment processing | Rewards program management | |
Audit process is onerous | Reconcile AP and AR for dealers |
The process is formalized, documented, optimized, and audited.
The process is poorly documented. More than one person knows how to do it. Inefficient and error-prone.
The process is not documented. One person knows how to do it. The process is ad hoc, not formalized, inconsistent.
General Ledger
Accounts Receivable
Incentives Management
Accounts Payable
General Ledger Consolidation
Treasury Management
Cash Management
Subscription / recurring payments
Treasury Transactions
2.2.1 Rate Your Vendor and Product Satisfaction
2.2.2 Review Workday Product Scores (if applicable)
2.2.3 Evaluate Your Product Satisfaction
2.2.4 Check Your Business Process Change Tolerance
Step 2.1
Step 2.2
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
30 minutes
Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your ERP product(s) and vendor(s).
Record this information in the Get the Most Out of Your Workday Workbook
SoftwareReviews’ Enterprise Resource Planning Category
Download the Get the Most Out of Your Workday Workbook
30 minutes
Record this information in the Get the Most Out of Your Workday Workbook.
SoftwareReviews’ Enterprise Resource Planning Category
Download the Get the Most Out of Your Workday Workbook
(SoftwareReviews ERP Mid-Market, 2022; SoftwareReviews ERP Enterprise, 2022)
1 hours
Record this information in the Get the Most Out of Your Workday Workbook
Legend:
Willing to follow best practice
May be challenging or unique business model
Low tolerance for change
Out of Scope
Product-Centric Capabilities | ||||
---|---|---|---|---|
R&D | Production | Supply Chain | Distribution | Asset Mgmt |
Idea to Offering | Plan to Produce | Procure to Pay | Forecast to Delivery | Acquire to Dispose |
Add/Remove | Shop Floor Scheduling | Add/Remove | Add/Remove | Add/Remove |
Add/Remove | Product Costing | Add/Remove | Add/Remove | Add/Remove |
Service-Centric Capabilities | ||||
---|---|---|---|---|
Finance | HR | Marketing | Sales | Service |
Record to Report | Hire to Retire | Market to Order | Quote to Cash | Issue to Resolution |
Add/Remove | Add/Remove | Add/Remove | Add/Remove | Add/Remove |
Add/Remove | Add/Remove | Add/Remove | Add/Remove | Add/Remove |
Determine the areas of risk to conform to best practice and minimize customization. These will be areas needing focus from the vendor, supporting change and guiding best practice.
For example: Must be able to support our unique process manufacturing capabilities and enhance planning and visibility to detailed costing.
Phase 1
1.1 Identify Stakeholders and Build Your Optimization Team
1.2 Build an ERP Strategy Model
1.3 Inventory Current System State
1.4 Define Optimization Timeframe
1.5 Understand Workday Costs
Phase 2
2.1 Assess Workday Capabilities
2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change
Phase 3
3.1 Prioritize Optimization Opportunities
3.2 Discover Optimization Initiatives
Phase 4
4.1 Build Your Optimization Roadmap
This phase will walk you through the following activities:
This phase involves the following participants:
3.1.1 Prioritize Optimization Capability Areas
Build Your Optimization Roadmap
Step 3.1
Step 3.2
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
Info-Tech Insight
Enabling a high-performing organization requires excellent management practices and continuous optimization efforts. Your technology portfolio and architecture are important, but we must go deeper. Taking a holistic view of ERP technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results. Using a formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.
Address process gaps:
Support user satisfaction:
Improve data quality:
Proactively manage vendors:
The Business
Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the applications.
Business Value of Applications
IT
Technical subject matter experts of the applications they deliver and maintain. Each IT function works together to ensure quality applications are delivered to stakeholder expectations.
First, the authorities on business value need to define and weigh their value drivers that describe the priorities of the organization. This will allow the applications team to apply a consistent, objective, and strategically aligned evaluation of applications across the organization.
In this context…
business value is
the value of the business outcome that the application produces. Additionally, it is how effective the application is at producing that outcome.
Business value IS NOT
the user’s experience or satisfaction with the application.
Create or Improve:
Capabilities are what the system and business do that creates value for the organization.
Optimization initiatives are projects with a definitive start and end date, and they enhance, create, maintain, or remove capabilities with the goal of increasing value.
Brainstorm ERP optimization initiatives in each area. Ensure you are looking for all-encompassing opportunities within the context of IT, the business, and Workday systems.
Financial vs. Human Benefits
Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
Human benefits refer to how an application can deliver value through a user’s experience.
Inward vs. Outward Orientation
Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.
Increased Revenue
Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.
Reduced Costs
Reduction of overhead. The ways in which an application limits the operational costs of business functions.
Enhanced Services
Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.
Reach Customers
Application functions that enable and improve the interaction with customers or produce market information and insights.
Review your ERP capability areas and rate them according to relevance to organizational goals. This will allow you to eliminate optimization ideas that may not bring value to the organization.
How important is it? | How Difficult is it? |
---|---|
What is the value?
What is the benefit?
What is the impact?
|
What is the cost?
What is the level of effort?
What is the risk of implementing/not implementing? What is the complexity? |
(Roadmunk)
Reach | Impact | Confidence | Effort |
---|---|---|---|
How many people will this improvement impact? Internal: # of users OR # of transactions per period External: # of customers OR # of transactions per period |
What is the scale of impact? How much will the improvement affect satisfaction? Example Weighting: 1 = Massive Impact 2 = High Impact 1 = Medium Impact 0.5 = Low Impact 0.25 = Very Low Impact |
How confident are we that the improvements are achievable and that they will meet the impact estimates? Example Weighting: 1 = High Confidence 0.80 = Medium Confidence 0.50 = Low Confidence |
How much investment will be required to implement the improvement initiative? FTE hours x cost per hour |
(Intercom)
1-3 hours
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
Activities
3.2.1 Discover Product and Vendor Satisfaction Opportunities
3.2.2 Discover Capability and Feature Optimization Opportunities
3.2.3 Discover Process Optimization Opportunities
3.2.4 Discover Integration Optimization Opportunities
3.2.5 Discover Data Optimization Opportunities
3.2.6 Discover Workday Cost-Saving Opportunities
Build Your Optimization Roadmap
Step 3.1
Step 3.2
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
Workday Advisory Partners have in-depth knowledge to help customers determine what’s best for their needs and how to maximize business value. They guide you through digital acceleration strategy and planning, product selection, change management, and more.
Workday Services Partners represent a curated community of global systems integrators and regional firms that help companies deploy Workday and continually adopt new capabilities.
Workday Software Partners are a global ecosystem of application, content, and technology software companies that design, build, and deploy solution extensions to help customers enhance the capabilities of Workday.
Workday’s Global Payroll Cloud (GPC) program makes it easy to expand payroll (outside of the US, Canada, the UK, and France) to third-party payroll providers around the world using certified, prebuilt integrations from Workday Partners. Payroll partners provide solutions in more than 100 countries.
Adaptive planning partners guide you through all aspects of everything from integration to deployment.
With large-scale ERP and HCM systems, the success of the system can be as much about the SI (Systems Integrator) or vendor partners as it is about the core product.
In evaluating your Workday system, think about Workday’s extensive partner network to understand how you can capitalize on your installation.
You do not need to reinvent the system; you may just need an additional service partner or bolt-on solution to round out your product functionality.
Info-Tech Insight
A vendor management initiative is an organization’s formalized process for evaluating, selecting, managing, and optimizing third-party providers of goods and services.
The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in Info-Tech’s Jump Start Your Vendor Management Initiative blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.
Note: Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”
1-2 hours
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
1-2 hours
Record this information in the Get the Most Out of Your Workday Workbook
Download the Get the Most Out of Your Workday Workbook
Goals of Process Improvement | Process Improvement Sample Areas | Improvement Possibilities |
---|---|---|
|
|
|
1-2 hours
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
The benefits of integration
The challenges of integration
Financial Consolidation | Data Backup | Synchronization Across Sites | Legacy Consolidation |
---|---|---|---|
|
|
|
|
For more information: Implement a Multi-site ERP
1-2 hours
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
IT has several concerns around ERP data and wide dissemination of that data across sites. Large organizations can benefit from building a data warehouse or at least adopting some of the principles of data warehousing. The optimal way to deal with the issue of integration is to design a metadata-driven data warehouse that acts as a central repository for all ERP data. This serves as the storage facility for millions of transactions, formatted to allow analysis and comparison.
Key considerations:
Info-Tech Insight
Data warehouse solutions can be expensive. See Info-Tech’s Build a Data Warehouse on a Solid Foundation for guidance on what options are available to meet your budget and data needs.
Data Quality Management | Effective Data Governance | Data-Centric Integration Strategy | Extensible Data Warehousing |
---|---|---|---|
|
|
|
|
1-2 hours
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
Info-Tech Insight
The number one reason organizations leave Workday is because of cost. Do not be strong-armed into a contract you do not feel comfortable with. Do your homework, know your leverage points, be fully prepared for cost negotiations, use their competition to your advantage, and get support – such as Info-Tech’s vendor management resources and team.
Since 2007, Workday has been steadily growing its market share and footprint in human capital management, finance, and student information systems.
Organizations considering additional modules or undergoing contract renewal need to gain insight into areas of leverage and other relevant vendor information.
Key issues that occur include pricing transparency and contractual flexibility on terms and conditions. Adequate planning and communication need to be taken into consideration before entering into any agreement.
1-2 hours
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
Phase 1
1.1 Identify Stakeholders and Build Your Optimization Team
1.2 Build an ERP Strategy Model
1.3 Inventory Current System State
1.4 Define Optimization Timeframe
1.5 Understand Workday Costs
Phase 2
2.1 Assess Workday Capabilities
2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change
Phase 3
3.1 Prioritize Optimization Opportunities
3.2 Discover Optimization Initiatives
Phase 4
4.1 Build Your Optimization Roadmap
This phase will walk you through the following activities:
This phase involves the following participants:
Get the Most Out of Your Workday
4.1.1 Evaluate Optimization Initiatives
4.1.2 Prioritize Your Workday Initiatives
4.1.3 Build a Roadmap
4.1.4 Build a Visual Roadmap
Next steps
Step 4.1
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
1 hour
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
1 hour
Optimization initiatives: Determine which if any to proceed with.
Record this information in the Get the Most Out of Your Workday Workbook.
Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.
Download the Get the Most Out of Your Workday Workbook
1 hour
For some, a visual representation of a roadmap is easier to comprehend.
Consider taking the roadmap built in 4.1.2 and creating a visual roadmap.
Record this information in the Get the Most Out of Your Workday Workbook.
Download the Get the Most Out of Your Workday Workbook
ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.
Get the Most Out of Your Workday allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:
This formal Workday optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.
Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889
Ben Dickie
Research Practice Lead
Info-Tech Research Group
Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.
Scott Bickley
Practice Lead and Principal Research
Director Info-Tech Research Group
Scott Bickley is a Practice Lead and Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management.
Andy Neil
Practice Lead, Applications
Info-Tech Research Group
Andy is a Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry standard data models.
“9 product prioritization frameworks for product managers.” Roadmunk, n.d. Accessed 15 May 2022.
Armel, Kate. "New Article: Data-Driven Estimation, Management Lead to High Quality." QSM: Quantitative Software Management, 14 May 2013. Accessed 4 Feb. 2021.
Collins, George, et al., “Connecting Small Businesses in the US.” Deloitte Commissioned by Google, 2017. Web.
Epizitone, Ayogeboh, and Oludayo O. Olugbara. "Critical Success Factors for ERP System Implementation to Support Financial Functions." Academy of Accounting and Financial Studies Journal, vol. 23, no. 6, 2019. Accessed 12 Oct. 2021
Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub, 2018. Accessed 21 Feb. 2021.
Karlsson, Johan. "Product Backlog Grooming Examples and Best Practices." Perforce, 18 May 2018. Accessed 4 Feb. 2021.
Lauchlan, Stuart. “Workday accelerates into fiscal 2023 with a strong year end as cloud adoption gets a COVID-bounce.” diginomica, 1 March 2022. Web.
"Maximizing the Emotional Economy: Behavioral Economics." Gallup, n.d. Accessed 21 Feb. 2021.
Noble, Simon-Peter. “Workday: A High-Quality Business That's Fairly Valued.” Seeking Alpha, 8 Apr. 2019. Web.
Norelus, Ernese, Sreeni Pamidala, and Oliver Senti. "An Approach to Application Modernization: Discovery and Assessment Phase," Medium, 24 Feb. 2020. Accessed 21 Feb. 2021.
"Process Frameworks." APQC, n.d. Accessed 21 Feb. 2021.
Saxena, Deepak, and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, vol. 22, no. 1, 2019, pp. 29-37. Accessed 21 Feb. 2021.
“Workday Enterprise Management Cloud Product Scorecard.” SoftwareReviews, May 2022. Web.
“Workday Meets Growing Customer Demand with Record Number of Deployments and Industry-Leading Customer Satisfaction Score.” Workday, Inc., 7 June 2021. Web.
Aside from the fact that operational resilience is mandated by law as of January 2025 (yes, next year), having your systems and applications available to your customers whenever they need your services is always a good idea. Customers, both existing and new ones, typically prefer smooth operations over new functionality. If you have any roadblocks in your current customer journey, then solving those is also part of operational resilience (and excellence).
Does this mean you should not market new products or services? Of course not! Solving a customer journey roadblock is ensuring that your company is resilient. The Happy Meal is a prime example: product roadblock for small children, profits roadblock for the company.) But before you bring a new service online, be sure that it can withstand the punches that will be thrown at it.
Resilience is the art of making sure our services are available to our customers whenever they can use them. Note I did not say 24/7/365. Your business may require that, but perhaps your systems need "only" to be available during "normal" business hours.
Resilient systems can withstand adverse events that impair their ability to perform normal functions. Such events can include simple breakdowns (like a storage device, an internet connection that fails, or a file that fails to load) or something worse, like a cyber attack or a larger failure in your data center.
Your client does not care what the cause is; what counts for the client is, "Can I access your service?"
Resilience entails several aspects:
It is now tempting to apply these aspects only to your organization's IT or technical parts. That is insufficient. Your operations, management, and even e.,g. sales must ensure that services rendered result in happy clients and happy shareholders/owners. The reason is that resilient operations are a symphony. Not one single department or set of actions will achieve this. When you have product development working with the technical teams to develop a resilient flow at the right level for its earning potential, then you maximize profits.
This synergy ensures that you invest exactly the right level of resources. There are no exaggerated technical or operational elements for ancillary services. That frees resources to ensure your main services receive the full attention they deserve.
Resilience, in other words, is the result of a mindset and a way of operating that helps your business remain at the top of its game and provides a top service to clients while keeping the bottom line in the black.
I mean, if it ain't broke, don't fix it. That old adage is true, and yet not. Services can remain up and running for a long time with single points of failure. But can you afford to have them break at any time? If yes, and your customers don't mind waiting for you to patch things up, then you can "risk-accept" that situation. But how realistic is that these days? If I cannot buy it at your shop today, I'll more than likely get it from another. If I'm a contract with you, yet you cannot deliver, we will have a conversation, or at the very least, a moment of disappointment. If you have enough "disappointments," you will lose the customer. Lose enough customers, and you will have a reputational problem or worse.
We don't like to spend resources on something that "may"go wrong. We do risk assessments to determine the true cost of non-delivery and the likelihood of that happening. And there are different ways to deal with that assessment's outcome. Not everything needs to have double the number of people working on it, just in case one resignes. Not every system needs an availability of 99,999%.
But sometimes, we do not have a choice. When lives are at stake, like in medical or aviation services, being sorry is not a good starting point. The same goes for financial services. the DORA and NIS2 legislation in the EU, the CEA, FISMA, and GLBA in the US, and ESPA in Japan, to name a few, are legislations that require your company, if active in the relevant regulated sectors, to comply and ensure that your services continue to perform.
Most of these elements have one thing in common: we need to know what is important for our service delivery and what is not.
That brings us to the core subject of what needs to be resilient. The answer is very short and so complex at the same time. It is the service that you offer to your customers which must meet reliance levels.
Take the example of a hospital. When there is a power outage, the most critical systems must continue operating for a given period. That also means that sufficient capable staff must be present to operate said equipment; it even means that the paths leading to said hospital should remain available; if not by road, then, e.g., helicopter. If these inroads are unavailable, an alternate hospital should be able to take on the workload.
Not everything here in this example is the responsibility of the hospital administrators! This is why the abovementioned management and governance parts are so important in the bigger picture.
If we look at the financial sector, the EU DORA (Digital Operational Resilience Act) specifically states that you must start with your business services. Like many others, the financial sector can no longer function without its digital landscape. If a bank is unexpectedly disconnected from its payment network, especially SWIFT, it will not be long before there are existential issues. A trading department stands to lose millions if the trading system fails.
Look in your own environment; you will see many such points. What if your internet connection goes down, and you rely on it for most of your business? How long can you afford to be out? Do you supply a small but critical service to an institution? Then, you may fall under the aforementioned laws (it's called third-party requirements, and your client may be liable to follow them.)
But also, outside of the technology, we see points in the supply chain that require resilience. Do you still rely on a single person for a critical function? Do you have backup procedures if the tech stops working, yet your clients require you to continue to service them?
In all these and other cases, you must know what your critical services are so that you can analyze the requirements and put the right measures in place.
Once you have defined your critical business services and have analyzed their operational requirements, you can start to look at what you need to implement the aforementioned areas of availability, monitoring, hardening, and others. Remember we're still at the level of business service. The tech comes later.
Resilient operations ensure that you continue to function at the right price in the face of adverse events. If you can, resilience starts at the business level from the moment of product conception. If the products have long been developed, look at how they are delivered to the client and upgrade operations, resources, and tech where needed.
In some cases, you are legally required to undertake this exercise. But in all cases, it is important that you understand your business services and the needs of your clients and put sufficient resources in the right places of your delivery chain.
If you want to discuss this further, please contact me for a free talk.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this storyboard to lay the foundation of people and resources management practices in your small enterprise IT department.
Use these concise exercises to analyze your department’s talent current and future needs and create a skill sourcing strategy to fill the gaps.
Work through an activity to discover key knowledge held by an employee and create a plan to transfer that knowledge to a successor.
Assess employees’ development needs and draft a development plan that fits with key organizational priorities.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Set project direction and analyze workforce needs.
Planful needs analysis ensures future workforce supports organizational goals.
1.1 Set workforce planning goals and success metrics.
1.2 Identify key roles and competency gaps.
1.3 Conduct a risk analysis to identify future needs.
1.4 Determine readiness of internal successors.
Work with the leadership team to:
Extract key business priorities.
Set your goals.
Assess workforce needs.
Conduct a skill sourcing analysis, and determine competencies to develop internally.
A careful analysis ensures skills are being sourced in the most efficient way, and internal development is highly aligned with organizational objectives.
2.1 Determine your skill sourcing route.
2.2 Determine priority competencies for development.
Create a workforce plan.
2.Determine guidelines for employee development.
Discover knowledge to be transferred, and build a transfer plan.
Ensure key knowledge is not lost in the event of a departure.
3.1 Discover knowledge to be transferred.
3.2 Identify the optimal knowledge transfer methods.
3.3 Create a knowledge transfer plan.
Discover tacit and explicit knowledge.
Create a knowledge transfer roadmap.
Create a development plan for all staff.
A well-structured development plan helps engage and retain employees while driving organizational objectives.
4.1 Identify target competencies & draft development goals
4.2 Select development activities and schedule check-ins.
4.3 Build manager coaching skills.
Assess employees.
Prioritize development objectives.
Plan development activities.
Build management skills.
Research Navigation
Managing the people in your department is essential, whether you have three employees or 300. Depending on your available time, resources, and current workforce management maturity, you may choose to focus on the overall essentials, or dive deep into particular areas of talent management. Use the questions below to help guide you to the right Info-Tech resources that best align with your current needs.
Question | If you answered "no" | If you answered "yes" |
---|---|---|
Does your IT department have fewer than 15 employees, and is your organization's revenue less than $25 million (USD)? |
Review Info-Tech's archive of research for mid-sized and large enterprise clients. |
Follow the guidance in this blueprint. |
Does your organization require a more rigorous and customizable approach to workforce management? |
Follow the guidance in this blueprint. |
Review Info-Tech's archive of research for mid-sized and large enterprise clients. |
It can be tempting to think of workforce planning as a bureaucratic exercise reserved for the largest and most formal of organizations. But workforce planning is never more important than in small enterprises, where every individual accounts for a significant portion of your overall productivity.
Without workforce planning, organizations find themselves in reactive mode, hiring new staff as the need arises. They often pay a premium for having to fill a position quickly or suffer productivity losses when a critical role goes unexpectedly vacant.
A workforce plan helps you anticipate these challenges, come up with solutions to mitigate them, and allocate resources for the most impact, which means a greater return on your workforce investment in the long run.
This blueprint will help you accomplish this quickly and efficiently. It will also provide you with the essential development and knowledge transfer tools to put your plan into action.
Jane Kouptsova
Senior Research Analyst, CIO Advisory
Info-Tech Research Group
52% of small business owners agree that labor quality is their most important problem.1
Almost half of all small businesses face difficulty due to staff turnover.
76% of executives expect the talent market to get even more challenging.2
76% of executives expect workforce planning to become a top strategic priority for their organization.2
But…
30% of small businesses do not have a formal HR function.3
Small business leaders are often left at a disadvantage for hiring and retaining the best talent, and they face even more difficulty due to a lack of support from HR.
Small enterprises must solve the strategic workforce planning problem, but they cannot invest the same time or resources that large enterprises have at their disposal.
A modular, lightweight approach to workforce planning and talent management, tailored to small enterprises
Clear activities that guide your team to decisive action
Founded on your IT strategy, ensuring you have not just good people, but the right people
Concise yet comprehensive, covering the entire workforce lifecycle from competency planning to development to succession planning and reskilling
Every resource counts. When one hire represents 10% of your workforce, it is essential to get it right.
1CNBC & SurveyMonkey. 2ADP. 3Clutch.
Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in today's workforce, including pinpointing the human capital needs of the future.
Linking workforce planning with strategic planning ensures that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.
SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.
52% |
of small business owners agree that labor quality is their most important problem.1 |
---|---|
30% |
30% of small businesses have no formal HR function.2 |
76% |
of senior leaders expect workforce planning to become the top strategic challenge for their organization.3 |
1CNBC & SurveyMonkey. 2Clutch. 3ADP.
You know that staffing mistakes can cost your department dearly. But did you know the costs are greater for small enterprises?
The price of losing an individual goes beyond the cost of hiring a replacement, which can range from 0.5 to 2 times that employee's salary (Gallup, 2019). Additional costs include loss of productivity, business knowledge, and team morale.
This is a major challenge for large organizations, but the threat is even greater for small enterprises, where a single individual accounts for a large proportion of IT's productivity. Losing one of a team of 10 means 10% of your total output. If that individual was solely responsible for a critical function, your department now faces a significant gap in its capabilities. And the effect on morale is much greater when everyone is on the same close-knit team.
And the threat continues when the staffing error causes you not to lose a valuable employee, but to hire the wrong one instead. When a single individual makes up a large percentage of your workforce, as happens on small teams, the effects of talent management errors are magnified.
One bad hire on a team of 100 is a problem. One bad hire on a team of 10 is a disaster.
People and Resource management is essential for any organization. But depending on your needs, you may want to start at different stages of the process. Use this slide as a quick reference for how the activities in this blueprint fit together, how they relate to other workforce management resources, and the best starting point for you.
Your IT strategy is an essential input to your workforce plan. It defines your destination, while your workforce is the vessel that carries you there. Ensure you have at least an informal strategy for your department before making major workforce changes, or review Info-Tech's guidance on IT strategy.
This blueprint covers the parts of workforce management that occur to some extent in every organization:
You may additionally want to seek guidance on contract and vendor management, if you outsource some part of your workload outside your core IT staff.
Consider these example metrics for tracking people and resource management success
Project Outcome | Metric | Baseline | Target |
---|---|---|---|
Reduced training costs | Average cost of training (including facilitation, materials, facilities, equipment, etc.) per IT employee | ||
Reduced number of overtime hours worked | Average hours billed at overtime rate per IT employee | ||
Reduced length of hiring period | Average number of days between job ad posting and new hire start date | ||
Reduced number of project cancellations due to lack of capacity | Total of number of projects cancelled per year | ||
Increased number of projects completed per year (project throughput) | Total number of project completions per year | ||
Greater net recruitment rate | Number of new recruits/Number of terminations and departures | ||
Reduced turnover and replacement costs | Total costs associated with replacing an employee, including position coverage cost, training costs, and productivity loss | ||
Reduced voluntary turnover rate | Number of voluntary departures/Total number of employees | ||
Reduced productivity loss following a departure or termination | Team or role performance metrics (varies by role) vs. one year ago |
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Phase 1 | Phase 2 | Phase 3 | ||
---|---|---|---|---|
Call #1: Scope requirements, objectives, and your specific challenges. |
Call #2: Assess current workforce needs. |
Call #4: Determine skill sourcing route. |
Call #6: Identify knowledge to be transferred. |
Call #8: Draft development goals and select activities. |
Call #3: Explore internal successor readiness. |
Call #5:Set priority development competencies. |
Call #7: Create a knowledge transfer plan. |
Call #9: Build managers' coaching & feedback skills. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 4 to 6 calls over the course of 3 to 4 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 |
Day 2 |
Day 3 |
Day 4 |
Day 5 |
|
---|---|---|---|---|---|
1.Lay Your Foundations | 2. Create Your Workforce Plan | 3. Plan Knowledge Transfer | 3. Plan Employee Development | Next Steps and Wrap-Up (offsite) | |
Activities |
1.1 Set workforce planning goals and success metrics 1.2 Identify key roles and competency gaps 1.3 Conduct a risk analysis to identify future needs 1.4 Determine readiness of internal successors |
1.5 Determine your skill sourcing route 1.6 Determine priority competencies for development |
3.1 Discover knowledge to be transferred 3.2 Identify the optimal knowledge transfer methods 3.3 Create a knowledge transfer plan |
4.1 Identify target competencies & draft development goals 4.2 Select development activities and schedule check-ins 4.3 Build manager coaching skills |
|
Outcomes |
Work with the leadership team to:
|
Work with the leadership team to:
|
Work with staff and managers to:
|
Work with staff and managers to:
|
Info-Tech analysts complete:
|
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Each onsite day is structured with group working sessions from 9-11 a.m. and 1:30-3:30 p.m. and includes Open Analyst Timeslots, where our facilitators are available to expand on scheduled activities, capture and compile workshop results, or review additional components from our comprehensive approach.
Workforce Planning |
Knowledge Transfer |
Development Planning |
---|---|---|
Identify needs, goals, metrics, and skill gaps. Select a skill sourcing strategy. |
Discover critical knowledge. Select knowledge transfer methods. |
Identify priority competencies. Assess employees. Draft development goals. Provide coaching & feedback. |
The Small Enterprise Guide to People and Resource Management
Strategic workforce planning (SWP) is a systematic process designed to identify and address gaps in your workforce today and plan for the human capital needs of the future.
Your workforce plan is an extension of your IT strategy, ensuring that you have the right people in the right positions, in the right places, at the right time, with the knowledge, skills, and attributes to deliver on strategic business goals.
SWP helps you understand the makeup of your current workforce and how well prepared it is or isn't (as the case may be) to meet future IT requirements. By identifying capability gaps early, CIOs can prepare to train or develop current staff and minimize the need for severance payouts and hiring costs, while providing clear career paths to retain high performers.
The smaller the business, the more impact each individual's performance has on the overall success of the organization. When a given role is occupied by a single individual, the organization's performance in that function is determined wholly by one employee. Creating a workforce plan for a small team may seem excessive, but it ensures your organization is not unexpectedly hit with a critical competency gap.
Small organizations are 2.2 times more likely to have effective workforce planning processes.1 Be mindful of the opportunities and risks for organizations of your size as you execute the project. How you build your workforce plan will not change drastically based on the size of your organization; however, the scope of your initiative, the size of your team, and the tactics you employ may vary.
Small Organization |
Medium Organization |
Large Organization |
|
---|---|---|---|
Project Opportunities |
|
|
|
Project Risks |
|
|
|
1 McLean & Company Trends Report 2014
Input |
Output |
---|---|
|
|
Materials |
Participants |
|
|
Record this information in the Workforce Planning Workbook for Small Enterprises.
Download the Workforce Planning Workbook for Small Enterprises
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
A risk analysis takes into account two factors: an employee's risk for departure and the impact of departure:
If you are not sure where an employee stands with respect to leaving the organization, consider having a development conversation with them. In the meantime, consider them at medium risk for departure.
Preparation: Your estimation of whether key employees are at risk of leaving the organization will depend on what you know of them objectively (skills, age), as well as what you learn from development conversations. Ensure you collect all relevant information prior to conducting this activity. You may need to speak with employees' direct managers beforehand or include them in the discussion.
Record this information in the Workforce Planning Workbook for Small Enterprises.
Don't be afraid to rank most or all your staff as "high impact of departure." In a small enterprise, every player counts, and you must plan accordingly.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
The characteristics of need steer hiring managers to a preferred choice, while the marketplace analysis will tell you the feasibility of each option.
Sourcing Options |
Preferred Options |
Final Choice |
||
---|---|---|---|---|
|
||||
State of the Marketplace |
State of the Marketplace |
|||
Urgency: How soon do we need this skill? What is the required time-to-value? Criticality: How critical, i.e. core to business goals, are the services or systems that this skill will support? Novelty: Is this skill brand new to our workforce? Availability: How often, and at what hours, will the skill be needed? Durability: For how long will this skill be needed? Just once, or indefinitely for regular operations? |
Scarcity: How popular or desirable is this skill? Do we have a large enough talent pool to draw from? What competition are we facing for top talent? Cost: How much will it cost to hire vs. contract vs. outsource vs. train this skill? Preparedness: Do we have internal resources available to cultivate this skill in house? |
Record this information in the Workforce Planning Workbook for Small Enterprises.
Consider developing a pool of successors instead of pinning your hopes on just one person. A single pool of successors can be developed for either one key role that has specialized requirements or even multiple key roles that have generic requirements.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
A readiness assessment helps to define not just development needs, but also any risks around the organization's ability to fill a key role.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Alternative work arrangements not only support employees who want to keep working, but more importantly, they allow the business to retain employees that are needed in key roles who are departure risks due to retirement.
Viewing retirement as a gradual process can help you slow down skill loss in your organization and ensure you have sufficient time to train successors. Retiring workers are becoming increasingly open to alternative work arrangements. Among employed workers aged 50-75, more than half planned to continue working part-time after retirement.
Source: Statistics Canada.
Source: McLean & Company, N=44
Alternative Work Arrangement | Description | Ideal Use | Caveats |
---|---|---|---|
Flexible work options | Employees work the same number of hours but have flexibility in when and where they work (e.g. from home, evenings). | Employees who work fairly independently with no or few direct reports. | Employee may become isolated or disconnected, impeding knowledge transfer methods that require interaction or one-on-one time. |
Contract-based work | Working for a defined period of time on a specific project on a non-salaried or non-wage basis. | Project-oriented work that requires specialized knowledge or skills. | Available work may be sporadic or specific projects more intensive than the employee wants. Knowledge transfer must be built into the contractual arrangement. |
Part-time roles | Half days or a certain number of days per week; indefinite with no end date in mind. | Employees whose roles can be readily narrowed and upon whom people and critical processes are not dependent. | It may be difficult to break a traditionally full-time job down into a part-time role given the size and nature of associated tasks. |
Graduated retirement | Retiring employee has a set retirement date, gradually reducing hours worked per week over time. | Roles where a successor has been identified and is available to work alongside the incumbent in an overlapping capacity while he or she learns. | The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement. |
Alternative Work Arrangement | Description | Ideal Use | Caveats |
---|---|---|---|
Part-year jobs or job sharing | Working part of the year and having the rest of the year off, unpaid. | Project-oriented work where ongoing external relationships do not need to be maintained. | The employee is unavailable for knowledge transfer activities for a large portion of the year. Another risk is that the employee may opt not to return at the end of the extended time off with little notice. |
Increased paid time off | Additional vacation days upon reaching a certain age. | Best used as recognition or reward for long-term service. This may be a particularly useful retention incentive in organizations that do not offer pension plans. | The company may not be able to financially afford to pay for such extensive time off. If the role incumbent is the only one in the role, this may mean crucial work is not being done. |
Altered roles | Concentration of a job description on fewer tasks that allows the employee to focus on his or her specific expertise. | Roles where a successor has been identified and is available to work alongside the incumbent, with the incumbent's new role highly focused on mentoring. | The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement. |
Workforce Planning | Knowledge Transfer | Development Planning |
---|---|---|
Identify needs, goals, metrics, and skill gaps. Select a skill sourcing strategy. | Discover critical knowledge. Select knowledge transfer methods. | Identify priority competencies. Assess employees. Draft development goals. Provide coaching & feedback. |
The Small Enterprise Guide to People and Resource Management
Define what knowledge needs to be transferred |
Each knowledge source has unique information which needs to be transferred. Chances are you don't know what you don't know. The first step is therefore to interview knowledge sources to find out. |
---|---|
Identify the knowledge receiver |
Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:
|
Identify which knowledge transfer tactics you will use for each knowledge asset |
Not all tactics are good in every situation. Always keep the "knowledge type" (information, process, skills, and expertise), knowledge sources' engagement level, and the knowledge receiver in mind as you select tactics. |
There are two basic types of knowledge: "explicit" and "tacit." Ensure you capture both to get a well-rounded overview of the role.
Explicit | Tacit | ||
---|---|---|---|
|
|
||
Types of explicit knowledge |
Types of tacit knowledge |
||
Information | Process | Skills | Expertise |
Specialized technical knowledge. Unique design capabilities/methods/models. Legacy systems, details, passwords. Special formulas/algorithms/ techniques/contacts. |
|
|
|
e.g. Knowing the lyrics to a song, building a bike, knowing the alphabet, watching a YouTube video on karate. |
e.g. Playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate. |
Multiple methods should be used to transfer as much of a person's knowledge as possible, and mentoring should always be one of them. Select your method according to the following criteria:
The more integrated knowledge transfer is in day-to-day activities, the more likely it is to be successful, and the lower the time cost. This is because real learning is happening at the same time real work is being accomplished.
Ensure you consult the employees, and their direct manager, on the way they are best prepared to teach and learn. Some examples of preferences include:
Consider costs beyond the monetary. Some methods require an investment in time (e.g. mentoring), while others require an investment in technology (e.g. knowledge bases).
The good news is that many supporting technologies may already exist in your organization or can be acquired for free.
Methods that cost time may be difficult to get underway since employees may feel they don't have the time or must change the way they work.
Record your plan in the IT Knowledge Transfer Plan Template.
Download the IT Knowledge Identification Interview Guide Template
Download the Knowledge Transfer Plan Template
Wherever possible, ask employees about their personal learning styles. It's likely that a collaborative compromise will have to be struck for knowledge transfer to work well.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Knowledge Type | ||||
---|---|---|---|---|
Tactic | Explicit | Tacit | ||
Information | Process | Skills | Expertise | |
Interviews | Very Strong | Strong | Strong | Strong |
Process Mapping | Medium | Very Strong | Very Weak | Very Weak |
Use Cases | Medium | Very Strong | Very Weak | Very Weak |
Job Shadow | Very Weak | Medium | Very Strong | Very Strong |
Peer Assist | Strong | Medium | Very Strong | Very Strong |
Action Review | Medium | Medium | Strong | Strong |
Mentoring | Weak | Weak | Strong | Very Strong |
Transition Workshop | Strong | Strong | Strong | Weak |
Storytelling | Weak | Weak | Strong | Very Strong |
Job Share | Weak | Weak | Very Strong | Very Strong |
Communities of Practice | Strong | Weak | Very Strong | Very Strong |
This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared against four different knowledge types.
Not all techniques are effective for all types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.
Level of Engagement | ||
---|---|---|
Tactic | Disengaged/ Indifferent | Almost Engaged - Engaged |
Interviews | Yes | Yes |
Process Mapping | Yes | Yes |
Use Cases | Yes | Yes |
Job Shadow | No | Yes |
Peer Assist | Yes | Yes |
Action Review | Yes | Yes |
Mentoring | No | Yes |
Transition Workshop | Yes | Yes |
Storytelling | No | Yes |
Job Share | Maybe | Yes |
Communities of Practice | Maybe | Yes |
When considering which tactics to employ, it's important to consider the knowledge holder's level of engagement. Employees who you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.
Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It's essential that motivations for knowledge transfer are communicated effectively.
Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what's in it for them.
Putting disengaged employees in a position where they are mentoring others can be a risk, as their negativity could influence others not to participate, or it could negate the work you're doing to create a positive knowledge sharing culture.
Effort by Stakeholder |
||||
---|---|---|---|---|
Tactic |
Business Analyst |
IT Manager |
Knowledge Holder |
Knowledge Receiver |
Interviews These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process. |
Medium |
N/A |
Low |
Low |
Process Mapping |
Medium |
N/A |
Low |
Low |
Use Cases |
Medium |
N/A |
Low |
Low |
Job Shadow |
Medium |
Medium |
Medium |
Medium |
Peer Assist |
Medium |
Medium |
Medium |
Medium |
Action Review These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. It's important to gain stakeholder buy-in as it is key for success. |
Low |
Medium |
Medium |
Low |
Mentoring |
Medium |
High |
High |
Medium |
Transition Workshop |
Medium |
Low |
Medium |
Low |
Storytelling |
Medium |
Medium |
Low |
Low |
Job Share |
Medium |
High |
Medium |
Medium |
Communities of Practice |
High |
Medium |
Medium |
Medium |
Workforce Planning | Knowledge Transfer | Development Planning |
---|---|---|
Identify needs, goals, metrics, and skill gaps. Select a skill sourcing strategy. | Discover critical knowledge. Select knowledge transfer methods. | Identify priority competencies. Assess employees. Draft development goals. Provide coaching & feedback. |
The Small Enterprise Guide to People and Resource Management
Your performance management framework is rooted in organizational goals and defines what it means to do any given role well.
Your organization's priority competencies are the knowledge, skills and attributes that enable an employee to do the job well.
Each individual's development goals are then aimed at building these priority competencies.
Mission Statement |
To be the world's leading manufacturer and distributor of widgets. |
---|---|
Business Goal |
To increase annual revenue by 10%. |
IT Department Objective |
To ensure reliable communications infrastructure and efficient support for our sales and development teams. |
Individual Role Objective |
To decrease time to resolution of support requests by 10% while maintaining quality. |
Without a performance management framework, your employees cannot align their development with the organization's goals. For detailed guidance, see Info-Tech's blueprint Setting Meaningful Employee Performance Measures.
The term "competency" refers to the collection of knowledge, skills, and attributes an employee requires to do a job well.
Often organizations have competency frameworks that consist of core, leadership, and functional competencies.
Core competencies apply to every role in the organization. Typically, they are tied to organizational values and business mission and/or vision.
Functional competencies are at the department, work group, or job role levels. They are a direct reflection of the function or type of work carried out.
Leadership competencies generally apply only to people managers in the organization. Typically, they are tied to strategic goals in the short to medium term
Generic | Functional |
---|---|
|
|
S |
Specific: Be specific about what you want to accomplish. Think about who needs to be involved, what you're trying to accomplish, and when the goal should be met. |
---|---|
M |
Measurable: Set metrics that will help to determine whether the goal has been reached. |
A |
Achievable: Ensure that you have both the organizational resources and employee capability to accomplish the goal. |
R |
Relevant: Goals must align with broader business, department, and development goals in order to be meaningful. |
T |
Time-bound: Provide a target date to ensure the goal is achievable and provide motivation. |
"Learn Excel this summer."
Not specific enough, not measurable enough, nor time bound.
"Consult with our Excel expert and take the lead on creating an Excel tool in August."
Pre-work: Employees should come to the career conversation having done some self-reflection. Use Info-Tech's IT Employee Career Development Workbook to help employees identify their career goals.
Lack of career development is the top reason employees leave organizations. Development activities need to work for both the organization and the employee's own development, and clearly link to advancing employees' careers either at the organization or beyond.
Download the IT Employee Career Development Workbook
Download the Individual Competency Development Plan
Input | Output |
---|---|
|
|
Materials | Participants |
|
70% |
On providing challenging on-the-job opportunities |
---|---|
20% |
On establishing opportunities for people to develop learning relationships with others, such as coaching and mentoring |
10% |
On formal learning and training programs |
Internal Initiative |
What Is It? |
When to Use It |
---|---|---|
Special Project |
Assignment outside of the scope of the day-to-day job (e.g. work with another team on a short-term initiative). |
As an opportunity to increase exposure and to expand skills beyond those required for the current job. |
Stretch Assignment |
The same projects that would normally be assigned, but in a shorter time frame or with a more challenging component. |
Employee is consistently meeting targets and you need to see what they're capable of. |
Training Others |
Training new or more junior employees on their position or a specific process. |
Employee wants to expand their role and responsibility and is proficient and positive. |
Team Lead On an Assignment |
Team lead for part of a project or new initiative. |
To prepare an employee for future leadership roles by increasing responsibility and developing basic managerial skills. |
Job Rotation |
A planned placement of employees across various roles in a department or organization for a set period of time. |
Employee is successfully meeting and/or exceeding job expectations in their current role. |
The next time you assign a project to an employee, you should also ask the employee to think about a development goal for the project. Try to link it back to their existing goals or have them document a new goal in their development plan.
For example: A team of employees always divides their work in the same way. Their goal for their next project could be to change up the division of responsibility so they can learn each other's roles.
"I'd like you to develop your ability to explain technical terms to a non-technical audience. I'd like you to sit down with the new employee who starts tomorrow and explain how to use all our software, getting them up and running."
Employees often don't realize that they are being developed. They either think they are being recognized for good work or they are resentful of the additional workload.
You need to tell your employees that the activity you are asking them to do is intended to further their development.
However, be careful not to sell mundane tasks as development opportunities – this is offensive and detrimental to engagement.
Ensure that the employee makes progress in developing prioritized competencies by defining accountabilities:
Tracking Progress |
Checking In |
Development Meetings |
Coaching & Feedback |
---|---|---|---|
Employee accountability:
Manager accountability:
|
Employee accountability:
Manager accountability:
|
Employee accountability:
Manager accountability:
|
Employee accountability:
Manager accountability:
|
Pre-work: Employees should research potential development activities and come prepared with a range of suggestions.
Pre-work: Managers should investigate options for employee development, such as internal training/practice opportunities for the employee's selected competencies and availability of training budget.
Download the Learning Methods Catalog
Adopt a blended learning approach using a variety of techniques to effectively develop competencies. This will reinforce learning and accommodate different learning styles. See Info-Tech's Learning Methods Catalog for a description of popular experiential, relational, and formal learning methods.
Input | Output |
---|---|
|
|
Materials | Participants |
|
A conversation in which a manager asks questions to guide employees to solve problems themselves.
Coaching is:
Information conveyed from the manager to the employee about their performance.
Feedback is:
Don't forget to develop your managers! Ensure coaching, feedback, and management skills are part of your management team's development plan.
Understand the foundations of coaching to provide effective development coaching: |
||
---|---|---|
Knowledge | Mindset | Relationship |
|
|
|
Using a model allows every manager, even those with little experience, to apply coaching best practices effectively.
Actively Listen |
Ask |
Action Plan |
Adapt |
---|---|---|---|
Engage with employees and their message, rather than just hearing their message. Key active listening behaviors:
|
Ask thoughtful, powerful questions to learn more information and guide employees to uncover opportunities and/or solutions. Key asking behaviors:
|
Hold employees and managers accountable for progress and results. During check-ins, review each development goal to ensure employees are meeting their targets. Key action planning behaviors:
|
Adapt to individual employees and situations. Key adapting behaviors:
|
The purpose of asking questions is to guide the conversation and learn something you didn't already know. Choose the questions you ask based on the flow of the conversation and on what information you would like to uncover. Approach the answers you get with an open mind.
Avoid the trap of "hidden agenda" questions, whose real purpose is to offer your own advice.
Development is a two-way street. This means that while employees are responsible for putting in the work, managers must enable their development with support and guidance. The latter is a skill, which managers must consciously cultivate.
Anderson, Kelsie. "Is Your IT Department Prepared for the 4 Biggest Challenges of 2017?" 14 June 2017.
Atkinson, Carol, and Peter Sandiford. "An Exploration of Older Worker Flexible Working Arrangements in Smaller Firms." Human Resource Management Journal, vol. 26, no. 1, 2016, pp. 12–28. Wiley Online Library.
BasuMallick, Chiradeep. "Top 8 Best Practices for Employee Cross-Training." Spiceworks, 15 June 2020.
Birol, Andy. "4 Ways You Can Succeed With a Staff That 'Wears Multiple Hats.'" The Business Journals, 26 Nov. 2013.
Bleich, Corey. "6 Major Benefits To Cross-Training Employees." EdgePoint Learning, 5 Dec. 2018.
Cancialosi, Chris. "Cross-Training: Your Best Defense Against Indispensable Employees." Forbes, 15 Sept. 2014.
Cappelli, Peter, and Anna Tavis. "HR Goes Agile." Harvard Business Review, Mar. 2018.
Chung, Kai Li, and Norma D'Annunzio-Green. "Talent Management Practices of SMEs in the Hospitality Sector: An Entrepreneurial Owner-Manager Perspective." Worldwide Hospitality and Tourism Themes, vol. 10, no. 4, Jan. 2018.
Clarkson, Mary. Developing IT Staff: A Practical Approach. Springer Science & Business Media, 2012.
"CNBC and SurveyMonkey Release Latest Small Business Survey Results." Momentive, 2019. Press Release. Accessed 6 Aug. 2020.
Cselényi, Noémi. "Why Is It Important for Small Business Owners to Focus on Talent Management?" Jumpstart:HR | HR Outsourcing and Consulting for Small Businesses and Startups, 25 Mar. 2013.
dsparks. "Top 10 IT Concerns for Small Businesses." Stratosphere Networks IT Support Blog - Chicago IT Support Technical Support, 16 May 2017.
Duff, Jimi. "Why Small to Mid-Sized Businesses Need a System for Talent Management | Talent Management Blog | Saba Software." Saba, 17 Dec. 2018.
Employment and Social Development Canada. "Age-Friendly Workplaces: Promoting Older Worker Participation." Government of Canada, 3 Oct. 2016.
Exploring Workforce Planning. Accenture, 23 May 2017.
"Five Major IT Challenges Facing Small and Medium-Sized Businesses." Advanced Network Systems. Accessed 25 June 2020.
Harris, Evan. "IT Problems That Small Businesses Face." InhouseIT, 17 Aug. 2016.
Heathfield, Susan. "What Every Manager Needs to Know About Succession Planning." Liveabout, 8 June 2020.
---. "Why Talent Management Is an Important Business Strategy." Liveabout, 29 Dec. 2019.
Herbert, Chris. "The Top 5 Challenges Facing IT Departments in Mid-Sized Companies." ExpertIP, 25 June 2012.
How Smaller Organizations Can Use Talent Management to Accelerate Growth. Avilar. Accessed 25 June 2020.
Krishnan, TN, and Hugh Scullion. "Talent Management and Dynamic View of Talent in Small and Medium Enterprises." Human Resource Management Review, vol. 27, no. 3, Sept. 2017, pp. 431–41.
Mann Jackson, Nancy. "Strategic Workforce Planning for Midsized Businesses." ADP, 6 Feb. 2017.
McCandless, Karen. "A Beginner's Guide to Strategic Talent Management (2020)." The Blueprint, 26 Feb. 2020.
McFeely, Shane, and Ben Wigert. "This Fixable Problem Costs U.S. Businesses $1 Trillion." Gallup.com, 13 Mar. 2019.
Mihelič, Katarina Katja. Global Talent Management Best Practices for SMEs. Jan. 2020.
Mohsin, Maryam. 10 Small Business Statistics You Need to Know in 2020 [May 2020]. 4 May 2020.
Ramadan, Wael H., and B. Eng. The Influence of Talent Management on Sustainable Competitive Advantage of Small and Medium Sized Establishments. 2012, p. 15.
Ready, Douglas A., et al. "Building a Game-Changing Talent Strategy." Harvard Business Review, no. January–February 2014, Jan. 2014.
Reh, John. "Cross-Training Employees Strengthens Engagement and Performance." Liveabout, May 2019.
Rennie, Michael, et al. McKinsey on Organization: Agility and Organization Design. McKinsey, May 2016.
Roddy, Seamus. "The State of Small Business Employee Benefits in 2019." Clutch, 18 Apr. 2019.
SHRM. "Developing Employee Career Paths and Ladders." SHRM, 28 Feb. 2020.
Strandberg, Coro. Sustainability Talent Management: The New Business Imperative. Strandberg Consulting, Apr. 2015.
Talent Management for Small & Medium-Size Businesses. Success Factors. Accessed 25 June 2020.
"Top 10 IT Challenges Facing Small Business in 2019." Your IT Department, 8 Jan. 2019.
"Why You Need Workforce Planning." Workforce.com, 24 Oct. 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Determine the stakeholders for an IT department of a singular initiative.
Use the guidance of this section to analyze stakeholders on both a professional and personal level.
Use Info-Tech’s guiding principles of stakeholder management to direct how to best engage key stakeholders.
Use real-life experiences from Info-Tech’s analysts to understand how to use and apply stakeholder management techniques.
More than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.
A new threat will impact your organization's operations at some point. Make sure your plans are flexible enough to manage the inevitable consequences and that you understand where those threats may originate.
Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this research to identify and quantify the potential operational impacts caused by vendors. Utilize Info-Tech's approach to look at the operational impact from various perspectives to better prepare for issues that may arise.
By playing the “what if” game and asking probing questions to draw out – or eliminate - possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Organizations must be mindful that operational risks come from internal and external vendor sources. Missing either component in the overall risk assessment can significantly impact day-to-day business processes that cost revenue, delay projects, and lead to customer dissatisfaction.
Research Director, Vendor Management
Info-Tech Research Group
Your ChallengeMore than any other time, our world is changing rapidly. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level. A new threat will impact your organization's operations at some point. Make sure your plans are flexible enough to manage the inevitable consequences and that you understand where those threats may originate. |
Common ObstaclesIdentifying and managing a vendor’s potential operational impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations. Organizational leadership is often taken unaware during crises, and their plans lack the flexibility to adjust to significant market upheavals. |
Info-Tech's ApproachVendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them. Prioritize and classify your vendors with quantifiable, standardized rankings. Prioritize focus on your high-risk vendors. Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Operational Risk Impact Tool. |
Organizations must evolve their risk assessments to be more adaptive to respond to threats in the market. Ongoing monitoring of the vendors tied to company operations, and understanding where those vendors impact your operations, is imperative to avoiding disasters.
This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.
Out of Scope:
This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.
The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.
When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.
Below are some things no one expected to happen in the last few years:
27%Businesses are changing their internal processes around TPRM in response to the Pandemic. |
70%Of organizations attribute a third-party breach to too much privileged access. |
85%Of breaches involved human factors (phishing, poor passwords, etc.). |
Operational risk is the risk of losses caused by flawed or failed processes, policies, systems, or events that disrupt business operations.
- WikipediaVendors operating within your secure perimeter can open your organization to substantial risk.
Frequently monitor your internal process around vendor management to ensure safe operations.
You may have solid policies, but if your employees and vendors are not following them, they will not protect the organization.
Failing to ensure that your vendor-supported systems are properly configured and that your vendors are meeting your IT change control and configuration standards is more commonplace than expected. Proper oversight and management of your support vendors are crucial to ensure they are meeting expectations in this regard.
Most companies have policies and procedures around IT change and configuration control, security standards, risk management, vendor performance standards, etc. While having these processes is a good start, failure to perform continuous monitoring and management of these leads to increased risks of incidents.
Awareness of the supply chain's complications, and each organization's dependencies, are increasing for everyone. However, most organizations still do not understand the chain of n-party vendors that support their specific vendors or how interruptions in their supply chains could affect them. The 2022 Toyota shutdown due to Kojima is a perfect example of how one essential parts vendor could shut down your operations.
It is important to identify where potential risks to your operations may come from to manage and potentially eliminate them from impacting your organization.
Most organizations realize that their vendors could operationally affect them if an incident occurs. Still, they fail to follow the chain of events that might arise from those incidents to understand the impact fully.
Operational risk impacts often come from unexpected places and have unforeseen impacts. Knowing where your vendors place in critical business processes and those vendors' business continuity plans concerning your organization should be a priority for those who manage the vendors.
Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans around replacing critical vendors purchased in such a manner?
If one of your critical vendors goes down, do you know how they intend to re-establish business? Do you know how you factor into their priorities?
Do you understand where in the business processes vendor-supported systems lie? Do you have contingencies around disruptions that account for those pieces missing from the process?
See the blueprint Build an IT Risk Management Program
Review your operational plans for new risks on a regular basis.
Keep in mind Risk = Likelihood x Impact (R=L*I).
Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent
Organizations need to review their organizational risk plans, considering the placement of vendors in their operations.
Pandemics, extreme weather, and wars that affect global supply chains are current realities, not unlikely scenarios.
Sometimes disasters occur despite our best plans to manage them.
When this happens, it is important to document the lessons learned and improve our plans going forward.
Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Download the Operational Risk Impact Tool
Input
|
Output
|
Materials
|
Participants
|
Being overly reliant on a single talented individual can impose risk to your operations. Make sure you include resiliency in your skill sets for critical business practices.
Organizations must evolve their operational risk assessments considering their vendor portfolio.
Ongoing monitoring of the market and the vendors tied to company operations is imperative to avoiding disaster.
“Weak Cybersecurity is taking a toll on Small Businesses.” Tripwire. August 7, 2022.
SecureLink 2022 White Paper SL_Page_EA+PAM (rocketcdn.me)
Member Poll March 2021 "Guide: Evolving Work Environments Impact of Covid-19 on Profile and Management of Third Parties.“ Shared Assessments. March 2021.
“Operational Risk.” Wikipedia.
Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, August 23, 2012.
Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.
Algorithms are becoming more advanced, data is now richer and easier to collect, and hardware is cheaper and more powerful. All of this is true and contributes to the excitement around enterprise AI applications, but the biggest difference today is that enterprises are redesigning their processes around AI, rather than simply adding AI to their existing processes.
This report outlines six emerging ways AI is being used in the enterprise, with four future scenarios outlining their possible trajectories. These are designed to guide strategic decision making and facilitate future-focused ideation.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This report outlines six emerging ways AI is being used in the enterprise, with four future scenarios outlining their possible trajectories. These are designed to guide strategic decision making and facilitate future-focused ideation.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this step-by-step guide to assess your ransomware readiness and implement controls that will improve your ability to prevent incursions and defend against attacks.
Use this assessment tool to assess existing protection, detection, response, and recovery capabilities and identify potential improvements.
Use this threat preparedness workbook to evaluate the threats and tactics in the ransomware kill chain using the MITRE framework and device appropriate countermeasures.
Adapt this tabletop planning session template to plan and practice the response of your internal IT team to a ransomware scenario.
Adapt these workflow and runbook templates to coordinate the actions of different stakeholders through each stage of the ransomware incident response process.
Adapt this tabletop planning session template to plan leadership contributions to the ransomware response workflow. This second tabletop planning session will focus on communication strategy, business continuity plan, and deciding whether the organization should pay a ransom.
Summarize your current state and present a prioritized project roadmap to improve ransomware resilience over time.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Set workshop goals, review ransomware trends and risk scenarios, and assess the organization’s resilience to ransomware attacks.
Develop a solid understanding of the likelihood and impact of a ransomware attack on your organization.
Complete a current state assessment of key security controls in a ransomware context.
1.1 Review incidents, challenges, and project drivers.
1.2 Diagram critical systems and dependencies and build risk scenario.
1.3 Assess ransomware resilience.
Workshop goals
Ransomware Risk Scenario
Ransomware Resilience Assessment
Improve your capacity to protect your organization from ransomware and detect attacks along common vectors.
Identify targeted countermeasures that improve protection and detection capabilities.
2.1 Assess ransomware threat preparedness.
2.2 Determine the impact of ransomware techniques on your environment.
2.3 Identify countermeasures to improve protection and detection capabilities.
Targeted ransomware countermeasures to improve protection and detection capabilities.
Targeted ransomware countermeasures to improve protection and detection capabilities.
Targeted ransomware countermeasures to improve protection and detection capabilities.
· Improve your organization’s capacity to respond to ransomware attacks and recover effectively.
Build response and recovery capabilities that reduce the potential business disruption of successful ransomware attacks.
3.1 Review the workflow and runbook templates.
3.2 Update/define your threat escalation protocol.
3.3 Define scenarios for a range of incidents.
3.4 Run a tabletop planning exercise (IT).
3.5 Update your ransomware response runbook.
Security Incident Response Plan Assessment.
Tabletop Planning Session (IT)
Ransomware Workflow and Runbook.
Identify prioritized initiatives to improve ransomware resilience.
Identify the role of leadership in ransomware response and recovery.
Communicate workshop outcomes and recommend initiatives to improve ransomware resilience.
4.1 Run a tabletop planning exercise (Leadership).
4.2 Identify initiatives to close gaps and improve resilience.
4.3 Review broader strategies to improve your overall security program.
4.4 Prioritize initiatives based on factors such as effort, cost, and risk.
4.5 Review the dashboard to fine tune your roadmap.
4.6 Summarize status and next steps in an executive presentation.
Tabletop Planning Session (Leadership)
Ransomware Resilience Roadmap and Metrics
Ransomware Workflow and Runbook
Ransomware is a high-profile threat that demands immediate attention:
Ransomware is more complex than other security threats:
To prevent a ransomware attack:
Resilience is not a trampoline, where you're down one moment and up the next. It's more like climbing a mountain. It takes time, planning, and help from people around you to work through challenges. Focus on what is in your organization's control, and cultivate strengths that allow you to protect assets, detect incursions, respond effectively, and recovery quickly.
As I write, the frequency and impact of ransomware attacks continue to increase, with no end in sight. Most organizations will experience ransomware in the next 24 months, some more than once, and business leaders know it. You will never have a better chance to implement best practice security controls as you do now.
The opportunity comes with important challenges. Hackers need to spend less time in discovery before they deploy an attack, which have become much more effective. You can't afford to rely solely on your ability to respond and recover. You need to build a resilient organization that can withstand a ransomware event and recover quickly.
Resilient organizations are not impervious to attack, but they have tools to protect assets, detect incursions, and respond effectively. Resilience is not a trampoline, where you're down one moment and up the next. It's more like climbing a mountain. It takes time, planning, and help from people around you to overcome challenges and work through problems. But eventually you reach the top and look back at how far you've come.
Michel Hébert
Research Director, Security and Privacy
Info-Tech Research Group
Three factors contribute to the threat:
Elementus maps ransomware payments made through bitcoin. Since 2019, victims made at least $2B in payments.
A handful of criminal organizations, many of whom operate out of cybercrime hotbeds in Russia, are responsible for most of the damage. The numbers capture only the ransom paid, not the clean-up cost and economic fallout over attacks during this period.
Emerging strains can exfiltrate sensitive data, encrypt systems and destroy backups in only a few hours, which makes recovery a grueling challenge.
Sophos commissioned a vendor agnostic study of the real-world experience of 5,600 IT professionals in mid-sized organizations across 31 countries and 15 industries.
The survey was conducted in Jan – Feb 2022 and asked about the experience of respondents over the previous year.
66%
Hit by ransomware in 2021
(up from 37% in 2020)
90%
Ransomware attack affected their ability to operate
$812,360 USD
Average ransom payment
$4.54M
Average remediation cost
(not including ransom)
ONE MONTH
Average recovery time
Meanwhile, organizations continue to put their faith in ineffective ransomware defenses.
Of the respondents whose organizations weren't hit by ransomware in 2021 and don't expect to be hit in the future, 72% cited either backups or cyberinsurance as reasons why they anticipated an attack.
While these elements can help recover from an attack, they don't prevent it in the first place.
Source: Sophos, State of Ransomware (2022)
IBM, Cost of A Data Breach (2022)
At each point of the playbook, malicious agents need to achieve something before they can move to the next step.
Resilient organizations look for opportunities to:
Initial access Execution |
Privilege Escalation Credential Access |
Lateral Movement Collection |
Data Exfiltration |
Data encryption |
---|---|---|---|---|
Deliver phishing email designed to avoid spam filter. Launch malware undetected. |
Identify user accounts. Target an admin account. Use brute force tactics to crack it. |
Move through the network and collect data. Infect as many critical systems and backups as possible to limit recovery options. |
Exfiltrate data to gain leverage. |
Encrypt data, which triggers alert. Deliver ransom note. |
Ransomware groups thrive through extortion tactics.
Ransom is only a small part of the equation. Four process-related activities drive ransomware recovery costs:
Source: IBM, Cost of a Data Breach (2022)
An effective response with strong, available backups will reduce the operational impact of an attack, but it won't spare you from its reputational and regulatory impact.
Put controls in place to disrupt each stage of the attack workflow to protect the organization from intrusion, enhance detection, respond quickly, and recover effectively.
Ransomware dwell times and average encryption rates are improving dramatically.
Hackers spend less time in your network before they attack, and their attacks are much more effective.
Avg dwell time
3-5 Days
Avg encryption rate
70 GB/h
Avg detection time
11 Days
Dwell time is the time between when a malicious agent gains access to your environment and when they are detected. In a ransomware attack, most organizations don't detect malicious agents until they deploy ransomware, encrypt their files, and lock them out until they pay the ransom.
Effective time is a measure of the effectiveness of the encryption algorithm. Encryption rates vary by ransomware family. Lockbit has the fastest encryption rate, clocking in at 628 GB/h.
It's more critical than ever to build ransomware resilience. Most organizations do not detect ransomware incursions in time to prevent serious business disruption.
References: Bleeping Computers (2022), VentureBeat, Dark Reading, ZDNet.
This blueprint will focus on improving your ransomware resilience to:
Response |
Recovery |
---|---|
For in-depth assistance with disaster recovery planning, refer to Info-Tech's Create a Right-Sized Disaster Recovery. |
Disrupt the playbooks of ransomware gangs. Put controls in place to protect, detect, respond and recover effectively.
Put controls in place to harden your environment, train savvy end users, and prevent incursions.
Build and test a backup strategy that meets business requirements to accelerate recovery and minimize disruption.
Protect | Detect | Respond |
Recover |
Review ransomware threat techniques and prioritize detective and mitigation measures for initial and credential access, privilege escalation, and data exfiltration.
Develop security awareness content and provide cybersecurity and resilience training to employees, contractors and third parties.
Identify and implement network security solutions including analytics, network and email traffic monitoring, and intrusion detection and prevention.
Identify disruption scenarios and develop incident response, business continuity, and disaster recovery strategies.
Review the user access management program, policies and procedures to ensure they are ransomware-ready.
Develop proactive vulnerability and patch management programs that mitigate ransomware techniques and tactics.
Assess resilience | Protect and detect | Respond and recover | Improve resilience | |
---|---|---|---|---|
Phase steps |
|
|
|
|
Phase outcomes |
|
|
|
|
Resilience is not a trampoline, where you're down one moment and up the next. It's more like climbing a mountain. It takes time, planning, and help from people around you to work through challenges.
Focus on what is in your organization's control, and cultivate strengths that allow you to protect assets, detect incursions, and respond and recover quickly
Build risk scenarios that describe how a ransomware attack would impact organizational goals.
Understand possible outcomes to motivate initiatives, protect your organization, plan your response, and practice recovery.
Dwell times and effective times are dropping dramatically. Malicious agents spend less time in your network before they deploy an attack, and their attacks are much more effective. You can't afford to rely on your ability to respond and recover alone.
The frequency and impact of ransomware attacks continue to increase, and business leaders know it. You will never have a better chance to implement best practice security controls than you do now.
The anatomy of ransomware attack is relatively simple: malicious agents get in, spread, and profit. Deploy ransomware protection metrics to measure ransomware resilience at each stage.
The resilience roadmap captures the key insights your work will generate, including:
Info-Tech supports project and workshop activities with deliverables to help you accomplish your goals and accelerate your success.
Ransomware Resilience Assessment
Measure ransomware resilience, identify gaps, and draft initiatives.
Enterprise Threat Preparedness Workbook
Analyze common ransomware techniques and develop countermeasures.
Ransomware Response Workflow & Runbook
Capture key process steps for ransomware response and recovery.
Run tabletops for your IT team and your leadership team to gather lessons learned.
Capture project insights and measure resilience over time.
Organizations worldwide spent on average USD 4.62M in 2021 to rectify a ransomware attack. These costs include escalation, notification, lost business and response costs, but did not include the cost of the ransom. Malicious ransomware attacks that destroyed data in destructive wiper-style attacks cost an average of USD 4.69M.
Building better now is less expensive than incurring the same costs in addition to the clean-up and regulatory and business disruption costs associated with successful ransomware attacks.
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research and advisory services helped them achieve.
Source: IBM, Cost of a Data Breach (2022)
See what members have to say about the ransomware resilience blueprint:
"Our advisor was well-versed and very polished. While the blueprint alone was a good tool to give us direction, his guidance made it significantly faster and easier to accomplish than if we had tried to tackle it on our own."
CIO, Global Manufacturing Organization
IT benefits |
Business benefits |
---|---|
|
|
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
SOURCE: Interview with CIO of large enterprise
Organizations who "build back better" after a ransomware attack often wish they had used relevant controls sooner.
In February 2020, a large organization found a ransomware note on an admin's workstation. They had downloaded a local copy of the organization's identity management database for testing and left a port open on their workstation. Hackers exfiltrated it and encrypted the data on the workstation. They demanded a ransom payment to decrypt the data.
Because private information was breached, the organization informed the state-level regulator. With 250,000 accounts affected, plans were made to require password changes en masse. A public announcement was made two days after the breach to ensure that everyone affected could be reached.
The organization decided not to pay the ransom because it had a copy on an unaffected server.
The organization was praised for its timely and transparent response.
The breach motivated the organization to put more protections in place, including:
SOURCE: Info-Tech Workshop Results
iNDUSTRY: Government
Regional government runs an Info-Tech workshop to fast-track its ransomware incident response planning
The organization was in the middle of developing its security program, rolling out security awareness training for end users, and investing in security solutions to protect the environment and detect incursions. Still, the staff knew they still had holes to fill. They had not yet fully configured and deployed security solutions, key security policies were missing, and they had didn't have a documented ransomware incident response plan.
Info-Tech advisors helped the organization conduct a systematic review of existing processes, policies, and technology, with an eye to identify key gaps in the organization's ransomware readiness. The impact analysis quantified the potential impact of a ransomware attack on critical systems to improve the organizational awareness ransomware risks and improve buy-in for investment in the security program.
Info-Tech's tabletop planning exercise provided a foundation for the organization's actual response plan. The organization used the results to build a ransomware response workflow and the framework for a more detailed runbook. The workshop also helped staff identifies ways to improve the backup strategy and bridge further gaps in their ability to recover.
The net result was a current-state response plan, appropriate capability targets aligned with business requirements, and a project roadmap to achieve the organization's desired state of ransomware readiness.
Scoping Call | Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|---|
Call #1: Discuss context, identify challenges, and scope project requirements. Identify ransomware resilience metrics. |
Call #2: Build ransomware risk scenario. |
Call #4: Review common ransomware attack vectors. Identify and assess mitigation controls. |
Call #5: Document ransomware workflow and runbook. |
Call #7: Run tabletop test with leadership. |
Call #3: Assess ransomware resilience. |
Call #6: Run tabletop test with IT. |
Call #8: Build ransomware roadmap. Measure ransomware resilience metrics. |
A guided implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is 6 to 8 calls over the course of 4 to 6 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
---|---|---|---|---|---|
Activities |
Assess ransomware resilience |
Protect and detect |
Respond and recover |
Improve ransomware resilience |
Wrap-up (offsite and offline) |
1.1 1 Review incidents, challenges, and project drivers. 1.1.2 Diagram critical systems and dependencies. 1.1.3 Build ransomware risk scenario. |
2.1 1. Assess ransomware threat preparedness. 2.2 2. Determine the impact of ransomware techniques on your environment. 2.3 3. Identify countermeasures to improve protection and detection capabilities. |
3.1.1 Review the workflow and runbook templates. 3.1.2 Update/define your threat escalation protocol. 3.2.1 Define scenarios for a range of incidents. 3.2.2 Run a tabletop planning exercise (IT). 3.3.1 Update your ransomware response workflow. |
4.1.1 Run a tabletop planning exercise (leadership). 4.1.2 Identify initiatives to close gaps and improve resilience. 4.1.3 Review broader strategies to improve your overall security program. 4.2.1 Prioritize initiatives based on factors such as effort, cost, and risk. 4.2.2 Review the dashboard to fine tune your roadmap. 4.3.1 Summarize status and next steps in an executive presentation. |
5.1 Complete in-progress deliverables from previous four days. 5.2 Set up review time for workshop deliverables and to discuss next steps. 5.3 Revisit ransomware resilience metrics in three months. |
|
Deliverables |
|
|
|
|
|
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Build ransomware risk scenario 1.2 Conduct resilience assessment |
2.1 Assess attack vectors 2.2 Identify countermeasures |
3.1 Review Security Incident Management Plan 3.2 Run Tabletop Test (IT) 3.3 Document Workflow and Runbook |
4.1 Run Tabletop Test (Leadership) 4.2 Prioritize resilience initiatives 4.3 Measure resilience metrics |
This phase will walk you through the following activities:
This phase involves the following participants:
1.1.1 Review incidents, challenges and project drivers
1.1.2 Diagram critical systems and dependencies
1.1.3 Build ransomware risk scenario
This step will guide you through the following activities:
This step involves the following participants:
Brainstorm the challenges you need to address in the project. Avoid producing solutions at this stage, but certainly record suggestions for later. Use the categories below to get the brainstorming session started.
Brainstorm critical systems and their dependencies to build a ransomware risk scenario. The scenario will help you socialize ransomware risks with key stakeholders and discuss the importance of ransomware resilience.
Focus on a few key critical systems.
Start with a WAN diagram, then your production data center, and then each critical
system. Use the next three slides as your guide.
When you get to this level of detail, use this opportunity to level-set with the team. Consider the following:
For now, make a note of these gaps and continue with the next step.
Risk scenarios are further distilled into a single sentence or risk statement that communicates the essential elements from the scenario.
Risk identification → Risk scenario → Risk statement
The slides walk through how to build a ransomware risk scenario
An actor capable of harming an asset |
Anything of value that can be affected and results in loss |
Technique an actor uses to affect an asset |
How loss materializes |
---|---|---|---|
Examples: Malicious or untrained employees, cybercriminal groups, malicious state actors |
Examples: Systems, regulated data, intellectual property, people |
Examples: Credential compromise, privilege escalation, data exfiltration |
Examples: Loss of data confidentiality, integrity, or availability; impact on staff health and safety |
Risk scenarios are concise, four to six sentence narratives that describe the core elements of forecasted adverse events.
Use them to engage stakeholders with the right questions and guide them to make informed decisions about how to address ransomware risks.
In a ransomware risk scenario, the threat, their motivations, and their methods are known. Malicious agents are motivated to compromise critical systems, sabotage recovery, and exfiltrate data for financial gain.
The purpose of building the risk scenario is to highlight the assets at risk and the potential effect of a ransomware attack.
As a group, consider critical or mission-essential systems identified in step 1.1.2. On a whiteboard, brainstorm the potential adverse effect of a loss of system availability, confidentiality or integrity.
Consider the impact on:
Inputs for risk scenario identification
Risk analysis |
|||
---|---|---|---|
Critical assets |
ERP, CRM, FMS, LMS |
Operational technology |
Sensitive or regulated data |
Threat agents |
Cybercriminals |
||
Methods |
Compromise end user devices through social engineering attacks,. Compromise networks through external exposures and software vulnerabilities. Identify and crack administrative account. Escalate privileges. Move laterally. Collect data, destroy backups, exfiltrate data for leverage, encrypt systems,. Threaten to publish exfiltrated data and demand ransom. |
||
Adverse effect |
Serious business disruption Financial damage Reputational damage Potential litigation Average downtime: 30 Days Average clean-up costs: USD 1.4M |
Likelihood: Medium
Impact: High
Cyber-criminals penetrate the network, exfiltrate critical or sensitive data, encrypt critical systems, and demand a ransom to restore access.
They threaten to publish sensitive data online to pressure the organization to pay the ransom, and reach out to partners, staff, and students directly to increase the pressure on the organization.
Network access likely occurs through a phishing attack, credential compromise, or remote desktop protocol session.
Cybercriminals penetrate the network, compromise backups, exfiltrate and encrypt data, and disrupt computer systems for financial gain.
Threat Actor:
Assets:
Effect:
Methods:
1.2.1 Complete resilience assessment
1.2.2 Establish resilience metrics
The maturity levels are based on the Capability Maturity Model Integration framework. We outline our modifications below.
CMMI Maturity Level – Default Descriptions: |
CMMI Maturity Level – Modified for This Assessment: |
---|---|
|
|
(Source: CMMI Institute, CMMI Levels of Capability and Performance)
Disrupt the playbooks of ransomware gangs. Put controls in place to protect, detect, respond and recover effectively.
Put controls in place to harden your environment, train savvy end users, and prevent incursions.
Build and test a backup strategy that meets business requirements to accelerate recovery and minimize disruption.
Protect | Detect | Respond |
Recover |
Review ransomware threat techniques and prioritize detective and mitigation measures for initial and credential access, privilege escalation, and data exfiltration.
Develop security awareness content and provide cybersecurity and resilience training to employees, contractors and third parties.
Identify and implement network security solutions including analytics, network and email traffic monitoring, and intrusion detection and prevention.
Identify disruption scenarios and develop incident response, business continuity, and disaster recovery strategies.
Review the user access management program, policies and procedures to ensure they are ransomware-ready.
Develop proactive vulnerability and patch management programs that mitigate ransomware techniques and tactics.
Use the Ransomware Resilience Assessment Tool to assess maturity of existing controls, establish a target state, and identify an initial set of initiatives to improve ransomware resilience.
Keep the assessment tool on hand to add gap closure initiatives as you proceed through the project.
Download the Ransomware Resilience Assessment
Ransomware resilience metrics track your ability to disrupt a ransomware attack at each stage of its workflow.
Measure metrics at the start of the project to establish a baseline, as the project nears completion to measure progress.
Attack workflow | Process | Metric | Target trend | Current | Goal |
---|---|---|---|---|---|
GET IN | Vulnerability Management | % Critical patches applied | Higher is better | ||
Vulnerability Management | # of external exposures | Fewer is better | |||
Security Awareness Training | % of users tested for phishing | Higher is better | |||
SPREAD | Identity and Access Management | Adm accounts / 1000 users | Lower is better | ||
Identity and Access Management | % of users enrolled for MFA | Higher is better | |||
Security Incident Management | Avg time to detect | Lower is better | |||
PROFIT | Security Incident Management | Avg time to resolve | Lower is better | ||
Backup and Disaster Recovery | % critical assets with recovery test | Higher is better | |||
Backup and Disaster Recovery | % backup to immutable storage | Higher is better |
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Build ransomware risk scenario 1.2 Conduct resilience assessment | 2.1 Assess attack vectors 2.2 Identify countermeasures | 3.1 Review Security Incident Management Plan 3.2 Run Tabletop Test (IT) 3.3 Document Workflow and Runbook | 4.1 Run Tabletop Test (Leadership) 4.2 Prioritize resilience initiatives 4.3 Measure resilience metrics |
This phase will walk you through the following activities:
This phase involves the following participants:
2.1.1 Assess ransomware threat preparedness
2.1.2 Determine the impact of ransomware techniques on your environment
This step involves the following activities:
This step involves the following participants:
Assess risks associated with common ransomware attack vectors.
Download the Enterprise Threat Preparedness Workbook
Deliver phishing email designed to avoid spam filter. Launch malware undetected. | Identify user accounts. Target an admin account. Use brute force tactics to crack it. | Move through the network. Collect data. Infect critical systems and backups to limit recovery options. | Exfiltrate data to gain leverage. | Encrypt data, which triggers alert. Deliver ransom note. |
Once you're comfortable, follow the instructions on the following pages to configure the MITRE ransomware analysis and identify how to improve your protection and detection capabilities.
Download the Enterprise Threat Preparedness Workbook
If you would like to change the set-up, go through the following steps.
The following slides walk you through the process with screenshots from the workbook.
Download the Enterprise Threat Preparedness Workbook
Dwell times and effective times are dropping dramatically. Malicious agents spend less time in your network before they deploy an attack, and their attacks are much more effective. You can't afford to rely on your ability to respond and recover alone.
As you fill out the Tactic tabs with your evaluation, the overall reading will display the average of your overall preparedness for that tactic.
Choosing the Technique Domain level will increase the accuracy of the reporting at the cost of speed.
The Technique level is faster but provides less specifics for each control and analyzes them as a group.
The Sub-Technique level is much more granular, but each tactic and technique has several sub-techniques that you will need to account for.
Check with the dashboard to see the associated risk level for each of the tactics based on the legend. Tactics that appear white have not yet been assessed or are rated as "N/A" (not applicable).
When you select your Technique Domain, you cannot change it again. Changing the domain mid-analysis will introduce inaccuracies in your security preparedness.
How an attacker will attempt to achieve their goals through a specific action.
The corresponding ID number on the MITRE ATT&CK® Matrix for quick reference.
If an attack of this type is successful on your network, how deep does the damage run?
What security protocols do you have in place right now that can help prevent an attacker from successfully executing this attack technique? The rating is based on the CMMI scale.
We highly recommend that you write comments about your current-state security protocols. First, it's great to have documented your thought processes in the event of a threat modeling session. Second, you can speak to deficits clearly, when asked.
You may discover that you have little to no mitigation actions in place to deal with one or many of these techniques. However, look at this discovery as a positive: You've learned more about the potential vectors and can actively work toward remediating them rather than hoping that a breach never happens through one of these avenues.
If you have chosen the Sub-Technique level, the tool should resemble this image.
Each sub-technique has a note for additional context and understanding about what the techniques are seeking to do and how they may impact your enterprise.
|
2.2.1 Identify countermeasures
Identification of countermeasures to common ransomware techniques, and tactics to improve protection and detection capabilities.
As you work through the tool, your dashboard will prioritize your threat preparedness for each of the various attack techniques to give you an overall impression of your preparedness.
For each action, the tool includes detection and remediation actions for you to consider either for implementation or as table stakes for your next threat modeling sessions.
Note: Some sheets will have the same controls. However, the context of the attack technique may change your answers. Be sure to read the tactic and technique that you are on when responding to the controls.
Prioritize the analysis of ransomware tactics and sub-techniques identified on slide 45. If your initial analysis in Activity 2.2.1 determined that you have robust security protocols for some of the attack vectors, set these domains aside.
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Build ransomware risk scenario 1.2 Conduct resilience assessment | 2.1 Assess attack vectors 2.2 Identify countermeasures | 3.1 Review Security Incident Management Plan 3.2 Run Tabletop Test (IT) 3.3 Document Workflow and Runbook | 4.1 Run Tabletop Test (Leadership) 4.2 Prioritize resilience initiatives 4.3 Measure resilience metrics |
This phase will guide you through the following steps:
This phase involves the following participants:
3.1.1 Review the workflow and runbook templates
3.1.2 Update/define your threat escalation protocol
This step will walk you through the following activities:
This step involves the following participants:
This blueprint includes sample information in the Ransomware Response Workflow Template and Ransomware Response Runbook Template to use as a starting points for the steps in Phase 3, including documenting your threat escalation protocol.
Download the Ransomware Response Workflow Template
Download the Ransomware Response Runbook Template
Document the Threat Escalation Protocol sections in the Ransomware Response Workflow Template or review/update your existing runbook. The threat escalation protocol defines which stakeholders to involve in the incident management process, depending on impact and scope. Specifically, you will need to define the following:
Impact and scope criteria: Impact considers factors such as the criticality of the system/data, whether PII is at risk, and whether public notification is required. Scope considers how many systems or users are impacted.
Severity assessment: Define the severity levels based on impact and scope criteria.
Relevant stakeholders: Identify stakeholders to notify for each severity level, which can include external stakeholders.
If you need additional guidance, see Info-Tech's Develop and Implement a Security Incident Management Program blueprint, which takes a broader look at security incidents.
3.2.1 Define scenarios for a range of incidents
3.2.2 Run a tabletop planning exercise
As a group, collaborate to define scenarios that enable you to develop incident response details for a wide range of potential incidents. Below are example scenarios:
Note: The above is too much to execute in one 30-minute session, so plan a series of exercises as outlined on the next slide.
Schedule these sessions well in advance to ensure appropriate resources are available. Document this in an annual test plan summary that outlines the scope, participants, and dates and times for the planned sessions.
Remember that the goal is a deeper dive into how you would respond to an attack so you can clarify steps and gaps. This is not meant to just be a read-through of your plan. Follow the guidelines below:
Refer to the Ransomware Tabletop Planning Results – Example as a guide for what to capture. Aim for more detail than found in your Ransomware Response Workflow (but not runbook-level detail).
Download the Ransomware Tabletop Planning Results – Example
3.3.1 Update your ransomware response workflow
3.3.2 Update your ransomware response runbook
Use the results from your tabletop planning exercises (Activity 3.2.2) to update and clarify your ransomware response workflow. For example:
Use the results from your tabletop planning exercises (Activity 3.2.2) to update your ransomware response runbook. For example:
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Build ransomware risk scenario 1.2 Conduct resilience assessment | 2.1 Assess attack vectors 2.2 Identify countermeasures | 3.1 Review Security Incident Management Plan 3.2 Run Tabletop Test (IT) 3.3 Document Workflow and Runbook | 4.1 Run Tabletop Test (Leadership) 4.2 Prioritize resilience initiatives 4.3 Measure resilience metrics |
In addition to applying your existing security practices to your backup solution (e.g. anti-malware, restricted access), consider:
This example strategy combines multiple restore points, offsite backup, different storage media, and immutable backups.
Zero trust is a strategy that reduces reliance on perimeter security and moves controls to where your user accesses resources. It often consolidates security solutions, reduces operating costs, and enables business mobility.
IT security needs to determine how zero trust initiatives will affect core business processes. It's not a one-size-fits-all approach to IT security. Zero trust is the goal – but some organizations can only get so close to that ideal.
For more information, see Build a Zero-Trust Roadmap.
A successful zero-trust strategy should evolve. Use an iterative and repeatable process to assess available zero-trust technologies and principles and secure the most relevant protect surfaces. Collaborate with stakeholders to develop a roadmap with targeted solutions and enforceable policies.
Download the Ransomware Resilience Assessment
Prioritize initiatives in the Ransomware Resilience Assessment.
Review and update the roadmap dashboard in your Ransomware Resilience Assessment.
4.3.1 Summarize status and next steps in an executive presentation
Gain stakeholder buy-in by communicating the risk of the status quo and recommendations to reduce that risk. Specifically, capture and present the following from this blueprint:
Overall key findings and next steps.
Download the Ransomware Readiness Summary Presentation Template
Ransomware resilience metrics track your ability to disrupt a ransomware attack at each stage of its workflow.
Revisit metrics as the project nears completion and compare them against your baseline to measure progress.
Attack workflow | Process | Metric | Target trend | Current | Goal |
---|---|---|---|---|---|
GET IN | Vulnerability Management | % Critical patches applied | Higher is better | ||
Vulnerability Management | # of external exposures | Fewer is better | |||
Security Awareness Training | % of users tested for phishing | Higher is better | |||
SPREAD | Identity and Access Management | Adm accounts / 1000 users | Lower is better | ||
Identity and Access Management | % of users enrolled for MFA | Higher is better | |||
Security Incident Management | Avg time to detect | Lower is better | |||
PROFIT | Security Incident Management | Avg time to resolve | Lower is better | ||
Backup and Disaster Recovery | % critical assets with recovery test | Higher is better | |||
Backup and Disaster Recovery | % backup to immutable storage | Higher is better |
Project overview |
Project deliverables |
---|---|
This blueprint helped you create a ransomware incident response plan for your organization, as well as identify ransomware prevention strategies and ransomware prevention best practices. |
|
Project phases |
|
Phase 1: Assess ransomware resilience Phase 2: Protect and detect Phase 3: Respond and recover Phase 4: Improve ransomware resilience |
Tab 3. Initiative List in the Ransomware Resilience Assessment identifies relevant Info-Tech Research to support common ransomware resilience initiatives.
Jimmy Tom
AVP of Information Technology and Infrastructure
Financial Horizons
Dan Reisig
Vice President of Technology
UV&S
Samuel Sutton
Computer Scientist (Retired)
FBI
Ali Dehghantanha
Canada Research Chair in Cybersecurity and Threat Intelligence,
University of Guelph
Gary Rietz
CIO
Blommer Chocolate Company
Mark Roman
CIO
Simon Fraser University
Derrick Whalen
Director, IT Services
Halifax Port Authority
Stuart Gaslonde
Director of IT & Digital Services
Falmouth-Exeter Plus
Deborah Curtis
CISO
Placer County
Deuce Sapp
VP of IT
ISCO Industries
Trevor Ward
Information Security Assurance Manager
Falmouth-Exeter Plus
Brian Murphy
IT Manager
Placer County
Arturo Montalvo
CISO
Texas General Land Office and Veterans Land Board
Mduduzi Dlamini
IT Systems Manager
Eswatini Railway
Mike Hare
System Administrator
18th Circuit Florida Courts
Linda Barratt
Director of Enterprise architecture, IT Security, and Data Analytics, Toronto Community Housing Corporation
Josh Lazar
CIO
18th Circuit Florida Courts
Douglas Williamson
Director of IT
Jamaica Civil Aviation Authority
Ira Goldstein
Chief Operating Officer
Herjavec Group
Celine Gravelines
Senior Cybersecurity Analyst
Encryptics
Dan Mathieson
Mayor
City of Stratford
Jacopo Fumagalli
CISO
Omya
Matthew Parker
Program Manager
Utah Transit Authority
Two Additional Anonymous Contributors
2019-Data-Breach-Investigations-Report.-Verizon,-May-2019.
2019-Midyear-Security-Roundup:-Evasive-Threats,-Persistent-Effects.-Trend-Micro,-2019.
Abrams,-Lawrence.-"Ryuk-Ransomware-Uses-Wake-on-Lan-to-Encrypt-Offline-Devices."-Bleeping-Computer,-14-Jan.-2020.
Abrams,-Lawrence.-"Sodinokibi-Ransomware-Publishes-Stolen-Data-for-the-First-Time."-Bleeping-Computer,-11-Jan.-2020.
Canadian-Center-for-Cyber-Security,-"Ransomware-Playbook,"-30-November-2021.-Accessed-21-May-2022.-
Carnegie-Endowment-for-International-Peace.-"Ransomware:-Prevention-and-Protection."-Accessed-May-2022.-
Cawthra,-Jennifer,-Michael-Ekstrom,-Lauren-Lusty,-Julian-Sexton,-John-Sweetnam.-Special-Publication-1800-26-Data-Integrity:-Detecting-and-Responding-to-Ransomware-and-Other-Destructive-Events.-NIST,-Jan.-2020.
Cawthra,-Jennifer,-Michael-Ekstrom,-Lauren-Lusty,-Julian-Sexton,-John-Sweetnam.-Special-Publication-1800-25-Data-Integrity:-Identifying-and-Protecting-Assets-Against-Ransomware-and-Other-Destructive-Events.-NIST,-Jan.-2020.-
Cichonski,-P.,-T.-Millar,-T.-Grance,-and-K.-Scarfone.-"Computer-Security-Incident-Handling-Guide."-SP-800-61-Rev.-2.-NIST,-Aug.-2012.
Cimpanu,-Catalin.-"Company-shuts-down-because-of-ransomware,-leaves-300-without-jobs-just-before-holidays."-ZDNet,-3-Jan.-2020.
Cimpanu,-Catalin.-"Ransomware-attack-hits-major-US-data-center-provider."-ZDNet,-5-Dec.-2019.
CISA,-"Stop-Ransomware,"-Accessed-12-May-2022.
"CMMI-Levels-of-Capability-and-Performance."-CMMI-Institute.-Accessed-May-2022.-
Connolly,-Lena-Yuryna,-"An-empirical-study-of-ransomware-attacks-on-organizations:-an-assessment-of-severity-and-salient-factors-affecting-vulnerability."-Journal-of-Cybersecurity,-2020,.-1-18.
"Definitions:-Backup-vs.-Disaster-Recovery-vs.-High-Availability."-CVM-IT-&-Cloud-Services,-12-Jan.-2017.
"Don't-Become-a-Ransomware-Target-–-Secure-Your-RDP-Access-Responsibly."-Coveware,-2019.-
Elementus,-"Rise-of-the-Ransomware-Cartels-"(2022).-YouTube.-Accessed-May-2022.-
Global-Security-Attitude-Survey.-CrowdStrike,-2019.
Graham,-Andrew.-"September-Cyberattack-cost-Woodstock-nearly-$670,00:-report."-
Global-News,-10-Dec.-2019.
Harris,-K.-"California-2016-Data-Breach-Report."-California-Department-of-Justice,-Feb.-2016.
Hiscox-Cyber-Readiness-Report-2019.-Hiscox-UK,-2019.
Cost-of-A-Data-Breach-(2022).-IBM.-Accessed-June-2022.--
Ikeda,-Scott.-"LifeLabs-Data-Breach,-the-Largest-Ever-in-Canada,-May-Cost-the-Company-Over-$1-Billion-in-Class-Action-Lawsuit."-CPO-Magazine,-2020.
Kessem,-Limor-and-Mitch-Mayne.-"Definitive-Guide-to-Ransomware."-IBM,-May-2022.
Krebs,-Brian.-"Ransomware-Gangs-Now-Outing-Victim-Businesses-That-Don't-Pay-Up."-Krebson-Security,-16-Dec.-2019.
Jaquith,-Andrew-and-Barnaby-Clarke,-"Security-metrics-to-help-protect-against-ransomware."-Panaseer,-July-29,-2021,-Accessed-3-June-2022.
"LifeLabs-pays-ransom-after-cyberattack-exposes-information-of-15-million-customers-in-B.C.-and-Ontario."-CBC-News,-17-Dec.-2019.
Matthews,-Lee.-"Louisiana-Suffers-Another-Major-Ransomware-Attack."-Forbes,-20-Nov.-2019.
NISTIR-8374,-"Ransomware-Risk-Management:-A-Cybersecurity-Framework-Profile."-NIST-Computer-Security-Resource-Center.-February-2022.-Accessed-May-2022.-
"Ransomware-attack-hits-school-district-twice-in-4-months."-Associated-Press,-10-Sept.-2019.
"Ransomware-Costs-Double-in-Q4-as-Ryuk,-Sodinokibi-Proliferate."-Coveware,-2019.
Ransomware-Payments-Rise-as-Public-Sector-is-Targeted,-New-Variants-Enter-the-Market."-Coveware,-2019.
Rector,-Kevin.-"Baltimore-to-purchase-$20M-in-cyber-insurance-as-it-pays-off-contractors-who-helped-city-recover-from-ransomware."-The-Baltimore-Sun,-16-Oct.-2019.
"Report:-Average-time-to-detect-and-contain-a-breach-is-287-days."-VentureBeat,-May-25,-2022.-Accessed-June-2022.-
"Five-Lessons-Learned-from-over-600-Ransomware-Attacks."-Riskrecon.-Mar-2022.-Accessed-May-2022.-
Rosenberg,-Matthew,-Nicole-Perlroth,-and-David-E.-Sanger.-"-'Chaos-is-the-Point':-Russian-Hackers-and-Trolls-Grow-Stealthier-in-2020."-The-New-York-Times,-10-Jan.-2020.
Rouse,-Margaret.-"Data-Archiving."-TechTarget,-2018.
Siegel,-Rachel.-"Florida-city-will-pay-hackers-$600,000-to-get-its-computer-systems-back."-The-Washington-Post,-20-June-2019.
Sheridan,-Kelly.-"Global-Dwell-Time-Drops-as-Ransomware-Attacks-Accelerate."-DarkReading,-13-April-2021.-Accessed-May-2022.-
Smith,-Elliot.-"British-Banks-hit-by-hacking-of-foreign-exchange-firm-Travelex."-CNBC,-9-Jan.-2020.
"The-State-of-Ransomware-2022."-Sophos.-Feb-2022.-Accessed-May-2022.-
"The-State-of-Ransomware-in-the-U.S.:-2019-Report-for-Q1-to-Q3."-Emsisoft-Malware-Lab,-1-Oct.2019.
"The-State-of-Ransomware-in-the-U.S.:-Report-and-Statistics-2019."-Emsisoft-Lab,-12-Dec.-2019.
"The-State-of-Ransomware-in-2020."-Black-Fog,-Dec.-2020.
Toulas,-Bill.-"Ten-notorious-ransomware-strains-put-to-the-encryption-speed-test."-Bleeping-Computers,-23-Mar-2022.-Accessed-May-2022.
Tung,-Liam-"This-is-how-long-hackers-will-hide-in-your-network-before-deploying-ransomware-or-being-spotted."-zdnet.-May-19,-2021.-Accessed-June-2022.-
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Our concise executive brief shows you why engagement is critical to IT performance in your company. We'll show you our methodology and the ways we can help you in handling this.
You can use our full engagement surveys.
Understand your employees' engagement drivers. Involve your team in brainstorming engagement initiatives.
Choose those initiatives that show the most promise with the most significant impact. Create your action plan and establish transparent and open, and ongoing communication with your team.
Knowledge transfer is an ongoing effort. Prioritize and define your initiatives.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Evaluate the business, user, and infrastructure requirements to ensure that all needs are clearly defined and the best fit-for-purpose migration plan can be decided on.
Expose key cloud risks across five major areas and build mitigation strategies to counter risk and gain foresight for migration.
Outline major milestones of migration and build the communication plan to transition users smoothly. Complete the Office 365 migration plan report to present to business stakeholders.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Review corporate and project goals.
Review and prioritize relevant services and applications to shape the migration path.
Review Office 365 license models.
Profile end users to rightsize licensing.
Estimate dollar impact of new licensing model.
Corporate goals for Office 365.
Prioritized migration path of applications.
Decision on user licensing structure.
Projected cost of licensing.
1.1 Outline corporate and project goals to paint the starting line.
1.2 Review and prioritize services.
1.3 Rightsize licensing.
Clear goals and metrics for migration
Prioritized list of applications
Effective licensing structure
Conduct value and readiness assessment of current on-premises services.
Identify and evaluate risks and challenges.
Assess IT’s readiness to own and manage Office 365.
Completed value and readiness assessment.
Current targets for service and deployment models.
List of perceived risks according to five major risk areas.
Assessed IT’s readiness to own and manage Office 365.
Established go/caution/stop for elected Office 365 services.
2.1 Assess value and readiness.
2.2 Identify key risks.
2.3 Identify changes in IT skills and roles.
Cloud service appropriateness assessment
Completed risk register
Reorganization of IT roles
Review Office 365 risks and discuss mitigation strategies.
Completed risks and mitigation strategies report.
3.1 Build mitigation strategies.
3.2 Identify key service requests.
3.3 Build workflows.
Defined roles and responsibilities
Assigned decision rights
List of staffing gaps
Build a timeline of major milestones.
Plan and prioritize projects to bridge gaps.
Build a communication plan.
Review Office 365 strategy and roadmap.
Milestone roadmap.
Critical path of milestone actions.
Communication plan.
Executive report.
4.1 Outline major milestones.
4.2 Finalize roadmap.
4.3 Build and refine the communication plan.
Roadmap plotted projects, decisions, mitigations, and user engagements
Finalized roadmap across timeline
Communication and training plan
Innovation is about people, not ideas or processes. Innovation does not require a formal process, a dedicated innovation team, or a large budget; the most important success factor for innovation is culture. Companies that facilitate innovative behaviors like growth mindset, collaboration, and taking smart risks are most likely to see the benefits of innovation.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard includes three phases and nine activities that will help you define your purpose, align your people, and build your practice.
Use this template in conjunction with the activities in the main storyboard to create and communicate your innovation program. This template uses sample data from a fictional retailer, Acme Corp, to illustrate an ideal innovation program summary.
This job description can be used to hire your Chief Innovation Officer. There are many other job descriptions available on the Info-Tech website and referenced within the storyboard.
Use this framework to facilitate an ideation session with members of the business. Instructions for how to customize the information and facilitate each section is included within the deck.
This spreadsheet provides an analytical and transparent method to prioritize initiatives based on weighted criteria relevant to your business.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Define your innovation ambitions.
Gain a better understanding of why you are innovating and what your organization will gain from an innovation program.
1.1 Understand your innovation mandate.
1.2 Define your innovation ambitions.
1.3 Determine value proposition & metrics.
Complete the "Our purpose" section of the Innovation Program Template
Complete "Vision and guiding principles" section
Complete "Scope and value proposition" section
Success metrics
Build a culture, operating model, and team that support innovation.
Develop a plan to address culture gaps and identify and implement your operating model.
2.1 Foster a culture of innovation.
2.2 Define your operating model.
Complete "Building an innovative culture" section
Complete "Operating model" section
Create the capability to facilitate innovation.
Create a resourcing plan and prioritization templates to make your innovation program successful.
3.1 Build core innovation capabilities.
3.2 Develop prioritization criteria.
Team structure and resourcing requirements
Prioritization spreadsheet template
Finalize your program and complete the final deliverable.
Walk away with a complete plan for your innovation program.
4.1 Define your methodology to pilot projects.
4.2 Conduct a program retrospective.
Complete "Operating model" section in the template
Notable wins and goals
Many organizations stumble when implementing innovation programs. Innovation is challenging to get right, and even more challenging to sustain over the long term.
One of the common stumbling blocks we see comes from organizations focusing more on the ideas and the process than on the culture and the people needed to make innovation a way of life. However, the most successful innovators are the ones which have adopted a culture of innovation and reinforce innovative behaviors across their organization. Organizational cultures which promote growth mindset, trust, collaboration, learning, and a willingness to fail are much more likely to produce successful innovators.
This research is not just about culture, but culture is the starting point for innovation. My hope is that organizations will go beyond the processes and methodologies laid out here and use this research to dramatically improve their organization's performance.
Kim Osborne Rodriguez
Research Director, CIO Advisory
Info-Tech Research Group
As a leader in your organization, you need to:
In the past, you might have experienced one or more of the following:
This blueprint will help you:
There is no single right way to approach innovation. Begin with an understanding of your innovation ambitions, your existing culture, and the resources available to you, then adopt the innovation operating model that is best suited to your situation.
Note: This research is written for the individual who is leading the development of the innovation. This role is referred to as the Chief Innovation Officer (CINO) throughout this research but could be the CIO, CTO, IT director, or another business leader.
75% |
Three-quarters of companies say innovation is a top-three priority. |
---|---|
30% |
But only 30% of executives say their organizations are doing it well. |
Based on a survey of 270 business leaders.
Source: Harvard Business Review, 2018
The most common challenges business leaders experience relate to people and culture. Success is based on people, not ideas.
Politics, turf wars, and a lack of alignment: territorial departments, competition for resources, and unclear roles are holding back the innovation efforts of 55% of respondents.
FIX IT
Senior leadership needs to be clear on the innovation goals and how business units are expected to contribute to them.
Cultural issues: many large companies have a culture that rewards operational excellence and disincentivizes risk. A history of failed innovation attempts may result in significant resistance to new change efforts.
FIX IT
Cultural change takes time. Ensure you are rewarding collaboration and risk-taking, and hire people with fresh new perspectives.
Inability to act on signals crucial to the future of the business: only 18% of respondents indicated their organization was unaware of disruptions, but 42% said they struggled with acting on leading indicators of change.
FIX IT
Build the ability to quickly run pilots or partner with startups and incubators to test out new ideas without lengthy review and approval processes.
Source: Harvard Business Review, 2018
1 Source: Boston Consulting Group, 2021
2 Source: Boston Consulting Group, 2019
3 Source: Harvard Business Review, 2018
Innovators are defined as companies that were listed on Fast Company World's 50 Most Innovative Companies for 2+ years.
A 25-year study by Business Development Canada and Statistics Canada showed that innovation was more important to business success than management, human resources, marketing, or finance.
INDUSTRY: Healthcare
SOURCE: Interview
This Info-Tech member is a nonprofit, community-based mental health organization located in the US. It serves about 25,000 patients per year in community, school, and clinic settings.
This organization takes its innovation culture very seriously and has developed methodologies to assess individual and team innovation readiness as well as innovation types, which it uses to determine everyone's role in the innovation process. These assessments look at knowledge of and trust in the organization, its innovation profile, and its openness to change. Innovation enthusiasts are involved early in the process when it's important to dream big, while more pragmatic perspectives are incorporated later to improve the final solution.
The organization has developed many innovative approaches to delivering healthcare. Notably, they have reimagined patient scheduling and reduced wait times to the extent that some patients can be seen the same day. They are also working to improve access to mental health care despite a shortage of professionals.
1. Define Your Purpose |
2. Align Your People |
3. Build Your Practice |
|
---|---|---|---|
Phase Steps |
|
|
|
Phase Outcomes |
Understand where the mandate for innovation comes from, and what the drivers are for pursuing innovation. Define what innovation means to your organization, and set the vision, mission, and guiding principles. Articulate the value proposition and key metrics for measuring success. |
Understand what it takes to build an innovative culture, and what types of innovation structure are most suited to your innovation goals. Define an innovation methodology and build your core innovation capabilities and team. |
Gather ideas and understand how to assess and prioritize initiatives based on standardized metrics. Develop criteria for tracking and measuring the success of pilot projects and conduct a program retrospective. |
Innovation Operating Model
The operating model describes how the innovation program delivers value to the organization, including how the program is structured, the steps from idea generation to enterprise launch, and the methodologies used.
Examples: Innovation Hub, Grassroots Innovation.
Innovation Methodology
Methodologies describe the ways the operating model is carried out, and the approaches used in the innovation practice.
Examples: Design Thinking, Weighted Criteria Scoring
Chief Innovation Officer
This research is written for the person or team leading the innovation program – this might be a CINO, CIO, or other leader in the organization.
Innovation Team
The innovation team may vary depending on the operating model, but generally consists of the individuals involved in facilitating innovation across the organization. This may be, but does not have to be, a dedicated innovation department.
Innovation Program
The program for generating ideas, running pilot projects, and building a business case to implement across the enterprise.
Pilot Project
A way of testing and validating a specific concept in the real world through a minimum viable product or small-scale implementation. The pilot projects are part of the overall pilot program.
Innovation is about people, not ideas or processes
Innovation does not require a formal process, a dedicated innovation team, or a large budget; the most important success factor for innovation is culture. Companies that facilitate innovative behaviors like growth mindset, collaboration, and the ability to take smart risk are most likely to see the benefits of innovation.
Very few are doing innovation well
Only 30% of companies consider themselves innovative, and there's a good reason: innovation involves unknowns, risk, and failure – three situations that people and organizations typically do their best to avoid. Counter this by removing the barriers to innovation.
Culture is the greatest barrier to innovation
In a survey of 270 business leaders, the top three most common obstacles were politics, turf wars, and alignment; culture issues; and inability to act on signals crucial to the business (Harvard Business Review, 2018). If you don't have a supportive culture, your ability to innovate will be significantly reduced.
Innovation is a means to an end
It is not the end itself. Don't get caught up in innovation for the sake of innovation – make sure you are getting the benefits from your investments. Measurable success factors are critical for maintaining the long-term success of your innovation engine.
Tackle wicked problems
Innovative approaches are better at solving complex problems than traditional practices. Organizations that prioritize innovation during a crisis tend to outperform their peers by over 30% and improve their market position (McKinsey, 2020).
Innovate or die
Innovation is critical to business growth. A 25-year study showed that innovation was more important to business success than management, human resources, marketing, or finance (Statistics Canada, 2006).
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
Sample Job Descriptions and Organization Charts
Determine the skills, knowledge, and structure you need to make innovation happen.
Facilitate an ideation session with your staff to identify areas for innovation.
Initiative Prioritization Workbook
Evaluate ideas to identify those which are most likely to provide value.
Communicate how you plan to innovate with a report summarizing the outputs from this research.
US businesses spend over half a trillion dollars on innovation annually. What are they getting for it?
(1) based on BCG's 50 Most Innovative Companies 2022
30% | The most innovative companies outperform the market by 30%. |
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Phase 0 | Phase 1 | Phase 2 | Phase 3 | Finish |
---|---|---|---|---|
Call #1: Scope requirements, objectives, and your specific challenges. |
Call #2: Understand your mandate. Call #3: Innovation vision, guiding principles, value proposition, and scope. |
Call #4: Foster a culture of innovation. (Activity 2.1) Call #5: Define your methodology. (Activity 2.2) Call #6: Build core innovation capabilities. (Activity 2.3) |
Call #7: Build your ideation and pilot programs. (Activities 3.1 and 3.2) Call #8: Identify success metrics and notable wins. (Activity 3.3) |
Call #9: Summarize results and plan next steps. |
A GI is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is 8 to 12 calls over the course of three to six months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Session 1 | Session 2 | Session 3 | Session 4 |
Wrap Up |
|
---|---|---|---|---|---|
Activities |
Define Your Ambitions |
Align Your People |
Develop Your Capabilities |
Build Your Program |
Next Steps and |
|
|
|
|
|
|
Deliverables |
|
|
|
|
|
Purpose |
People |
Practice |
---|---|---|
|
|
|
This phase will walk you through the following activities:
This phase involves the following participants:
INDUSTRY: Transportation
SOURCE: Interview
ArcBest
ArcBest is a multibillion-dollar shipping and logistics company which leverages innovative technologies to provide reliable and integrated services to its customers.
An Innovative Culture Starts at the Top
ArcBest's innovative culture has buy-in and support from the highest level of the company. Michael Newcity, ArcBest's CEO, is dedicated to finding better ways of serving their customers and supports innovation across the company by dedicating funding and resources toward piloting and scaling new initiatives.
Having a clear purpose and mandate for innovation at all levels of the organization has resulted in extensive grassroots innovation and the development of a formalized innovation program.
Results
ArcBest has a legacy of innovation, going back to its early days when it developed a business intelligence solution before anything else existed on the market. It continues to innovate today and is now partnering with start-ups to further expand its innovation capabilities.
"We don't micromanage or process-manage incremental innovation. We hire really smart people who are inspired to create new things and we let them run – let them create – and we celebrate it.
Our dedication to innovation comes from the top – I am both the President and the Chief Innovation Officer, and innovation is one of my top priorities."
Michael Newcity
President and Chief Innovation Officer ArcBest
You can only influence what you can control.
Unless your mandate comes from the CEO or Board of Directors, driving enterprise-wide innovation is very difficult. If you do not have buy-in from senior business leaders, use lighthouse projects and a smaller innovation practice to prove the value of innovation before taking on enterprise innovation.
In order to execute on a mandate to build innovation, you don't just need buy-in. You need support in the form of resources and funding, as well as strong leadership who can influence culture and the authority to change policies and practices that inhibit innovation.
For more resources on building relationships in your organization, refer to Info-Tech's Become a Transformational CIO blueprint.
Innovation is often easier to recognize than define.
Align on a useful definition of innovation for your organization before you embark on a journey of becoming more innovative.
Innovation is the practice of developing new methods, products or services which provide value to an organization.
Practice
This does not have to be a formal process – innovation is a means to an end, not the end itself.
New
What does "new" mean to you?
Value
What does value mean to you? Look to your business strategy to understand what goals the organization is trying to achieve, then determine how "value" will be measured.
Some innovations are incremental, while some are radically transformative. Decide what kind of innovation you want to cultivate before developing your strategy.
Evaluate your goals with respect to innovation: focus, strategy, and potential to transform.
Focus: Where will you innovate?
Strategy: To what extent will you guide innovation efforts?
Potential: How radical will your innovations be?
Download the Innovation Program Template.
Input
Output
Materials
Participants
A strong vision statement:
Examples:
"Good business leaders create a vision, articulate the vision, passionately own the vision, and relentlessly drive it to completion." – Jack Welch, Former Chairman and CEO of GE
Strong guiding principles:
Encourage experimentation and risk-taking
Innovation often requires trying new things, even if they might fail. We encourage experimentation and learn from failure, so that new ideas can be tested and refined.
Foster collaboration and cross-functional teams
Innovation often comes from the intersection of different perspectives and skill sets.
Customer-centric
Focus on creating value for the end user. This means understanding their needs and pain points, and using that knowledge to develop new methods, products, or services.
Embrace diversity and inclusivity
Innovation comes from a variety of perspectives, backgrounds, and experiences. We actively seek out and encourage diversity and inclusivity among our team members.
Foster a culture of learning and continuous improvement
Innovation requires continuous learning, development, and growth. We facilitate a culture that encourages learning and development, and that seeks feedback and uses it to improve.
Flexible and adaptable
We adapt to changes in the market, customer needs, and new technologies, so that it can continue to innovate and create value over time.
Data-driven
We use performance metrics and data to guide our innovation efforts.
Transparency
We are open and transparent in our processes and let the business needs guide our innovation efforts. We do not lead innovation, we facilitate it.
Input
Output
Materials
Participants
A strong value proposition not only articulates the value that the business will derive from the innovation program but also provides a clear focus, helps to communicate the innovation goals, and ultimately drives the success of the program.
Focus
Prioritize and focus innovation efforts to create solutions that provide real value to the organization
Communicate
Communicate the mandate and benefits of innovation in a clear and compelling way and inspire people to think differently
Measure Success
Measure the success of your program by evaluating outcomes based on the value proposition
Your success metrics should link back to your organizational goals and your innovation program's value proposition.
Revenue Growth: Increase in revenue generated by new products or services.
Market Share: Percentage of total market that the business captures as a result of innovation.
Customer Satisfaction: Reviews, customer surveys, or willingness to recommend the company.
Employee Engagement: Engagement surveys, performance, employee retention, or turnover.
Innovation Output: The number of new products, services, or processes that have been developed.
Return on Investment: Financial return on the resources invested in the innovation process.
Social Impact: Number of people positively impacted, net reduction in emissions, etc.
Time to Launch: The time it takes for a new product or service to go from idea to launch.
The total impact of innovation is often intangible and extremely difficult to capture in performance metrics. Focus on developing a few key metrics rather than trying to capture the full value of innovation.
Company | Industry | Revenue(2) (USD billions) |
R&D Spend (USD billions) |
R&D Spend (% of revenue) |
---|---|---|---|---|
Apple | Technology | $394.30 | $26.25 | 6.70% |
Microsoft | Technology | $203.10 | $25.54 | 12.50% |
Amazon.com | Retail | $502.20 | $67.71 | 13.40% |
Alphabet | Technology | $282.10 | $37.94 | 13.40% |
Tesla | Manufacturing | $74.90 | $3.01 | 4.00% |
Samsung | Technology | $244.39 (2021)(3) | $19.0 (2021) | 7.90% |
Moderna | Pharmaceuticals | $23.39 | $2.73 | 11.70% |
Huawei | Technology | $99.9 (2021)4 | Not reported | - |
Sony | Technology | $83.80 | Not reported | - |
IBM | Technology | $60.50 | $1.61 | 2.70% |
Meta | Software | $118.10 | $32.61 | 27.60% |
Nike | Commercial goods | $49.10 | Not reported | - |
Walmart | Retail | $600.10 | Not reported | - |
Dell | Technology | $105.30 | $2.60 | 2.50% |
Nvidia | Technology | $28.60 | $6.85 | 23.90% |
Innovation requires a dedicated investment of time, money, and resources in order to be successful. The most innovative companies, based on Boston Consulting Group's ranking of the 50 most innovative companies in the world, spend significant portions of their revenue on research and development.
Note: This data uses research and development as a proxy for innovation spending, which may overestimate the total spend on what this research considers true innovation.
(1) Based on Boston Consulting Group's ranking of the 50 most innovative companies in the world, 2022
(2) Macrotrends, based on the 12 months ending Sept 30, 2022
(3) Statista
(4) CNBC, 2022
Input
Output
Materials
Participants
Create a culture that fosters innovative behaviors and puts processes in place to support them.
Purpose | People | Practice |
---|---|---|
|
|
|
This phase will walk you through the following activities:
This phase involves the following participants:
Info-Tech's Fix Your IT Culture can help you promote innovative behaviors
Refer to Improve IT Team Effectiveness to address team challenges
The following behaviors and key indicators either stifle or foster innovation.
Stifles Innovation | Key Indicators | Fosters Innovation | Key Indicators |
---|---|---|---|
Fixed mindset | "It is what it is" | Growth mindset | "I wonder if there's a better way" |
Performance focused | "It's working fine" | Learning focused | "What can we learn from this?" |
Fear of reprisal | "I'll get in trouble" | Psychological safety | "I can disagree" |
Apathy | "We've always done it this way" | Curiosity | "I wonder what would happen if…" |
Cynicism | "It will never work" | Trust | "You have good judgement" |
Punishing failure | "Who did this?" | Willingness to fail | "It's okay to make mistakes" |
Individualism | "How does this benefit me?" | Collaboration | "How does this benefit us?" |
Homogeneity | "We never disagree" | Diversity and inclusion | "We appreciate different views" |
Excessive bureaucracy | "We need approval" | Autonomy | "I can do this" |
Risk avoidance | "We can't try that" | Appropriate risk-taking | "How can we do this safely?" |
Ensure you are not inadvertently stifling innovation.
Review the following to ensure that the desired behaviors are promoted:
INDUSTRY: Commercial Real Estate and Retail
SOURCE: Interview
This anonymous national organization owned commercial properties across the country and had the goal of becoming the most innovative real estate and retail company in the market.
The organization pursued innovation in the digital solutions space across its commercial and retail properties. Within this space, there were significant differences in risk tolerance across teams, which resulted in the more risk-tolerant teams excluding the risk-averse members from discussions in order to circumvent corporate policies on risk tolerance. This resulted in an adversarial and siloed culture where each group believed they knew better than the other, and the more risk-averse teams felt like they were policing the actions of the risk-tolerant group.
Morale plummeted, and many of the organization's top people left. Unfortunately, one of the solutions did not meet regulatory requirements, and the company faced negative media coverage and legal action. There was significant reputational damage as a result.
Considering differences in risk tolerance and risk appetite is critical when pursuing innovation. While everyone doesn't have to agree, leadership needs to understand the different perspectives and ensure that no one party is dominating the conversation over the others. An understanding of corporate risk tolerance and risk appetite is necessary to drive innovation.
All perspectives have a place in innovation. More risk tolerant perspectives should be involved early in the ideas-generation phase, and risk-averse perspectives should be considered later when ideas are being refined.
Speed should not override safety or circumvent corporate policies.
It is more important to match the level of risk tolerance to the degree of innovation required. Not all innovation needs to be (or can feasibly be) disruptive.
Many factors impact risk tolerance including:
Use Info-Tech's Security Risk Management research to better understand risk tolerance
Input
Output
Materials
Participants
There is no one right way to pursue innovation, but some methods are better than others for specific situations and goals. Consider your existing culture, your innovation goals, and your budget when selecting the right methodology for your innovation.
Model | Description | Advantages | Disadvantages | Good when… |
---|---|---|---|---|
Grassroots Innovation | Innovation is the responsibility of everyone, and there is no centralized innovation team. Ideas are piloted and scaled by the person/team which produces it. |
|
|
|
Community of Practice | Innovation is led by a cross-divisional Community of Practice (CoP) which includes representation from across the business. Champions consult with their practice areas and bring ideas forward. |
|
|
|
Innovation Enablement *Most often recommended* |
A dedicated innovation team with funding set aside to support pilots with a high degree of autonomy, with the role of facilitating business-led innovation. |
|
|
|
Center of Excellence | Dedicated team responsible for leading innovation on behalf of the organization. Generally, has business relationship managers who gather ideas and liaise with the business. |
|
|
|
Innovation Hub | An arm's length innovation team is responsible for all or much of the innovation and may not interact much with the core business. |
|
|
|
Outsourced Innovation | Innovation is outsourced to an external organization which is not linked to the primary organization. This can take the form of working with or investing in startups. |
|
|
|
Adapted from Niklaus Gerber via Medium, 2022
For example, design thinking tends to be excellent for earlier innovation planning, while Agile can allow for faster implementation and launch of initiatives later in the process.
Consider combining two or more methodologies to create a custom approach that best suits your organization's capabilities and goals.
A robust innovation methodology ensures that the process for developing, prioritizing, selecting, implementing, and measuring initiatives is aligned with the results you are hoping to achieve.
Different types of problems (drivers for innovation) may necessitate different methodologies, or a combination of methodologies.
Hackathon: An event which brings people together to solve a well-defined problem.
Design Thinking: Creative approach that focuses on understanding the needs of users.
Lean Startup: Emphasizes rapid experimentation in order to validate business hypotheses.
Design Sprint: Five-day process for answering business questions via design, prototyping, and testing.
Agile: Iterative design process that emphasizes project management and retrospectives.
Three Horizons: Framework that looks at opportunities on three different time horizons.
Innovation Ambition Matrix: Helps organizations categorize projects as part of the core offering, an adjacent offering, or completely new.
Global Innovation Management: A process of identifying, developing and implementing new ideas, products, services, or processes using alternative thinking.
Blue Ocean Strategy: A methodology that helps organizations identify untapped market space and create new markets via unique value propositions.
Input
Output
Materials
Participants
Types of roles will depend on the purpose and size of the innovation team.
You don't need to grow them all internally. Consider partnering with vendors and other organizations to build capabilities.
Visionaries who inspire, support, and facilitate innovation across the business. Their responsibilities are to drive the culture of innovation.
Key skills and knowledge:
Sample titles:
Translate ideas into tangible business initiatives, including assisting with business cases and developing performance metrics.
Key skills and knowledge:
Sample titles:
Provide expertise in product design, delivery and management, and responsible for supporting and executing on pilot projects.
Key skills and knowledge:
Sample titles:
Visualize the whole value delivery process end-to-end to help identify the types of roles, resources, and capabilities required. These capabilities can be sourced internally (i.e. grow and hire internally) or through collaboration with centers of excellence, commercial partners, etc.
Input
Output
Materials
Participants
Master Organizational Change Management Practices
Purpose | People | Practice |
---|---|---|
|
|
|
This phase will walk you through the following activities:
This phase involves the following participants:
INDUSTRY: Government
SOURCE: Interview
The business applications group at this government agency strongly believes that innovation is key to progress and has instituted a formal innovation program as part of their agile operations. The group uses a Scaled Agile Framework (SAFe) with 2-week sprints and a 12-week program cycle.
To support innovation across the business unit, the last sprint of each cycle is dedicated toward innovation and teams do not commit to any other during these two weeks. At the end of each innovation sprint, ideas are presented to leadership and the valuable ones were either implemented initially or were given time in the next cycle of sprints for further development. This has resulted in a more innovative culture across the practice.
There have been several successful innovations since this process began. Notably, the agency had previously purchased a robotic process automation platform which was only being used for a few specific applications. One team used their innovation sprint to expand the use cases for this solution and save nearly 10,000 hours of effort.
Your operating model should include several steps including ideation, validation, evaluation and prioritization, piloting, and a retrospective which follows the pilot. Use the example on this slide when designing your own innovation operating model.
Design Thinking
A structured approach that encourages participants to think creatively about the needs of the end user.
Ideation Workshop
A formal session that is used to understand a problem then generate potential solutions. Workshops can incorporate the other methodologies (such as brainstorming, design thinking, or mind mapping) to generate ideas.
Crowdsourcing
An informal method of gathering ideas from a large group of people. This can be a great way to generate many ideas but may lack focus.
Value Proposition Canvas
A visual tool which helps to identify customer (or user) needs and design products and services that meet those needs.
Evaluation should be transparent and use both quantitative and qualitative metrics. The exact metrics used will depend on your organization and goals.
It is important to include qualitative metrics as these dimensions are better suited to evaluating highly innovative ideas and can capture important criteria like alignment with overall strategy and feasibility.
Develop 5 to 10 criteria that you can use to evaluate and prioritize ideas. Some criteria may be a pass/fail (for example, minimum ROI) and some may be comparative.
Evaluate
The first step is to evaluate ideas to determine if they meet the minimum criteria. This might include quantitative criteria like ROI as well as qualitative criteria like strategic alignment and feasibility.
Prioritize
Ideas that pass the initial evaluation should be prioritized based on additional criteria which might include quantitative criteria such as potential market size and cost to implement, and qualitative criteria such as risk, impact, and creativity.
Quantitative metrics are objective and easily comparable between initiatives, providing a transparent and data-driven process for evaluation and prioritization.
Examples:
Qualitative metrics are less easily comparable but are equally important when it comes to evaluating ideas. These should be developed based on your organization strategy and innovation goals.
Examples:
Input
Output
Materials
Participants
Download the Initiative Prioritization Template
"Learning is as powerful as the outcome." – Brett Trelfa, CIO, Arkansas Blue Cross
Adoption: How many end users have adopted the pilot solution?
Utilization: Is the solution getting utilized?
Support Requests: How many support requests have there been since the pilot was initiated?
Value: Is the pilot delivering on the value that it proposed? For example, time savings.
Feasibility: Has the feasibility of the solution changed since it was first proposed?
Satisfaction: Focus groups or surveys can provide feedback on user/customer satisfaction.
A/B Testing: Compare different methods, products or services.
Ensure standard core metrics are used across all pilot projects so that outcomes can be compared. Additional metrics may be used to refine and test hypotheses through the pilot process.
Input
Output
Materials
Participants
A retrospective is a review of your innovation program with the aim of identifying lessons learned, areas for improvement, and opportunities for growth.
During a retrospective, the team will reflect on past experiences and use that information to inform future decision making and improve outcomes.
The goal of a retrospective is to learn from the past and use that knowledge to improve in the future.
Ensure that the retrospective is based on facts and objective data, rather than personal opinions or biases.
Ensure that the retrospective is a positive and constructive experience, with a focus on finding solutions rather than dwelling on problems.
The retrospective should result in a clear action plan with specific steps to improve future initiatives.
Input
Output
Materials
Participants
Adopt Design Thinking in Your Organization
Prototype With an Innovation Design Sprint
Fund Innovation With a Minimum Viable Business Case
You have now completed your innovation strategy, covering the following topics:
If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Accelerate Digital Transformation With a Digital Factory
Sustain and Grow the Maturity of Innovation in Your Enterprise
Define Your Digital Business Strategy
Kim Osborne Rodriguez
Research Director, CIO Advisory
Info-Tech Research Group
Kim is a professional engineer and Registered Communications Distribution Designer with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach, with a track record of supporting successful projects.
Kim holds a Bachelor's degree in Mechatronics Engineering from University of Waterloo.
Joanne Lee
Principal Research Director, CIO Advisory
Info-Tech Research Group
Joanne is an executive with over 25 years of experience in digital technology and management consulting across both public and private entities from solution delivery to organizational redesign across Canada and globally.
Prior to joining Info-Tech Research Group, Joanne was a management consultant within KPMG's CIO management consulting services and the Western Canadas Digital Health Practice lead. She has held several executive roles in the industry with the most recent position as Chief Program Officer for a large $450M EHR implementation. Her expertise spans cloud strategy, organizational design, data and analytics, governance, process redesign, transformation, and PPM. She is passionate about connecting people, concepts, and capital.
Joanne holds a Master's in Business and Health Policy from the University of Toronto and a Bachelor of Science (Nursing) from the University of British Columbia.
Jack Hakimian
Senior Vice President
Info-Tech Research Group
Jack has more than 25 years of technology and management consulting experience. He has served multi-billion-dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.
He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master's degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.
Michael Tweedie
Practice Lead, CIO Strategy
Info-Tech Research Group
Mike Tweedie brings over 25 years as a technology executive. He's led several large transformation projects across core infrastructure, application, and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.
Mike holds a Bachelor's degree in Architecture from Ryerson University.
Mike Schembri
Senior Executive Advisor
Info-Tech Research Group
Mike is the former CIO of Fuji Xerox Australia and has 20+ years' experience serving IT and wider business leadership roles. Mike has led technical and broader business service operations teams to value and growth successfully in organizations ranging from small tech startups through global IT vendors, professional service firms, and manufacturers.
Mike has passion for strategy and leadership and loves working with individuals/teams and seeing them grow.
John Leidl
Senior Director, Member Services
Info-Tech Research Group
With over 35 years of IT experience, including senior-level VP Technology and CTO leadership positions, John has a breadth of knowledge in technology innovation, business alignment, IT operations, and business transformation. John's experience extends from start-ups to corporate enterprise and spans higher education, financial services, digital marketing, and arts/entertainment.
Joe Riley
Senior Workshop Director
Info-Tech Research Group
Joe ensures our members get the most value out of their Info-Tech memberships by scoping client needs, current state and desired business outcomes, and then drawing upon his extensive experience, certifications, and degrees (MBA, MS Ops/Org Mgt, BS Eng/Sci, ITIL, PMP, Security+, etc.) to facilitate our client's achievement of desired and aspirational business outcomes. A true advocate of ITSM, Joe approaches technology and technology practices as a tool and enabler of people, core business, and competitive advantage activities.
Denis Goulet
Senior Workshop Director
Info-Tech Research Group
Denis is a transformational leader and experienced strategist who has worked with 100+ organizations to develop their digital, technology, and governance strategies.
He has held positions as CIO, Chief Administrative Office (City Manager), General Manager, Vice President of Engineering, and Management Consultant, specializing in enterprise and technology strategy.
Cole Cioran
Managing Partner
Info-Tech Research Group
I knew I wanted to build great applications that would delight their users. I did that over and over. Along the way I also discovered that it takes great teams to deliver great applications. Technology only solves problems when people, processes, and organizations change as well. This helped me go from writing software to advising some of the largest organizations in the world on how to how to build a digital delivery umbrella of Product, Agile, and DevOps and create exceptional products and services powered by technology.
Carlene McCubbin
Research Lead, CIO Practice
Info-Tech Research Group
During her tenure at Info-Tech, Carlene has led the development of Info-Tech's Organization and Leadership practice and worked with multiple clients to leverage the methodologies by creating custom programs to fit each organization's needs.
Before joining Info-Tech, Carlene received her Master of Communications Management from McGill University, where she studied development of internal and external communications, government relations, and change management.
Isabelle Hertanto
Principal Research Director
Info-Tech Research Group
Isabelle Hertanto has over 15 years of experience delivering specialized IT services to the security and intelligence community. As a former federal officer for Public Safety Canada, Isabelle trained and led teams on data exploitation and digital surveillance operations in support of Canadian national security investigations. Since transitioning into the private sector, Isabelle has held senior management and consulting roles across a variety of industry sectors, including retail, construction, energy, healthcare, and the broader Canadian public sector.
Hans Eckman
Principal Research Director
Info-Tech Research Group
Hans Eckman is a business transformation leader helping organizations connect business strategy and innovation to operational excellence. He supports Info-Tech members in SDLC optimization, Agile and DevOps implementation, CoE/CoP creation, innovation program development, application delivery, and leadership development. Hans is based out of Atlanta, Georgia.
Valence Howden
Principal Research Director
Info-Tech Research Group
With 30 years of IT experience in the public and private sector, Valence has developed experience in many Information Management and Technology domains, with a particular focus in the areas of Service Management, Enterprise and IT Governance, Development and Execution of Strategy, Risk Management, Metrics Design and Process Design, and Implementation and Improvement. Prior to joining Info-Tech, he served in technical and client-facing roles at Bell Canada and CGI Group Inc., as well as managing the design, integration, and implementation of services and processes in the Ontario Public Sector.
Clayton Gillett
Managing Partner
Info-Tech Research Group
Clayton Gillett is a Managing Partner for Info-Tech, providing technology management advisory services to healthcare clients. Clayton joined Info-Tech with more than 28 years of experience in health care information technology. He has held senior IT leadership roles at Group Health Cooperative of Puget Sound and OCHIN, as well as advisory or consulting roles at ECG Management Consultants and Gartner.
Donna Bales
Principal Research Director
Info-Tech Research Group
Donna Bales is a Principal Research Director in the CIO Practice at Info-Tech Research Group specializing in research and advisory services in IT risk, governance, and compliance. She brings over 25 years of experience in strategic consulting and product development and has a history of success in leading complex, multi-stakeholder industry initiatives.
Igor Ikonnikov
Research Director
Info-Tech Research Group
Igor Ikonnikov is a Research and Advisory Director in the Data and Analytics practice. Igor has extensive experience in strategy formation and execution in the information management domain, including master data management, data governance, knowledge management, enterprise content management, big data, and analytics.
Igor has an MBA from the Ted Rogers School of Management (Toronto, Canada) with a specialization in Management of Technology and Innovation.
Michael Newcity
Chief Innovation Officer
ArcBest
Kevin Yoder
Vice President, Innovation
ArcBest
Gary Boyd
Vice President, Information Systems & Digital Transformation
Arkansas Blue Cross and Blue Shield
Brett Trelfa
Chief Information Officer
Arkansas Blue Cross and Blue Shield
Kristen Wilson-Jones
Chief Technology & Product Officer
Medcurio
Note: additional contributors did not wish to be identified
Altringer, Beth. "A New Model for Innovation in Big Companies" Harvard Business Review. 19 Nov. 2013. Accessed 30 Jan. 2023. https://hbr.org/2013/11/a-new-model-for-innovation-in-big-companies
Arpajian, Scott. "Five Reasons Why Innovation Fails" Forbes Magazine. 4 June 2019. Accessed 31 Jan. 2023. https://www.forbes.com/sites/forbestechcouncil/2019/06/04/five-reasons-why-innovation-fails/?sh=234e618914c6
Baldwin, John & Gellatly, Guy. "Innovation Capabilities: The Knowledge Capital Behind the Survival and Growth of Firms" Statistics Canada. Sept. 2006. Accessed 30 Jan. 2023. https://www.bdc.ca/fr/documents/other/innovation_capabilities_en.pdf
Bar Am, Jordan et al. "Innovation in a Crisis: Why it is More Critical Than Ever" McKinsey & Company, 17 June 2020. Accessed 12 Jan. 2023. <https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/innovation-in-a-crisis-why-it-is-more-critical-than-ever >
Boston Consulting Group, "Most Innovative Companies 2021" BCG, April 2021. Accessed 30 Jan. 2023. https://web-assets.bcg.com/d5/ef/ea7099b64b89860fd1aa3ec4ff34/bcg-most-innovative-companies-2021-apr-2021-r.pdf
Boston Consulting Group, "Most Innovative Companies 2022" BGC, 15 Sept. 2022. Accessed 6 Feb. 2023. https://www.bcg.com/en-ca/publications/2022/innovation-in-climate-and-sustainability-will-lead-to-green-growth
Christensen, Clayton M. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business Review Press, 2016.
Gerber, Niklaus. "What is innovation? A beginner's guide into different models, terminologies and methodologies" Medium. 20 Sept 2022. Accessed 7 Feb. 2023. https://world.hey.com/niklaus/what-is-innovation-a-beginner-s-guide-into-different-models-terminologies-and-methodologies-dd4a3147
Google X, Homepage. Accessed 6 Feb. 2023. https://x.company/
Harnoss, Johann D. & Baeza, Ramón. "Overcoming the Four Big Barriers to Innovation Success" Boston Consulting Group, 24 Sept. 2019. Accessed 30 Jan 2023. https://www.bcg.com/en-ca/publications/2019/overcoming-four-big-barriers-to-innovation-success
Jaruzelski, Barry et al. "Global Innovation 1000 Study" Pricewaterhouse Cooper, 30 Oct. 2018. Accessed 13 Jan. 2023. <https://www.strategyand.pwc.com/gx/en/insights/innovation1000.html>
Kharpal, Arjun. "Huawei posts first-ever yearly revenue decline as U.S. sanctions continue to bite, but profit surges" CNBC. 28 March 2022. Accessed 7 Feb. 2023. https://www.cnbc.com/2022/03/28/huawei-annual-results-2021-revenue-declines-but-profit-surges.html
Kirsner, Scott. "The Biggest Obstacles to Innovation in Large Companies" Harvard Business Review, 30 July 2018. Accessed 12 Jan. 2023. <https://hbr.org/2018/07/the-biggest-obstacles-to-innovation-in-large-companies>
Macrotrends. "Apple Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/AAPL/apple/revenue
Macrotrends. "Microsoft Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/MSFT/microsoft/revenue
Macrotrends. "Amazon Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/AMZN/amazon/revenue
Macrotrends. "Alphabet Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/GOOG/alphabet/revenue
Macrotrends. "Tesla Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/TSLA/tesla/revenue
Macrotrends. "Moderna Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/MRNA/moderna/revenue
Macrotrends. "Sony Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/SONY/sony/revenue
Macrotrends. "IBM Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/IBM/ibm/revenue
Macrotrends. "Meta Platforms Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/META/meta-platforms/revenue
Macrotrends. "NIKE Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/NKE/nike/revenue
Macrotrends. "Walmart Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/WMT/walmart/revenue
Macrotrends. "Dell Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/DELL/dell/revenue
Macrotrends. "NVIDIA Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/NVDA/nvidia/revenue
Sloan, Paul. "How to Develop a Vision for Innovation" Innovation Management, 10 Aug. 2009. Accessed 7 Feb. 2023. https://innovationmanagement.se/2009/08/10/how-to-develop-a-vision-for-innovation/
Statista. "Samsung Electronics' global revenue from 2005 to 2021" Statista. Accessed 7 Feb. 2023. https://www.statista.com/statistics/236607/global-revenue-of-samsung-electronics-since-2005/
Tichy, Noel & Ram Charan. "Speed, Simplicity, Self-Confidence: An Interview with Jack Welch" Harvard Business Review, 2 March 2020. Accessed 7 Feb. 2023. https://hbr.org/1989/09/speed-simplicity-self-confidence-an-interview-with-jack-welch
Weick, Karl and Kathleen Sutcliffe. Managing the Unexpected: Sustained Performance in a Complex World, Third Edition. John Wiley & Sons, 2015.
Xuan Tian, Tracy Yue Wang, Tolerance for Failure and Corporate Innovation, The Review of Financial Studies, Volume 27, Issue 1, 2014, Pages 211–255, Accessed https://doi.org/10.1093/rfs/hhr130
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify major business capabilities, business processes running inside and across them, and datasets produced or used by these business processes and activities performed thereupon.
Identify data pipeline vertical zones: data creation, accumulation, augmentation, and consumption, as well as horizontal lanes: fast, medium, and slow speed.
Select the right data design patterns for the data pipeline components, as well as an applicable data model industry standard (if available).
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify major business capabilities, business processes running inside and across them, and datasets produced or used by these business processes and activities performed thereupon.
Indicates the ownership of datasets and the high-level data flows across the organization.
1.1 Review & discuss typical pitfalls (and their causes) of major data management initiatives.
1.2 Discuss the main business capabilities of the organization and how they interact.
1.3 Discuss the business processes running inside and across business capabilities and the datasets involved.
1.4 Create the Enterprise Business Process Model (EBPM).
Understanding typical pitfalls (and their causes) of major data management initiatives.
Business capabilities map
Business processes map
Enterprise Business Process Model (EBPM)
Identify data pipeline vertical zones: data creation, accumulation, augmentation, and consumption, as well as horizontal lanes: fast, medium, and slow speed.
Design the high-level data progression pipeline.
2.1 Review and discuss the concept of a data pipeline in general, as well as the vertical zones: data creation, accumulation, augmentation, and consumption.
2.2 Identify these zones in the enterprise business model.
2.3 Review and discuss multi-lane data progression.
2.4 Identify different speed lanes in the enterprise business model.
Understanding of a data pipeline design, including its zones.
EBPM mapping to Data Pipeline Zones
Understanding of multi-lane data progression
EBPM mapping to Multi-Speed Data Progression Lanes
Select the right data design patterns for the data pipeline components, as well as an applicable data model industry standard (if available).
Use of appropriate data design pattern for each zone with calibration on the data progression speed.
3.1 Review and discuss various data design patterns.
3.2 Discuss and select the data design pattern selection for data pipeline components.
3.3 Discuss applicability of data model industry standards (if available).
Understanding of various data design patterns.
Data Design Patterns mapping to the data pipeline.
Selection of an applicable data model from available industry standards.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define the business’s M&A goals, assemble an IT Integration Program, and select an IT integration posture that aligns with business M&A strategy.
Refine the current state of each IT domain in both organizations, and then design the end-state of each domain.
Generate tactical operational imperatives and quick-wins, and then develop an interim action plan to maintain business function and capture synergies.
Generate initiatives and put together a long-term action plan to achieve the planned technology end-state.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identification of staffing and skill set needed to manage the IT integration.
Generation of an integration communication plan to highlight communication schedule during major integration events.
Identification of business goals and objectives to select an IT Integration Posture that aligns with business strategy.
Defined IT integration roles & responsibilities.
Structured communication plan for key IT integration milestones.
Creation of the IT Integration Program.
Generation of an IT Integration Posture.
1.1 Define IT Integration Program responsibilities.
1.2 Build an integration communication plan.
1.3 Host interviews with senior management.
1.4 Select a technology end-state and IT integration posture.
Define IT Integration Program responsibilities and goals
Structured communication plan
Customized interview guide for each major stakeholder
Selected technology end-state and IT integration posture
Identification of information sources to begin conducting discovery.
Definition of scope of information that must be collected about target organization.
Definition of scope of information that must be collected about your own organization.
Refinement of the technology end-state for each IT domain of the new entity.
A collection of necessary information to design the technology end-state of each IT domain.
Adequate information to make accurate cost estimates.
A designed end-state for each IT domain.
A collection of necessary, available information to make accurate cost estimates.
2.1 Define discovery scope.
2.2 Review the data room and conduct onsite discovery.
2.3 Design the technology end-state for each IT domain.
2.4 Select the integration strategy for each IT domain.
Tone set for discovery
Key information collected for each IT domain
Refined end-state for each IT domain
Refined integration strategy for each IT domain
Generation of tactical initiatives that are operationally imperative and will help build business credibility.
Prioritization and execution of tactical initiatives.
Confirmation of integration strategy for each IT domain and generation of initiatives to achieve technology end-states.
Prioritization and execution of integration roadmap.
Tactical initiatives generated and executed.
Confirmed integration posture for each IT domain.
Initiatives generated and executed upon to achieve the technology end-state of each IT domain.
3.1 Build quick-win and operational imperatives.
3.2 Build a tactical action plan and execute.
3.3 Build initiatives to close gaps and redundancies.
3.4 Finalize your roadmap and kick-start integration.
Tactical roadmap to fulfill short-term M&A objectives and synergies
Confirmed IT integration strategies
Finalized integration roadmap
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Develop goals and KPIs to measure your progress.
Learn how to present different types of metrics.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Create a prioritized list of goals to improve the security program’s current state.
Insight into the current program and the direct it needs to head in.
1.1 Discuss current state and existing approach to metrics.
1.2 Review contract metrics already in place (or available).
1.3 Determine security areas that should be measured.
1.4 Determine what stakeholders are involved.
1.5 Review current initiatives to address those risks (security strategy, if in place).
1.6 Begin developing SMART goals for your initiative roadmap.
Gap analysis results
SMART goals
Develop unique KPIs to measure progress against your security goals.
Learn how to develop KPIs
Prioritized list of security goals
2.1 Continue SMART goal development.
2.2 Sort goals into types.
2.3 Rephrase goals as KPIs and list associated metric(s).
2.4 Continue KPI development.
KPI Evolution Worksheet
Determine which metrics will be included in the initial program launch.
A set of realistic and manageable goals-based metrics.
3.1 Lay out prioritization criteria.
3.2 Determine priority metrics (implementation).
3.3 Determine priority metrics (improvement & organizational trend).
Prioritized metrics
Tool for tracking and presentation
Strategize presentation based around metric type to indicate organization’s risk posture.
Develop versatile reporting techniques
4.1 Review metric types and discuss reporting strategies for each.
4.2 Develop a story about risk.
4.3 Discuss the use of KPXs and how to scale for less mature programs.
Key Performance Index Tool and presentation materials
"Metrics programs tend to fall into two groups: non-existent and unhelpful.
The reason so many security professionals struggle to develop a meaningful metrics program is because they are unsure of what to measure or why.
The truth is, for metrics to be useful, they need to be tied to something you care about – a state you are trying to achieve. In other words, some kind of goal. Used this way, metrics act as the scoreboard, letting you know if you’re making progress towards your goals, and thus, boosting your overall maturity."
– Logan Rohde, Research Analyst, Security Practice Info-Tech Research Group
Info-Tech Insight
Governance
Management
While business leaders are now taking a greater interest in cybersecurity, alignment between the two groups still has room for improvement.
5% of public companies feel very confident that they are properly secured against a cyberattack.
41% of boards take on cybersecurity directly rather than allocating it to another body (e.g. audit committee).
19% of private companies do not discuss cybersecurity with the board.
(ISACA, 2018)
Info-Tech Insight
Metrics help to level the playing field
Poor alignment between security and the business often stems from difficulties with explaining how security objectives support business goals, which is ultimately a communication problem.
However, metrics help to facilitate these conversations, as long as the metrics are expressed in practical, relatable terms.
Security professionals have the perception that metrics programs are difficult to create. However, this attitude usually stems from one of the following myths. In reality, security metrics are much simpler than they seem at first, and they usually help resolve existing challenges rather than create new ones.
Myth | Truth | |
---|---|---|
1 | There are certain metrics that are important to all organizations, based on maturity, industry, etc. | Metrics are indications of change; for a metric to be useful it needs to be tied to a goal, which helps you understand the change you're seeing as either a positive or a negative. Industry and maturity have little bearing here. |
2 | Metrics are only worthwhile once a certain maturity level is reached | Metrics are a tool to help an organization along the maturity scale. Metrics help organizations measure progress of their goals by helping them see which tactics are and are not working. |
3 | Security metrics should focus on specific, technical details (e.g. of systems) | Metrics are usually a means of demonstrating, objectively, the state of a security program. That is, they are a means of communicating something. For this reason, it is better that metrics be phrased in easily digestible, non-technical terms (even if they are informed by technical security statistics). |
Specific
Measurable
Achievable
Realistic
Timebound
Achievable: What is an achievable metric?
When we say that a metric is “achievable,” we imply that it is tied to a goal of some kind – the thing we want to achieve.
How do we set a goal?
Start:
Review current state and decide on priorities.
Set a SMART goal for improvement.
Develop an appropriate KPI.
Use KPI to monitor program improvement.
Present metrics to the board.
Revise metrics if necessary.
A security strategy is ultimately a large goal-setting exercise. You begin by determining your current maturity and how mature you need to be across all areas of information security, i.e. completing a gap analysis.
As such, linking your metrics program to your security strategy is a great way to get your metrics program up and running – but it’s not the only way.
Short term: Streamline your program. Based on your organization’s specific requirements and risk profile, figure out which metrics are best for now while also planning for future metrics as your organization matures.
Long term: Once the program is in place, improvements will come with increased visibility into operations. Investments in security will be encouraged when more evidence is available to executives, contributing to overall improved security posture. Potential opportunities for eventual cost savings also exist as there is more informed security spending and fewer incidents.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked-off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
1. Link Security Metrics to Goals to Boost Maturity | 2. Adapt Your Reporting Strategy for Various Metric Types | |
---|---|---|
Best-Practice Toolkit |
1.1 Review current state and set your goals 1.2 Develop KPIs and prioritize your goals 1.3 Implement and monitor the KPI to track goal progress |
2.1 Review best practices for presenting metrics 2.2 Strategize your presentation based on metric type 2.3 Tailor presentation to your audience 2.4 Use your metrics to create a story about risk 2.5 Revise your metrics |
Guided Implementations |
|
|
Onsite Workshop | Module 1: Current State, Initiatives, Goals, and KPIs | Module 2: Metrics Reporting |
Phase 1 Outcome:
|
Phase 2 Outcome:
|
Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | Workshop Day 5 | |
---|---|---|---|---|---|
Activities |
Current State, Initiatives, and Goals
|
KPI Development
|
Metrics Prioritization
|
Metrics Reporting
|
Offsite Finalization
|
Deliverables |
|
|
|
|
|
1.1 Review current state and set your goals
1.2 Develop KPIs and prioritize your goals
1.3 Implement and monitor KPIs
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2-4 weeks
Start with an analyst kick-off call:
Then complete these activities…
Review findings with analyst:
Then complete these activities…
With these tools & templates:
120 minutes
Before program improvement can take place, it is necessary to look at where things are at presently (in terms of maturity) and where we need to get them to.
In other words, we need to perform a security program gap analysis.
Info-Tech Best Practice
The most thorough way of performing this gap analysis is by completing Info-Tech’s Build an Information Security Strategy blueprint, as it will provide you with a prioritized list of initiatives to boost your security program maturity.
Use the Capability Maturity Model Integration (CMMI) scale below to help you understand your current level of maturity across the various areas of your security program.
(Adapted from the “CMMI Institute Maturity Model”)
The most effective metrics programs are personalized to reflect the goals of the security team and the business they work for. Using goals-based metrics allows you to make incremental improvements that can be measured and reported on, which makes program maturation a natural process.
Info-Tech Best Practice
Before setting a SMART goal, take a moment to consider your maturity for each security area, and which metric type you need to collect first, before moving to more ambitious goals.
Security Areas
Metric Type | Description |
---|---|
Initial Probe | Determines what can be known (i.e. what sources for metrics exist?). |
Baseline Testing | Establishes organization’s normal state based on current metrics. |
Implementation | Focuses on setting up a series of related processes to increase organizational security (i.e. roll out MFA). |
Improvement | Sets a target to be met and then maintained based on organizational risk tolerance. |
Organizational Trends | Culls together several metrics to track (sometimes predict) how various trends affect the organization’s overall security. Usually focuses on large-scale issues (e.g. likelihood of a data breach). |
Specific
Measurable
Achievable
Realistic
Timebound
Examples of possible goals for various maturity levels:
1.1 Security Metrics Determination and Tracking Tool
To increase visibility into the cost, effort, and value of any given goal, assess them using the following criteria:
Use the calculated Cost/Effort Rating, Benefit Rating, and Difference Score later in this project to help with goal prioritization.
Info-Tech Best Practice
If you have already completed a security strategy with Info-Tech resources, this work may likely have already been done. Consult your Information Security Program Gap Analysis Tool from the Build an Information Security Strategy research.
At this time, it is necessary to evaluate the priorities of your security program.
Option 1: Progress to KPI Development
Option 2: Progress to Prioritization of Goals
Terms like “key performance indicator” may make this development practice seem more complicated than it really is. A KPI is just a single metric used to measure success towards a goal. In relational terms (i.e. as a percentage, ratio, etc.) to give it context (e.g. % of improvement over last quarter).
KPI development is about answering the question: what would indicate that I have achieved my goal?
KPIs differ from goal to goal, but their forms follow certain trends
Metric Type | KPI Form |
---|---|
Initial Probe | Progress of probe (e.g. % of systems checked to see if they can supply metrics). |
Baseline Testing | What current data shows (e.g. % of systems needing attention). |
Implementation | Progress of the implementation (e.g. % of complete vulnerability management program implementation). |
Improvement | The threshold or target to be achieved and maintained (e.g. % of incidents responded to within target window). |
Organizational Trends | The interplay of several KPIs and how they affect the organization’s risk posture (e.g. assessing the likelihood for a data breach). |
1. Initial Probe
Focused on determining how many sources for metrics exist.
2. Baseline Testing
Focused on gaining initial insights about the state of your security program (what are the measurements?).
Info-Tech Insight
Don't lose hope if you lack resources to move beyond these initial steps. Even if you are struggling to pull data, you can still draw meaningful metrics. The percent or ratio of processes or systems you lack insight into can be very valuable, as it provides a basis to initiate a risk-based discussion with management about the organization's security blind spots.
3. Program Implementation
Focused on developing a basic program to establish basic maturity (e.g. implement an awareness and training program).
4. Improvement
Focused on attaining operational targets to lower organizational risk.
Info-Tech Insight
Don't overthink your KPI. In many cases it will simply be your goal rephrased to express a percentage or ratio. In others, like the example above, it makes sense for them to be identical.
5. Organizational Impact
Focused on studying several related KPIs (Key Performance Index, or KPX) in an attempt to predict risks.
Let’s take a look at KPI development in action.
Meet Maria, the new CISO at a large hospital that desperately needs security program improvements. Maria’s first move was to learn the true state of the organization’s security. She quickly learned that there was no metrics program in place and that her staff were unaware what, if any, sources were available to pull security metrics from.
After completing her initial probe into available metrics and then investigating the baseline readings, she determined that her areas of greatest concern were around vulnerability and access management. But she also decided it was time to get a security training and awareness program up and running to help mitigate risks in other areas she can’t deal with right away.
See examples of Maria’s KPI development on the next four slides...
Info-Tech Insight
There is very little variation in the kinds of goals people have around initial probes and baseline testing. Metrics in these areas are virtually always about determining what data sources are available to you and what that data actually shows. The real decisions start in determining what you want to do based on the measures you’re seeing.
Metric development example: Vulnerability Management
See examples of Maria’s KPI development on the next four slides...
Goal: Implement vulnerability management program
KPI: % increase of insight into existing vulnerabilities
Associated Metric: # of vulnerability detection methods
Goal: Improve deployment time for patches
KPI: % of critical patches fully deployed within target window
Goal: Implement MFA for privileged accounts
KPI: % of privileged accounts with MFA applied
Associated Metric: # of privileged accounts
Goal: Remove all unnecessary privileged accounts
KPI: % of accounts with unnecessary privileges
Goal: Implement training and awareness program
KPI: % of organization trained
Associated Metric: # of departments trained
Goal: Improve time to report phishing
KPI: % of phishing cases reported within target window
Goal: Predict Data Breach Likelihood
1.2 120 minutes
Follow the example of the CISO in the previous slides and try developing KPIs for the SMART goals set in step 1.1.
1.2 Security Metrics Determination and Tracking Tool
Tab “3. Identify Goal KPIs” allows you to record each KPI and its accompanying metadata:
Optionally, each KPI can be mapped to goals defined on tab “2. Identify Security Goals.”
Info-Tech Best Practice
Ensure your metadata is comprehensive, complete, and realistic. A different employee should be able to use only the information outlined in the metadata to continue collecting measurements for the program.
1.2 KPI Development Worksheet
Follow the examples contained in this slide deck and practice creating KPIs for:
As well as drafting associated metrics to inform the KPIs you create.
Info-Tech Best Practice
Keep your metrics program manageable. This exercise may produce more goals, metrics, and KPIs than you deal with all at once. But that doesn’t mean you can’t save some for future use.
1.2 120 minutes
An effort map visualizes a cost and benefit analysis. It is a quadrant output that visually shows how your SMART goals were assessed. Use the calculated Cost/Effort Rating and Benefit Rating values from tab “2. Identify Security Goals” of the Security Metrics Determination and Tracking Tool to aid this exercise.
Now that you’ve developed KPIs to monitor progress on your goals, it’s time to use them to drive security program maturation by following these steps:
The term key risk indicator (KRI) gets used in a few different ways. However, in most cases, KRIs are closely associated with KPIs.
1.3 Security Metrics Determination and Tracking Tool
Tracking metric data in Info-Tech's tool provides the following data visualizations:
Info-Tech Best Practice
Be diligent about measuring and tracking your metrics. Record any potential measurement biases or comments on measurement values to ensure you have a comprehensive record for future use. In the tool, this can be done by adding a comment to a cell with a metric measurement.
Workshops offer an easy way to accelerate your project. While onsite, our analysts will work with you and your team to facilitate the activities outlined in the blueprint.
Getting key stakeholders together to formalize the program, while getting started on data discovery and classification, allows you to kickstart the overall program.
In addition, leverage over-the-phone support through Guided Implementations included in advisory memberships to ensure the continuous improvement of the classification program even after the workshop.
Logan Rohde
Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Ian Mulholland
Senior Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Call 1-888-670-8889 for more information.
2.1 Review best practices for presenting metrics
2.2 Strategize your presentation based on metric type
2.3 Tailor your presentation to your audience
2.4 Use your metrics to create a story about risk
2.5 Revise Metrics
This phase will walk you through the following activities:
This phase involves the following participants:
Outcomes of this phase
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2-4 weeks
Start with an analyst kick-off call:
Then complete these activities…
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Phase 2 Results & Insights:
Avoid technical details (i.e. raw data) by focusing on the KPI.
Put things in terms of risk; it's the language you both understand.
Explain why you’re monitoring metrics in terms of the goals you’re hoping to achieve.
Choose between KPI or KRI as the presentation format.
Match presentation with the audience.
Read between the lines.
Read the news if you’re stuck for content.
Present your metrics as a story.
Metric Type: Initial Probe
Scenario: Implementing your first metrics program.
Decisions: Do you have sufficient insight into the program? (i.e. do you need to acquire additional tools to collect metrics?)
Strategy: If there are no barriers to this (e.g. budget), then focus your presentation on the fact that you are addressing the risk of not knowing what your organization's baseline state is and what potential issues exist but are unknown. This is likely the first phase of an improvement plan, so sketching the overall plan is a good idea too.
Possible KPIs:
Metric Type: Baseline Testing
Scenario: You've taken the metrics to determine what your organization’s normal state is and you're now looking towards addressing your gaps or problem areas.
Decisions: What needs to be prioritized first and why? Are additional resources required to make this happen?
Strategy: Explain your impression of the organization's normal state and what you plan to do about it. In other words, what goals are you prioritizing and why? Be sure to note any challenges that may occur along the way (e.g. staffing).
Possible KPIs:
Metric Type: Implementation
Scenario: You are now implementing solutions to address your security priorities.
Decisions: What, to you, would establish the basis of a program?
Strategy: Focus on what you're doing to implement a certain security need, why, and what still needs to be done when you’re finished.
Possible KPIs:
Metric Type: Improvement
Scenario: Now that a basic program has been established, you are looking to develop its maturity to boost overall performance (i.e. setting a new development goal).
Decisions: What is a reasonable target, given the organization's risk tolerance and current state?
Strategy: Explain that you're now working to tighten up the security program. Note that although things are improving, risk will always remain, so we need to keep it within a threshold that’s proportionate with our risk tolerance.
Possible KPIs:
Metric Type: Organizational Trends
Scenario: You've reached a mature state and now how several KPIs being tracked. You begin to look at several KPIs together (i.e. a KPX) to assess the organization's exposure for certain broad risk trends.
Decisions: Which KPIs can be used together to look at broader risks?
Strategy: Focus on the overall likelihood of a certain risk and why you've chosen to assess it with your chosen KPIs. Spend some time discussing what factors affect the movement of these KPIs, demonstrating how smaller behaviors create a ripple effect that affects the organization’s exposure to large-scale risks.
Possible KPX: Insider Threat Risk
Even challenges can elicit useful metrics.
Not every security program is capable of progressing smoothly through the various metric types. In some cases, it is impossible to move towards goals and metrics for implementation, improvement, or organizational trends because the security program lacks resources.
Info-Tech Insight
When your business is suffering from a lack of resources, acquiring these resources automatically becomes the goal that your metrics should be addressing. To do this, focus on what risks are being created because something is missing.
When your security program is lacking a critical resource, such as staff or technology, your metrics should focus on what security processes are suffering due to this lack. In other words, what critical activities are not getting done?
KPI Examples:
1. Raw Data
2. Management-Level
3. Board-Level
As a general rule, security metrics should become decreasingly technical and increasingly behavior-based as they are presented up the organizational hierarchy.
"The higher you travel up the corporate chain, the more challenging it becomes to create meaningful security metrics. Security metrics are intimately tied to their underlying technologies, but the last thing the CEO cares about is technical details." – Ben Rothke, Senior Information Security Specialist, Tapad.
Reporting metrics is not just another presentation. Rather, it is an opportunity to demonstrate and explain the value of security.
It is also a chance to correct any misconceptions about what security does or how it works.
Use the tips on the right to help make your presentation as relatable as possible.
Info-Tech Insight
There is a difference between data manipulation and strategic presentation: the goal is not to bend the truth, but to present it in a way that allows you to show the board what they need to see and to explain it in terms familiar to them.
Avoid jargon; speak in practical terms
Address compliance
Have solid answers
Security is about managing risk. This is also its primary value to the organization. As such, risk should be the theme of the story you tell.
"Build a cohesive story that people can understand . . . Raw metrics are valuable from an operations standpoint, but at the executive level, it's about a cohesive story that helps executives understand the value of the security program and keeps the company moving forward. "– Adam Ely, CSO and Co-Founder, Bluebox Security, qtd. by Tenable, 2016
The following model encapsulates the basic trajectory of all story development.
Use this model to help you put together your story about risk.
Introduction: Overall assessment of security program.
Initial Incident: Determination of the problems and associated risks.
Rising Action: Creation of goals and metrics to measure progress.
Climax: Major development indicated by metrics.
Falling Action: New insights gained about organization’s risks.
Resolution: Recommendations based on observations.
Info-Tech Best Practice
Follow this model to ensure that your metrics presentation follows a coherent storyline that explains how you assessed the problem, why you chose to address it the way you did, what you learned in doing so, and finally what should be done next to boost the security program’s maturity.
Board-Level KPI
Mgmt.-Level KPI
Raw Data
Think of your lower-level metrics as evidence to back up the story you are telling.
When you’re asked how you arrived at a given conclusion, you know it’s time to go down a level and to explain those results.
Think of this like showing your work.
Info-Tech Insight
This approach is built into the KPX reporting format, but can be used for all metric types by drawing from your associated metrics and goals already achieved.
2.4 Security Metrics Determination and Tracking Tool
Info-Tech provides two options for metric dashboards to meet the varying needs of our members.
If you’re just starting out, you’ll likely be inclined towards the dashboard within the Security Metrics Determination and Tracking Tool (seen here).
But if you’ve already got several KPIs to report on, you may prefer the Security Metrics KPX Dashboard Tool, featured on the following slides.
Info-Tech Best Practice
Not all graphs will be needed in all cases. When presenting, consider taking screenshots of the most relevant data and displaying them in Info-Tech’s Board-Level Security Metrics Presentation Template.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
"An important key to remember is to be consistent and stick to one framework once you've chosen it. As you meet with the same audiences repeatedly, having the same framework for reference will ensure that your communications become smoother over time." – Caroline Wong, Chief Strategy Officer, Cobalt.io
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
This tool helps you convert your KPIs into the language of risk by assessing frequency and severity, which helps to make the risk relatable for senior leadership. However, it is still useful to track fluctuations in terms of percentage. To do this, track changes in the frequency, severity, and trend scores from quarter to quarter.
2.4 Board-Level Security Metrics Presentation Template
Use the Board-Level Security Metrics Presentation Template deck to help structure and deliver your metrics presentation to the board.
To make the dashboard slide, simply copy and paste the charts from the dashboard tool and arrange the images as needed.
Adapt the status report and business alignment slides to reflect the story about risk that you are telling.
Now that you’ve made it through your metrics presentation, it’s important to reassess your goals with feedback from your audience in mind. Use the following workflow.
Workshops offer an easy way to accelerate your project. While onsite, our analysts will work with you and your team to facilitate the activities outlined in the blueprint.
Getting key stakeholders together to formalize the program, while getting started on data discovery and classification, allows you to kickstart the overall program.
In addition, leverage over-the-phone support through Guided Implementations included in advisory memberships to ensure the continuous improvement of the classification program even after the workshop.
Logan Rohde
Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Ian Mulholland
Senior Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Call 1-888-670-8889 for more information.
Mike Creaney, Senior Security Engineer at Federal Home Loan Bank of Chicago
Peter Chestna, Director, Enterprise Head of Application Security at BMO Financial Group
Zane Lackey, Co-Founder / Chief Security Officer at Signal Sciences
Ben Rothke, Senior Information Security Specialist at Tapad
Caroline Wong, Chief Strategy Officer at Cobalt.io
2 anonymous contributors
Build an Information Security Strategy
Tailor best practices to effectively manage information security.
Implement a Security Governance and Management Program
Align security and business objectives to get the greatest benefit from both.
Capability Maturity Model Integration (CMMI). ISACA. Carnegie Mellon University.
Ely, Adam. “Choose Security Metrics That Tell a Story.” Using Security Metrics to Drive Action: 33 Experts Share How to Communicate Security Program Effectiveness to Business Executives and the Board Eds. 2016. Web.
https://www.ciosummits.com/Online_Assets_Tenable_eBook-_Using_Security_Metrics_to_Drive_Action.pdf
ISACA. “Board Director Concerns about Cyber and Technology Risk.” CSX. 11 Sep. 2018. Web.
Rothke, Ben. “CEOs Require Security Metrics with a High-Level Focus.” Using Security Metrics to Drive Action: 33 Experts Share How to Communicate Security Program Effectiveness to Business Executives and the Board Eds. 2016. Web.
https://www.ciosummits.com/Online_Assets_Tenable_eBook-_Using_Security_Metrics_to_Drive_Action.pdf
Wong, Caroline. Security Metrics: A Beginner’s Guide. McGraw Hill: New York, 2012.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Even where there is limited control, you can define an incident response plan to streamline notification, assessment, and implementation of workarounds.
At a minimum, IT’s responsibility is to identify and communicate risk to senior leadership. That starts with a vendor review to identify SLA and overall resilience gaps.
The examples illustrate different approaches to incident response depending on the criticality of the service and options available.
Summarize cloud services risk, mitigation options, and incident response for senior leadership.
If you think cloud means you don’t need a response plan, then get your resume ready. |
Most organizations are now recognizing that they can’t ignore the risk of a cloud outage or data loss, and the challenge is “what can I do about it?” since there is limited control. If you still think “it’s in the cloud, so I don’t need to worry about it,” then get your resume ready. When O365 goes down, your executives are calling IT, not Microsoft, for an answer of what’s being done and what can they do in the meantime to get the business up and running again. The key is to recognize what you can control and what actions you can take to evaluate and mitigate risk. At a minimum, you can ensure senior leadership is aware of the risk and define a plan for how you will respond to an incident, even if that is limited to monitoring and communicating status. Often you can do more, including defining IT workarounds, backing up your SaaS data for additional protection, and using business process workarounds to bridge the gap, as illustrated in the case studies in this blueprint. Frank Trovato Info-Tech Research Group |
As more applications are migrated to cloud-based services, disaster recovery (DR) and business continuity plans (BCP) must include an understanding of cloud risks and actions to mitigate those risks. This includes evaluating vendor and service reliability and resilience, security measures, data protection capabilities, and technology and business workarounds if there is a cloud outage or incident.
Use the risk assessments and cloud service incident response plans developed through this blueprint to supplement your DRP and BCP as well as further inform your crisis management plans (e.g. account for cloud risks in your crisis communication planning).
Overall Business Continuity Plan |
||
---|---|---|
IT Disaster Recovery Plan A plan to restore IT application and infrastructure services following a disruption. Info-Tech’s Disaster Recovery Planning blueprint provides a methodology for creating the IT DRP. Leverage this blueprint to validate and provide inputs for your IT DRP. |
BCP for Each Business Unit A set of plans to resume business processes for each business unit. Info-Tech’s Develop a Business Continuity Plan blueprint provides a methodology for creating business unit BCPs as part of an overall BCP for the organization. |
Crisis Management Plan A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage. Info-Tech’s Implement Crisis Management Best Practices blueprint provides a framework for planning a response to any crisis, from health and safety incidents to reputational damage. |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
|
|
|
Info-Tech Insight
Asking vendors about their DRP, BCP, and overall resilience has become commonplace. Expect your vendors to provide answers so you can assess risk. Furthermore, your vendor may have additional offerings to increase resilience or recommendations for third parties who can further assist your goals of improving cloud service resilience.
Provide leadership with a summary of cloud risk, downtime workarounds implemented, and additional data protection.
Cloud Services Incident Risk and Mitigation Review Tool Use this tool to gather vendor input, evaluate vendor SLAs and overall resilience, and track your own risk mitigation efforts. |
SaaS Incident Response Workflows Use the examples in this document as a model to develop your own incident response workflows for cloud outages or data loss. |
Identify options to mitigate risk
Create an incident response plan
Assess risk
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
Assess your cloud risk | Identify options to mitigate risk | Create an incident response plan |
A few cloud outage examples:
Cloud availability
High-level challenges and resilience options:
Plan for resilience
High-level challenges and resilience options:
Note: The rest of this blueprint is focused primarily on SaaS resilience due to the challenges listed here. For other cloud services, leverage traditional DR strategies and vendor management to mitigate risk (as summarized on the previous slides).
The activities on the next two slides will evaluate risk through two approaches:
Activity 1: Estimate potential impact of downtime and data loss to quantify the risk and determine which cloud services are most critical and need to be prioritized. This is done through a business impact analysis that assesses:
|
Activity 2: Review the vendor to identify risks and gaps. Specifically, evaluate the following:
|
1-3 hours
Materials |
---|
|
Participants |
|
1-3 hours
Use the Cloud Services Incident Risk and Mitigation Review Tool as follows:
Materials |
---|
|
Participants |
|
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
Assess your cloud risk | Identify options to mitigate risk | Create an incident response plan |
Some SaaS solutions have plenty of resilience options; others not so much
Risk
|
Options to mitigate risk (not an exhaustive list):
|
Risk
| Options to mitigate risk (not an exhaustive list):
|
Example baseline standard for cloud risk mitigation
Embed risk mitigation standards into existing IT operations
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
Assess your cloud risk | Identify options to mitigate risk | Create an incident response plan |
1-3 hours
|
Example SaaS Incident Response Workflow Excerpt |
Materials |
|
||
Participants | ||
|
If either critical SaaS dependency fails, the following plan is executed:
Criticality justified a failover option
The Annual Day of Giving generates over 50% of fundraising for the year. It’s critically dependent on two SaaS solutions that host the donation page and payment processing.
To mitigate the risk, the organization implemented the ability to failover to an alternate “environment” – much like a traditional DR solution – supported by workarounds to manage data collection.
Daily exports from a SaaS-hosted donations site reduce potential data loss:
Protecting your data gives you options
For critical data, do you want to rely solely on the vendor’s default backup strategy?
If your SaaS vendor is hit by ransomware or if their backup frequency doesn’t meet your needs, having your own data backup gives you options.
It can also support business process workarounds that need to access that data while waiting for SaaS recovery.
To enable a more accurate payroll workaround, the following is done:
BCP can bridge the gap
When leadership looks to IT to mitigate cloud risk, include BCP in the discussion.
Payroll is a good example where the best recovery option might be a business continuity workaround.
IT often still has a role in business continuity workarounds, as in this case study: specifically, providing a solution to modify and convert the payroll data to an ACH file.
1-3 hours
|
Example tabletop planning results excerpt with gaps identified |
Materials |
|
||
Participants | ||
|
1-3 hours
|
Cloud Services Resilience Summary – Table of Contents |
Materials |
|
||
Participants | ||
|
Get an objective assessment of your DRP program and recommendations for improvement.
Create a Right-Sized Disaster Recovery Plan
Close the gap between your DR capabilities and service continuity requirements.
Develop a Business Continuity Plan
Streamline the traditional approach to make BCP development manageable and repeatable.
Implement Crisis Management Best Practices
Don’t be another example of what not to do. Implement an effective crisis response plan to minimize the impact on business continuity, reputation, and profitability.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand blockchain’s unique feature, benefits, and business use cases.
Envision blockchain’s transformative potential for your organization by brainstorming and validating a use case.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Push past the hype and understand what the metaverse really means for IT.
On October 28, 2021, Mark Zuckerberg got up on stage and announced Facebook's rebranding to Meta and its intent to build out a new business line around the metaverse concept. Just a few days later, Microsoft's CEO Satya Nadella put forward his own idea of the metaverse at Microsoft Ignite. Seeing two of Silicon Valley's most influential companies pitch a vision of avatar-driven virtual reality collaboration sparked our collective curiosity. At the heart of it lies the question, "What is the metaverse, anyway?“
If you strip back the narrative of the companies selling you the solutions, the metaverse can be viewed as technological convergence. Years of development on mixed reality, AI, immersive digital environments, and real-time communication are culminating in a totally new user experience. The metaverse makes the digital as real as the physical. At least, that's the vision.
It will be years yet before the metaverse visions pitched to us from Silicon Valley stages are realized. In the meantime, understanding the individual technologies contributing to that vision can help CIOs realize business value today. Join me as we delve into the metaverse.
Brian Jackson
Research Director, CIO
Info-Tech Research Group
The term “metaverse” was coined by author Neal Stephenson in the 1992 novel “Snow Crash.” In the novel, main character Hiro Protagonist interacts with others in a digitally defined space. Twenty-five years after its release, the cult classic is influential among Silicon Valley's elite. Stephenson has played some key roles in Silicon Valley firms. He became the first employee at Blue Origin, the space venture founded by Jeff Bezos, in 2006, and later became chief futurist at augmented reality firm Magic Leap in 2014. Stephenson also popularized the Hindu concept "avatar" in his writing, paving the way for people to embody digitally rendered models to participate in the metaverse (Vanity Fair, 2017).
Even earlier concepts of the metaverse were examined in the 1980s, with William Gibson’s “Neuromancer” exploring the same idea as cyberspace. Gibson's novel was influenced by his time in Seattle, where friend and Microsoft executive Eileen Gunn took him to hacker bars where he'd eavesdrop on "the poetics of the technological subculture" (Medium, 2022). Other visions of a virtual reality mecca were brought to life in the movies, including the 1982 Disney release “Tron,” the 1999 flick “The Matrix,” and 2018’s “Ready Player One.”
There's a common set of traits among these sci-fi narratives that help us understand what Silicon Valley tech firms are now set to commercialize: users interact with one another in a digitally rendered virtual world, with a sense of presence provided through the use of a head-mounted display.
Image courtesy nealstephenson.com
Mark Zuckerberg is all in on the metaverse, announcing October 28, 2021, that Facebook would be rebranded to Meta. The new brand took effect on December 1, and Facebook began trading under the new stock ticker MVRS on certain exchanges. On February 15, 2022, Zuckerberg announced at a company meeting that his employees will be known as Metamates. The company's new values are to live in the future, build awesome things, and focus on long-term impact. Its motto is simply "Meta, Metamates, me" (“Out With the Facebookers. In With the Metamates,” The New York Times, 2022).
Meta's Reality Labs division will be responsible for developing its metaverse product, using Meta Quest, its virtual reality head-mounted displays. Meta's early metaverse environment, Horizon Worlds, rolled out to Quest users in the US and Canada in early December 2021. This drove a growth in its monthly user base by ten times, to 300,000 people. The product includes Horizon Venues, tailored to attending live events in VR, but not Horizon Workrooms, a VR conferencing experience that remains invite-only. Horizon Worlds provides users tools to construct their own 3D digital environments and had been used to create 10,000 separate worlds by mid-February 2022 (“Meta’s Social VR Platform Horizon Hits 300,000 Users,“ The Verge, 2022).
In the future, Meta plans to amplify the building tools in its metaverse platform with generative AI. For example, users can give speech commands to create scenes and objects in VR. Project CAIRaoke brings a voice assistant to an augmented reality headset that can help users complete tasks like cooking a stew. Zuckerberg also announced Meta is working on a universal speech translator across all languages (Reuters, 2022).
Investment in the metaverse:
$10 billion in 2021
Key People:
CEO Mark Zuckerberg
CTO Andrew Bosworth
Chief Product Officer Chris Cox
(Source: “Meta Spent $10 Billion on the Metaverse in 2021, Dragging Down Profit,” The New York Times, 2022)
In March 2021 Microsoft announced Mesh, an application that allows organizations to build out a metaverse environment. Mesh is being integrated into other Microsoft hardware and software, including its head-mounted display, the HoloLens, a mixed reality device. The Mesh for HoloLens experience allows users to collaborate around digital content projected into the real world. In November, Microsoft announced a Mesh integration with Microsoft Teams. This integration brings users into an immersive experience in a fully virtual world. This VR environment makes use of AltspaceVR, a VR application Microsoft first released in May 2015 (Microsoft Innovation Stories, 2021).
Last Fall, Microsoft also announced it is rebranding its Dynamics 365 Connected Store solution to Dynamics 365 Connected Spaces, signaling its expansion from retail to all spaces. The solution uses cognitive vision to create a digital twin of an organization’s physical space and generate analytics about people’s behavior (Microsoft Dynamics 365 Blog, 2021).
In the future, Microsoft wants to make "holoportation" a part of its metaverse experience. Under development at Microsoft Research, the technology captures people and things in photorealistic 3D to be projected into mixed reality environments (Microsoft Research, 2022). It also has plans to offer developers AI-powered tools for avatars, session management, spatial rendering, and synchronization across multiple users. Open standards will allow Mesh to be accessed across a range of devices, from AR and VR headsets, smartphones, tablets, and PCs.
Microsoft has been developing multi-user experiences in immersive 3D environments though its video game division for more than two decades. Its capabilities here will help advance its efforts to create metaverse environments for the enterprise.
Investment in the metaverse:
In January 2022, Microsoft agreed to acquire Activision Blizzard for $68.7 billion. In addition to acquiring several major gaming studios for its own gaming platforms, Microsoft said the acquisition will play a key role in the development of its metaverse.
Key People:
CEO Satya Nadella
CEO of Microsoft Gaming Phil Spencer
Microsoft Technical Research Fellow Alex Kipman
Meta
|
Microsoft
|
NVIDIA Omniverse
“The metaverse for engineers,” Omniverse is a developer toolset to allow organizations to build out their own unique metaverse visions.
|
TeamViewer’s Remote as a Service Platform
Initially focusing on providing workers remote connectivity to work desktops, devices, and robotics, TeamViewer offers a range of software as a service products. Recent acquisitions to this platform see it connecting enterprise workflows to frontline workers using mixed reality headsets and adding more 3D visualization development tools to create digital twins. Clients include Coca-Cola and BMW. |
“The metaverse matters in the future. TeamViewer is already making the metaverse tangible in terms of the value that it brings.” (Dr. Hendrik Witt, Chief Product Officer, TeamViewer)
The metaverse is a platform combining multiple technologies to enable social and economic activity in a digital world that is connected to the physical world.
A metaverse experience must combine the three P’s: user presence is represented, the world is persistent, and data is portable.
Mixed reality encompasses both virtual reality and augmented reality. Both involve allowing users to immerse themselves in digital content using a head-mounted device or with a smartphone for a less immersive effect. Virtual reality is a completely digital world that is constructed as separate from the physical world. VR headsets take up a user's entire field of vision and must also have a mechanism to allow the user to interact in their virtual environment. Augmented reality is a digital overlay mapped on top of the real world. These headsets are transparent, allowing the user to clearly see their real environment, and projects digital content on top of it. These headsets must have a way to map the surrounding environment in 3D in order to project digital content in the right place and at the right scale.
Meta acquired virtual reality developer Oculus VR Inc. and its set of head-mounted displays in 2014. It continues to develop new hardware under the Oculus brand, most recently releasing the Oculus Quest 2. Oculus Quest hardware is required to access Meta's early metaverse platform, Horizon Worlds.
Microsoft's HoloLens hardware is a mixed reality headset. Its visor that can project digital content into the main portion of the user's field of vision and speakers capable of spatial audio. The HoloLens has been deployed at enterprises around the world, particularly in scenarios where workers typically have their hands busy. For example, it can be used to view digital schematics of a machine while a worker is performing maintenance or to allow a remote expert to "see through the eyes" of a worker.
Microsoft's Mesh metaverse platform, which allows for remote collaboration around digital content, was demonstrated on a HoloLens at Microsoft Ignite in November 2021. Mesh is also being integrated into AltspaceVR, an application that allows companies to hold meetings in VR with “enterprise-grade security features including secure sign-ins, session management and privacy compliance" (Microsoft Innovation Stories, 2021).
If you've played a video game in the past decade, you've experienced an immersive 3D environment, perhaps even in a multiplayer environment with many other users at the same time. The video game industry grew quickly during the pandemic, with users spending more time and money on video games. Massive multiplayer online games like Fortnite provide more than a gaming environment. Users socialize with their friends and attend concerts featuring famous performers. They also spend money on different appearances or gestures to express themselves in the environment. When they are not playing the game, they are often watching other players stream their experience in the game. In many ways, the consumer metaverse already exists on platforms like Fortnite. At the same time, gaming developers are improving the engines for these experiences and getting closer to approximating the real world both visually and in terms of physics.
In the enterprise space, immersive 3D environments are also becoming more popular. Manufacturing firms are building digital twins to represent entire factories, modeling their real physical environments in digital space. For example, BMW’s “factory of the future” uses NVIDIA Omniverse to create a digital twin of its assembly system, simulated down to the detail of digital workers. BMW uses this simulation to plan reconfiguration of its factory to accommodate new car models and to train robots with synthetic data (“NVIDIA Omniverse,” NVIDIA, 2021).
Horizon Workrooms is Meta's business-focused application of Horizon Worlds. It facilitates a VR workspace where colleagues can interact with others’ avatars, access their computer, use videoconferencing, and sketch out ideas on a whiteboard. With the Oculus Quest 2 headset, passthrough mode allows users to add their physical desk to the virtual environment (Oculus, 2022).
AltspaceVR is Microsoft's early metaverse environment and it can be accessed with Oculus, HTC Vive, Windows Mixed Reality, or in desktop mode. Separately, Microsoft Studios has been developing digital 3D environments for its Xbox video game platform for yeas. In January 2022, Microsoft acquired games studio Activision Blizzard for $68.7 billion, saying the games studio would play a key role in the development of the metaverse.
If the metaverse is going to be a good place to collaborate, then communication must feel as natural as it does in the real world. At the same time, it will need to have a few more controls at the users’ disposal so they can focus in on the conversation they choose. Audio will be a major part of the communication experience, augmented by expressive avatars and text.
Mixed reality headsets come with integrated microphones and speakers to enable voice communications. Spatial audio will also be an important component of voice exchange in the metaverse. When you are in a videoconference conversation with 50 participants, every one of those people will sound as though they are sitting right next to you. In the metaverse, each person will sound louder or quieter based on how distant their avatar is from you. This will allow large groups of people to get together in one digital space and have multiple conversations happening simultaneously. In some situations, there will also be a need for groups to form a “party” as they navigate the metaverse, meaning they would stay linked through a live audio connection even if their avatars were not in the same digital space. Augmented reality headsets also allow remote users to “see through the eyes” of the person wearing the headset through a front-facing camera. This is useful for hands-on tasks where expert guidance is required.
People will also need to communicate with people not in the metaverse. More conventional videoconference windows or chat boxes will be imported into these environments as 2D panels, allowing users to integrate them into the context of their digital space.
Facebook Messenger is a text chat and video chat application that is already integrated into Facebook’s platform. Facebook also owns WhatsApp, a messaging platform that offers group chat and encrypted messaging.
Microsoft Teams is Microsoft’s application that combines presence-based text chat and videoconferencing between individuals and groups. Dynamics 365 Remote Assist is its augmented reality application designed for HoloLens wearers or mobile device users to share their real-time view with experts.
Metaverse platforms provide users with no-code and low-code options to build out their own environments. So far this looks like playing a game of Minecraft. Users in the digital environment use native tools to place geometric shapes and add textures. Other metaverse platforms allow users to design models or textures with tools outside the platform, often even programming behaviors for the objects, and then import them into the metaverse. These tools can be used effectively, but it can be a tedious way to create a customized digital space.
Generative AI will address that by taking direction from users and quickly generating content to provide the desired metaverse setting. Generative AI can create content that’s meaningful based on natural inputs like language or visual information. For example, a user might give voice commands to a smart assistant and have a metaverse environment created or take photos of a real-world object from different angles to have its likeness digitally imported.
Synthetic data will also play a role in the metaverse. Instead of relying only on people to create a lot of relevant data to train AI, metaverse platform providers will also use simulated data to provide context. NVIDIA’s Omniverse Replicator engine provides this capability and can be used to train self-driving cars and manipulator robots for a factory environment (NVIDIA Newsroom, 2021).
Meta is planning to use generative AI to allow users to construct their VR environments. It will allow users to describe a world to a voice assistant and have it created for them. Users could also speak to each other in different languages with the aid of a universal translator. Separately, Project CAIRaoke combines cognitive vision with a voice assistant to help a user cook dinner. It keeps track of where the ingredients are in the kitchen and guides the user through the steps (Reuters, 2022).
Microsoft Mesh includes AI resources to help create natural interactions through speech and vision learning models. HoloLens 2 already uses AI models to track users’ hands and eye movements as well as map content onto the physical world. This will be reinforced in the cloud through Microsoft Azure’s AI capabilities (Microsoft Innovation Stories, 2021).
Blockchain technology provides a decentralized digital ledger that immutably records transactions. A specific blockchain can either be permissioned, with one central party determining who gets access, or permissionless, in which anyone with the means can transact on the blockchain. The permissionless variety emerged in 2008 as the foundation of Bitcoin. It's been a disruptive force in the financial industry, with Bitcoin inspiring a long list of offshoot cryptocurrencies, and now even central banks are examining moving to a digital currency standard.
In the past couple of years, blockchain has spurred a new economy around digital assets. Smart contracts can be used to create a token on a blockchain and bind it to a specific digital asset. These assets are called non-fungible tokens (NFTs). Owners of NFTs can prove their chain of ownership and sell their tokens to others on a variety of marketplaces.
Blockchain could be useful in the metaverse to track digital identity, manage digital assets, and enable data portability. Users could register their own avatars as NFTs to prove they are the real person behind their digital representation. They may also want a way to verify they own a virtual plot of land or demonstrate the scarcity of the digital clothing they are wearing in the metaverse. If users want to leave a certain metaverse platform, they could export their avatar and digital assets to a digital wallet and transfer them to another platform that supports the same standards.
In the past, centralized platforms that create economies in a virtual world were able to create digital currencies and sell specific assets to users without the need for blockchain. Second Life is a good example, with Linden Labs providing a virtual token called Linden Dollars that users can exchange to buy goods and services from each other within the virtual world. Second Life processes 345 million transactions a year for virtual goods and reports a GDP of $650 million, which would put it ahead of some countries (VentureBeat, 2022). However, the value is trapped within Second Life and can't be exported elsewhere.
Meta ended its Diem project in early 2022, winding down its plan to offer a digital currency pegged to US dollars. Assets were sold to Silvergate Bank for $182 million. On February 24, blockchain developer Atmos announced it wanted to bring the project back to life. Composed of many of the original developers that created Diem while it was still a Facebook project, the firm plans to raise funds based on the pitch that the new iteration will be "Libra without Facebook“ (CoinDesk, 2022).
Microsoft expanded its team of blockchain developers after its lead executive in this area stated the firm is closely watching cryptocurrencies and NFTs. Blockchain Director York Rhodes tweeted on November 8, 2021, that he was expanding his team and was interested to connect with candidates "obsessed with Turing complete, scarce programmable objects that you can own & transfer & link to the real world through a social contract.”
Improve maturity in these four areas first
|
Risks
|
Mitigations
|
Risks
| Mitigations
|
Risks
| Mitigations
|
Risks
| Mitigations
|
CIO Priorities 2022
Priorities to compete in the digital economy.
Microsoft Teams Cookbook
Recipes for best practices and use cases for Microsoft Teams.
Run Better Meetings
Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.
Double Your Organization’s Effectiveness With a Digital Twin
Digital twin: A living, breathing reflection.
Dr. Hendrik Witt
|
Kevin Tucker
|
Cannavò, Alberto, and F. Lamberti. “How Blockchain, Virtual Reality and Augmented Reality Are Converging, and Why.” IEEE Consumer Electronics Magazine, vol. 10, no. 5, Sept. 2020, pp. 6-13. IEEE Xplore. Web.
Culliford, Elizabeth. “Meta’s Zuckerberg Unveils AI Projects Aimed at Building Metaverse Future.” Reuters, 24 Feb. 2022. Web.
Davies, Nahla. “Cybersecurity and the Metaverse: Pioneering Safely into a New Digital World.” GlobalSign Blog, 10 Dec. 2021. GlobalSign by GMO. Web.
Doctorow, Cory. “Neuromancer Today.” Medium, 10 Feb. 2022. Web.
Heath, Alex. “Meta’s Social VR Platform Horizon Hits 300,000 Users.” The Verge, 17 Feb. 2022. Web.
“Holoportation™.” Microsoft Research, 22 Feb. 2022. Microsoft. Accessed 3 March 2022.
Isaac, Mike. “Meta Spent $10 Billion on the Metaverse in 2021, Dragging down Profit.” The New York Times, 2 Feb. 2022. Web.
Isaac, Mike, and Sheera Frenkel. “Out With the Facebookers. In With the Metamates.” The New York Times, 15 Feb. 2022. Web.
Langston, Jennifer. “‘You Can Actually Feel like You’re in the Same Place’: Microsoft Mesh Powers Shared Experiences in Mixed Reality.” Microsoft Innovation Stories, 2 Mar. 2021. Microsoft. Web.
“Maple Leaf Sports & Entertainment and AWS Team Up to Transform Experiences for Canadian Sports Fans.” Amazon Press Center, 23 Feb. 2022. Amazon.com. Accessed 24 Feb. 2022. Web.
Marquez, Reynaldo. “How Microsoft Will Move To The Web 3.0, Blockchain Division To Expand.” Bitcoinist.com, 8 Nov. 2021. Web.
Metinko, Chris. “Securing The Metaverse—What’s Needed For The Next Chapter Of The Internet.” Crunchbase News, 6 Dec. 2021. Web.
Metz, Rachel Metz. “Why You Can’t Have Legs in Virtual Reality (Yet).” CNN, 15 Feb. 2022. Accessed 16 Feb. 2022.
“Microsoft to Acquire Activision Blizzard to Bring the Joy and Community of Gaming to Everyone, across Every Device.” Microsoft News Center, 18 Jan. 2022. Microsoft. Web.
Nath, Ojasvi. “Big Tech Is Betting Big on Metaverse: Should Enterprises Follow Suit?” Toolbox, 15 Feb. 2022. Accessed 24 Feb. 2022.
“NVIDIA Announces Omniverse Replicator Synthetic-Data-Generation Engine for Training AIs.” NVIDIA Newsroom, 9 Nov. 2021. NVIDIA. Accessed 9 Mar. 2022.
“NVIDIA Omniverse - Designing, Optimizing and Operating the Factory of the Future. 2021. YouTube, uploaded by NVIDIA, 13 April 2021. Web.
Peters, Jay. “Disney Has Appointed a Leader for Its Metaverse Strategy.” The Verge, 15 Feb. 2022. Web.
Robinson, Joanna. The Sci-Fi Guru Who Predicted Google Earth Explains Silicon Valley’s Latest Obsession.” Vanity Fair, 23 June 2017. Accessed 13 Feb. 2022.
Scoble, Robert. “New Startup Mixes Reality with Computer Vision and Sets the Stage for an Entire Industry.” Scobleizer, 17 Feb. 2022. Web.
Seward, Zack. “Ex-Meta Coders Raising $200M to Bring Diem Blockchain to Life: Sources.” CoinDesk, 24 Feb. 2022. Web.
Shrestha, Rakesh, et al. “A New Type of Blockchain for Secure Message Exchange in VANET.” Digital Communications and Networks, vol. 6, no. 2, May 2020, pp. 177-186. ScienceDirect. Web.
Sood, Vishal. “Gain a New Perspective with Dynamics 365 Connected Spaces.” Microsoft Dynamics 365 Blog, 2 Nov. 2021. Microsoft. Web.
Takahashi, Dean. “Philip Rosedale’s High Fidelity Cuts Deal with Second Life Maker Linden Lab.” VentureBeat, 13 Jan. 2022 Web.
“TeamViewer Capital Markets Day 2021.” TeamViewer, 10 Nov. 2021. Accessed 22 Feb. 2022.
VR for Work. Oculus.com. Accessed 1 Mar. 2022.
Wunderman Thompson Intelligence. “New Trend Report: Into the Metaverse.” Wunderman Thompson, 14 Sept. 2021. Accessed 16 Feb. 2022.
More than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.
It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Therefore, organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.
Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this research to identify and quantify the potential regulatory impacts caused by vendors. Use Info-Tech's approach to look at the regulatory impact from various perspectives to better prepare for issues that may arise.
By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Organizations must understand the regulatory damage vendors may cause from lack of compliance.
The sheer number of regulations on the international market is immense, ever-changing, and make it almost impossible for any organization to consistently keep up with compliance. As regulatory enforcement increases, organizations must hold their vendors accountable for compliance through ongoing monitoring and validation of regulatory compliance to the relevant standards in their industries, or face increasing penalties for non-compliance. Frank Sewell, Research Director, Vendor Management Info-Tech Research Group |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
More than at any previous time, our world is changing rapidly. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level. It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply. |
Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations. Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals. |
Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them. Prioritize and classify your vendors with quantifiable, standardized rankings. Prioritize focus on your high-risk vendors. Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts. |
Info-Tech Insight
Organizations must evolve their risk assessments to be more adaptive to respond to regulatory changes in the global market. Ongoing monitoring of the vendors who must comply with industry and governmental regulations is crucial to avoiding penalties and maintaining your regulatory compliance.
This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.
Out of Scope:
This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.
The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them and avoid penalties.
When the unexpected happens, being able to adapt quickly to new priorities and regulations ensures continued long-term business success.
Below are some things no one expected to happen in the last few years:
45% Have no visibility into their upstream supply chain, or they can only see as far as their first-tier suppliers. 2022 McKinsey |
61% Of compliance officers expect to increase investment in their compliance function over the next two years. 2022 Accenture |
$770k+ Breaches involving third-party vendors cost more on average. 2022 HIT Consultant.net |
Consider implementing vendor management initiatives and practices in your organization to help gain compliance with your expanding vendor landscape.
Your organizational risks may be monitored but are your n-party vendors?
Review your expectations with your vendors and hold them accountable.
Regulatory entities are looking beyond your organization’s internal compliance these days. More and more they are diving into your third-party and downstream relationships, particularly as awareness of downstream breaches increases globally.
Are you confident your vendors meet your standards?
Environmental, Social, Governance (ESG)
Regulatory agencies are putting more enforcement on ESG practices across the globe. As a result, organizations will need to monitor the changing regulations and validate that their vendors and n-party support vendors are adhering to these regulations, or face penalties for non-compliance.
Data Protection
Data Protection remains an issue in the world. Organizations should ensure that the data their vendors obtain remains protected throughout the vendor’s lifecycle, including post-termination. Otherwise, they could be monitoring for a data breach in perpetuity.
Mergers and Acquisitions
More prominent vendors continuously buy smaller companies to control the market in the IT industry. Therefore, organizations should put protections in their contracts to ensure that an IT vendor’s acquisition does not put them in a relationship with someone that could cause them an issue.
(Adapted from COSO)
Understand the organization’s regulatory risks to prepare for the “What If” game exercise.
Play the “What If” game with the right people at the table.
Pull all the information together in a presentation document.
Work with leadership to ensure that the proposed risks are in line with their thoughts.
Lower the overall risk potential by putting mitigations in place.
It is important not only to have a plan but also to socialize it in the organization for awareness.
Once the plan is finalized and socialized, put it in place with continued monitoring for success.
Regulatory risk impacts often come from unexpected places and have significant consequences. Knowing who your vendors are using for their support and supply chain could be crucial in eliminating the risk of non-compliance for your organization. Having a plan to identify and validate the regulatory compliance of your vendors is a must for any organization, to avoid penalties.
Insight 1 |
Organizations fail to plan for vendor acquisitions appropriately. Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans around replacing critical vendors purchased in such a manner? |
Insight 2 |
Organizations often fail to understand how n-party vendors could place them in non-compliance. Even if you know your complete third-party vendor landscape, you may not be aware of the downstream vendors in play. Ensure that you get visibility into this space as well and hold your direct vendors accountable for the actions of their vendors. |
Insight 3 |
Organizations need to know where their data lives and ensure it is protected. Make sure you know which vendors are accessing/storing your data, where they are keeping it, and that you can get it back and have the vendors destroy it when the relationship is over. Without adequate protection throughout the lifecycle of the vendor, you could be monitoring for breaches in perpetuity. |
See the blueprint Build an IT Risk Management Program
Review your risk management plans for new risks on a regular basis.
Keep in mind Risk = Likelihood x Impact (R=L*I).
Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent
Organizations must review their regulatory risk appetite and tolerance levels, considering their complete landscape.
Changing regulations, acquisitions, and events that affect global supply chains are current realities, not unlikely scenarios.
Sometimes disasters occur despite our best plans to manage them.
When this happens, it is important to document the lessons learned and update our plans.
1-3 hours
Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
How to mitigate:
Contractually insist that the vendor have a third-party security audit performed annually, with the stipulation that they will not denigrate below your acceptable standards.
Note: Even though a few items are “scored” they have not been added to the overall weight, signaling that the company has noted but does not necessarily hold them against the vendor.
Keeping up with the ever-changing regulations can make compliance a difficult task.
Organizations should increase the resources dedicated to monitoring these regulations as agencies continue to hold them more accountable.
Identify and Manage Financial Risk Impacts on Your Organization
Identify and Manage Reputational Risk Impacts on Your Organization
Identify and Manage Strategic Risk Impacts on Your Organization
Info-Tech Insight
It is easier for prospective clients to find out what you did wrong than that you fixed the issue.
Alicke, Knut, et al. "Taking the pulse of shifting supply chains", McKinsey & Company, August 26th 2022. Accessed October 31st
Regan, Samantha, et al. "Can compliance keep up with warp-speed Change?", accenture, May 18th 2022. Accessed Oct 31st 2022.
Feria, Nathalie, and Rosenberg, Daniel. "Mitigating Healthcare Cyber Risk Through Vendor Management", HIT Consultant, October 17th 2022. Accessed Oct 31st 2022.
Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.
Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.
Frameworks are a collection of best practices. Sometimes regulation dictates what processes you need to address, or that you have to implement them.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use Info-Tech’s licensing best practices to avoid overspending on Adobe licensing and to remain compliant in case of audit.
"Adobe has designed and executed the most comprehensive evolution to the subscription model of pre-cloud software publishers with Creative Cloud. Adobe's release of Document Cloud (replacement for the Acrobat series of software) is the final nail in the coffin for legacy licensing for Adobe. Technology procurement functions have run out of time in which to act while they still retain leverage, with the exception of some late adopter organizations that were able to run on legacy versions (e.g. CS6) for the past five years. Procuring Adobe software is not the same game as it was just a few years ago. Adopt a comprehensive approach to understanding Adobe licensing, contract, and delivery models in order to accurately forecast your software needs, transact against the optimal purchase plan, and maximize negotiation leverage. "
Scott Bickley
Research Lead, Vendor Practice
Info-Tech Research Group
In 2011 Adobe took the strategic but radical move toward converting its legacy on-premises licensing to a cloud-based subscription model, in spite of material pushback from its customer base. While revenues initially dipped, Adobe’s resolve paid off; the transition is mostly complete and revenues have doubled. This was the first enterprise software offering to effect the transition to the cloud in a holistic manner. It now serves as a case study for those following suit, such as Microsoft, Autodesk, and Oracle.
Adobe elected to make this market pivot in a dramatic fashion, foregoing a gradual transition process. Enterprise clients were temporarily allowed to survive on legacy on-premises editions of Adobe software; however, as the Adobe Creative Cloud functionality was quickly enhanced and new applications were launched, customer capitulation to the new subscription model was assured.
Adobe is now leveraging the power of connected customers, the availability of massive data streams, and the ongoing digitalization trend globally to supplement the core Creative Cloud products with online services and analytics in the areas of Creative Cloud for content, Marketing Cloud for marketers, and Document Cloud for document management and workflows. This blueprint focuses on Adobe's Creative Cloud and Document Cloud solutions and the enterprise term license agreement (ETLA).
Beware of your contract being auto-renewed and getting locked into the quantities and product subset that you have in your current agreement. Determining the number of licenses you need is critical. If you overestimate, you're locked in for three years. If you underestimate, you have to pay a big premium in the true-up process.
Adobe estimates the total addressable market for creative and document cloud to be $21 billion. With no sign of growth slowing down, Adobe customers must learn how to work within the current design monopoly.
Source: Adobe, 2017
"Adobe is not only witnessing a steady increase in Creative Cloud subscriptions, but it also gained more visibility into customers’ product usage, which enables it to consistently push out software updates relevant to user needs. The company also successfully transformed its sales organization to support the recurring revenue model."
– Omid Razavi, Global Head of Success, ServiceNow
☑ Implement a user profile to assign licenses by version and limit expenditures. Alternatives can include existing legacy perpetual and Acrobat classic versions that may already be owned by the organization.
☑ Examine the suitability and/or dependency on Document Cloud functions, such as existing business workflows and e-signature integration.
☑ Involve stakeholders in the evaluation of alternate products for use cases where dependency on Acrobat-specific functionality is limited.
☑ Identify not just the installs and active use of the applications but also the depth and breadth of use across the various features so that the appropriate products can be selected.
Use Info-Tech’s Adobe toolkit to prepare for your new purchases or contract renewal
Info-Tech Insight
IT asset management (ITAM) and software asset management (SAM) are critical! An error made in a true-up can cost the organization for the remaining years of the ETLA. Info-Tech worked with one client that incurred a $600k error in the true-up that they were not able to recoup from Adobe.
Time and resource disruption to business if audited
Lost estimated synergies in M&A
Cost of new licensing
Cost of software audit, penalties, and back support
Lost resource allocation and time
Third party, legal/SAM partners
Cost of poor negotiation tactics
Lost discount percentage
Terms and conditions improved
Establish Licensing Requirements |
Evaluate Licensing Options |
Evaluate Agreement Options |
Purchase and Manage Licenses |
|
---|---|---|---|---|
Best-Practice Toolkit |
|
|
|
|
Guided Implementations |
|
|
|
|
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 1: Managing Adobe Contracts Proposed Time to Completion: 3-6 weeks |
||
---|---|---|
Step 1.1: Establish Licensing Requirements Start with a kick-off call:
Then complete these activities…
With these tools & templates: Adobe ETLA Deployment Forecast |
Step 1.2: Determine Licensing Options Review findings with analyst:
Then complete these activities…
With these tools & templates: Adobe ETLA vs. VIP Pricing Table Adobe ETLA Forecasted Costs and Benefits |
Step 1.3: Purchase and Manage Licenses Review findings with analyst:
Then complete these activities…
With these tools & templates: Adobe ETLA Deployment Forecast |
Adobe’s move from a perpetual license to a per-user subscription model can be positive in some scenarios for organizations that experienced challenges with deployment, management of named users vs. devices, and license tracking.
Adobe has been systematically reducing discounts on ETLAs as they enter the second renewal cycle of the original three-year terms.
Adobe cloud services are being bundled with ETLAs with a mandate that companies that do not accept the services at the proposed cost have Adobe management’s approval to unbundle the deal, generally with no price relief.
The option for custom bundling of legacy Creative Suite component applications has been removed, effectively raising the price across the board for licensees that require more than two Adobe applications who must now purchase the full Creative Cloud suite.
Higher education/public education agreements have been revamped over the past couple of years, increasing prices for campus-wide agreements by double-digit percentages (~10-30%+). While they still receive an 80% discount over list price, IT departments in this industry are not prepared to absorb the budget increase.
Adobe has moved to an all-or-one bundle model. If you need more than two application products, you will likely need to purchase the full Creative Cloud suite. Therefore, it is important to focus on creating accurate user profiles to identify usage needs.
Use Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.
Use Info-Tech’s ETLA Forecasted Costs and Benefits tool to forecast your ETLA costs and document benefits.
The subscription model forces customers to an annuity-based pricing model, so Adobe has recurring revenue from a subscription-based product. This increases customer lifetime value (CLTV) for Adobe while providing ongoing functionality updates that are not version/edition dependent.
Key Characteristics:
Adobe Digital Publishing Suite, Single Edition
Bundle Name |
Target Customer |
Included Applications |
Features |
---|---|---|---|
CC (for Individuals) |
Individual users |
The individual chooses |
|
CC for Teams (CCT) |
Small to midsize organizations with a small number of Adobe users who are all within the same team |
Depends on your team’s requirements. You can select all applications or specific applications. |
Everything that CC (for individuals) does, plus
|
CC for Enterprise (CCE) |
Large organizations with users who regularly use multiple Adobe products on multiple machines |
All applications including Adobe Stock for images and Adobe Enterprise Dashboard for managing user accounts |
Everything that CCT does, plus
|
For further information on specific functionality differences, reference Adobe’s comparison table.
☑ True cloud products are typically service-based, scalable and elastic, shared resources, have usage metering, and rely upon internet technologies. Currently, Adobe’s Creative Cloud and Document Cloud products lack these characteristics. In fact, the core products are still downloaded and physically installed on endpoint devices, then anchored to the cloud provisioning system, where the software can be automatically updated and continuously verified for compliance by ensuring the subscription is active.
☑ Adobe Cloud allows Adobe to increase end-user productivity by releasing new features and products to market faster, but the customer will increase lock-in to the Adobe product suite. The fast-release approach poses a different challenge for IT departments, as they must prepare to test and support new functionality and ensure compatibility with endpoint devices.
☑ There are options at the enterprise level that enable IT to exert more granular control over new feature releases, but these are tied to the ETLA and the provided enterprise portal and are not available on other subscription plans. This is another mechanism by which Adobe has been able to spur ETLA adoption.
☑ Not all CIOs consider SaaS/subscription applications their first choice, but the Adobe’s dominant position in the content and document management marketplace is forcing the shift regardless. It is significant that Adobe bypassed the typical hybrid transition model by effectively disrupting the ability to continue with perpetual licensing without falling behind the functionality curve.
☑ VIP plans do allow for annual terms and payment, but you lose the price elasticity that comes with multi-year terms.
Download Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.
Step 1: Make sure you have a software asset management (SAM) tool to determine Adobe installs and usage within your environment.
Step 2: Look at the current Adobe install base and usage. We recommend reviewing three months’ worth of reliable usage data to decide which users should have which licenses going forward.
Step 3: Understand the changes in Adobe packages for Creative Cloud (CC). Also, take into account that the license types are based on users, not devices.
Step 4: Identify those users who only need a single license for a single application (e.g. Photoshop, InDesign, Muse).
Step 5: Identify the users who require CC suites. Look at their usage of previous Adobe suites to get an idea of which CC suite they require. Did they have Design Suite Standard installed but only use one or two elements? This is a good way to ensure you do not overspend on Adobe licenses.
Download Info-Tech’s Adobe ETLA Deployment Forecast tool to track Adobe installs within your environment and to determine usage needs.
Most common purchasing models |
Points for consideration |
---|---|
|
|
"Customers are not even obliged to manage all the licenses themselves. The reseller partners have access to the cloud console and can manage licenses on behalf of their customers. Even better, they can seize cross and upsell opportunities and provide good insight into the environment. Additionally, Adobe itself provides optimization services."
– B-lay
The CLP and TLP are transactional agreements generally used for the purchase of perpetual licenses. For example, they could be used for making Acrobat purchases if Creative Suite products are purchased on the ETLA.
Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”
The Value Incentive Plan is aimed at small- to medium-sized organizations with no minimum quantity required. However, there is limited flexibility to reduce licenses and limited price protection for future purchases. The ETLA is aimed at large organizations who wish to have new functionality as it comes out, license management portal, services, and security/IT control aspects.
Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”
The Adobe ETLA’s rigid contract parameters, true-up process, and unique deployment/provisioning mechanisms give technology/IT procurement leaders fewer options to maximize cost-usage alignment and to streamline opex costs.
☑ No ETLA price book is publicly published; pricing is controlled by the Adobe enterprise sales team.
☑ Adobe's retail pricing is a good starting point for negotiating discounted pricing.
☑ ETLA commitments are usually for three years, and the lack of a true-down option increases the risk involved in overbuying licenses should the organization encounter a business downturn or adverse event.
☑ Pricing discounts are the highest at the initial ETLA signing for the upfront volume commitment. The true-up pricing is discounted from retail but still higher than the signing cost per license.
☑ Technical support is included in the ETLA.
☑ While purchases typically go through value-added resellers (VARs), procurement can negotiate directly with Adobe.
"For cloud products, it is less complex when it comes to purchasing and pricing. If larger quantities are purchased on a longer term, the discount may reach up to 15%. As soon as you enroll in the VIP program, you can control all your licenses from an ‘admin console’. Any updates or new functionalities are included in the original price. When the licenses expire, you may choose to renew your subscriptions or remove them. Partial renewal is also accepted. Of course, you can also re-negotiate your price if more subscriptions are added to your console."
– B-lay
INFO-TECH TIP: For further guidance on ETLAs and pricing, contact your Info-Tech representative to set up a call with an analyst.
Use Info-Tech’s Adobe ETLA Deployment Forecast tool to match licensees with Adobe product SKUs.
When adding a license, the true-up price will be prorated to 50% of the license cost for previous year’s usage plus 100% of the license cost for the next year. This back-charging adds up to 150% of the overall true-up license cost. In some rare cases, Adobe has provided an “unlimited” quantity for certain SKUs; these Unlimited ETLAs generally align with FTE counts and limit FTE increases to about 5%. Procurement must monitor and work with SAM/ITAM and stakeholder groups to restrain unnecessary growth during the term of an Unlimited ETLA to avoid the risk of cost escalation at renewal time.
Higher-education clients can license under the ETLA based on a prescribed number of user and classroom/lab devices and/or on a FTE basis. In these cases, the combination of Creative Cloud and Acrobat Pro volume must equal the FTE total, creating an enterprise footprint. FTE calculations establish the full-time faculty plus one-third of part-time faculty plus one-half of part-time staff.
Compliance takes a different form in terms of the ETLA true-up process. The completion of Adobe's transition to cloud-based licensing and verification has improved compliance rates via phone home telemetry such that pirated software is less available and more easily detected. Adobe has actually decommissioned its audit arm in the Americas and EMEA.
Determine License Entitlements
Obtain documentation from internal records and Adobe to track licenses and upgrades to determine what licenses you own and have the right to use.
Gather Deployment Information
Leverage a software asset management tool or process to determine what software is deployed and what is/is not being used.
Determine Effective License Position
Compare license entitlements with deployment data to uncover surpluses and deficits in licensing. Look for opportunities.
Plan Changes to License Position
Meet with IT stakeholders to discuss the enterprise license program (ELP), short- and long-term project plans, and budget allocation. Plan and document licensing requirements.
Option |
What is it? |
What’s included? |
For |
Term |
---|---|---|---|---|
CLP (Cumulative Licensing Program) |
10,000 plus points, support and maintenance optional |
Select Adobe perpetual desktop products |
Business |
2 years |
EA (Adobe Enterprise Agreement) |
100 licenses plus maintenance and support for eligible Adobe products |
All applications |
100+ users requirement |
3 years |
EEA (Adobe Enterprise Education Agreement) |
Creative Cloud enterprise agreement for education establishments |
Creative Cloud applications without services |
Education |
1 or 2 years |
ETLA (Enterprise Term License Agreement) |
Licensing program designed for Adobe’s top commercial, government, and education customers |
All Creative Cloud applications |
Large enterprise companies |
3 years |
K-12 – Enterprise Agreement |
Enterprise agreement for primary and secondary schools |
Creative Cloud applications without services |
Education |
1 year |
K-12 – School Site License |
Allows a school to install a Creative Cloud on up to 500 school-owned computers regardless of school size |
Creative Cloud applications without services |
Education |
1 year |
TLP (Transactional Licensing Program) |
Agreement for SMBs that want volume licensing bonuses |
Perpetual desktop products only |
Aimed at SMBs, but Enterprise customers can use the TLP for smaller requirements |
N/A |
Upgrade Plan |
Insurance program for software purchased under a perpetual license program such as CLP or TLP for Creative Cloud upgrade |
Dependent on the existing perpetual estate |
Anyone |
N/A |
VIP (Value Incentive Plan) |
VIP allows customers to purchase, deploy, and manage software through a term-based subscription license model |
Creative Cloud of teams |
Business, government, and education |
Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.
Adobe has transitioned the vast majority of its software offerings to the cloud-based subscription model. Active management of licenses, software provisioning, and consumption of cloud services is now an ongoing job.
With the vendor lock-in process nearly complete via the transition to a SaaS subscription model, Adobe is raising prices on an annual basis. Advance planning and strategic use of the ETLA is key to avoid budget-breaking surprises.
Take Control of Microsoft Licensing and Optimize Spend
Create an Effective Plan to Implement IT Asset Management
Establish an Effective System of Internal IT Controls to Mitigate Risks
Optimize Software Asset Management
Take Control of Compliance Improvement to Conquer Every Audit
“Adobe Buying Programs: At-a-glance comparison guide for Commercial and government organizations.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.
“Adobe Buying Programs Comparison Guide for Commercial and Government Organizations.” Adobe Systems Incorporated, 2018. Web.
“Adobe Buying Programs Comparison Guide for Education.” Adobe Systems Incorporated, 2018. Web. 1 Feb 2018.
“Adobe Education Enterprise Agreement: Give your school access to the latest industry-leading creative tools.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.
“Adobe Enterprise Term License Agreement for commercial and government organizations.” Adobe Systems Incorporated, 2016. Web. 1 Feb. 2018.
Adobe Investor Presentation – October 2017. Adobe Systems Incorporated, 2017. Web. 1 Feb. 2018.
Cabral, Amanda. “Students react to end of UConn-Adobe contract.” The Daily Campus (Uconn), 5 April 2017. Web. 1 Feb. 2018.
de Veer, Patrick and Alecsandra Vintilescu. “Quick Guide to Adobe Licensing.” B-lay, Web. 1 Feb. 2018.
“Find the best program for your organization.” Adobe, Web. 1 Feb 2018.
Foxen, David. “Adobe Upgrade Simplified.” Snow Software, 7 Oct. 2016. Web.
Frazer, Bryant. “Adobe Stops Reporting Subscription Figures for Creative Cloud.” Studio Daily. Access Intelligence, LLC. 17 March 2016. Web.
“Give your students the power to create bright futures.” Adobe, Web. 1 Feb 2018.
Jones, Noah. “Adobe changes subscription prices, colleges forced to pay more.” BG Falcon Media. Bowling Green State University, 18 Feb. 2015. Web. 1 Feb. 2018.
Mansfield, Adam. “Is Your Organization Prepared for Adobe’s Enterprise Term License Agreements (ETLA)?” UpperEdge,30 April 2013. Web. 1 Feb. 2018.
Murray, Corey. “6 Things Every School Should Know About Adobe’s Move to Creative Cloud.” EdTech: Focus on K-12. CDW LLC, 10 June 2013. Web.
“Navigating an Adobe Software Audit: Tips for Emerging Unscathed.” Nitro, Web. 1 Feb. 2018.
Razavi, Omid. “Challenges of Traditional Software Companies Transitioning to SaaS.” Sand Hill, 12 May 2015. Web. 1 Feb. 2018.
Rivard, Ry. “Confusion in the Cloud.” Inside Higher Ed. 22 May 2013. Web. 1 Feb. 2018.
Sharwood, Simon. “Adobe stops software licence audits in Americas, Europe.” The Register. Situation Publishing. 12 Aug. 2016. Web. 1 Feb. 2018.
“Software Licensing Challenges Faced In The Cloud: How Can The Cloud Benefit You?” The ITAM Review. Enterprise Opinions Limited. 20 Nov. 2015. Web.
White, Stephen. “Understanding the Impacts of Adobe’s Cloud Strategy and Subscriptions Before Negotiating an ETLA.” Gartner, 22 Feb. 2016. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Our systematic approach will ensure that all identified areas of security have an associated policy.
The Security Policy Prioritization Tool assesses the policy suite on policy importance, ease to implement, and ease to enforce. The output of this tool is your prioritized list of policies based on our policy framework.
The Security Policy Assessment Tool assesses the policy suite on policy coverage, communication, adherence, alignment, and overlap. The output of this tool is a checklist of remediation actions for each individual policy.
The Lifecycle Template includes sections on security vision, security mission, strategic security and policy objectives, policy design, roles and responsibilities for developing security policies, and organizational responsibilities.
Use Info-Tech's security policy templates, which incorporate multiple industry best-practice frameworks (NIST, ISO, SOC2SEC, CIS, PCI, HIPAA), to ensure that your policies are clear, concise, and consistent.
This template helps you consider the budget time for communications, identify all stakeholders, and avoid scheduling communications in competition with one another.
Use this tool to first identify the initiatives that can grow your program, then as a roadmap tool for tracking progress of completion for those initiatives.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Define the security policy development program.
Formalize a governing security policy lifecycle.
Understanding the current state of policies within your organization.
Prioritizing list of security policies for your organization.
Being able to defend policies written based on business requirements and overarching security needs.
Leveraging an executive champion to help policy adoption across the organization.
Formalizing the roles, responsibilities, and overall mission of the program.
1.1 Understand the current state of policies.
1.2 Align your security policies to the Info-Tech framework for compliance.
1.3 Understand the relationship between policies and other documents.
1.4 Prioritize the development of security policies.
1.5 Discuss strategies to leverage stakeholder support.
1.6 Plan to communicate with all stakeholders.
1.7 Develop the security policy lifecycle.
Security Policy Prioritization Tool
Security Policy Prioritization Tool
Security Policy Lifecycle Template
Develop a comprehensive suite of security policies that are relevant to the needs of the organization.
Time, effort, and money saved by developing formally documented security policies with input from Info-Tech’s subject-matter experts.
2.1 Discuss the risks and drivers your organization faces that must be addressed by policies.
2.2 Develop and customize security policies.
2.3 Develop a plan to gather feedback from users.
2.4 Discuss a plan to submit policies for approval.
Understanding of the risks and drivers that will influence policy development.
Up to 14 customized security policies (dependent on need and time).
Ensure policies and requirements are communicated with end users, along with steps to comply with the new security policies.
Improve compliance and accountability with security policies.
Plan for regular review and maintenance of the security policy program.
Streamlined communication of the policies to users.
Improved end user compliance with policy guidelines and be better prepared for audits.
Incorporate security policies into daily schedule, eliminating disturbances to productivity and efficiency.
3.1 Plan the communication strategy of new policies.
3.2 Discuss myPolicies to automate management and implementation.
3.3 Incorporate policies and processes into your security awareness and training program.
3.4 Assess the effectiveness of security policies.
3.5 Understand the need for regular review and update.
Policy Communication Plan Template
Understanding of how myPolicies can help policy management and implementation.
Security Awareness and Training Program Development Tool
Security Policy Assessment Tool
Action plan to regularly review and update the policies.
A policy for policy’s sake is useless if it isn’t being used to ensure proper processes are followed. A policy should exist for more than just checking a requirement box. Policies need to be quantified, qualified, and enforced for them to be relevant.
Policies should be developed based on the use cases that enable the business to run securely and smoothly. Ensure they are aligned with the corporate culture. Rather than introducing hindrances to daily operations, policies should reflect security practices that support business goals and protection.
No published framework is going to be a perfect fit for any organization, so take the time to compare business operations and culture with security requirements to determine which ones apply to keep your organization secure.
Danny Hammond
Research Analyst Security, Risk, Privacy & Compliance Practice Info-Tech Research Group |
Your Challenge
|
Common Obstacles
InfoSec leaders will struggle to craft the right set of policies without knowing what the organization actually needs, such as:
|
Info-Tech’s Approach
Info-Tech’s Develop and Deploy Security Policies takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:
|
Creating good policies is only half the solution. Having a great policy management lifecycle will keep your policies current, effective, and compliant.
Your ChallengeThis research is designed to help organizations design a program to develop and deploy security policies
|
The problem with security policies29% Of IT workers say it's just too hard and time consuming to track and enforce. 25% Of IT workers say they don’t enforce security policies universally. 20% Of workers don’t follow company security policies all the time. (Source: Security Magazine, 2020) |
Common obstaclesThe problem with security policies isn’t development; rather, it’s the communication, enforcement, and maintenance of them.
|
(Source: IBM, 2022 Cost of a Data Breach; n=537) Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from last year, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020. |
The right policy for the right audience. Generate a roadmap to guide the order of policy development based on organizational policy requirements and the target audience.
Actions
|
I. Define Security Policy Program
a) Security policy program lifecycle template b) Policy prioritization tool |
II. Develop & Implement Policy Suite
a) Policy template set |
Policies must be reasonable, auditable, enforceable, and measurable. Policy items that meet these requirements will have a higher level of adherence. Focus on efficiently creating policies using pre-developed templates that are mapped to multiple compliance frameworks.
Actions
|
|
Gaining feedback on policy compliance is important for updates and adaptation, where necessary, as well as monitoring policy alignment to business objectives.
Actions
|
IV. Measure Policy Program
a) Security policy tracking tool |
III. Communicate Policy Program
a) Security policy awareness & training tool b) Policy communication plan template |
Awareness and training on security policies should be targeted and must be relevant to the employees’ jobs. Employees will be more attentive and willing to incorporate what they learn if they feel that awareness and training material was specifically designed to help them.
Actions
|
|
Build trust in your policy program by involving stakeholder participation through the entire policy lifecycle. |
IT/InfoSec Benefits
|
Business Benefits
|
Key deliverable:Security Policy TemplatesTemplates for policies that can be used to map policy statements to multiple compliance frameworks. |
|
|
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. Overall Impact9.5 /10Overall Average $ Saved$29,015Overall Average Days Saved25 |
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Diagnostics and consistent frameworks used throughout all four options |
A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is six to ten calls over the course of two to four months.
What does a typical GI on this topic look like?Phase 1 |
Phase 2 |
Phase 3 |
Phase 4 |
Call #1: Scope security policy requirements, objectives, and any specific challenges.
Call #2: Review policy lifecycle; prioritize policy development. |
Call #3: Customize the policy templates.
Call #4: Gather feedback on policies and get approval. |
Call #5: Communicate the security policy program.
Call #6: Develop policy training and awareness programs. |
Call #7: Track policies and exceptions. |
Workshop Overview |
Contact your account representative for more information.
|
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
Define the security policy program |
Develop the security policy suite |
Develop the security policy suite |
Implement security policy program |
Finalize deliverables and next steps |
|
Activities | 1.1 Understand the current state of policies. 1.2 Align your security policies to the Info-Tech framework for compliance. 1.3 Understand the relationship between policies and other documents. 1.4 Prioritize the development of security policies. 1.5 Discuss strategies to leverage stakeholder support. 1.6 Plan to communicate with all stakeholders. 1.7 Develop the security policy lifecycle. |
2.1 Discuss the risks and drivers your organization faces that must be addressed by policies. 2.2 Develop and customize security policies. |
2.1 Discuss the risks and drivers your organization faces that must be addressed by policies (continued). 2.2 Develop and customize security policies (continued). 2.3 Develop a plan to gather feedback from users. 2.4 Discuss a plan to submit policies for approval. |
3.1 Plan the communication strategy for new policies. 3.2 Discuss myPolicies to automate management and implementation. 3.3 Incorporate policies into your security awareness and training program. 3.4 Assess the effectiveness of policies. 3.5 Understand the need for regular review and update. |
4.1 Review customized lifecycle and policy templates. 4.2 Discuss the plan for policy roll out. 4.3 Schedule follow-up Guided Implementation calls. |
Deliverables |
|
|
|
|
|
Phase 1
1.1 Understand the current state 1.2 Align your security policies to the Info-Tech framework 1.3 Document your policy hierarchy 1.4 Prioritize development of security policies 1.5 Leverage stakeholders 1.6 Develop the policy lifecycle |
Phase 2
2.1 Customize policy templates 2.2 Gather feedback from users on policy feasibility 2.3 Submit policies to upper management for approval |
Phase 3
3.1 Understand the need for communicating policies 3.2 Use myPolicies to automate the management of your security policies 3.3 Design, build, and implement your communications plan 3.4 Incorporate policies and processes into your training and awareness programs |
Phase 4
4.1 Assess the state of security policies 4.2 Identify triggers for regular policy review and update 4.3 Develop an action plan to update policies |
Scenario 1: You have existing policies
|
Scenario 2: You are starting from scratch
|
Policies are living, evolving documents that require regular review and update, so even if you have policies already written, you’re not done with them.
You have an opportunity to improve your employee alignment and satisfaction, improve organizational agility, and obtain high policy adherence. This is achieved by translating your corporate culture into a policy-based compliance culture.
Align your security policies to the Info-Tech Security Framework by using Info-Tech’s policy templates. Info-Tech’s security framework uses a best-of-breed approach to leverage and align with most major security standards, including:
|
Info-Tech Security Framework |
Defines the cycle for the security policy program and what must be done but not how to do it. Aligns the business, security program, and policies.
Defines high-level overarching concepts of security within the organization, including the scope, purpose, and objectives of policies.
Defines enterprise/technology – specific, detailed guidelines on how to adhere to policies.
|
Design separate policies for different areas of focus. Policies that are written as single, monolithic documents are resistant to change. A hierarchical top-level document supported by subordinate policies and/or procedures can be more rapidly revised as circumstances change.
Policy:
|
||||
Standard:
|
Procedure:
|
Guideline:Recommended actions to consider in absence of an applicable standard, to support a policy. |
||
This model is adapted from a framework developed by CISA (Certified Information Systems Auditor).
Supporting Documentation |
Standards. These support policies by being much more specific and outlining key steps or processes that are necessary to meet certain requirements within a policy document. Ideally standards should be based on policy statements with a target of detailing the requirements that show how the organization will implement developed policies.
If policies describe what needs to happen, then standards explain how it will happen. A good example is an email policy that states that emails must be encrypted; this policy can be supported by a standard such as Transport Layer Security (TLS) encryption that specifically ensures that all email communication is encrypted for messages “in transit” from one secure email server that has TLS enabled to another. There are numerous security standards available that support security policies/programs based on the kind of systems and controls that an organization would like to put in place. A good selection of supporting standards can go a long way to further protect users, data, and other organizational assets |
|
The Info-Tech Security Policy Prioritization Tool will help you determine which security policies to work on first.
Align policies to recent security concerns. If your organization has recently experienced a breach, it may be crucial to highlight corresponding policies as immediately necessary. Info-Tech InsightIf you have an existing policy that aligns with one of the Info-Tech recommended templates weight Ease to Implement and Ease to Enforce as HIGH (4-5). This will decrease the priority of these policies. | Download the Security Policy Prioritization Tool |
While management support is essential to initiating a strong security posture, allow employees to provide input on the development of security policies. This cooperation will lead to easier incorporation of the policies into the daily routines of workers, with less resistance. The security team will be less of a police force and more of a partner.
Executive champion
Identify an executive champion who will ensure that the security program and the security policies are supported. |
Focus on risk and protection
Security can be viewed as an interference, but the business is likely more responsive to the concepts of risk and protection because it can apply to overall business operations and a revenue-generating mandate. |
Communicate policy initiatives
Inform stakeholders of the policy initiative as security policies are only effective if they support the business requirements and user input is crucial for developing a strong security culture. |
Current security landscape
Leveraging the current security landscape can be a useful mechanism to drive policy buy-in from stakeholders. |
Management buy-in
This is key to policy acceptance; it indicates that policies are accurate, align with the business, and are to be upheld, that funds will be made available, and that all employees will be equally accountable. |
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Map the organization’s current state for CX2 and set high-level objectives and metrics.
Strengthen the candidate lifecycle by improving upon pain points through design thinking methods and assessing the competitive landscape.
Create action, communications, and training plans to establish the redesigned CX2 with hiring process stakeholders.
Leverage data collection and workshop activities.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Assess the organization’s current state for CX2.
Set baseline metrics for comparison with new initiatives.
Establish goals to strengthen the CX2.
Gained understanding of where the organization is currently.
Established where the organization would like to be and goals to achieve the new state.
1.1 Review process map of current candidate lifecycle.
1.2 Analyze qualitative and quantitative data gathered.
1.3 Set organizational objectives and project goals.
1.4 Set metrics to measure progress on high-level goals.
Process map
CX2 data analyzed
Candidate Experience Project Charter
Apply design thinking methods to identify pain points in your candidate lifecycle.
Assess the competition and analyze results.
Empathize with candidates and their journey.
Segments with pain points have been identified.
Competitor offering and differentiation has been analyzed.
Candidate thoughts and feelings have been synthesized.
2.1 Identify extreme users.
2.2 Conduct an immersive empathy session or go through the process as if you were a target candidate.
2.3 Identify talent competitors.
2.4 Analyze competitive landscape.
2.5 Synthesize research findings and create empathy map.
2.6 Journey map the CX2.
Extreme users identified
Known and unknown talent competitor’s CX2 analyzed
Empathy map created
Journey map created
Create a communications and action plan and set metrics to measure success.
Set expectations with hiring managers and talent acquisition specialists through a service level agreement.
Action plan created.
Metrics set to track progress and assess improvement.
Service level agreement completed and expectations collaboratively set.
3.1 Assess each stage of the lifecycle.
3.2 Set success metrics for priority lifecycle stages.
3.3 Select actions from the Candidate Experience Best Practices Action Guide.
3.4 Brainstorm other potential (organization-specific) solutions.
3.5 Set action timeline and assign accountabilities.
3.6 Customize service level agreement guidelines.
CX2 lifecycle stages prioritized
Metrics to measure progress set
CX2 best practices selected
Candidate Experience Assessment Tool
Candidate Experience Action and Communication Plan
Service level agreement guidelines.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Review the CSFs that are of strategic importance. Evaluating the gaps in your organization's capabilities enables you to choose a partner that can properly support you in your project.
Review the CSFs that are of tactical, commodity, and operational importance. Evaluating the gaps in your organization's capabilities enables you to choose a partner that can properly support you in your project.
Review your RFx and build an initial list of vendor/implementors to reach out to. Finally, build your evaluation checklist to rate the incoming responses.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Review the critical success factors that are of strategic importance. Evaluating the gaps in your organization's capabilities enables you to choose a partner that can properly support you in your project.
ERP strategy model defined
Strategic needs identified
1.1 Review the business context.
1.2 Build your ERP strategy model.
1.3 Assess your strategic needs.
ERP strategy model
ERP strategy model
Strategic needs analysis
Review the critical success factors that are of tactical, commodity, and operational importance. Evaluating the gaps in your organization's capabilities enables you to choose a partner that can properly support you in your project.
Tactical, commodity, and operational needs identified
2.1 Assess your tactical needs.
2.2 Assess your commodity needs.
2.3 Assess your operational needs.
Tactical needs analysis
Commodity needs analysis
Operational needs analysis
Review your RFx and build an initial list of vendor/implementors to reach out to. Finally, build your evaluation checklist to rate the incoming responses.
Draft RFI or RFP
Target vendor list
3.1 Decide on an RFI or RFP.
3.2 Complete the RFx with the needs analysis.
3.3 Build a list of targeted vendors
Draft RFI or RFP
Draft RFI or RFP
Target vendor list
Build a scoring template for use in vendor evaluation to ensure consistent comparison criteria are used.
A consistent and efficient evaluation process
4.1 Assign weightings to the evaluation criteria.
4.2 Run a vendor evaluation simulation to validate the process.
Completed partner evaluation tool
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Complete Phase 1 to outline your DR site requirements, review any industry or organizational constraints on your DR strategy, and zero in on relevant DR models.
Complete Phase 2 to explore possibilities of deployment models, conduct a TCO comparison analysis, and select the best-fit model.
Complete Phase 3 to assess outsourcing best practices, address implementation considerations, and build an executive presentation for business stakeholders.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify potential DR models
Take a funneled approach and avoid getting lost among all of the DR models available
1.1 Define DR site requirements
1.2 Document industry and organizational constraints
1.3 Identify potential DR models
Determine the type of site, replication, and risk mitigation initiatives required
Rule out unfit models
DR Decision Tree
Application Assessment Tool for Cloud DR
Explore relevant DR models
Develop supporting evidence for the various options
2.1 Explore pros and cons of potential solutions
2.2 Understand the use case for DRaaS
2.3 Review DR model diagrams
Qualitative analysis on candidate models
Evaluate the need for DRaaS
DR diagrams for candidate models
Determine best cost models
Save money by selecting the most cost effective option to meet your DR requirements
3.1 Gather hardware requirements for production site
3.2 Define capacity requirements for DR
3.3 Compare cost across various models
Populate the production summary tab in TCO tool
Understand how much hardware will need to be on standby and how much will be procured at the time of disaster
Find the most cost effective method
Build support from business stakeholders by having a clear and defendable proposal for DR
Effective and ready DR deployment model
4.1 Address implementation considerations for network, capacity, and day-to-day operations
4.2 Build presentation for business stakeholders
Define implementation projects necessary for deployment and appoint staff to execute them
PowerPoint presentation to summarize findings from the course of the project
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build the foundations for the program to succeed.
Define processes for requesting, procuring, receiving, and deploying hardware.
Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.
Plan the hardware budget, then build a communication plan and roadmap to implement the project.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Build the foundations for the program to succeed.
Evaluation of current challenges and maturity level
Defined scope for HAM program
Defined roles and responsibilities
Identified metrics and reporting requirements
1.1 Outline hardware asset management challenges.
1.2 Conduct HAM maturity assessment.
1.3 Classify hardware assets to define scope of the program.
1.4 Define responsibilities.
1.5 Use a RACI chart to determine roles.
1.6 Identify HAM metrics and reporting requirements.
HAM Maturity Assessment
Classified hardware assets
Job description templates
RACI Chart
Define processes for requesting, procuring, receiving, and deploying hardware.
Defined standard and non-standard requests for hardware
Documented procurement, receiving, and deployment processes
Standardized asset tagging method
2.1 Identify IT asset procurement challenges.
2.2 Define standard hardware requests.
2.3 Document standard hardware request procedure.
2.4 Build a non-standard hardware request form.
2.5 Make lease vs. buy decisions for hardware assets.
2.6 Document procurement workflow.
2.7 Select appropriate asset tagging method.
2.8 Design workflow for receiving and inventorying equipment.
2.9 Document the deployment workflow(s).
Non-standard hardware request form
Procurement workflow
Receiving and tagging workflow
Deployment workflow
Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.
Policies and processes for hardware maintenance and asset security
Documented workflows for hardware disposal and recovery/redeployment
3.1 Build a MAC policy, request form, and workflow.
3.2 Design process and policies for hardware maintenance, warranty, and support documentation handling.
3.3 Revise or create an asset security policy.
3.4 Identify challenges with IT asset recovery and disposal and design hardware asset recovery and disposal workflows.
User move workflow
Asset security policy
Asset disposition policy, recovery and disposal workflows
Select tools, plan the hardware budget, then build a communication plan and roadmap to implement the project.
Shortlist of ITAM tools
Hardware asset budget plan
Communication plan and HAM implementation roadmap
4.1 Generate a shortlist of ITAM tools that will meet requirements.
4.2 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget.
4.3 Build HAM policies.
4.4 Develop a communication plan.
4.5 Develop a HAM implementation roadmap.
HAM budget
Additional HAM policies
HAM communication plan
HAM roadmap tool
"Asset management is like exercise: everyone is aware of the benefits, but many struggle to get started because the process seems daunting. Others fail to recognize the integrative potential that asset management offers once an effective program has been implemented.
A proper hardware asset management (HAM) program will allow your organization to cut spending, eliminate wasteful hardware, and improve your organizational security. More data will lead to better business decision-making across the organization.
As your program matures and your data gathering and utility improves, other areas of your organization will experience similar improvements. The true value of asset management comes from improved IT services built upon the foundation of a proactive asset management program." - Sandi Conrad, Practice Lead, Infrastructure & Operations Info-Tech Research Group
Info-Tech Insight
Hardware asset management (HAM) provides a framework for managing equipment throughout its entire lifecycle. HAM is more than just keeping an inventory; it focuses on knowing where the product is, what costs are associated with it, and how to ensure auditable disposition according to best options and local environmental laws.
Implementing a HAM practice enables integration of data and enhancement of many other IT services such as financial reporting, service management, green IT, and data and asset security.
Cost savings and efficiency gains will vary based on the organization’s starting state and what measures are implemented, but most organizations who implement HAM benefit from it. As organizations increase in size, they will find the greatest gains operationally by becoming more efficient at handling assets and identifying costs associated with them.
A 2015 survey by HDI of 342 technical support professionals found that 92% say that HAM has helped their teams provide better support to customers on hardware-related issues. Seventy-seven percent have improved customer satisfaction through managing hardware assets. (HDI, 2015)
HAM cost savings aren’t necessarily realized through the procurement process or reduced purchase price of assets, but rather through the cost of managing the assets.
HAM delivers cost savings in several ways:
Benefit | Calculation | Sample Annual Savings |
---|---|---|
Reduced help desk support
|
# of hardware-related support tickets per year * cost per ticket * % reduction in average call length | 2,000 * $40 * 20% = $16,000 |
Greater inventory efficiency
|
Hours required to complete inventory * staff required * hourly pay rate for staff * number of times a year inventory required | 8 hours * 5 staff * $33 per hour * 2 times a year = $2,640 |
Improved employee productivity
|
# of employees * percentage of employees who encounter productivity loss through unauthorized software * number of hours per year spent using unauthorized software * average hourly pay rate | 500 employees * 10% * 156 hours * $18 = $140,400 |
Improved security
|
# of devices lost or stolen last year * average replacement value of device + # of devices stolen * value of data lost from device | (50 * $1,000) + (50 * $5,000) = $300,000 |
Total Savings: | $459,040 |
Organizations that struggle to implement ITAM successfully usually fall victim to these barriers:
Senior-level sponsorship, engagement, and communication is necessary to achieve the desired outcomes of ITAM; without it, ITAM implementations stall and fail or lack the necessary resources to deliver the value.
ITAM often becomes an added responsibility for resources who already have other full-time responsibilities, which can quickly cause the program to lose focus. Increase the chance of success through dedicated resources.
Many organizations buy a tool thinking it will do most of the work for them, but without supporting processes to define ITAM, the data within the tool can become unreliable.
Some organizations are able to track assets through manual discovery, but as their network and user base grows, this quickly becomes impossible. Choose a tool and build processes that will support the organization as it grows.
Often, organizations implement ITAM only to the extent necessary to achieve compliance for audits, but without investigating the underlying causes of non-compliance and thus not solving the real problems.
IT Asset Procurement:
IT Asset Intake and Deployment:
IT Asset Security and Maintenance:
IT Asset Disposal or Recovery:
Phase 1: Assess & Plan | Phase 2: Procure & Receive | Phase 3: Maintain & Dispose | Phase 4: Plan Budget & Build Roadmap |
1.1 Assess current state & plan scope | 2.1 Request & procure | 3.1 Manage & maintain | 4.1 Plan budget |
1.2 Build team & define metrics | 2.2 Receive & deploy | 3.2 Redeploy or dispose | 4.2 Communicate & build roadmap |
HAM Maturity Assessment | Procurement workflow | User move workflow | HAM Budgeting Tool |
Classified hardware assets | Non-standard hardware request form | Asset security policy | HAM Communication Plan |
RACI Chart | Receiving & tagging workflow | Asset disposition policy | HAM Roadmap Tool |
Job Descriptions | Deployment workflow | Asset recovery & disposal workflows | Additional HAM policies |
Industry IT
Source Cisco Systems, Inc.
Cisco Systems, Inc.
Cisco Systems, Inc. is the largest networking company in the world. Headquartered in San Jose, California, the company employees over 70,000 people.
Asset Management
As is typical with technology companies, Cisco boasted a proactive work environment that encouraged individualism amongst employees. Unfortunately, this high degree of freedom combined with the rapid mobilization of PCs and other devices created numerous headaches for asset tracking. At its peak, spending on hardware alone exceeded $100 million per year.
Results
Through a comprehensive ITAM implementation, the new asset management program at Cisco has been a resounding success. While employees did have to adjust to new rules, the process as a whole has been streamlined and user-satisfaction levels have risen. Centralized purchasing and a smaller number of hardware platforms have allowed Cisco to cut its hardware spend in half, according to Mark Edmondson, manager of IT services expenses for Cisco Finance.
This case study continues in phase 1
HAM Standard Operating Procedures (SOP)
HAM Maturity Assessment
Non-Standard Hardware Request Form
HAM Visio Process Workflows
HAM Policy Templates
HAM Budgeting Tool
HAM Communication Plan
HAM Implementation Roadmap Tool
GI | Measured Value |
---|---|
Phase 1: Lay Foundations |
|
Phase 2: Procure & Receive |
|
Phase 3: Maintain & Dispose |
|
Phase 4: Plan Implementation |
|
Total savings | $25,845 |
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
1. Lay Foundations | 2. Procure & Receive | 3. Maintain & Dispose | 4. Budget & Implementation | |
---|---|---|---|---|
Best-Practice Toolkit |
1.1 Assess current state & plan scope 1.2 Build team & define metrics |
2.1 Request & procure 2.2 Receive & deploy |
3.1 Manage & maintain 3.2 Redeploy or dispose |
4.1 Plan budget 4.2 Communicate & build roadmap |
Guided Implementation |
|
|
|
|
Results & Outcomes |
|
|
|
|
Contact your account representative or email Workshops@InfoTech.comfor more information.
Phases: | Teams, Scope & Hardware Procurement | Hardware Procurement and Receiving | Hardware Maintenance & Disposal | Budgets, Roadmap & Communications |
---|---|---|---|---|
Duration* | 1 day | 1 day | 1 day | 1 day |
* Activities across phases may overlap to ensure a timely completion of the engagement | ||||
Projected Activities |
|
|
|
|
Projected Deliverables |
|
|
Industry IT
Source Cisco Systems, Inc.
Cisco Systems’ hardware spend was out of control. Peaking at $100 million per year, the technology giant needed to standardize procurement processes in its highly individualized work environment.
Users had a variety of demands related to hardware and network availability. As a result, data was spread out amongst multiple databases and was managed by different teams.
The IT team at Cisco set out to solve their hardware-spend problem using a phased project approach.
The first major step was to identify and use the data available within various departments and databases. The heavily siloed nature of these databases was a major roadblock for the asset management program.
This information had to be centralized, then consolidated and correlated into a meaningful format.
The centralized tracking system allowed a single point of contact (POC) for the entire lifecycle of a PC. This also created a centralized source of information about all the PC assets at the company.
This reduced the number of PCs that were unaccounted for, reducing the chance that Cisco IT would overspend based on its hardware needs.
There were still a few limitations to address following the first step in the project, which will be described in more detail further on in this blueprint.
This case study continues in phase 2
1.1 Assess current state & plan scope
1.2 Build team & define metrics
1.1.1 Complete MGD (optional)
1.1.2 Outline hardware asset management challenges
1.1.3 Conduct HAM maturity assessment
1.1.4 Classify hardware assets to define scope of the program
1.1.1 Optional Diagnostic
The MGD allows you to understand the landscape of all IT processes, including asset management. Evaluate all team members’ perceptions of each process’ importance and effectiveness.
Use the results to understand the urgency to change asset management and its relevant impact on the organization.
Establish process owners and hold team members accountable for process improvement initiatives to ensure successful implementation and realize the benefits from more effective processes.
To book a diagnostic, or get a copy of our questions to inform your own survey, visit Info-Tech’s Benchmarking Tools, contact your account manager, or call toll-free 1-888-670-8889 (US) or 1-844-618-3192 (CAN).
Processes and Policies:
Tracking:
Security and Risk:
Procurement:
Receiving:
Disposal:
Contracts:
1.1.1 Brainstorm HAM challenges
A. As a group, outline the hardware asset management challenges facing the organization.
Use the previous slide to help you get started. You can use the following headings as a guide or think of your own:
B. If you get stuck, use the Hardware Asset Management Maturity Assessment Tool to get a quick view of your challenges and maturity targets and kick-start the conversation.
Drivers of effective HAM | Results of effective HAM | |
---|---|---|
Contracts and vendor licensing programs are complex and challenging to administer without data related to assets and their environment. | → | Improved access to accurate data on contracts, licensing, warranties, installed hardware and software for new contracts, renewals, and audit requests. |
Increased need to meet compliance requires a formal approach to tracking and managing assets, regardless of device type. | → | Encryption, hardware tracking and discovery, software application controls, and change notifications all contribute to better asset controls and data security. |
Cost cutting is on the agenda, and management is looking to reduce overall IT spend in the organization in any possible way. | → | Reduction of hardware spend by as much as 5% of the total budget through data for better forecasting and planning. |
Assets with sensitive data are not properly secured, go missing, or are not safely disposed of when retired. | → | Document and enforce security policies for end users and IT staff to ensure sensitive data is properly secured, preventing costs much larger than the cost of only the device. |
Maturity | People & Policies | Processes | Technology |
---|---|---|---|
Chaos |
|
|
|
Reactive |
|
|
|
Controlled |
|
|
|
Proactive |
|
|
|
Optimized |
|
|
|
1.1.3 Complete HAM Maturity Assessment Tool
Complete the Hardware Asset Management Maturity Assessment Tool to understand your organization’s overall maturity level in HAM, as well as the starting maturity level aligned with each step of the blueprint, in order to identify areas of strength and weakness to plan the project. Use this to track progress on the project.
The hardware present in your organization can be classified into four categories of ascending strategic complexity: commodity, inventory, asset, and configuration.
Commodity items are devices that are low-cost, low-risk items, where tracking is difficult and of low value.
Inventory is tracked primarily to identify location and original expense, which may be depreciated by Finance. Typically there will not be data on these devices and they’ll be replaced as they lose functionality.
Assets will need the full lifecycle managed. They are identified by cost and risk. Often there is data on these devices and they are typically replaced proactively before they become unstable.
Configuration items will generally be tracked in a configuration management database (CMDB) for the purpose of enabling the support teams to make decisions involving dependencies, configurations, and impact analysis. Some data will be duplicated between systems, but should be synchronized to improve accuracy between systems.
See Harness Configuration Management Superpowers to learn more about building a CMDB.
ASSET - Items of high importance and may contain data, such as PCs, mobile devices, and servers.
INVENTORY - Items that require significant financial investment but no tracking beyond its existence, such as a projector.
COMMODITY - Items that are often in use but are of relatively low cost, such as keyboards or mice.
1.1.4 Define the assets to be tracked within your organization
Document in the Standard Operating Procedures, Section 1 – Overview & Scope
Industry Public Administration
Source Client Case Study
A state government designed a process to track hardware worth more than $1,000. Initially, most assets consisted of end-user computing devices.
The manual tracking process, which relied on a series of Excel documents, worked well enough to track the lifecycle of desktop and laptop assets.
However, two changes upended the organization’s program: the cost of end-user computing devices dropped dramatically and the demand for network services led to the proliferation of expensive equipment all over the state.
The existing program was no longer robust enough to meet business requirements. Networking equipment was not only more expensive than end-user computing devices, but also more critical to IT services.
What was needed was a streamlined process for procuring high-cost, high-utility equipment, tracking their location, and managing their lifecycle costs without compromising services.
The organization decided to formalize, document, and automate hardware asset management processes to meet the new challenges and focus efforts on high-cost, high-utility end-user computing devices only.
Phase 1: Assess & Plan
1.1 Assess current state & plan scope
1.2 Build team and define metrics
1.2.1 Define responsibilities for Asset Manager and Asset Administrator
1.2.2 Use a RACI chart to determine roles within HAM team
1.2.3 Further clarify HAM responsibilities for each role
1.2.4 Identify HAM reporting requirements
Asset management is an organizational change. To gain buy-in for the new processes and workflows that will be put in place, a dedicated, passionate team needs to jump-start the project.
Delegate the following roles to team members and grow your team accordingly.
Asset Manager |
|
---|---|
Asset Administrator |
|
Service Desk, IT Operations, Applications |
|
Info-Tech Insight
Ensure that there is diversity within the ITAM team. Assets for many organizations are diverse and the composition of your team should reflect that. Have multiple departments and experience levels represented to ensure a balanced view of the current situation.
1.2.1 Use Info-Tech’s job description templates to define roles
The role of the IT Asset Manager is to oversee the daily and long-term strategic management of software and technology- related hardware within the organization. This includes:
The role of the IT Asset Administrator is to actively manage hardware and software assets within the organization. This includes:
Use Info-Tech’s job description templates to assist in defining the responsibilities for these roles.
Typically the asset manager will answer to either the CFO or CIO. Occasionally they answer to a vendor manager executive. The hierarchy may vary based on experience and how strategic a role the asset manager will play.
1.2.2 Complete a RACI
A RACI chart will identify who should be responsible, accountable, consulted, and informed for each key activity during the consolidation.
Document in the Standard Operating Procedure.
A sample RACI chart is provided on the next slide
1.2.2 Complete a RACI chart for your organization
HAM Tasks | CIO | CFO | HAM Manager | HAM Administrator | Service Desk (T1,T2, T3) | IT Operations | Security | Procurement | HR | Business Unit Leaders | Compliance /Legal | Project Manager |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Policies and governance | A | I | R | I | I | C | I | C | C | I | I | |
Strategy | A | R | R | R | R | |||||||
Data entry and quality management | C | I | A | I | C | C | I | I | C | C | ||
Risk management and asset security | A | R | C | C | R | C | C | |||||
Process compliance auditing | A | R | I | I | I | I | I | |||||
Awareness, education, and training | I | A | I | I | C | |||||||
Printer contracts | C | A | C | C | C | R | C | C | ||||
Hardware contract management | A | I | R | R | I | I | R | R | I | I | ||
Workflow review and revisions | I | A | C | C | C | C | ||||||
Budgeting | A | R | C | I | C | |||||||
Asset acquisition | A | R | C | C | C | C | I | C | C | |||
Asset receiving (inspection/acceptance) | I | A | R | R | I | |||||||
Asset deployment | A | R | R | I | I | |||||||
Asset recovery/harvesting | A | R | R | I | I | |||||||
Asset disposal | C | A | R | R | I | I | ||||||
Asset inventory (input/validate/maintain) | I | I | A/R | R | R | R | I | I | I |
1.2.3 Define roles and responsibilities for the HAM team
Role | Responsibility |
---|---|
IT Manager |
|
Asset Managers |
|
Service Desk | |
Desktop team | |
Security | |
Infrastructure teams |
Follow a process for establishing metrics:
CSF | KPI | Metrics |
---|---|---|
Improve accuracy of IT budget and forecasting |
|
|
Identify discrepancies in IT environment |
|
|
Avoid over purchasing equipment |
|
|
Make more-effective purchasing decisions |
|
|
Improve accuracy of data |
|
|
Improved service delivery |
|
|
1.2.4 Identify asset reporting requirements
Document in the Standard Operating Procedures, Section 13: Reporting
CSF | KPI | Metrics | Stakeholder/frequency |
---|---|---|---|
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 4 weeks
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
HAM Maturity Assessment
Standard Operating Procedures
Review findings with analyst:
Then complete these activities…
With these tools & templates:
RACI Chart
Asset Manager and Asset Administrator Job Descriptions
Standard Operating Procedures
Phase 1 Results & Insights:
For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.
1.1.4 Classify hardware assets to define scope of the program
Determine value/risk threshold at which assets should be tracked, then divide a whiteboard into four quadrants representing four categories of assets. Participants write assets down on sticky notes and place them in the appropriate quadrant to classify assets.
1.2.2 Build a RACI chart to determine responsibilities
Identify all roles within the organization that will play a part in hardware asset management, then document all core HAM processes and tasks. For each task, assign each role to be responsible, accountable, consulted, or informed.
2.1 Request & Procure
2.2 Receive & Deploy
2.1.1 Identify IT asset procurement challenges
2.1.2 Define standard hardware requests
2.1.3 Document standard hardware request procedure
2.1.4 Build a non-standard hardware request form
2.1.5 Make lease vs. buy decisions for hardware assets
2.1.6 Document procurement workflow
2.1.7 Build a purchasing policy
Industry Government
Source Itassetmanagement.net
Signed July 27, 2004, Executive order S-20-04, the “Green Building Initiative,” placed strict regulations on energy consumption, greenhouse gas emissions, and raw material usage and waste.
In compliance with S-20-04, the State of California needed to adopt a new procurement strategy. Its IT department was one of the worst offenders given the intensive energy usage by the variety of assets managed under the IT umbrella.
A green IT initiative was enacted, which involved an extensive hardware refresh based on a combination of agent-less discovery data and market data (device age, expiry dates, power consumption, etc.).
A hardware refresh of almost a quarter-million PCs, 9,500 servers, and 100 email systems was rolled out as a result.
Other changes, including improved software license compliance and data center consolidation, were also enacted.
Because of the scale of this hardware refresh, the small changes meant big savings.
A reduction in power consumption equated to savings of over $40 million per year in electricity costs. Additionally, annual carbon emissions were trimmed by 200,000 tons.
Standardize processes: Using standard products throughout the enterprise lowers support costs by reducing the variety of parts that must be stocked for onsite repairs or for provisioning and supporting equipment.
Align procurement processes: Procurement processes must be aligned with customers’ business requirements, which can have unique needs.
Define SLAs: Providing accurate and timely performance metrics for all service activities allows infrastructure management based on fact rather than supposition.
Reduce TCO: Management recognizes service infrastructure activities as actual cost drivers.
Implement a single POC: A consolidated service desk is used where the contact understands both standards (products, processes, and practices) and the user’s business and technical environment.
2.1.1 Identify IT asset procurement challenges
The first step in your procurement workflow will be to determine what is in scope for a standard request, and how non-standard requests will be handled. Questions that should be answered by this procedure include:
If your end-user device strategy requires an overhaul, schedule time with an Info-Tech analyst to review our blueprint Build an End-User Computing Strategy.
Once you’ve answered questions like these, you can outline your hardware standards as in the example below:
Use Case | Mobile Standard | Mac Standard | Mobile Power User |
---|---|---|---|
Asset | Lenovo ThinkPad T570 | iMac Pro | Lenovo ThinkPad P71 |
Operating system | Windows 10 Pro | Mac OSX | Windows 10 Pro, 64 bit |
Display | 15.6" | 21.5" | 17.3” |
Memory |
32GB | 8GB | 64GB |
Processor | Intel i7 – 7600U Processor | 2.3GHz | Xeon E3 v6 Processor |
Drive | 500GB | 1TB | 1TB |
Warranty | 3 year | 1 year + 2 extended | 3 year |
Info-Tech Insight
Approach hardware standards from a continual improvement frame of mind. Asset management is a dynamic process. Hardware standards will need to adapt over time to match the needs of the business. Plan assessments at routine intervals to ensure your current hardware standards align with business needs.
Determine environmental requirements and constraints.
Power management
Compare equipment for power consumption and ability to remotely power down machines when not in use.
Heat and noise
Test equipment run to see how hot the device gets, where the heat is expelled, and how much noise is generated. This may be particularly important for users who are working in close quarters.
Carbon footprint
Ask what the manufacturer is doing to reduce post-consumer waste and eliminate hazardous materials and chemicals from their products.
Ensure security requirements can be met.
Review features available to enhance manageability.
"If you are looking for a product for two or three years, you can get it for less than half the price of new. I bought refurbished equipment for my call center for years and never had a problem". – Glen Collins, President, Applied Sales Group
Info-Tech Insight
Price differences are minimal between large and small vendors when dealing with refurbished machines. The decision to purchase should be based on ability to provide and service equipment.
2.1.2 Identify standards for hardware procurement by role
Document in the Standard Operating Procedures, Section 7: Procurement.
Department | Core Hardware Assets | Optional Hardware Assets |
---|---|---|
IT | PC, tablet, monitor | Second monitor |
Sales | PC, monitor | Laptop |
HR | PC, monitor | Laptop |
Marketing | PC (iMac) | Tablet, laptop |
2.1.3 Document standard hardware request procedure
Document in the Standard Operating Procedures, Section 6: End-User Request Process.
Discuss and document the end-user request process:
End-User Request Process
2.1.4 Build a non-standard hardware request form
Info-Tech Insight
Include non-standard requests in continual improvement assessment. If a large portion of requests are for non-standard equipment, it’s possible the hardware doesn’t meet the recommended requirements for specialized software in use with many of your business users. Determine if new standards need to be set for all users or just “power users.”
Categories | Peripherals | Desktops/Laptops | Servers |
---|---|---|---|
Financial |
|
|
|
Request authorization |
|
|
|
Required approvals |
|
|
|
Warranty requirements |
|
|
|
Inventory requirements |
|
|
|
Tracking requirements |
|
|
|
Info-Tech Best Practice
Take into account the possibility of encountering taxation issues based on where the equipment is being delivered as well as taxes imposed or incurred in the location from which the asset was shipped or sent. This may impact purchasing decisions and shipping instructions.
Improve procurement decisions:
Document the following in your procurement procedure:
Info-Tech Insight
IT procurement teams are often heavily siloed from ITAM teams. The procurement team is typically found in the finance department. One way to bridge the gap is to implement routine, reliable reporting between departments.
2.1.4 Decide whether to purchase or lease
Document policy decisions in the Standard Operating Procedures – Section 7: Procurement
Determine acceptable response time, and weigh the cost of warranty against the value of service.
Speak to your partner to see how they can help the process of distributing machines.
Transaction-based purchases will receive the smallest discounting.
Bulk purchases will receive more aggressive discounting of 5-15% off suggested retail price, depending on quantities.
Larger quantities rolled out over time will require commitments to the manufacturer to obtain deepest discounts.
New or upgraded components will be introduced into configurations when it makes the most sense in a production cycle. This creates a challenge in comparing products, especially in an RFP. The best way to handle this is to:
"The hardware is the least important part of the equation. What is important is the warranty, delivery, imaging, asset tagging, and if they cannot deliver all these aspects the hardware doesn’t matter." – Doug Stevens, Assistant Manager Contract Services, Toronto District School Board
The procurement process should balance the need to negotiate appropriate pricing with the need to quickly approve and fulfill requests. The process should include steps to follow for approving, ordering, and tracking equipment until it is ready for receipt.
Within the process, it is particularly important to decide if this is where equipment is added into the database or if it will happen upon receipt.
Info-Tech Insight
Where the Hardware Asset Manager is unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand. Projects, replacements, and new-user requests cannot be delayed in a service-focused IT organization due to bureaucratic processes.
Determine if you need one workflow for all equipment or multiples for small vs. large purchases.
Occasionally large rollouts require significant changes from lower dollar purchases.
This sample can be found in the HAM Process Workflows.
2.1.6 Illustrate procurement workflow with a tabletop exercise
Document in the Standard Operating Procedures, Section 7: Procurement
2.1.7 Build a purchasing policy
A purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.
The policy will ensure that all purchasing processes are consistent and in alignment with company strategy. The purchasing policy is key to ensuring that corporate purchases are effective and the best value for money is obtained.
Implement a purchasing policy to prevent or reduce:
Download Info-Tech’s Purchasing Policytemplate to build your own purchasing policy.
2.1 Request & Procure
2.2 Receive & Deploy
This step will walk you through the following activities:
2.2.1 Select appropriate asset tagging method
2.2.2 Design workflow for receiving and inventorying equipment
2.2.3 Document the deployment workflow(s)
This step involves the following participants:
Industry Networking
Source Cisco IT
Although Cisco Systems had implemented a centralized procurement location for all PCs used in the company, inventory tracking had yet to be addressed.
Inventory tracking was still a manual process. Given the volume of PCs that are purchased each year, this is an incredibly labor-intensive process.
Sharing information with management and end users also required the generation of reports – another manual task.
The team at Cisco recognized that automation was the key component holding back the success of the inventory management program.
Rolling out an automated process across multiple offices and groups, both nationally and internationally, was deemed too difficult to accomplish in the short amount of time needed, so Cisco elected to outsource its PC management needs to an experienced vendor.
As a result of the PC management vendor’s industry experience, the implementation of automated tracking and management functions drastically improved the inventory management situation at Cisco.
The vendor helped determine an ideal leasing set life of 30 months for PCs, while also managing installations, maintenance, and returns.
Even though automation helped improve inventory and deployment practices, Cisco still needed to address another key facet of asset management: security.
This case study continues in phase 3.
Examine your current process for receiving assets. Typical problems include:
Receiving inventory at multiple locations can lead to inconsistent processes. This can make invoice reconciliation challenging and result in untracked or lost equipment and delays in deployment.
Equipment not received and secured quickly. Idle equipment tends to go missing if left unsupervised for too long. Missed opportunities to manage returns where equipment is incorrect or defective.
Disconnect between procurement and receiving where ETAs are unknown or incorrect. This can create an issue where no one is prepared for equipment arrival and is especially problematic on large orders.
How do you solve these problems? Create a standardized workflow that outlines clear steps for asset receiving.
A workflow will help to answer questions such as:
The first step in effective hardware asset intake is establishing proper procedures for receiving and handling of assets.
Process: Start with information from the procurement process to determine what steps need to follow to receive into appropriate systems and what processes will enable tagging to happen as soon as possible.
People: Ensure anyone who may impact this process is aware of the importance of documenting before deployment. Having everyone who may be handling equipment on board is key to success.
Security: Equipment will be secured at the loading dock or reception. It will need to be secured as inventory and be secured if delivering directly to the bench for imaging. Ensure all receiving activities are done before equipment is deployed.
Tools: A centralized ERP system may already provide a place to receive and reconcile with purchasing and invoicing, but there may still be a need to receive directly into the ITAM and/or CMDB database rather than importing directly from the ERP system.
Tagging: A variety of methods can be used to tag equipment to assist with inventory. Consider the overall lifecycle management when determining which tagging methods are best.
Info-Tech Insight
Decentralized receiving doesn’t have to mean multiple processes. Take advantage of enterprise solutions that will centralize the data and ensure everyone follows the same processes unless there is an uncompromising and compelling logistical reason to deviate.
Method | Cost | Strengths | Weaknesses | Recommendation |
---|---|---|---|---|
RFID with barcoding – asset tag with both a barcode and RFID solution | $$$$ |
|
|
|
RFID only – small chip with significant data capacity | $$$ |
|
|
|
Barcoding only – adding tags with unique barcodes | $$ |
|
|
|
Method | Cost | Strengths | Weaknesses | Recommendation |
---|---|---|---|---|
QR codes – two-dimensional codes that can store text, binary, image, or URL data | $$ |
|
|
|
Manual tags – tag each asset with your own internal labels and naming system | $ |
|
|
|
Asset serial numbers – tag assets using their serial number | $ |
|
|
|
2.2.1 Select asset tagging method
Document in the Standard Operating Procedures, Section 8
Asset Type | Asset Tag Location |
---|---|
PC desktop | Right upper front corner |
Laptop | Right corner closest to user when laptop is closed |
Server | Right upper front corner |
Printer | Right upper front corner |
Modems | Top side, right corner |
Assign responsibility and accountability for inspection and acceptance of equipment, verifying the following:
The return merchandise authorization (RMA) process should be a standard part of the receiving process to handle the return of defective materials to the vendor for either repair or replacement.
If there is a standard process in place for all returns in the organization, you can follow the same process for returning hardware equipment:
Info-Tech Insight
Make sure you’re well aware of the stipulations in your contract or purchase order. Sometimes acceptance is assumed after 60 days or less, and oftentimes the clock starts as soon as the equipment is shipped out rather than when it is received.
Info-Tech Best Practice
Keep in mind that the serial number on the received assed may not be the asset that ultimately ends up on the user’s desk if the RMA process is initiated. Record the serial number after the RMA process or add a correction process to the workflow to ensure the asset is properly accounted for.
A common technique employed by asset managers is to categorize your assets using an ABC analysis. Assets are classified as either A, B, or C items. The ratings are based on the following criteria:
A
A items have the highest usage. Typically, 10-20% of total assets in your inventory account for upwards of 70-80% of the total asset requests.
A items should be tightly controlled with secure storage areas and policies. Avoiding stock depletion is a top priority.
B
B items are assets that have a moderate usage level, with around 30% of total assets accounting for 15-25% of total requests.
B items must be monitored; B items can transition to A or C items, especially during cycles of heavier business activity.
C
C items are assets that have the lowest usage, with upwards of 50% of your total inventory accounting for just 5% of total asset requests.
C items are reordered the least frequently, and present a low demand and high risk for excessive inventory (especially if they have a short lifecycle). Many organizations look to move towards an on-demand policy to mitigate risk.
Info-Tech Insight
Get your vendor to keep stock of your assets. If large quantities of a certain asset are required but you lack the space to securely store them onsite, ask your vendor to keep stock for you and release as you issue purchase orders. This speeds up delivery and delays warranty activation until the item is shipped. This does require an adherence to equipment standards and understanding of demand to be effective.
Define the following in your receiving process:
2.2.2 Illustrate receiving workflow with a tabletop exercise
Document in the Standard Operating Procedures, Section 8: Receiving and Equipment Inventory
Option 1: Whiteboard
Option 2: Tabletop Exercise
A software usage snapshot for an urban planner/engineer.
Define the process for deploying hardware to users.
Include the following in your workflow:
Large-scale desktop deployments or data center upgrades will likely be managed as projects.
These projects should include project plans, including resources, timelines, and detailed procedures.
Define the process for large-scale deployment if it will differ from the regular deployment process.
2.2.3 Document deployment workflows for desktop and large-scale deployment
Document in the Standard Operating Procedures, Section 9: Deployment
Document each step in the system deployment process with notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.
The biggest challenge in deploying equipment is meeting expectations of the business, and without cooperation from multiple departments, this becomes significantly more difficult.
Self-serve kiosks (vending machines) can provide cost reductions in delivery of up to 25%. Organizations that have a high distribution rate are seeing reductions in cost of peripherals averaging 30-35% and a few extreme cases of closer to 85%.
Benefits of using vending machines:
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 4 weeks
Step 2.1: Request & Procure
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Step 2.2: Receive & Deploy
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Phase 2 Insight: Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.
2.1.2 Define standard hardware requests
Divide whiteboard into columns representing core business areas. Define core hardware assets for end users in each division along with optional hardware assets. Discuss optional assets to narrow and define standard equipment requests.
2.2.1 Select appropriate method for tagging and tracking assets
Discuss the various asset tagging methods and choose the tagging method that is most appropriate for your organization. Define the process for tagging assets and document the standard asset tag location according to equipment type.
Industry Networking
Source Cisco IT
Cisco Systems had created a dynamic work environment that prized individuality. This environment created high employee satisfaction, but it also created a great deal of risk surrounding device security.
Cisco lacked an asset security policy; there were no standards for employees to follow. This created a surplus of not only hardware, but software to support the variety of needs amongst various teams at Cisco.
The ITAM team at Cisco recognized that their largest problem was the lack of standardization with respect to PCs. Variance in cost, lifecycle, and software needs/compatibility were primary issues.
Cisco introduced a PC leasing program with the help of a PC asset management vendor to correct these issues. The primary goal was to increase on-time returns of PCs. A set life of 30 months was defined by the vendor.
Cisco engaged employees to help contribute to improving its asset management protocols, and the approach worked.
On-time returns increased from 60% to 80%. Costs were reduced due to active tracking and disposal of any owned assets still present.
A reduction in hardware and software platforms has cut costs and increased security thanks to improved tracking capabilities.
This case study continues in phase 4
3.1 Manage & Maintain
3.2 Dispose or Redeploy
3.1.1 Build a MAC policy and request form
3.1.2 Build workflows to document user MAC processes
3.1.3 Design process and policies for hardware maintenance, warranty, and support documentation handling
3.1.4 Revise or create an asset security policy
Info-Tech Insight
One of the most common mistakes we see when it comes to asset management is to assume that the discovery tool will discovery most or all of your inventory and do all the work. It is better to assume only 80-90% coverage by the discovery tool and build ownership records to uncover the unreportable assets that are not tied into the network.
Conduct an annual hardware audit to ensure hardware is still assigned to the person and location identified in your ITAM system, and assess its condition.
Perform a quarterly review of hardware stock levels in order to ensure all equipment is relevant and usable. The table below is an example of how to organize this information.
Item | Target Stock Levels | Estimated $ Value |
---|---|---|
Desktop computers | ||
Standard issue laptops | ||
Mice | ||
Keyboards | ||
Network cables | ||
Phones |
Info-Tech Insight
Don’t forget about your remotely deployed assets. Think about how you plan to inventory remotely deployed equipment. Some tools will allow data collection through an agent that will talk to the server over the internet, and some will completely ignore those assets or provide a way to manually collect the data and email back to the asset manager. Mobile device management tools may also help with this inventory process. Determine what is most appropriate based on the volume of remote workers and devices.
IMAC services are usually performed at a user’s deskside by a services technician and can include:
Specific activities may include:
Changes
Moves
Installs and Adds
Recommendations:
Automate. Wherever possible, use tools to automate the IMAC process.
E-forms, help desk, ticketing, or change management software can automate the request workflow by allowing the requestor to submit a request ticket that can then be automatically assigned to a designated team member according to the established chain of command. As work is completed, the ticket can be updated, and the requestor will be able to check the status of the work at any time.
Communicate the length of any downtime associated with execution of the IMAC request to lessen the frustration and impatience among users.
Involve HR. When it comes to adding or removing user accounts, HR can be a valuable resource. As most new employees should be hired through HR, work with them to improve the onboarding process with enough advanced notice to set up accounts and equipment. Role changes with access rights and software modifications can benefit from improved communications. Review the termination process as well, to secure data and equipment.
A consistent Move, Add, Change (MAC) request process is essential for lessening the burden on the IT department. MAC requests are used to address any number of tasks, including:
If you are not using help desk or other ticketing software, create a request template that must be submitted for each MAC. The request should include:
3.1.1 Build a MAC policy and request form
Desktop Move/Add/Change Policy
This desktop move/add/change policy should be put in place to mitigate the risk associated with unauthorized changes, minimize disruption to the business, IT department, and end users, and maintain consistent expectations.
Move, Add, Change Request Form
Help end users navigate the move/add/change process. Use the Move/Add/Change Request Form to increase efficiency and organization for MAC requests.
Include the following in your process documentation:
3.1.2 Build MAC process workflows
Document in the Standard Operating Procedures, Section 10: Equipment Install, Adds, Moves, and Changes
Document each step in the system deployment process using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.
Sample equipment maintenance policy terms:
3.1.3 Design process for hardware maintenance
Document in the Standard Operating Procedures, Section 10
ITAM complements and strengthens security tools and processes, improving the company’s ability to protect its data and systems and reduce operational risk.
It’s estimated that businesses worldwide lose more than $221 billion per year as a result of security breaches. HAM is one important factor in securing data, equipment investment, and meeting certain regulatory requirements.
How does HAM help keep your organization secure?
Best Practices
Organizations with a formal mobile management strategy have fewer problems with their mobile devices.
Develop a secure MDM to:
The benefits of a deployed MDM solution:
Mobile device management is constantly evolving to incorporate new features and expand to new control areas. This is a high-growth area that warrants constant up-to-date knowledge on the latest developments.
What can be packed into an MDM can vary and be customized in many forms for what your organization needs.
Endpoints | Average | None |
---|---|---|
Desktop | 73% | 4% |
Laptops | 65% | 9% |
Smartphones | 27% | 28% |
Netbooks | 26% | 48% |
Tablets | 16% | 59% |
Grand average | 41% |
It is nearly impossible to keep the types of data separate, even with a sandbox approach. Selective wipe will miss some corporate data, and even a full remote wipe can only catch some of users’ increasingly widely distributed data.
Not every violation of policy warrants a wipe. Playing Candy Crush during work hours probably does not warrant a wipe, but jail breaking or removing a master data management client can open up security holes that do warrant a wipe.
Data security is not simply restricted to compromised software. In fact, 70% of all data breaches in the healthcare industry since 2010 are due to device theft or loss, not hacking. (California Data Breach Report – October, 2014) ITAM is not just about tracking a device, it is also about tracking the data on the device.
Organizations often struggle with the following with respect to IT asset security:
Your security policy should seek to protect IT hardware and software that:
These assets should be documented and controlled in order to meet security requirements.
The asset security policy should encompass the following:
Info-Tech Insight
Hardware can be pricey; data is priceless. The cost of losing a device is minimal compared to the cost of losing data contained on a device.
3.1.4 Develop IT asset security policy
Document in the Asset Security Policy.
Challenge | Current Security Risk | Target Policy |
---|---|---|
Hardware removal | Secure access and storage, data loss | Designated and secure storage area |
BYOD | No BYOD policy in place | N/A → phasing out BYOD as an option |
Hardware data removal | Secure data disposal | Data disposal, disposal vendor |
Unused software | Lack of support/patching makes software vulnerable | Discovery and retirement of unused software |
Unauthorized software | Harder to track, less secure | Stricter stance on pirated software |
Industry Legal
Source ICO
The Ministry of Justice (MoJ) in the UK had a security problem: hard drives that contained sensitive prisoner data were unencrypted and largely unprotected for theft.
These hard drives contained information related to health, history of drug use, and past links to organized crime.
After two separate incidents of hard drive theft that resulted in data breaches, the Information Commissioner’s Office (ICO), stepped in.
It was determined that after the first hard drive theft in October 2011, replacement hard drives with encryption software were provisioned to prisons managed by the MoJ.
Unfortunately, the IT security personnel employed by the MoJ were unaware that the encryption software required manual activation.
When the second hard drive theft occurred, the digital encryption could not act as a backup to poor physical security (the hard drive was not secured in a locker as per protocol).
The perpetrators were never found and the stolen hard drives were never recovered.
As a result of the two data breaches, the MoJ had to implement costly security upgrades to its data protection system.
The ICO fined the MoJ £180,000 for its repeated security breaches. This costly fine could have been avoided if more diligence was present in the MoJ’s asset management program.
3.1 Manage & Maintain
3.2 Dispose or Redeploy
3.2.1 Identify challenges with IT asset recovery and disposal
3.2.2 Design hardware asset recovery and disposal workflows
3.2.3 Build a hardware asset disposition policy
$500MM); and orange is Overall.">
(Info-Tech Research Group; N=96)
Budget profiles | Refresh methods |
---|---|
Stretched Average equipment age: 7+ years |
To save money, some organizations will take a cascading approach, using the most powerful machines for engineers or scientists to ensure processing power, video requirements and drives will meet the needs of their applications and storage needs; then passing systems down to departments who will require standard-use machines. The oldest and least powerful machines are either used as terminals or disposed. |
Generous Average equipment age: 3 years |
Organizations that do not want to risk user dissatisfaction or potential compatibility or reliability issues will take a more aggressive replacement approach. These organizations often have less people assigned to end-user device maintenance and will not repair equipment outside of warranty. There is little variation in processing power among devices, with major differences determined by mobility and operating system. |
Cautious Average equipment age: 4 to 5 years |
Organizations that fit between the other two profiles will look to stretch the budget beyond warranty years, but will keep a close eye on maintenance requirements. Repairs needed outside of warranty will require an eye to costs, efforts, and subsequent administrative work of loaning equipment to keep the end user productive while waiting on service. Recommendations to keep users happy and equipment in prime form is to check condition at the 2-3 year mark, reimage at least once to improve performance, and have backup machines, if equipment starts to become problematic. |
VS.
Warning! Poor hardware disposal and recovery practices can be caused by the following:
How do you improve your hardware disposal and recovery process?
Sixty-five percent of organizations cite data security as their top concern. Many data breaches are a result of hardware theft or poor data destruction practices.
Choosing a reputable IT disposal company or data removal software is crucial to ensuring data security with asset disposal.
Electronics contain harmful heavy metals such as mercury, arsenic, and cadmium.
Disposal of e-waste is heavily regulated, and improper disposal can result in hefty fines and bad publicity for organizations.
Many obsolete IT assets are simply confined to storage at their end of life.
This often imposes additional costs with maintenance or storage fees and leaves a lot of value on the table through assets that could be sold or re-purposed within the organization.
3.2.1 Identify challenges with IT asset recovery and disposal
Economic | |||
---|---|---|---|
Challenge | Objectives | Targets | Initiatives |
No data capture during disposal | Develop reporting standards | 80% disposed assets recorded | Work with Finance to develop reporting procedure |
Idle assets | Find resale market/dispose of idle assets | 50% of idle assets disposed of within the year | Locate resale vendor and disposal service |
Ensure the following are addressed:
3.2.2 Design hardware asset recovery and disposal policies and workflows
Document in the Standard Operating Procedures, Sections 11 and 12
Document each step in the recovery and disposal process in two separate workflows using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.
Although traditionally an afterthought in asset management, IT asset disposition (ITAD) needs to be front and center. Increase focus on data security and concern surrounding environmental sustainability and develop an awareness of the cost efficiencies possible through best-practices disposition.
Optimized ITAD solutions:
Info-Tech Insight
A well-thought-out asset management program mitigates risk and is typically less costly than dealing with a large-scale data loss incident or an inappropriate disposal suit. Also, it protects your company’s reputation – which is difficult to put a price on.
Maximizing returns on assets requires knowledge and skills in asset valuation, upgrading to optimize market return, supply chain management, and packaging and shipping. It’s unlikely that the return will be adequate to justify that level of investment, so partnering with a full-service ITAD vendor is a no-brainer.
Disposal doesn’t mean your equipment has to go to waste.
Additionally, your ITAD vendor can assist with a large donation of hardware to a charitable organization or a school.
Donating equipment to schools or non-profits may provide charitable receipts that can be used as taxable benefits.
Before donating:
Info-Tech Insight
Government assistance grants may be available to help keep your organization’s hardware up to date, thereby providing incentives to upgrade equipment while older equipment still has a useful life.
Failure to thoroughly investigate a vendor could result in a massive data breach, fines for disposal standards violations, or a poor resale price for your disposed assets. Evaluate vendors using questions such as the following:
ITAD vendors that focus on recycling will bundle assets to ship to an e-waste plant – leaving money on the table.
ITAD vendors with a focus on reuse will individually package salable assets for resale – which will yield top dollars.
Info-Tech Insight
To judge the success of a HAM overhaul, you need to establish a baseline with which to compare final results. Be sure to take HAM “snapshots” before ITAD partnering so it’s easy to illustrate the savings later.
Info-Tech Insight
Failure to properly dispose of data can not only result in costly data breaches, but also fines and other regulatory repercussions. Choosing an ITAD vendor or a vendor that specializes in data erasure is crucial. Depending on your needs, there are a variety of data wiping methods available.
Certified data erasure is the only method that leaves the asset’s hard drive intact for resale or donation. Three swipes is the bare minimum, but seven is recommended for more sensitive data (and required by the US Department of Defense). Data erasure applications may be destructive or non-destructive – both methods overwrite data to make it irretrievable.
Physical destruction must be done thoroughly, and rigorous testing must be done to verify data irretrievability. Methods such as hand drilling are proven to be unreliable.
Degaussing uses high-powered magnets to erase hard drives and makes them unusable. This is the most expensive option; degaussing devices can be purchased or rented.
Info-Tech Best Practice
Data wiping can be done onsite or can be contracted to an ITAD partner. Using an ITAD partner can ensure greater security at a more affordable price.
Work these rules into your disposition policy to mitigate data loss risk.
3.2.3 Build a Hardware Asset Disposition Policy
Implementation of a HAM program is a waste of time if you aren’t going to maintain it. Maintenance requires the implementation of detailed policies, training, and an ongoing commitment to proper management.
Use Info-Tech’s Hardware Asset Disposition Policy to:
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 4 weeks
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Phase 3 Insight: Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.
3.1.4 Revise or create an asset security policy
Discuss asset security challenges within the organization; brainstorm reasons the challenges exist and process changes to address them. Document a new asset security policy.
3.2.2 Design hardware asset recovery and disposal workflows
Document each step in the hardware asset recovery and disposal process, including all decision points. Examine challenges and amend the workflow to address them.
Industry Networking
Source Cisco IT
Even though Cisco Systems had designed a comprehensive asset management program, implementing it across the enterprise was another story.
An effective solution, complete with a process that could be adopted by everyone within the organization, would require extensive internal promotion of cost savings, efficiencies, and other benefits to the enterprise and end users.
Cisco’s asset management problem was as much a cultural challenge as it was a process challenge.
The ITAM team at Cisco began discussions with departments that had been tracking and managing their own assets.
These sessions were used as an educational tool, but also as opportunities to gather internal best practices to deploy across the enterprise.
Eventually, Cisco introduced weekly meetings with global representation to encourage company-wide communication and collaboration.
“By establishing a process for managing PC assets, we have cut our hardware costs in half.” – Mark Edmonson, Manager – IT Services Expenses
Cisco reports that although change was difficult to adopt, end-user satisfaction has never been higher. The centralized asset management approach has resulted in better contract negotiations through better data access.
A reduced number of hardware and software platforms has streamlined tracking and support, and will only drive down costs as time goes on.
4.1 Plan Budget
4.2 Communicate & Build Roadmap
This step will walk you through the following activities:
4.1 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget
This step involves the following participants:
While some asset managers may not have experience managing budgets, there are several advantages to ITAM owning the hardware budget:
Your IT budget should be realistic, accounting for business needs, routine maintenance, hardware replacement costs, unexpected equipment failures, and associated support and warranty costs. Know where to find the data you need and who to work with to forecast hardware needs as accurately as possible.
Plan for:
Take into account:
Where do I find the information I need to budget accurately?
4.1.1 Build HAM budget
This tool is designed to assist in developing and justifying the budget for hardware assets for the upcoming year. The tool will allow you to budget for projects requiring hardware asset purchases as well as equipment requiring refresh and to adjust the budget as needed to accommodate both projects and refreshes. Follow the instructions on each tab to complete the tool.
The most successful relationships have a common vocabulary. Thus, it is important to translate “tech speak” into everyday language and business goals and initiatives as you plan your budget.
One of the biggest barriers that infrastructure and operations team face with regards to equipment budgeting is the lack of understanding of IT infrastructure and how it impacts the rest of the organization. The biggest challenge is to help the rest of the organization overcome this barrier.
There are several things you can do to overcome this barrier:
Info-Tech Insight
Err on the side of inviting more discussion. Your budgeting process relies on business decision makers and receiving actionable feedback requires an ongoing exchange of information.
Getting business users to support regular investments in maintenance relies on understanding and trust. Present the facts in plain language. Provide options, and clearly state the impact of each option.
Example: Your storage environment is nearing capacity.
Don’t:
Explain the project exclusively in technical terms or slang.
“We’re exploring deduping technology as well as cheap solid state, SATA, and tape storage to address capacity.”
Do:
“Deduplication technology can reduce our storage needs by up to 50%, allowing us to defer a new storage purchase.”
“Without implementing deduplication technology, we will need to purchase additional storage by the end of the year at an estimated cost of $25,000.”
“This is a cost-effective technique to increase storage capacity to manage annual average data growth at around 20% per year.”
4.1 Plan Budget
4.2 Communicate & Build Roadmap
This step will walk you through the following activities:
4.2 Develop a HAM implementation roadmap
This step involves the following participants:
As part of your communication plan and overall HAM implementation, training should be provided to end users within the organization.
All facets of the business, from management to new hires, should be provided with ITAM training to help them understand their role in the project’s success.
ITAM solutions are complex by nature with both business process and technical knowledge required to use them correctly. Keep the message appropriate to the audience – end users don’t need to know the complete process, but will need to know policy and how to request.
Management may have priorities that appear to clash with new processes. Engage management by making them aware of the benefits and importance of ITAM. Include the benefits and consequences of not implementing ITAM in your education approach. Encourage them to support efforts by reinforcing your messages to end users.
New hires should have ITAM training bundled into their onboarding process. Fresh minds are easier to train and the ITAM program will be seen as an organizational standard, not merely a change.
Policy documents can help summarize end users’ obligations and clarify processes. Consider an IT Resources Acceptable UsePolicy.
"The lowest user is the most important user in your asset management program. New employees are your most important resource. The life cycle of the assets will go much smoother if new employees are brought on board." – Tyrell Hall, ITAM Program Coordinator
Info-Tech Insight
During training, you should present the material through the lens of “what’s in it for me?” Otherwise, you risk alienating end users through implementing organizational change viewed as low value.
Info-Tech Insight
Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but be sure to modify and adapt policies to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation and involvement from the committees and departments to whom it will pertain.
4.2.1 Build HAM policies
Use these HAM policy templates to get started:
Information Technology Standards Policy
This policy establishes standards and guidelines for a company’s information technology environment to ensure the confidentiality, integrity, and availability of company computing resources.
Desktop Move/Add/Change Policy
This desktop move/add/change policy is put in place for users to request to change their desktop computing environments. This policy applies configuration changes within a company.
The purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.
Hardware Asset Disposition Policy
This policy assists in creating guidelines around disposition in the last stage of the asset lifecycle.
Info-Tech Insight
Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but modify and adapt them to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation from the committees and departments to whom it will pertain.
Communication is crucial to the integration and overall implementation of your ITAM program. An effective communication plan will:
Use the variety of components as part of your communication plan in order to reach the organization.
4.2.2 Develop a communication plan to convey the right messages
Document in the HAM Communication Plan
Group | Benefits | Impact | Method | Timeline |
---|---|---|---|---|
Service Desk | Improve end-user device support | Follow new processes | Email campaign | 3 months |
Executives | Mitigate risks, better security, more data for reporting | Review and sign off on policies | ||
End Users | Smoother request process | Adhere to device security and use policies | ||
Infrastructure | Faster access to data and one source of truth | Modified processes for centralized procurement and inventory |
Now that your asset lifecycle environment has been constructed in full, it’s time to study it. Gather data about your assets and use the results to create reports and new solutions to continually improve the business.
↑ ITAM Program Maturity
To integrate your ITAM program into your organization effectively, a clear implementation roadmap needs to be designed. Prioritize “quick wins” in order to demonstrate success to the business early and gain buy-in from your team. Long-term goals should be designed that will be supported by the outcomes of the short-term gains of your ITAM program.
Short-term goal | Long-term goal |
---|---|
Identify inventory classification and tool (hardware first) | Hardware contract data integration (warranty, maintenance, lease) |
Create basic ITAM policies and processes | Continual improvement through policy impact review and revision |
Implement ITAM auto-discovery tools | Software compliance reports, internal audits |
Info-Tech Insight
Installing an ITAM tool does not mean you have an effective asset management program. A complete solution needs to be built around your tool, but the strength of ITAM comes from processes embedded in the organization that are shaped and supported by your ITAM data.
4.2.3 Develop a HAM implementation roadmap
Document in the IT Hardware Asset Management Implementation Roadmap
Act → Plan → Do → Check
Once ITAM is in place in your organization, a focus on continual improvement creates the following benefits:
Info-Tech Best Practice
Look for new uses for ITAM data. Ask management what their goals are for the next 12-18 months. Analyze the data you are gathering and determine how your ITAM data can assist with achieving these goals.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
HAM Budgeting Tool
Review findings with analyst:
Then complete these activities…
With these tools & templates:
HAM policy templates
HAM Communication Plan
HAM Implementation Roadmap
4.1.1 Build a hardware asset budget
Review upcoming hardware refresh needs and projects requiring hardware purchases. Use this data to forecast and budget equipment for the upcoming year.
4.2.2 Develop a communication plan
Identify groups that will be affected by the new HAM program and for each group, document a communications plan.
HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.
ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.
Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.
For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.
Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.
Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.
Deploying a fancy ITAM tool will not make hardware asset management implementation easier. Implementation is a project that requires you focus on people and process first – the technology comes after.
Implement Software Asset Management
Build an End-User Computing Strategy
Find the Value – and Remain Valuable – With Cloud Asset Management
Consolidate IT Asset Management
Chalkley, Martin. “Should ITAM Own Budget?” The ITAM Review. 19 May 2011. Web.
“CHAMP: Certified Hardware Asset Management Professional Manual.” International Association of Information Technology Asset Managers, Inc. 2008. Web.
Foxen, David. “The Importance of Effective HAM (Hardware Asset Management).” The ITAM Review. 19 Feb. 2015. Web.
Foxen, David. “Quick Guide to Hardware Asset Tagging.” The ITAM Review. 5 Sep. 2014. Web.
Galecki, Daniel. “ITAM Lifecycle and Savings Opportunities – Mapping out the Journey.” International Association of IT Asset Managers, Inc. 16 Nov. 2014. Web.
“How Cisco IT Reduced Costs Through PC Asset Management.” Cisco IT Case Study. 2007. Web.
Irwin, Sherry. “ITAM Metrics.” The ITAM Review. 14 Dec. 2009. Web.
“IT Asset and Software Management.” ECP Media LLC, 2006. Web.
Rains, Jenny. “IT Hardware Asset Management.” HDI Research Brief. May 2015. Web.
Riley, Nathan. “IT Asset Management and Tagging Hardware: Best Practices.” Samanage Blog. 5 March 2015. Web.
“The IAITAM Practitioner Survey Results for 2016 – Lean Toward Ongoing Value.” International Association of IT Asset Managers, Inc. 24 May 2016. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Obtain organizational buy-in and build a standardized and formal AI blueprint.
Assess your people, process, and technology for AI readiness and realize areas for improvement.
Fill the required AI-related roles to meet business requirements
Assess the appropriateness of AI in your organization and identify gaps in people, processes, and technology as it relates to AI.
Compile the important information and artifacts to include in the AI blueprint.
Keep a record of services and interfaces to reduce waste.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Uncover current and future AI business drivers, and assess current capabilities.
Perform a current state assessment and create a future vision.
1.1 Identify Current and Future Business Drivers
1.2 AI Readiness Assessment
1.3 Integration Service Catalog Template
High-level groupings of AI strategy business drivers.
Determine the organization’s readiness for AI, and identify areas for improvement.
Create a record of services and interfaces to reduce waste.
Identify building blocks, common patterns, and decompose them.
Develop an AI Architecture.
2.1 Integration Principles
2.2 High-level Patterns
2.3 Pattern decomposition and recomposition
Set general AI architecture principles.
Categorize future and existing interactions by pattern to establish your integration framework.
Identification of common functional components across patterns.
Analyze the gaps between the current and future environment in people, process, and technology.
Uncover gaps between current and future capabilities and determine if your ideal environment is feasible.
3.1 Gap Analysis
Identify gaps between the current environment and future AI vision.
Define strategic initiatives, know your resource constraints, and use a timeline for planning AI.
Create a plan of strategic initiatives required to close gaps.
4.1 Identify and prioritize strategic initiatives
4.2 Distribute initiatives on a timeline
Use strategic initiatives to build the AI strategy roadmap.
Establish when initiatives are going to take place.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define when a cloud instance is an asset, and what it means for the asset to be managed.
Develop an approach to auditing and optimizing cloud assets.
The technical side of IT security demands the best security possible, but the business side of running IT demands that you determine what is cost-effective and can still do the job. You likely shrugged off the early iterations of Microsoft’s security efforts, but you may have heard that things have changed. Where do you start in evaluating Microsoft’s security products in terms of effectiveness? The value proposition sounds tremendous to the CFO, “free” security as part of your corporate license, but how does it truly measure up and how do you articulate your findings to the business?
Microsoft’s security products have improved to the point where they are often ranked competitively with mainstream security products. Depending on your organization’s licensing of Office 365/Microsoft 365, some of these products are included in what you’re already paying for. That value proposition is hard to deny.
Determine what is important to the business, and in what order of priority.
Take a close look at your current solution and determine what are table stakes, what features you would like to have in its replacement, and what your current solution is missing.
Consider Microsoft’s security solutions using an objective methodology. Sentiment will still be a factor, but it shouldn’t dictate the decision you make for the good of the business.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Examine what you are licensed for, what you are paying, what you need, and what your constraints are.
Determine what is “good enough” security and assess the needs of your organization.
Decide what you will go with and start planning your next steps.
Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value and slowly add improvements to ease buy-in.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this storyboard as a guide to align projects with your IT change management lifecycle.
Use this SOP as a template to document and maintain your change management practice.
Focus on frequent and transparent communications between the project team and change management. |
Misalignment between IT change management and project management leads to headaches for both practices. Project managers should aim to be represented in the change advisory board (CAB) to ensure their projects are prioritized and scheduled appropriately. Advanced notice on project progress allows for fewer last-minute accommodations at implementation. Widespread access of the change calendar can also lead project management to effectively schedule projects to give change management advanced notice. Moreover, alignment between the two practices at intake allows for requests to be properly sorted, whether they enter change management directly or are governed as a project. Lastly, standardizing implementation and post-implementation across everyone involved ensures more successful changes and socialized/documented lessons learned for when implementations do not go well. Benedict Chang |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
To align projects with the change lifecycle, IT leaders must:
|
Loose definitions may work for clear-cut examples of changes and projects at intake, but grey-area requests end up falling through the cracks. Changes to project scope, when not communicated, often leads to scheduling conflicts at go-live. Too few checkpoints between change and project management can lead to conflicts. Too many checkpoints can lead to delays. |
Set up touchpoints between IT change management and project management at strategic points in the change and project lifecycles. Include appropriate project representation at the change advisory board (CAB). Leverage standard change resources such as the change calendar and request for change form (RFC). |
Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value, and slowly add improvements to ease buy-in.
This deck is intended to align established processes. If you are just starting to build IT change processes, see the related research below.
Align Projects With the IT Change Lifecycle |
01 Optimize IT Change Management | |
---|---|---|
Increase the success of your changes by integrating project touchpoints in your change lifecycle. (You are here) |
Decide which IT projects to approve and when to start them. |
Right-size IT change management to protect the live environment. |
IT Benefits |
Business Benefits |
---|---|
|
|
IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.
Control |
Collaboration |
Consistency |
Confidence |
---|---|---|---|
Change management brings daily control over the IT environment, allowing you to review every relatively new change, eliminate changes that would have likely failed, and review all changes to improve the IT environment. |
Change management planning brings increased communication and collaboration across groups by coordinating changes with business activities. The CAB brings a more formalized and centralized communication method for IT. |
Request-for-change templates and a structured process result in implementation, test, and backout plans being more consistent. Implementing processes for pre-approved changes also ensures these frequent changes are executed consistently and efficiently. |
Change management processes will give your organization more confidence through more accurate planning, improved execution of changes, less failure, and more control over the IT environment. This also leads to greater protection against audits. |
Both changes and projects will end up in change control in the end. Here, we define the intake.
Changes and projects will both go to change control when ready to go live. However, defining the governance needed at intake is critical.
A change should be governed by change control from beginning to end. It would typically be less than a week’s worth of work for a SME to build and come in at a nominal cost (e.g. <$20k over operating costs).
Projects on the other hand, will be governed by project management in terms of scope, scheduling, resourcing, etc. Projects typically take over a week and/or cost more. However, the project, when ready to go live, should still be scheduled through change control to avoid any conflicts at implementation. At triage and intake, a project can be further scoped based on projected scale.
This initial touchpoint between change control and project management is crucial to ensure tasks and request are executed with the proper governance. To distinguish between changes and projects at intake, list examples of each and determine what resourcing separates changes from projects.
Need help scoping projects? Download the Project Intake Classification Matrix
Change |
Project |
---|---|
|
|
While effort and cost are good indicators of changes and projects, consider evaluating risk and complexity too.
Change | Project | Service Request (Optional) | Operational Task (Optional) | Release (Optional) |
---|---|---|---|---|
Changing Configuration | New ERP | Add new user | Delete temp files | Software release |
Download the Change Management Standard Operating Procedure (SOP).
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
CAB touchpoints
Consistently communicate the plan and timeline for hitting these milestones so CAB can prioritize and plan changes around it. This will give change control advanced notice of altered timelines.
RFCs
Projects may have multiple associated RFCs. Keeping CAB appraised of the project RFC or RFCs gives them the ability to further plan changes.
Change Calendar
Query and fill the change calendar with project timelines and milestones to compliment the CAB touchpoints.
The request for change (RFC) form does not have to be a burden to fill out. If designed with value in mind, it can be leveraged to set standards on all changes (from projects and otherwise).
When looking at the RFC during the Build and Test phase of a project, prioritize the following fields to ensure the implementation will be successful from a technical and user-adoption point of view.
Filling these fields of the RFC and communicating them to the CAB at go-live approval gives the approvers confidence that the project will be implemented successfully and measures are known for when that implementation is not successful.
Download the Request for Change Form Template
Communication Plan The project may be successful from a technical point of view, but if users do not know about go-live or how to interact with the project, it will ultimately fail. |
Training Plan If necessary, think of how to train different stakeholders on the project go-live. This includes training for end users interacting with the project and technicians supporting the project. |
Implementation Plan Write the implementation plan at a high enough level that gives the CAB confidence that the implementation team knows the steps well. |
Rollback Plan Having a well-formulated rollback plan gives the CAB the confidence that the impact of the project is well known and the impact to the business is limited even if the implementation does not go well. |
Inputs
Guidelines
Roles
Info-Tech Insight
Make the calendar visible to as many parties as necessary. However, limit the number of personnel who can make active changes to the calendar to limit calendar conflicts.
As optional CAB members
Project SMEs may attend when projects are ready to go live and when invited by the change manager. Optional members provide details on change cross-dependencies, high-level testing, rollback, communication plans, etc. to inform prioritization and scheduling decisions.
As project management representatives
Project management should also attend CAB meetings to report in on changes to ongoing projects, implementation timelines, and project milestones. Projects are typically high-priority changes when going live due to their impact. Advanced notice of timeline and milestone changes allow the rest of the CAB to properly manage other changes going into production.
As core CAB members
The core responsibilities of CAB must still be fulfilled:
1. Protect the live environment from poorly assessed, tested, and implemented changes.
2. Prioritize changes in a way that fairly reflects change impact, urgency, and likelihood.
3. Schedule deployments in a way the minimizes conflict and disruption.
If you need to define the authority and responsibilities of the CAB, see Activity 2.1.3 of the Optimize IT Change Management blueprint.
Verification |
Once the change has been implemented, verify that all requirements are fulfilled. |
---|---|
Review |
Ensure all affected systems and applications are operating as predicted. |
Update change ticket and change log |
Update RFC status and CMDB as well (if necessary). |
Transition |
Once the change implementation is complete, it’s imperative that the team involved inform and train the operational and support groups. |
If you need to define transitioning changes to production, download Transition Projects to the Service Desk
Conduct PIRs for failed changes. Successful changes can simply be noted and transitioned to operations.
It’s best to perform a PIR once a change-related incident is resolved.
Include a root-cause analysis, mitigation actions/timeline, and lessons learned in the documentation.
Socialize the findings of the PIR at the subsequent CAB meeting.
If a similar change is conducted, append the related PIR to avoid the same mistakes.
Info-Tech Insight
Include your PIR documentation right in the RFC for easy reference.
Download the RFC template for more details on post-implementation reviews
Download the Change Management Standard Operating Procedure (SOP).
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Right-size IT change management to protect the live environment. |
Optimize IT Project Intake, Approval, and Prioritization Decide which IT projects to approve and when to start them. |
Maintain an Organized Portfolio Align portfolio management practices with COBIT (APO05: Manage Portfolio). |
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Begin the data warehouse foundation by defining the project and governance teams, as well as reviewing supporting data management practices.
Using the business activities as a guide, develop a data model, data architecture, and technology plan for a data warehouse foundation.
Start developing a data warehouse program by defining how users will interact with the new data warehouse environment.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify the members of the foundation project team.
Define overarching statements and define success factors/risks.
Outline basic project governance.
Defined membership, roles, and responsibilities involved in the foundation project.
Establishment of a steering committee as a starting point for the data warehouse program.
1.1 Identify foundation project team and create a RACI chart.
1.2 Understand what a data warehouse can and cannot enable.
1.3 Define critical success factors, key performance metrics, and project risks.
1.4 Develop rough timelines for foundation project completion.
1.5 Define the current and future states for key data management practices.
Job Descriptions and RACI
Data Warehouse Steering Committee Charter
Data Warehouse Foundation Project Plan
Work Breakdown Structure
Define the information needs of the business and its key processes.
Create the components that will inform an appropriate data model.
Design a data warehouse architecture model.
Clear definition of business needs that will directly inform the data and architecture models.
2.1 Understand the most fundamental needs of the business.
2.2 Define the data warehouse vision, mission, purpose, and goals.
2.3 Detail the most important operational, tactical, and ad hoc activities the data warehouse should support.
2.4 Link the processes that will be central to the data warehouse foundation.
2.5 Walk through the four-column model and business entity modeling as a starting point for data modeling.
2.6 Create data models using the business data glossary and data classification.
2.7 Identify master data elements to define dimensions.
2.8 Design lookup tables based on reference data.
2.9 Create a fit-for-purpose data warehousing model.
Data Warehouse Program Charter
Data Warehouse Vision and Mission
Documentation of Business Processes
Business Entity Map
Business Data Glossary
Data Classification Scheme
Data Warehouse Architecture Model
Create a plan for governing your data warehouse efficiently and effectively.
Documentation of current standard operating procedures.
Identified members of a data warehouse center of excellence.
3.1 Develop a technology capability map to visualize your desired state.
3.2 Establish a data warehouse center of excellence.
3.3 Create a data warehouse foundation roadmap.
3.4 Define data warehouse service level agreements.
3.5 Create standard operating procedures.
Technology Capability Map
Project Roadmap
Service Level Agreement
Data Warehouse Standard Operating Procedure Workbook
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Set the expectations of your first RPA bot. Define the guiding principles, ethics, and delivery capabilities that will govern RPA delivery and support.
Validate the fit of your candidate business processes for RPA and ensure the support of your operational system. Shortlist the features of your desired RPA vendor. Modernize your delivery process to accommodate RPA.
Build a roadmap of initiatives to implement your first bot and build the foundations of your RPA practice.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
State the success criteria of your RPA adoption through defined objectives and metrics.
Define your RPA guiding principles and ethics.
Build the RPA capabilities that will support the delivery and management of your bots.
Grounded stakeholder expectations
RPA guiding principles
RPA capabilities and the key roles to support RPA delivery and management
1.1 State Your RPA Objectives.
1.2 Define Your RPA Principles
1.3 Develop Your RPA Capabilities
RPA objectives and metrics
RPA guiding principles and ethics
RPA and product ownership, RPA capabilities, RPA role definitions
Evaluate the fit of your candidate business processes for automation.
Define the operational platform to support your RPA solution.
Shortlist the desired RPA vendor features.
Optimize your product delivery process to support RPA.
Verifies the decision to implement RPA for the candidate business process
The system changes and modifications needed to support RPA
Prioritized list of RPA vendor features
Target state RPA delivery process
2.1 Prepare Your RPA Platform
2.2 Select Your RPA Vendor
2.3 Deliver and Manage Your Bots
Assessment of candidate business processes and supporting operational platform
List of desired RPA vendor features
Optimized delivery process
Build your roadmap to implement your first RPA bot and build the foundations of your RPA practice.
Implementation initiatives
RPA adoption roadmap
3.1 Roadmap Your RPA Adoption
RPA adoption roadmap
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Lay the foundation for the BI strategy by detailing key business information and analyzing current BI usage.
Assess the maturity level of the current BI practice and envision a future state.
Create BI-focused initiatives to build an improvement roadmap.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Document overall business vision, mission, and key objectives; assemble project team.
Collect in-depth information around current BI usage and BI user perception.
Create requirements gathering principles and gather requirements for a BI platform.
Increased IT–business alignment by using the business context as the project starting point
Identified project sponsor and project team
Detailed understanding of trends in BI usage and BI perception of consumers
Refreshed requirements for a BI solution
1.1 Gather key business information (overall mission, goals, objectives, drivers).
1.2 Establish a high-level ROI.
1.3 Identify ideal candidates for carrying out a BI project.
1.4 Undertake BI usage analyses, BI user perception survey, and a BI artifact inventory.
1.5 Develop requirements gathering principles and approaches.
1.6 Gather and organize BI requirements
Articulated business context that will guide BI strategy development
ROI for refreshing the BI strategy
BI project team
Comprehensive summary of current BI usage that has quantitative and qualitative perspectives
BI requirements are confirmed
Define current maturity level of BI practice.
Envision the future state of your BI practice and identify desired BI patterns.
Know the correct migration method for Exchange Online.
Prepare user profiles for the rest of the Office 365 implementation.
2.1 Perform BI SWOT analyses.
2.2 Assess current state of the BI practice and review results.
2.3 Create guiding principles for the future BI practice.
2.4 Identify desired BI patterns and the associated BI functionalities/requirements.
2.5 Define the future state of the BI practice.
2.6 Establish the critical success factors for the future BI, identify potential risks, and create a mitigation plan.
Exchange migration strategy
Current state of BI practice is documented from multiple perspectives
Guiding principles for future BI practice are established, along with the desired BI patterns linked to functional requirements
Future BI practice is defined
Critical success factors, potential risks, and a risk mitigation plan are defined
Build overall BI improvement initiatives and create a BI improvement roadmap.
Identify supplementary initiatives for enhancing your BI program.
Defined roadmap composed of robust improvement initiatives
3.1 Create BI improvement initiatives based on outputs from phase 1 and 2 activities. Build an improvement roadmap.
3.2 Build an improvement roadmap.
3.3 Create an Excel governance policy.
3.4 Create a plan for a BI ambassador network.
Comprehensive BI initiatives placed on an improvement roadmap
Excel governance policy is created
Internal BI ambassadors are identified
As the reporting and analytics space matured over the last decade, software suppliers used different terminology to differentiate their products from others’. This caused a great deal of confusion within the business communities.
Following are two definitions of the term Business Intelligence:
Business intelligence (BI) leverages software and services to transform data into actionable insights that inform an organization’s strategic and tactical business decisions. BI tools access and analyze data sets and present analytical findings in reports, summaries, dashboards, graphs, charts, and maps to provide users with detailed intelligence about the state of the business.
The term business intelligence often also refers to a range of tools that provide quick, easy-to-digest access to insights about an organization's current state, based on available data.
Business intelligence (BI) comprises the strategies and technologies used by enterprises for the data analysis of business information. BI technologies provide historical, current, and predictive views of business operations.
Common functions of business intelligence technologies include reporting, online analytical processing, analytics, data mining, process mining, complex event processing, business performance management, benchmarking, text mining, predictive analytics, and prescriptive analytics.
We need data to inform the business of past and current performance and to support strategic decisions. But we can also drown in a flood of data. Without a clear strategy for business intelligence, a promising new solution will produce only noise.
BI and Analytics teams must provide the right quantitative and qualitative insights for the business to base their decisions on.
Your Business Intelligence and Analytics strategy must support the organization’s strategy. Your strategy for BI & Analytics provides direction and requirements for data warehousing and data integration, and further paves the way for predictive analytics, big data analytics, market/industry intelligence, and social network analytics.
Dirk Coetsee,
Director, Data and Analytics Info-Tech Research Group
BI drives a new reality. Uber is the world’s largest taxi company and they own no vehicles; Alibaba is the world’s most valuable retailer and they have no inventory; Airbnb is the world’s largest accommodation provider and they own no real estate. How did they disrupt their markets and get past business entry barriers? A deep understanding of their market through impeccable business intelligence!
Info-Tech Insight
Practice Improvement Metrics | Data Collection and Calculation | Expected Improvement | |
Program Level Metrics | Efficiency
|
|
|
|
|
|
|
Comprehensiveness
|
|
|
Tap into the results of Info-Tech’s CIO Business Vision diagnostic to monitor the changes in business-user satisfaction as you implement the initiatives in your BI improvement roadmap.
Formulating an Enterprise Reporting and Analytics Strategy requires the business vision and strategies to first be substantiated. Any optimization to the Data Warehouse, Integration and Source layer is in turn driven by the Enterprise Reporting and Analytics Strategy
The current state of your Integration and Warehouse platforms determine what data can be utilized for BI and Analytics
Industry: Manufacturing and Retail
Source: RICOH
Ricoh Canada transforms the way people work with breakthrough technologies that help businesses innovate and grow. Its focus has always been to envision what the future will look like so that it can help its customers prepare for success. Ricoh empowers digital workplaces with a broad portfolio of services, solutions, and technologies – helping customers remove obstacles to sustained growth by optimizing the flow of information and automating antiquated processes to increase workplace productivity. In their commitment towards a customer-centric approach, Ricoh Canada recognized that BI and analytics can be used to inform business leaders in making strategic decisions.
Enterprise BI and analytics Initiative
Ricoh Canada enrolled in the ITRG Reporting & Analytics strategy workshop with the aim to create a BI strategy that will allow the business to harvest it strengths and build for the future. The workshop acted as a forum for the different business units to communicate, share ideas, and hear from each other what their pains are and what should be done to provide a full customer 360 view.
Results
“This workshop allowed us to collectively identify the various stakeholders and their unique requirements. This is a key factor in the development of an effective BI Analytics tool.” David Farrar
The Customer 360 Initiative included the following components
In today’s ever-changing and global environment, organizations of every size need to effectively leverage their data assets to facilitate three key business drivers: customer intimacy, product/service innovation, and operational excellence. Plus, they need to manage their operational risk efficiently.
Investing in a comprehensive business intelligence strategy allows for a multidimensional view of your organization’s data assets that can be operationalized to create a competitive edge:
Without a BI strategy, creating meaningful reports for business users that highlight trends in past performance and draw relationships between different data sources becomes a more complex task. Also, the ever growing need to identify and assess risks in new ways is driving many companies to BI.
The core purpose of BI is to provide the right data, to the right users, at the right time, and in a format that is easily consumable and actionable. In developing a BI strategy, remember the driver for managed cross-functional access to data assets and features such as interactive dashboards, mobile BI, and self-service BI.
As the volume, variety, and velocity of data increases rapidly, businesses will need a strategy to outline how they plan to consume the new data in a manner that does not overwhelm their current capabilities and aligns with their desired future state. This same strategy further provides a foundation upon which organizations can transition from ad hoc reporting to using data assets in a codified BI platform for decision support.
As executive decision making shifts to more fact-based, data-driven thinking, there is an urgent need for data assets to be organized and presented in a manner that enables immediate action.
Typically, business decisions are based on a mix of intuition, opinion, emotion, organizational culture, and data. Though business users may be aware of its potential value in driving operational change, data is often viewed as inaccessible.
Business intelligence bridges the gap between an organization’s data assets and consumable information that facilitates insight generation and informed decision making.
Most organizations realize that they need a BI strategy; it’s no longer a nice-to-have, it’s a must-have.
– Albert Hui, Principal, Data Economist
Ask 100 people and you will get 100 answers. We like the prevailing view that BI looks at today and backward for improving who we are, while BA is forward-looking to support change decisions.
However, establishing a strong business intelligence program is a necessary precursor to an organization’s development of its business analytics capabilities.
Evidence is piling up: if planned well, BI contributes to the organization’s bottom line.
It’s expected that there will be nearly 45 billion connected devices and a 42% increase in data volume each year posing a high business opportunity for the BI market (BERoE, 2020).
The global business intelligence market size to grow from US$23.1 billion in 2020 to US$33.3 billion by 2025, at a compound annual growth rate (CAGR) of 7.6% (Global News Wire, 2020)
In the coming years, 69% of companies plan on increasing their cloud business intelligence usage (BARC Research and Eckerson Group Study, 2017).
Small organizations of up to 100 employees had the highest rate of business intelligence penetration last year (Forbes, 2018).
Source: IBM Business Value, 2015
Industry: Professional Sports
Source Target Marketing
Despite continued success as a franchise with a loyal fan base, the New England Patriots experienced one of their lowest season ticket renewal rates in over a decade for the 2009 season. Given the numerous email addresses that potential and current season-ticket holders used to engage with the organization, it was difficult for Kraft Sports Group to define how to effectively reach customers.
Kraft Sports Group turned to the customer data that it had been collecting since 2007 and chose to leverage analytics in order to glean insight into season ticket holder behavior. By monitoring and reporting on customer activity online and in attendance at games, Kraft Sports Group was able to establish that customer engagement improved when communication from the organization was specifically tailored to customer preferences and historical behavior.
By operationalizing their data assets with the help of analytics, the Patriots were able to achieve a record 97% renewal rate for the 2010 season. KSG was able to take their customer engagement to the next level and proactively look for signs of attrition in season-ticket renewals.
We're very analytically focused and I consider us to be the voice of the customer within the organization… Ultimately, we should know when renewal might not happen and be able to market and communicate to change that behavior.
– Jessica Gelman,
VP Customer Marketing and Strategy, Kraft Sports Group
BI pitfalls are lurking around every corner, but a comprehensive strategy drafted upfront can help your organization overcome these obstacles. Info-Tech’s approach to BI has involvement from the business units built right into the process from the start and it equips IT to interact with key stakeholders early and often.
Only 62% of Big Data and AI projects in 2019 provided measurable results.
Source: NewVantage Partners LLC
Info-Tech Insight
Combining these priorities will lead to better tool selection and more synergy.
Industry Drivers | Private label | Rising input prices | Retail consolidation |
---|---|---|---|
Company strategies | Win at supply chain execution | Win at customer service | Expand gross margins |
Value disciplines | Strategic cost management | Operational excellence | Customer service |
Core processes | Purchasing | Inbound logistics | Sales, service & distribution |
Enterprise management: Planning, budgeting, control, process improvement, HR | |||
BI Opportunities | Customer service analysis | Cost and financial analysis | Demand management |
Williams (2016)
Info-Tech’s approach to formulating a fit-for-purpose BI strategy is focused on making the link between factors that are the most important to the business users and the ways that BI providers can enable those consumers.
Though business intelligence is primarily thought of as enabling executives, a comprehensive BI strategy involves a spectrum of analytics that can provide data-driven insight to all levels of an organization.
Styles of BI | New age BI | New age data | Functional Analytics | Tools |
---|---|---|---|---|
Reporting | Agile BI | Social Media data | Performance management analytics | Scorecarding dashboarding |
Ad hoc query | SaaS BI | Unstructured data | Financial analytics | Query & reporting |
Parameterized queries | Pervasive BI | Mobile data | Supply chain analytics | Statistics & data mining |
OLAP | Cognitive Business | Big data | Customer analytics | OLAP cubes |
Advanced analytics | Self service analytics | Sensor data | Operations analytics | ETL |
Cognitive business techniques | Real-time Analytics | Machine data | HR Analytics | Master data management |
Scorecards & dashboards | Mobile Reporting & Analytics | “fill in the blanks” analytics | Data Governance |
Williams (2016)
"BI can be confusing and overwhelming…"
– Dirk Coetsee,
Research Director,
Info-Tech Research Group
The interactions between the information dimensions and overlying data management enablers such as data governance, data architecture, and data quality underscore the importance of building a robust process surrounding the other data practices in order to fully leverage your BI platform.
Within this framework BI and analytics are grouped as one lens through which data assets at the business information level can be viewed.
A BI program is not a static project that is created once and remains unchanged. Your strategy must be treated as a living platform to be revisited and revitalized in order to effectively enable business decision making. Develop a reporting and analytics strategy that propels your organization by building it on business goals and objectives, as well as comprehensive assessments that quantitatively and qualitatively evaluate your current reporting and analytical capabilities.
Phase 1: Understand the Business Context and BI Landscape | Phase 2: Evaluate Your Current BI Practice | Phase 3: Create a BI Roadmap for Continuous Improvement |
---|---|---|
1.1 Establish the Business Context
|
2.1 Assess Your Current BI Maturity
|
3.1 Construct a BI Initiative Roadmap
|
1.2 Assess Existing BI Environment
|
2.2 Envision BI Future State
|
3.2 Plan for Continuous Improvement
|
1.3 Develop BI Solution Requirements
|
As part of our research process, we leveraged the frameworks of COBIT5, Mike 2.0, and DAMA DMBOK2. Contextualizing business intelligence within these frameworks clarifies its importance and role and ensures that our assessment tool is focused on key priority areas.
The DMBOK2 Data Management framework by the Data Asset Management Association (DAMA) provided a starting point for our classification of the components in our IM framework.
Mike 2.0 is a data management framework that helped guide the development of our framework through its core solutions and composite solutions.
The Cobit 5 framework and its business enablers were used as a starting point for assessing the performance capabilities of the different components of information management, including business intelligence.
BI Strategy Roadmap Template
BI Practice Assessment Tool
BI Initiatives and Roadmap Tool
BI Strategy and Roadmap Executive Presentation Template
DIY Toolkit | Guided Implementation | Workshop | Consulting |
---|---|---|---|
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” | “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” | “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” | “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” |
Diagnostics and consistent frameworks used throughout all four options
1. Understand the Business Context and BI Landscape | 2. Evaluate the Current BI Practice | 3. Create a BI Roadmap for Continuous Improvement | |
---|---|---|---|
Best-Practice Toolkit | 1.1 Document overall business vision, mission, industry drivers, and key objectives; assemble a project team 1.2 Collect in-depth information around current BI usage and BI user perception 1.3 Create requirements gathering principles and gather requirements for a BI platform |
2.1 Define current maturity level of BI practice 2.2 Envision the future state of your BI practice and identify desired BI patterns |
3.1 Build overall BI improvement initiatives and create a BI improvement roadmap 3.2 Identify supplementary initiatives for enhancing your BI program |
Guided Implementations |
|
|
|
Onsite Workshop | Module 1: Establish Business Vision and Understand the Current BI Landscape |
Module 2: Evaluate Current BI Maturity Identify the BI Patterns for the Future State |
Module 3: Build Improvement Initiatives and Create a BI Development Roadmap |
Phase 1 Outcome:
|
Phase 2 Outcome:
|
Phase 3 Outcome:
|
Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | |
---|---|---|---|---|
Activities | Understand Business Context and Structure the Project 1.1 Make the case for a BI strategy refresh. 1.2 Understand business context. 1.3 Determine high-level ROI. 1.4 Structure the BI strategy refresh project. |
Understand Existing BI and Revisit Requirements 2.1 Understand the usage of your existing BI. 2.2 Gather perception of the current BI users. 2.3 Document existing information artifacts. 2.4 Develop a requirements gathering framework. 2.5 Gather requirements. |
Revisit Requirements and Current Practice Assessment 3.1 Gather requirements. 3.2 Determine BI Maturity Level. 3.3 Perform a SWOT for your existing BI program. 3.4 Develop a current state summary. |
Roadmap Develop and Plan for Continuous Improvements 5.1 Develop BI strategy. 5.2 Develop a roadmap for the strategy. 5.3 Plan for continuous improvement opportunities. 5.4 Develop a re-strategy plan. |
Deliverables |
|
|
|
|
Step 1: Establish the business context in terms of business vision, mission, objectives, industry drivers, and business processes that can leverage Business Intelligence
Step 2: Understand your BI Landscape
Step 3: Understand business needs
The closer you align your new BI platform to real business interests, the stronger the buy-in, realized value, and groundswell of enthusiastic adoption will be. Get this phase right to realize a high ROI on your investment in the people, processes, and technology that will be your next generation BI platform.
Understand the Business Context to Rationalize Your BI Landscape | Evaluate Your Current BI Practice | Create a BI Roadmap for Continuous Improvement |
---|---|---|
Establish the Business Context
|
Assess Your Current BI Maturity
|
Construct a BI Initiative Roadmap
|
Access Existing BI Environment
|
Envision BI Future State
|
Plan for Continuous Improvement
|
Undergo Requirements Gathering
|
Practice Improvement Metrics | Data Collection and Calculation | Expected Improvement |
---|---|---|
Monetary ROI
|
Derive the number of the use cases, benefits, and costs in the scoping. Ask business SMEs to verify the quality. | High-quality ROI studies are created for at least three use cases |
Response Rate of the BI Perception Survey | Sourced from your survey delivery system | Aim for 40% response rate |
# of BI Reworks | Sourced from your project management system | Reduction of 10% in BI reworks |
Intangible Metrics:
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2-4 weeks
Start with an analyst kick-off call:
Then complete these activities…
Start with an analyst kick-off call:
Then complete these activities…
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Info-Tech recommends you select a senior executive with close ties to BI be the sponsor for this project (e.g. CDO, CFO or CMO). To maximize the chance of success, Info-Tech recommends you start with the CDO, CMO, CFO, or a business unit (BU) leader who represents strategic enterprise portfolios.
CFO or Chief Risk Officer (CRO)
CDO or a Business Unit (BU) Leader
CEO
"In the energy sector, achieving production KPIs are the key to financial success. The CFO is motivated to work with IT to create BI applications that drive higher revenue, identify operational bottlenecks, and maintain gross margin."
– Yogi Schulz, Partner, Corvelle Consulting
Create a project team with the right skills, experience, and perspectives to develop a comprehensive strategy aligned to business needs.
You may need to involve external experts as well as individuals within the organization who have the needed skills.
A detailed understanding of what to look for in potential candidates is essential before moving forward with your BI project.
Leverage several of Info-Tech’s Job Description Templates to aid in the process of selecting the right people to involve in constructing your BI strategy.
Business Stakeholders
Business Intelligence Specialist
"In developing the ideal BI team, your key person to have is a strong data architect, but you also need buy-in from the highest levels of the organization. Buy-in from different levels of the organization are indicators of success more than anything else."
– Rob Anderson, Database Administrator and BI Manager, IT Research and Advisory Firm
A common project management pitfall for any endeavour is unclear definition of responsibilities amongst the individuals involved.
As a business intelligence project requires a significant amount of back and forth between business and IT – bridged by the BI Steering Committee – clear guidelines at the project outset with a RACI chart provide a basic framework for assigning tasks and lines of communication for the later stages.
Obtaining Buy-in | Project Charter | Requirements | Design | Development | Program Creation | |
---|---|---|---|---|---|---|
BI Steering Committee | A | C | I | I | I | C |
Project Sponsor | - | C | I | I | I | C |
Project Manager | - | R | A | I | I | C |
VP of BI | R | I | I | I | I | A |
CIO | A | I | I | I | I | R |
Business Analyst | I | I | R | C | C | C |
Solution Architect | - | - | C | A | C | C |
Data Architect | - | - | C | A | C | C |
BI Developer | - | - | C | C | R | C |
Data Steward | - | - | C | R | C | C |
Business SME | C | C | C | C | C | C |
Note: This RACI is an example of how role expectations would be broken down across the different steps of the project. Develop your own RACI based on project scope and participants.
1.1.1 Craft the vision and mission statements for the Analytics program using the vision, mission, and strategies of your organization as basis.
1.1.2 Articulate program goals and objectives
1.1.3 Determine business differentiators and key drivers
1.1.4 Brainstorm BI-specific constraints and improvement objectives
Your BI strategy should enable the business to make fast, effective, and comprehensive decisions.
Fast | Effective | Comprehensive |
---|---|---|
Reduce time spent on decision-making by designing a BI strategy around information needs of key decision makers. | Make the right data available to key decision makers. | Make strategic high-value, impactful decisions as well as operational decisions. |
"We can improve BI environments in several ways. First, we can improve the speed with which we create BI objects by insisting that the environments are designed with flexibility and adaptability in mind. Second, we can produce higher quality deliverables by ensuring that IT collaborate with the business on every deliverable. Finally, we can reduce the costs of BI by giving access to the environment to knowledgeable business users and encouraging a self-service function."
– Claudia Imhoff, Founder, Boulder BI Brain Trust, Intelligent Solutions Inc.
Different users have different consumption and usage patterns. Categorize users into user groups and visualize the usage patterns. The user groups are the connection between the BI capabilities and the users.
User groups | Mindset | Usage Pattern | Requirements |
---|---|---|---|
Front-line workers | Get my job done; perform my job quickly. | Reports (standard reports, prompted reports, etc.) | Examples:
|
Analysts | I have some ideas; I need data to validate and support my ideas. | Dashboards, self-service BI, forecasting/budgeting, collaboration | Examples:
|
Management | I need a big-picture view and yet I need to play around with the data to find trends to drive my business. | Dashboards, scorecards, mobile BI, forecasting/budgeting | Examples:
|
Data scientists | I need to combine existing data, as well as external or new, unexplored data sources and types to find nuggets in the data. | Data mashup, connections to data sources | Examples:
|
The overarching question that needs to be continually asked to create an effective BI strategy is:
How do I create an environment that makes information accessible and consumable to users, and facilitates a collaborative dialogue between the business and IT?
Sponsorship of BI that is outside of IT and at the highest levels of the organization is essential to the success of your BI strategy. Without it, there is a high chance that your BI program will fail. Note that it may not be an epic fail, but it is a subtle drying out in many cases.
Providing the right tools for business decision making doesn’t need to be a guessing game if the business context is laid as the project foundation and the most pressing decisions serve as starting points. And business is engaged in formulating and executing the strategy.
Start with understanding the business processes and where analytics can improve outcomes. “Think business backwards, not data forward.” (McKinsey)
Lack of Executive support
Old Technology
Lack of business support
Too many KPIs
No methodology for gathering requirements
Overly long project timeframes
Bad user experience
Lack of user adoption
Bad data
Lack of proper human resources
No upfront definition of true ROI
Mico Yuk, 2019
Make it clear to the business that IT is committed to building and supporting a BI platform that is intimately tied to enabling changing business objectives.
Document the BI program planning in Info-Tech’s
1.1.1
30-40 minutes
Compelling vision and mission statements will help guide your internal members toward your company’s target state. These will drive your business intelligence strategy.
Info-Tech Insight
Adjust your statements until you feel that you can elicit a firm understanding of both your vision and mission in three minutes or less.
Industry Drivers | Private label | Rising input prices | Retail consolidation |
---|---|---|---|
Company strategies | Win at supply chain execution | Win at customer service | Expand gross margins |
Value disciplines | Strategic cost management | Operational excellence | Customer service |
Core processes | Purchasing | Inbound logistics | Sales, service & distribution |
Enterprise management: Planning, budgeting, control, process improvement, HR | |||
BI Opportunities | Customer service analysis | Cost and financial analysis | Demand management |
Williams 2016
Arm your project sponsor with our Executive Brief for this blueprint as a quick way to convey the value of this project to potential stakeholders.
Bolster this presentation by adding use cases and metrics that are most relevant to your organization.
Identifying organizational goals and how data can support those goals is key to creating a successful BI & Analytical strategy. Rounding out the business model with technology drivers, environmental factors (as described in previous steps), and internal barriers and enablers creates a holistic view of Business Intelligence within the context of the organization as a whole.
Through business engagement and contribution, the following holistic model can be created to understand the needs of the business.
1.1.2
30-45 minutes
Industry drivers are external influencers that has an effect on a business such as economic conditions, competitor actions, trade relations, climate etc. These drivers can differ significantly by industry and even organizations within the same industry.
Environmental Factors | Organizational Goals | Business Needs | Technology Drivers | |
---|---|---|---|---|
Definition | External considerations are factors taking place outside the organization that are impacting the way business is conducted inside the organization. These are often outside the control of the business. | Organizational drivers can be thought of as business-level metrics. These are tangible benefits the business can measure, such as customer retention, operation excellence, and/or financial performance. | A requirement that specifies the behavior and the functions of a system. | Technology drivers are technological changes that have created the need for a new BI solution. Many organizations turn to technology systems to help them obtain a competitive edge. |
Examples |
|
|
|
|
1.1.3
30-45 minutes
External Considerations | Organizational Drivers | Technology Considerations | Functional Requirements |
---|---|---|---|
|
|
|
|
There are several factors that may stifle the success of a BI implementation. Scan the current environment to identify internal barriers and challenges to identify potential challenges so you can meet them head-on.
Definition | The degree of management understanding and acceptance towards BI solutions. | The collective shared values and beliefs. | The functional relationships between people and departments in an organization. | The degree to which the organization’s people and processes are prepared for a new BI solution. |
---|---|---|---|---|
Questions |
|
|
|
|
Impact |
|
|
|
|
1.1.4
30-45 minutes
Functional Gaps | Technical Gaps | Process Gaps | Barriers to Success |
---|---|---|---|
|
|
|
|
1.1.5
30-45 minutes
Business Benefits | IT Benefits | Organizational Benefits | Enablers of Success |
---|---|---|---|
|
|
|
|
The following diagram represents [Client]’s business model for BI and data. This holistic view of [Client]’s current environment serves as the basis for the generation of the business-aligned Data & Analytics Strategy.
Taking a top-down approach will ensure senior management’s involvement and support throughout the project. This ensures that the most critical decisions are supported by the right data/information, aligning the entire organization with the BI strategy. Furthermore, the gains from BI will be much more significant and visible to the rest of the organization.
Far too often, organizations taking a bottom-up approach to BI will fail to generate sufficient buy-in and awareness from senior management. Not only does a lack of senior involvement result in lower adoption from the tactical and operational levels, but more importantly, it also means that the strategic decision makers aren’t taking advantage of BI.
The value of creating a new strategy – or revamping an existing one – needs to be conveyed effectively to a high-level stakeholder, ideally a C-level executive. That executive buy-in is more likely to be acquired when effort has been made to determine the return on investment for the overall initiative.
Business Impacts |
---|
New revenue |
Cost savings |
Time to market |
Internal Benefits |
---|
Productivity gain |
Process optimization |
Investment |
---|
People – employees’ time, external resources |
Data – cost for new datasets |
Technology – cost for new technologies |
Example
One percent increase in revenue; three more employees | $225,000/yr, $150,000/yr | 50% |
1.1.6
1.5 hours
Communicating an ROI that is impactful and reasonable is essential for locking in executive-level support for any initiative. Use this activity as an initial touchpoint to bring business and IT perspectives as part of building a robust business case for developing your BI strategy.
Emphasize that ROI is not fully realized after the first implementation, but comes as the platform is built upon iteratively and in an integrated fashion to mature capabilities over time.
In an effort to keep users satisfied, many organizations rush into implementing a BI platform and generating reports for their business users. BI is, first and foremost, a presentation layer; there are several stages in the data lifecycle where the data that BI visualizes can be compromised.
Without paying the appropriate amount of attention to the underlying data architecture and application integration, even the most sophisticated BI platforms will fall short of providing business users with a holistic view of company information.
In moving away from single application-level reporting, a strategy around data integration practices and technology is necessary before the resultant data can be passed to the BI platform for additional analyses and visualization.
As business intelligence is primarily a presentation layer that allows business users to visualize data and turn information into actionable decisions, there are a number of data management practices that precede BI in the flow of data.
The data warehouse structures source data in a manner that is more operationally focused. The Reporting & Analytics Strategy must inform the warehouse strategy on data needs and building a data warehouse to meet those needs.
The data warehouse is built from different sources that must be integrated and normalized to enable Business Intelligence. The Info-Tech integration and MDM blueprints will guide with their implementation.
A major roadblock to building an effective BI solution is a lack of accurate, timely, consistent, and relevant data. Use Info-Tech’s blueprint to refine your approach to data quality management.
Data quality, poor integration/P2P integration, poor data architecture are the primary barriers to truly leveraging BI, and a lot of companies haven’t gotten better in these areas.
– Shari Lava, Associate Vice-President, IT Research and Advisory Firm
Business intelligence is heavily reliant on the ability of an organization to mesh data from different sources together and create a holistic and accurate source of truth for users.
Useful analytics cannot be conducted if your business units define key business terms differently.
Finance may label customers as those who have transactional records with the organization, but Marketing includes leads who have not yet had any transactions as customers. Neglecting to note these seemingly small discrepancies in data definition will undermine efforts to combine data assets from traditionally siloed functional units.
In the stages prior to implementing any kind of BI platform, a top priority should be establishing common definitions for key business terms (customers, products, accounts, prospects, contacts, product groups, etc.).
As a preliminary step, document different definitions for the same business terms so that business users are aware of these differences before attempting to combine data to create custom reports.
Do you have common definitions of business terms?
1.2.1 Analyze the usage levels of your current BI programs/platform
1.2.2 Perform a survey to gather user perception of your current BI environment
1.2.3 Take an inventory of your current BI artifacts
Project Manager
Data Architect(s) or Enterprise Architect
Project Team
Current State Summary of BI Landscape
1.2.1 | 1.2.2 | 1.2.3 | 1.2.4 |
---|---|---|---|
Usage Insights | Perception Insights | BI Inventory Insights | Requirements Insights |
Strategy and Roadmap Formulation
Usage data reflects the consumption patterns of end users. By reviewing usage data, you can identify aspects of your BI program that are popular and those that are underutilized. It may present some opportunities for trimming some of the underutilized content.
Info-Tech Insight
Don’t forget some of the power users. They may perform analytics by accessing datasets directly or with the help of a query tool (even straight SQL statements). Their usage information is important. The next generation BI should provide consumption options for them.
Info-Tech’s Application Portfolio Assessment allows you to create a custom survey based on your current applications, generate a custom report that will help you visualize user satisfaction levels, and pinpoint areas for improvement.
1.2.1
2 hours
This activity helps you to locate usage data in your existing environment. It also helps you to review and analyze usage data to come up with a few findings.
a. Administrator console – limited to real-time or daily usage data. You may need to track usage data over for several days to identify patterns.
b. Info-Tech’s Application Portfolio Assessment (APA).
c. Other – be creative. Some may use an IT usage monitoring system or web analytics to track time users spent on the BI portal.
By Frequency | Real Time | Daily | Weekly | Yearly |
By Presentation Format | Report | Dashboard | Alert | Scorecard |
By Delivery | Web portal | Excel | Mobile application |
1.2.1
2 hours
3. Sort your collection of BI artifacts by usage. Discuss some of the reasons why some content is popular whereas some has no usage at all.
Popular BI Artifacts – Discuss improvements, opportunities and new artifacts
Unpopular BI Artifacts – Discuss retirement, improvements, and realigning information needs
4. Summarize your findings in the Usage Insights section of the BI Strategy and Roadmap Template.
In 1.2.1, we gathered the statistics for BI usage; it’s the hard data telling who uses what. However, it does not tell you the rationale, or the why, behind the usage. Gathering user perception and having conversations with your BI consumers is the key to bridging the gap.
User Perception Survey
User Interviews
Perception can be gathered by user interviews and surveys. Conducting user interviews takes time so it is a good practice to get some primary insights via survey before doing in-depth interviews in selected areas.
– Shari Lava, Associate Vice-President, IT Research and Advisory Firm
Find a data-related problem or opportunity
Ask open-ended discovery questions about stakeholder fears, hopes, and frustrations to identify a data-related problem that is clear, contained, and fixable. This is then to be written as a problem/opportunity statement.
Next, gather information to support a problem/opportunity statement:
Info-Tech has developed a BI survey framework to help existing BI practices gather user perception via survey. The framework is built upon best practices developed by McLean & Company.
The survey takes a comprehensive approach by examining your existing BI practices through the following lenses:
Demographics | Who are the users? From which department? |
---|---|
Usage | How is the current BI being used? |
People | Web portal |
Process | How good is your BI team from a user perspective? |
Data | How good is the BI data in terms of quality and usability? |
Technology | How good are your existing BI/reporting tools? |
Textual Feedback | The sky’s the limit. Tell us your comments and ideas via open-ended questions. |
Use Info-Tech’s BI End-User Satisfaction Survey Framework to develop a comprehensive BI survey tailored to your organization.
1.2.2
2 hours
This activity helps you to plan for a BI perception survey and subsequent interviews.
Collectively, the project team and the BI consuming departments should review the presentation and discuss these items:
Misalignment
Opportunities
Inefficiencies
Trends
Need detailed interviews?
Taking an inventory of your BI artifacts allows you to understand what deliverables have been developed over the years. Inventory taking should go beyond the BI content. You may want to include additional information products such as Excel spreadsheets, reports that are coming out of an Access database, and reports that are generated from front-end applications (e.g. Salesforce).
If you are currently using a BI platform, you have some BI artifacts (reports, scorecards, dashboards) that are developed within the platform itself.
1.2.3
2+ hours
This activity helps you to inventory your BI information artifacts and other related information artifacts.
Duplicated reports/ dashboards | Similar reports/ dashboards that may be able to merge | Excel and Access reports that are using undocumented, unconventional business logics | Application reports that need to be enhanced by additional data | Classify artifacts by BI Type |
1.2.4
2+ hours
This activity helps you to inventory your BI by report type.
Duplicated reports/dashboards | Similar reports/dashboards that may be able to merge | Excel and Access reports that are using undocumented, unconventional business logics | Application reports that need to be enhanced by additional data |
1.3.1 Create requirements gathering principles
1.3.2 Gather appropriate requirements
1.3.3 Organize and consolidate the outputs of requirements gathering activities
Project Manager
Data Architect(s) or Enterprise Architect
Project Team
Business Users
The challenges in requirements management often have underlying causes; find and eliminate the root causes rather than focusing on the symptoms.
Info-Tech Insight
Requirements gathering is the number one failure point for most development or procurement projects that don’t deliver value. This has been, and continues to be, the case as most organizations still don't get requirements gathering right. Overcoming organizational cynicism can be a major obstacle to clear when it is time to optimize the requirements gathering process.
Verifiable | It is stated in a way that can be tested. |
---|---|
Unambiguous | It is free of subjective terms and can only be interpreted in one way. |
Complete | It contains all relevant information. |
Consistent | It does not conflict with other requirements. |
Achievable | It is possible to accomplish given the budgetary and technological constraints. |
Traceable | It can be tracked from inception to testing. |
Unitary | It addresses only one thing and cannot be deconstructed into multiple requirements. |
Accurate | It is based on proven facts and correct information. |
Organizations can also track a requirement owner, rationale, priority level (must have vs. nice to have), and current status (approved, tested, etc.).
Info-Tech Insight
Requirements must be solution agnostic – they should focus on the underlying need rather than the technology required to satisfy the need.
1.3.1
1 hour
Effectiveness | Face-to-face interviews are preferred over phone interviews. |
Alignment | Clarify any misalignments, even the tiniest ones. |
Validation | Rephrase requirements at the end to validate requirements. |
Ideation | Use drawings and charts to explain ideas. |
Demonstration | Make use of Joint Application Development (JAD) sessions. |
Info-Tech Insight
Turn requirements gathering principles into house rules. The house rules should be available in every single requirements gathering session and the participants should revisit them when there are disagreements, confusion, or silence.
Info-Tech suggests four requirements management approaches based on project complexity and business significance. BI projects usually require the Strategic Approach in requirements management.
Approach | Definition | Recommended Strategy |
---|---|---|
Strategic Approach | High business significance and high project complexity merits a significant investment of time and resources in requirements gathering. | Treat the requirements gathering phase as a project within a project. A large amount of time should be dedicated to elicitation, business process mapping, and solution design. |
Fundamental Approach | High business significance and low project complexity merits a heavy emphasis on the elicitation phase to ensure that the project bases are covered and business value is realized. | Look to achieve quick wins and try to survey a broad cross-section of stakeholders during elicitation and validation. The elicitation phase should be highly iterative. Do not over-complicate the analysis and validation of a straightforward project. |
Calculated Approach | Low business significance and high project complexity merits a heavy emphasis on the analysis and validation phases to ensure that the solution meets the needs of users. | Allocate a significant amount of time to business process modeling, requirements categorization, prioritization, and solution modeling. |
Elementary Approach | Low business significance and low project complexity does not merit a high amount of rigor for requirements gathering. Do not rush or skip steps, but aim to be efficient. | Focus on basic elicitation techniques (e.g. unstructured interviews, open-ended surveys) and consider capturing requirements as user stories. Focus on efficiency to prevent project delays and avoid squandering resources. |
Info-Tech has identified four effective requirements gathering modes. During the requirements gathering process, you may need to switch between the four gathering modes to establish a thorough understanding of the information needs.
BI is a continually evolving program. BI artifacts that were developed in the past may not be relevant to the business anymore due to changes in the business and information usage. Revamping your BI program entails revisiting some of the BI requirements and/or gathering new BI requirements.
Requirements | User Stories | Rapid Prototyping |
---|---|---|
Gather requirements. Most importantly, understand the business needs and wants. | Leverage user stories to organize and make sense of the requirements. | Use a prototype to confirm requirements and show the initial draft to end users. |
Pain Mode: “I can’t access and manipulate data on my own...”
Decode Mode: Dig deeper: could this hint at a self-service use case?
Dream Mode: E.g. a sandbox area where I can play around with clean, integrated, well-represented data.
Profile Mode: E.g. another marketing analyst is currently using something similar.
ExampleMary has a spreadmart that keeps track of all campaigns. Maintaining and executing that spreadmart is time consuming.
Mary is asking for a mash-up data set that she can pivot on her own…
Upon reviewing the data and the prototype, Mary decided to use a heat map and included two more data points – tenure and lifetime value.
A spectrum of Business Intelligence solutions styles are available. Use Info-Tech’s BI Styles Tool to assess which business stakeholder will be best served by which style.
Style | Description | Strategic Importance (1-5) | Popularity (1-5) | Effort (1-5) |
---|---|---|---|---|
Standards Preformatted reports | Standard, preformatted information for backward-looking analysis. | 5 | 5 | 1 |
User-defined analyses | Pre-staged information where “pick lists” enable business users to filter (select) the information they wish to analyze, such as sales for a selected region during a selected previous timeframe. | 5 | 4 | 2 |
Ad-hoc analyses | Power users write their own queries to extract self-selected pre-staged information and then use the information to perform a user-created analysis. | 5 | 4 | 3 |
Scorecards and dashboards | Predefined business performance metrics about performance variables that are important to the organization, presented in a tabular or graphical format that enables business users to see at a glance how the organization is performing. | 4 | 4 | 3 |
Multidimensional analysis (OLAP) | Multidimensional analysis (also known as on-line analytical processing): Flexible tool-based, user-defined analysis of business performance and the underlying drivers or root causes of that performance. | 4 | 3 | 3 |
Alerts | Predefined analyses of key business performance variables, comparison to a performance standard or range, and communication to designated businesspeople when performance is outside the predefined performance standard or range. | 4 | 3 | 3 |
Advanced Analytics | Application of long-established statistical and/or operations research methods to historical business information to look backward and characterize a relevant aspect of business performance, typically by using descriptive statistics. | 5 | 3 | 4 |
Predictive Analytics | Application of long-established statistical and/or operations research methods and historical business information to predict, model, or simulate future business and/or economic performance and potentially prescribe a favored course of action for the future. | 5 | 3 | 5 |
1.3.2
2-6 hours
Using the approaches discussed on previous slides, start a dialogue with business users to confirm existing requirements and develop new ones.
For existing BI artifacts – Invite existing users of those artifacts.
For new BI development – Invite stakeholders at the executive level to understand the business operation and their needs and wants. This is especially important if their department is new to BI.
The Setting | The Characters | The Venues | The Activities | The Future | |
---|---|---|---|---|---|
Example | Customers are asking for a bundle discount. | CMO and the marketing analysts want to… | …the information should be available in the portal, mobile, and Excel. | …information is then used in the bi-weekly pricing meeting to discuss… | …bundle information should contain historical data in a graphical format to help executives. |
Requirements are too broad in some situations and too detailed in others. In the previous step we developed user stories to provide context. Now you need to define requirement categories and gather detailed requirements.
Category | Subcategory | Sample Requirements |
---|---|---|
Data | Granularity | Individual transaction |
Transformation | Transform activation date to YYYY-MM format | |
Selection Criteria | Client type: consumer. Exclude SMB and business clients. US only. Recent three years | |
Fields Required | Consumer band, Region, Submarket… | |
Functionality | Filters | Filters required on the dashboard: date range filter, region filter… |
Drill Down Path | Drill down from a summary report to individual transactions | |
Analysis Required | Cross-tab, time series, pie chart | |
Visual Requirements | Mock-up | See attached drawing |
Section | The dashboard will be presented using three sections | |
Conditional Formatting | Below-average numbers are highlighted | |
Security | Mobile | The dashboard needs to be accessed from mobile devices |
Role | Regional managers will get a subset of the dashboard according to the region | |
Users | John, Mary, Tom, Bob, and Dave | |
Export | Dashboard data cannot be exported into PDF, text, or Excel formats | |
Performance | Speed | A BI artifact must be loaded in three seconds |
Latency | Two seconds response time when a filter is changed | |
Capacity | Be able to serve 50 concurrent users with the performance expected | |
Control | Governance | Govern by the corporate BI standards |
Regulations | Meet HIPPA requirements | |
Compliance | Meet ISO requirements |
Must Have | Requirements that mustbe implemented for the solution to be considered successful. |
---|---|
Should Have | Requirements that are high priority and should be included in the solution if possible. |
Could Have | Requirements that are desirable but not necessary and could be included if resources are available. |
Won't Have | Requirements that won’t be in the next release but will be considered for the future releases. |
The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994.
Prioritization is the process of ranking each requirement based on its importance to project success. Hold a separate meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure that efforts are targeted towards the proper requirements and the plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.
1.3.3
1-4 hours
Category | Subcategory |
---|---|
Data | Granularity |
Transformation | |
Selection Criteria | |
Fields Required | |
Functionality | Filters |
Drill Down Path | |
Analysis Required | |
Visual Requirements | Mock-up |
Section | |
Conditional Formatting | |
Security | Mobile |
Role | |
Users | |
Export | |
Performance | Speed |
Latency | |
Capacity | |
Control | Governance |
Regulations | |
Compliance |
Create requirement buckets and classify requirements.
As you progress through each phase, document findings and ideas as they arise. At phase end, hold a brainstorming session with the project team focused on documenting findings and ideas and substantiating them into improvement actions.
Ask yourself how BI or analytics can be used to address the gaps and explore opportunities uncovered in each phase. For example, in Phase 1, how do current BI capabilities impede the realization of the business vision?
1.3.4
1-2 hours
High Business Value, Low Effort | High Business Value, High Effort |
Low Business Value, High Effort | Low Business Value, High Effort |
Sample Phase 1 Findings | Found two business objectives that are not supported by BI/analytics |
---|---|
Some executives still think BI is reporting | |
Some confusion around operational reporting and BI | |
Data quality plays a big role in BI | |
Many executives are not sure about the BI ROI or asking for one |
Establish the business context
To begin the workshop, your project team will be taken through a series of activities to establish the overall business vision, mission, objectives, goals, and key drivers. This information will serve as the foundation for discerning how the revamped BI strategy needs to enable business users.
Create a comprehensive documentation of your current BI environment
Our analysts will take your project team through a series of activities that will facilitate an assessment of current BI usage and artifacts, and help you design an end-user interview survey to elicit context around BI usage patterns.
Establish new BI requirements
Our analysts will guide your project team through frameworks for eliciting and organizing requirements from business users, and then use those frameworks in exercises to gather some actual requirements from business stakeholders.
Practice Improvement Metrics | Data Collection and Calculation | Expected Improvement |
---|---|---|
# of groups participated in the current state assessment | The number of groups joined the current assessment using Info-Tech’s BI Practice Assessment Tool | Varies; the tool can accommodate up to five groups |
# of risks mitigated | Derive from your risk register | At least two to five risks will be identified and mitigated |
Intangible Metrics:
BI success is not based solely on the technology it runs on; technology cannot mask gaps in capabilities. You must be capable in your environment, and data management, data quality, and related data practices must be strong. Otherwise, the usefulness of the intelligence suffers. The best BI solution does not only provide a technology platform, but also addresses the elements that surround the platform. Look beyond tools and holistically assess the maturity of your BI practice with input from both the BI consumer and provider perspectives.
Understand the Business Context to Rationalize Your BI Landscape | Evaluate Your Current BI Practice | Create a BI Roadmap for Continuous Improvement |
---|---|---|
Establish the Business Context
|
Assess Your Current BI Maturity
|
Construct a BI Initiative Roadmap
|
Access Existing BI Environment
|
Envision BI Future State
|
Plan for Continuous Improvement
|
Undergo Requirements Gathering
|
Step 1: Assess Your Current BI Practice
Step 2: Envision a Future State for Your BI Practice
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 1-2 weeks
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
BI Practice Assessment Tool
BI Strategy and Roadmap Template
Review findings with an analyst:
Then complete these activities…
With these tools & templates:
BI Practice Assessment Tool
BI Strategy and Roadmap Template
2.1.1 Perform multidimensional SWOT analyses
2.1.2 Assess current BI and analytical capabilities, Document challenges, constraints, opportunities
2.1.3 Review the results of your current state assessment
Project Manager
Data Architect(s) or Enterprise Architect
Project Team
Strengths Best practices, what is working well |
Weaknesses Inefficiencies, errors, gaps, shortcomings |
Opportunities Review internal and external drivers |
Threats Market trends, disruptive forces |
While SWOT is not a new concept, you can add value to SWOT by:
Info-Tech Insight
Consider a SWOT with two formats: a private SWOT worksheet and a public SWOT session. Participants will be providing suggestions anonymously while solicited suggestions will be discussed in the public SWOT session to further the discussion.
2.1.1
1-2 hours
This activity will take your project team through a holistic SWOT analysis to gather a variety of stakeholder perception of the current BI practice.
Group 1 Provider Group E.g. The BI Team
Group 2 Consumer Group E.g. Business End Users
A way to categorize your analytics maturity to understand where you are currently and what next steps would be best to increase your BI maturity.
Buy-in and Data Culture
Determines if there is enterprise-wide buy-in for developing business intelligence and if a data-driven culture exists.
Business–IT Alignment
Examines if current BI and analytics operations are appropriately enabling the business objectives.
Governance Structure
Focuses on whether or not there is adequate governance in place to provide guidance and structure for BI activities.
Organization Structure and Talent
Pertains to how BI operations are distributed across the overall organizational structure and the capabilities of the individuals involved.
Process
Reviews analytics-related processes and policies and how they are created and enforced throughout the organization.
Data
Deals with analytical data in terms of the level of integration, data quality, and usability.
Technology
Explores the opportunities in building a fit-for-purpose analytics platform and consolidation opportunities.
Leverage a BI strategy to revamp your BI program to strive for a high analytics maturity level. In the future you should be doing more than just traditional BI. You will perform self-service BI, predictive analytics, and data science.
Ad Hoc | Developing | Defined | Managed | Trend Setting | |
---|---|---|---|---|---|
Questions | What’s wrong? | What happened? | What is happening? | What happened, is happening, and will happen? | What if? So what? |
Scope | One business problem at a time | One particular functional area | Multiple functional areas | Multiple functional areas in an integrated fashion | Internal plus internet scale data |
Toolset | Excel, Access, primitive query tools | Reporting tools or BI | BI | BI, business analytics tools | Plus predictive platforms, data science tools |
Delivery Model | IT delivers ad hoc reports | IT delivers BI reports | IT delivers BI reports and some self-service BI | Self-service BI and report creation at the business units | Plus predictive models and data science projects |
Mindset | Firefighting using data | Manage using data | Analyze using data; shared tooling | Data is an asset, shared data | Data driven |
BI Org. Structure | Data analysts in IT | BI | BI program | BI CoE | Data Innovation CoE |
Info-Tech Insight
Assessing current and target states is only the beginning. The real value comes from the interpretation and analysis of the results. Use visualizations of multiple viewpoints and discuss the results in groups to come up with the most effective ideas for your strategy and roadmap.
2.1.2
2-3 hours
Use the BI Practice Assessment Tool to establish a baseline for your current BI capabilities and maturity.
Info-Tech suggests the following groups participate in the completion of the assessment to holistically assess BI and to uncover misalignment:
Providers | Consumers | |||
---|---|---|---|---|
CIO & BI Management | BI Work Groups (developers, analysts, modelers) | Business Unit #1 | Business Unit #2 | Business Unit #3 |
Info-Tech Insight
Discuss the rationale for your answers as a group. Document the comments and observations as they may be helpful in formulating the final strategy and roadmap.
2.1.3
2-3 hours
The tool provides a brief synopsis of your current BI state. Review the details of your maturity level and see where this description fits your organization and where there may be some discrepancies. Add additional comments to your current state summary in the BI Strategy and Roadmap Document.
In addition to reviewing the attributes of your maturity level, consider the following:
2.1.3
2-3 hours
2. Tab 3 will also visualize a breakdown of your maturity by BI practice dimension. Use this graphic as a preliminary method to identify where your organization is excelling and where it may need improvement.
Better Practices
Consider: What have you done in the areas where you perform well?
Candidates for Improvement
Consider: What can you do to improve these areas? What are potential barriers to improvement?
2.2.1 Define guiding principles for the future state
2.2.2 Define the target state of your BI practice
2.2.3 Confirm requirements for BI Styles by management group
2.2.4 Analyze gaps in your BI practice and generate improvement activities and objectives
2.2.5 Define the critical success factors for future BI
2.2.6 Identify potential risks for your future state and create a mitigation plan
Project Manager
Data Architect(s) or Enterprise Architect
Project Team
Envisioning a BI future state is essentially architecting the future for your BI program. It is very similar to enterprise architecture (EA). Guiding principles are widely used in enterprise architecture. This best practice should also be used in BI envisioning.
2.2.1
1-2 hours
Guiding principles are broad statements that are fundamental to how your organization will go about its activities. Use this as an opportunity to gather relevant stakeholders and solidify how your BI practice should perform moving forward.
Awareness | Buy-in | Business-IT Alignment | Governance | Org. Structure; People | Process; Policies; Standards | Data | Technology |
At the end of the day, BI makes data and information available to the business communities. It has to be fit for purpose and relevant to the business. Prototypes are an effective way to ensure relevant deliverables are provided to the necessary users. Prototyping makes your future state a lot closer and a lot more business friendly.
Document essential findings in Info-Tech’s BI Strategy and Roadmap Template.
Info-Tech Insight
Assessing current and target states is only the beginning. The real value comes from the interpretation and analyses of the results. Use visualizations of multiple viewpoints and discuss the results in groups to come up with the most effective ideas for your strategy and roadmap.
2.2.2
2 hours
This exercise takes your team through establishing the future maturity of your BI practice across several dimensions.
The business and IT groups should get together separately and determine the target state maturity of each of the BI practice components:
2.2.2
2 hours
2. The target state levels from the two groups will be averaged in the column “Target State Level.” The assessment tool will automatically calculate the gaps between future state value and the current state maturity determined in Step 2.1. Significant gaps in practice maturity will be highlighted in red; smaller or non-existent gaps will appear green.
2.2.3
1-2 hours
The information needs for each executive is unique to their requirements and management style. During this exercise you will determine the reporting and analytical needs for an executive in regards to content, presentation and cadence and then select the BI style that suite them best.
Having completed both current and target state assessments, the BI Practice Assessment Tool allows you to compare the results from multiple angles.
At a higher level, you can look at your maturity level:
At a detailed level, you can drill down to the dimensional level and item level.
At a detailed level, you can drill down to the dimensional level and item level.
2.2.4
2 hours
This interpretation exercise helps you to make sense of the BI practice assessment results to provide valuable inputs for subsequent strategy and roadmap formulation.
Begin this exercise by reviewing the heat map and identifying:
Consider: Is the target state feasible and achievable? What are ways we can improve incrementally in this area? What is the priority for addressing this gap?
Consider: Can we learn from those areas? Are we setting the bar too low for our capabilities?
2.2.4
2 hours
2. Discuss the differences in the current and target state maturity level descriptions. Questions to ask include:
2.2.4
2 hours
3. Have the same group members reconvene and discuss the recommendations at the BI practice dimension level on Tab 5. of the BI Practice Assessment Tool. These recommendations can be used as improvement actions or translated into objectives for building your BI capabilities.
The heat map displayed the largest gap between target state and current state in the technology dimension. The detailed drill-down chart will further illustrate which aspect(s) of the technology dimension is/are showing the most room for improvement in order to better direct your objective and initiative creation.
Critical success factors (CSFs) are the essential factors or elements required for ensuring the success of your BI program. They are used to inform organizations with things they should focus on to be successful.
…a data culture is essential to the success of analytics. Being involved in a lot of Bay Area start-ups has shown me that those entrepreneurs that are born with the data DNA, adopt the data culture and BI naturally. Other companies should learn from these start-ups and grow the data culture to ensure BI adoption.
– Cameran Hetrick, Senior Director of Data Science & Analytics, thredUP
2.2.5
2 hours
Create critical success factors that are important to both BI providers and BI consumers.
BI Provider (aka IT) | BI Consumer (aka Business) |
What needs to be put in place to ensure that this objective is achieved?
The answer to the question is your candidate CSF. Write CSFs on sticky notes and stick them by the relevant objective.
As you evaluate candidate CSFs, you may uncover new objectives for achieving your future state BI.
A risk matrix is a useful tool that allows you to track risks on two dimensions: probability and impact. Use this matrix to help organize and prioritize risk, as well as develop mitigation strategies and contingency plans appropriately.
Info-Tech Insight
Tackling risk mitigation is essentially purchasing insurance. You cannot insure everything – focus your investments on mitigating risks with a reasonably high impact and high probability.
These are some of the most common BI risks based on Info-Tech’s research:
Low Impact | Medium Impact | High Impact | |
---|---|---|---|
High Probability |
|
|
|
Medium Probability |
|
|
|
Low Probability |
|
2.2.6
1 hour
As part of developing your improvement actions, use this activity to brainstorm some high-level plans for mitigating risks associated with those actions.
Example:
Users find the BI tool interface too confusing.
A. Reducing its probability
B. Reducing its impact
C. Reducing both
Option A: Brainstorm ways to reduce risk probability
E.g. The probability of the above risk may be reduced by user training. With training, the probability of confused end users will be reduced.
Option B: Brainstorm ways to reduce risk impact
E.g. The impact can be reduced by ensuring having two end users validate each other’s reports before making a major decision.
As you progress through each phase, document findings and ideas as they arise. By phase end, hold a brainstorming session with the project team focused on documenting findings and ideas and substantiating them into improvement actions.
Ask yourself how BI or analytics can be used to address the gaps and explore opportunities uncovered in each phase. For example, in Phase 1, how do current BI capabilities impede the realization of the business vision?
2.2.7
1-2 hours
High Business Value, Low Effort | High Business Value, High Effort |
Low Business Value, High Effort | Low Business Value, High Effort |
Sample Phase 2 Findings | Found a gap between the business expectation and the existing BI content they are getting. |
---|---|
Our current maturity level is “Level 2 – Operational.” Almost everyone thinks we should be at least “Level 3 – Tactical” with some level 4 elements. | |
Found an error in a sales report. A quick fix is identified. | |
The current BI program is not able to keep up with the demand. |
2.1.1
Determine your current BI maturity level
The analyst will take your project team through Info-Tech’s BI Practice Assessment Tool, which collects perspectives from BI consumer and provider groups on multiple facets of your BI practice in order to establish a current maturity level.
2.2.1
Define guiding principles for your target BI state
Using enterprise architecture principles as a starting point, our analyst will facilitate exercises to help your team establish high-level standards for your future BI practice.
2.2.2-2.2.3
Establish your desired BI patterns and matching functionalities
In developing your BI practice, your project team will have to decide what BI-specific capabilities are most important to your organization. Our analyst will take your team through several BI patterns that Info-Tech has identified and discuss how to bridge the gap between these patterns, linking them to specific functional requirements in a BI solution.
2.2.4-2.2.5
Analyze the gaps in your BI practice capabilities
Our analyst will guide your project team through a number of visualizations and explanations produced by our assessment tool in order to pinpoint the problem areas and generate improvement ideas.
The benefit of creating a comprehensive and actionable roadmap is twofold: not only does it keep BI providers accountable and focused on creating incremental improvement, but a roadmap helps to build momentum around the overall project, provides a continuous delivery of success stories, and garners grassroots-level support throughout the organization for BI as a key strategic imperative.
Understand the Business Context to Rationalize Your BI Landscape | Evaluate Your Current BI Practice | Create a BI Roadmap for Continuous Improvement |
---|---|---|
Establish the Business Context
| Assess Your Current BI Maturity
| Construct a BI Initiative Roadmap
|
Access Existing BI Environment
| Envision BI Future State
| Plan for Continuous Improvement
|
Undergo Requirements Gathering
|
Step 1: Establish Your BI Initiative Roadmap
Step 2: Identify Opportunities to Enhance Your BI Practice
Step 3: Create Analytics Strategy
Step 4: Define CSF and metrics to monitor success of BI and analytics
Practice Improvement Metrics | Data Collection and Calculation | Expected Improvement | |
Program Level Metrics | Efficiency
|
|
|
|
|
|
|
Comprehensiveness
|
|
|
Learn more about the CIO Business Vision program.
Tap into the results of Info-Tech’s CIO Business Vision diagnostic to monitor the changes in business-user satisfaction as you implement the initiatives in your BI improvement roadmap.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that helps you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 1-2 weeks
Step 3.1: Construct a BI Improvement Initiative Roadmap
Start with an analyst kick off call:
Then complete these activities…
With these tools & templates:
BI Initiatives and Roadmap Tool
BI Strategy and Roadmap Template
Step 3.2: Continuous Improvement Opportunities for BI
Review findings with analyst:
Then complete these activities…
With these tools & templates:
BI Strategy and Roadmap Executive Presentation Template
3.1.1 Characterize individual improvement objectives and activities ideated in previous phases.
3.1.2 Synthesize and detail overall BI improvement initiatives.
3.1.3 Create a plan of action by placing initiatives on a roadmap.
Project Manager
Project Team
When developing initiatives, all components of the initiative need to be considered, from its objectives and goals to its benefits, risks, costs, effort required, and relevant stakeholders.
Determining the dependencies that exist between objectives will enable the creation of unique initiatives with associated to-do items or tasks.
BI Initiatives and Roadmap Tool
Use the BI Initiatives and Roadmap Tool to develop comprehensive improvement initiatives and add them to a BI strategy improvement roadmap.
Tab 1. Instructions | Use this tab to get an understanding as to how the tool works. |
Tab 2. Inputs | Use this tab to customize the inputs used in the tool. |
Tab 3. Activities Repository | Use this tab to list and prioritize activities, to determine dependencies between them, and build comprehensive initiatives with them. |
Tab 4. Improvement Initiatives | Use this tab to develop detailed improvement initiatives that will form the basis of the roadmap. Map these initiatives to activities from Tab 3. |
Tab 5. Improvement Roadmap | Use this tab to create your BI strategy improvement roadmap, assigning timelines and accountability to initiatives and tasks, and to monitor your project performance over time. |
3.1.1
3.1.1
2 hours
Screenshot of Tab 3. BI Activities Repository, with samples improvement activities, dependencies, statuses, and priorities
Revisit the outputs of your current state assessment and note which activities have already been completed in the “Status” column, to avoid duplication of your efforts.
When classifying the status of items in your activity repository, distinguish between broader activities (potential initiatives) and granular activities (tasks).
3.1.2
1.5 hours
Screenshot of the Improvement Initiative template, to be used for developing comprehensive initiatives
The image is a screenshot of the Improvement Initiative template, to be used for developing comprehensive initiatives.">
Building a comprehensive BI program will be a gradual process involving a variety of stakeholders. Different initiatives in your roadmap will either be completed sequentially or in parallel to one another, given dependencies and available resources. The improvement roadmap should capture and represent this information.
To determine the order in which main initiatives should be completed, exercises such as a value–effort map can be very useful.
Initiatives that are high value–low effort are found in the upper left quadrant and are bolded; These may be your four primary initiatives. In addition, initiative five is valuable to the business and critical to the project’s success, so it too is a priority despite requiring high effort. Note that you need to consider dependencies to prioritize these key initiatives.
This exercise is best performed using a white board and sticky notes, and axes can be customized to fit your needs (E.g. cost, risk, time, etc.).
3.1.3
45 minutes
The BI Strategy Improvement Roadmap (Tab 5 of the BI Initiatives and Roadmap Tool) has been populated with your primary initiatives and related tasks. Read the instructions provided at the top of Tab 5.
Use a proprietary presentation template
Develop your proprietary presentation template with:
Following the approval of your roadmap, begin to plan the implementation of your first initiatives.
Info-Tech Insight
At this point, it is likely that you already have the support to implement a data quality improvement roadmap. This meeting is about the specifics and the ROI.
Maximize support by articulating the value of the data quality improvement strategy for the organization’s greater information management capabilities. Emphasize the business requirements and objectives that will be enhanced as a result of tackling the recommended initiatives, and note any additional ramifications of not doing so.
Use the BI Strategy and Roadmap Executive Presentation Template to present your most important findings and brilliant ideas to the business executives and ensure your BI program is endorsed. Business executives can also learn about how the BI strategy empowers them and how they can help in the BI journey.
3.2.1 Construct a concrete policy to integrate Excel use with your new BI strategy.
3.2.2 Map out the foundation for a BI Ambassador network.
Project Manager
Project Team
Additional Business Users
3.2.1
4 hours
Construct a policy around Excel use to ensure that Excel documents are created and shared in a manner that does not compromise the integrity of your overall BI program.
Category | To Do: | Policy Context |
---|---|---|
Allowed | Discuss what makes these use cases ideal for BI. | Document use cases, scenarios, examples, and reasons that allow Excel as an information artifact. |
Not Allowed | Discuss why these cases should be avoided. | Document forbidden use cases, scenarios, examples, and reasons that use Excel to generate information artifacts. |
Not Sure | Discuss the confusions; clarify the gray area. | Document clarifications and advise how end users can get help in those “gray area” cases. |
BI ambassadors are influential individuals in the organization that may be proficient at using BI tools but are passionate about analytics. The network of ambassadors will be IT’s eyes, ears, and even mouth on the frontline with users. Ambassadors will promote BI, communicate any messages IT may have, and keep tabs on user satisfaction.
You need to motivate ambassadors to take on this additional responsibility. Make sure the BI ambassadors are recognized in their business units when they go above and beyond in promoting BI.
Reward Approach | Reward Type | Description |
---|---|---|
Privileges | High Priority Requests | Given their high usage and high visibility, ambassadors’ BI information requests should be given a higher priority. |
First Look at New BI Development | Share the latest BI updates with ambassadors before introducing them to the organization. Ambassadors may even be excited to test out new functionality. | |
Recognition | Featured in Communications | BI ambassadors’ use cases and testimonials can be featured in BI communications. Be sure to create a formal announcement introducing the ambassadors to the organization. |
BI Ambassador Certificate | A certificate is a formal way to recognize their efforts. They can also publicly display the certificate in their workspace. | |
Rewards | Appointed by Senior Executives | Have the initial request to be a BI ambassador come from a senior executive to flatter the ambassador and position the role as a reward or an opportunity for success. |
BI Ambassador Awards | Award an outstanding BI ambassador for the year. The award should be given by the CEO in a major corporate event. |
3.2.2
2 hours
Identify individuals within your organization to act as ambassadors for BI and a bridge between IT and business users.
A next generation BI not only provides a platform that mirrors business requirements, but also creates a flexible environment that empowers business users to explore data assets without having to go back and forth with IT to complete queries.
Business users are generally not interested in the underlying architecture or the exact data lineages; they want access to the data that matters most for decision-making purposes.
It comes in the form of structural metadata (information about the spaces that contain data) and descriptive metadata (information pertaining to the data elements themselves), in order to answer questions such as:
By creating effective metadata, business users are able to make connections between and bring together data sources from multiple areas, creating the opportunity for holistic insight generation.
Like BI, metadata lies in the Information Dimension layer of our data management framework.
The metadata needs to be understood before building anything. You need to identify fundamentals of the data, who owns not only that data, but also its metadata. You need to understand where the consolidation is happening and who owns it. Metadata is the core driver and cost saver for building warehouses and requirements gathering.
– Albert Hui, Principal, Data Economist
In order to maximize your ROI on business intelligence, it needs to be treated less like a one-time endeavor and more like a practice to be continually improved upon.
Though the BI strategy provides the overall direction, the BI operating model – which encompasses organization structure, processes, people, and application functionality – is the primary determinant of efficacy with respect to information delivery. The alterations made to the operating model occur in the short term to improve the final deliverables for business users.
An optimal BI operating model satisfies three core requirements:
Timeliness
Effectiveness
Bring tangible benefits of your revamped BI strategy to business users by critically assessing how your organization delivers business intelligence and identifying opportunities for increased operational efficiency.
Assess and Optimize BI Operations
Focus on delivering timely, quality, and affordable information to enable fast and effective business decisions
Organizations new to business intelligence or with immature BI capabilities are under the impression that simply getting the latest-and-greatest tool will provide the insights business users are looking for.
BI technology can only be as effective as the processes surrounding it and the people leveraging it. Organizations need to take the time to select and implement a BI suite that aligns with business goals and fosters end-user adoption.
As an increasing number of companies turn to business intelligence technology, vendors are responding by providing BI and analytics platforms with more and more features.
Our vendor landscape will simplify the process of selecting a BI and analytics solution by:
Differentiating between the platforms and features vendors are offering.
Detailing a robust framework for requirements gathering to pinpoint your organization’s needs.
Developing a high-level plan for implementation.
Select and Implement a Business Intelligence and Analytics Solution
Find the diamond in your data-rough using the right BI & Analytics solution
3.1.1-3.1.3
Construct a BI improvement initiative roadmap
During these activities, your team will consolidate the list of BI initiatives generated from the assessments conducted in previous phases, assign timelines to each action, prioritize them using a value–effort matrix, and finally produce a roadmap for implementing your organization’s BI improvement strategy.
3.2
Identify continuous improvement opportunities for BI
Our analyst team will work with your organization to ideate supplementary programs to support your BI strategy. Defining Excel use cases that are permitted and prohibited in conjunction with your BI strategy, as well as structuring an internal BI ambassador network, are a few extra initiatives that can enhance your BI improvement plans.
A BI program is not a static project that is created once and remains unchanged. Your strategy must be treated as a living platform to be revisited and revitalized in order to provide effective enablement of business decision making. Develop a BI strategy that propels your organization by building it on business goals and objectives, as well as comprehensive assessments that quantitatively and qualitatively evaluate your current BI capabilities.
The closer you align your new BI platform to real business interests, the stronger will be the buy-in, realized value, and groundswell of enthusiastic adoption. Ultimately, getting this phase right sets the stage to best realize a strong ROI for your investment in the people, processes, and technology that will be your next generation BI platform.
BI success is not based solely on the technology it runs on; technology cannot mask gaps in capabilities. You must be capable in your environment – data management, data quality, and related data practices must be strong, otherwise the usefulness of the intelligence suffers. The best BI solution does not only provide a technology platform, but also addresses the elements that surround the platform. Look beyond tools and holistically assess the maturity of your BI practice with input from both the BI consumer and provider perspectives.
Style | Description | Strategic Importance (1-5) | Popularity (1-5) | Effort (1-5) |
---|---|---|---|---|
Standards Preformatted reports | Standard, preformatted information for backward-looking analysis. | 5 | 5 | 1 |
User-defined analyses | Pre-staged information where “pick lists” enable business users to filter (select) the information they wish to analyze, such as sales for a selected region during a selected previous timeframe. | 5 | 4 | 2 |
Ad-hoc analyses | Power users write their own queries to extract self-selected pre-staged information and then use the information to perform a user-created analysis. | 5 | 4 | 3 |
Scorecards and dashboards | Predefined business performance metrics about performance variables that are important to the organization, presented in a tabular or graphical format that enables business users to see at a glance how the organization is performing. | 4 | 4 | 3 |
Multidimensional analysis (OLAP) | Multidimensional analysis (also known as On-line analytical processing): Flexible tool-based user-defined analysis of business performance and the underlying drivers or root causes of that performance. | 4 | 3 | 3 |
Alerts | Predefined analyses of key business performance variables, comparison to a performance standard or range, and communication to designated businesspeople when performance is outside the predefined performance standard or range. | 4 | 3 | 3 |
Advanced Analytics | Application of long-established statistical and/or operations research methods to historical business information to look backward and characterize a relevant aspect of business performance, typically by using descriptive statistics | 5 | 3 | 4 |
Predictive Analytics | Application of long-established statistical and/or operations research methods to historical business information to predict, model, or simulate future business and/or economic performance and potentially prescribe a favored course of action for the future | 5 | 3 | 5 |
A comprehensive BI strategy needs to be developed under the umbrella of an overall IT strategy. Specifically, creating a BI strategy is contributing to helping IT mature from a firefighter to a strategic partner that has close ties with business units.
1. Determine mandate and scope | 2. Assess drivers and constraints | 3. Evaluate current state of IT | 4. Develop a target state vision | 5. Analyze gaps and define initiatives | 6. Build a roadmap | 8. Revamp | 7. Execute |
---|---|---|---|---|---|---|---|
Mandate | Business drivers | Holistic assessments | Vision and mission | Initiatives | Business-driven priorities | ||
Scope | External drivers | Focus-area specific assessments | Guiding principles | Risks | |||
Project charter | Opportunities to innovate | Target state vision | Execution schedule | ||||
Implications | Objectives and measures |
This BI strategy blueprint is rooted in our road-tested and proven IT strategy framework as a systematic method of tackling strategy development.
Albert Hui is a cofounder of Data Economist, a data-consulting firm based in Toronto, Canada. His current assignment is to redesign Scotiabank’s Asset Liability Management for its Basel III liquidity compliance using Big Data technology. Passionate about technology and problem solving, Albert is an entrepreneur and result-oriented IT technology leader with 18 years of experience in consulting and software industry. His area of focus is on data management, specializing in Big Data, business intelligence, and data warehousing. Beside his day job, he also contributes to the IT community by writing blogs and whitepapers, book editing, and speaking at technology conferences. His recent research and speaking engagement is on machine learning on Big Data.
Albert holds an MBA from the University of Toronto and a master’s degree in Industrial Engineering. He has twin boys and enjoys camping and cycling with them in his spare time.
Cameran is the Senior Director of Analytics and Data Science at thredUP, a startup inspiring a new generation to think second hand first. There she helps drives top line growth through advanced and predictive analytics. Previously, she served as the Director of Data Science at VMware where she built and led the data team for End User Computing. Before moving to the tech industry, she spent five years at The Disneyland Resort setting ticket and hotel prices and building models to forecast attendance. Cameran holds an undergraduate degree in Economics/Mathematics from UC Santa Barbara and graduated with honors from UC Irvine's MBA program.
Bange, Carsten and Wayne Eckerson. “BI and Data Management in the Cloud: Issues and Trends.” BARC and Eckerson Group, January 2017. Web.
Business Intelligence: The Strategy Imperative for CIOs. Tech. Information Builders. 2007. Web. 1 Dec. 2015.
COBIT 5: Enabling Information. Rolling Meadows, IL: ISACA, 2013. Web.
Dag, Naslund, Emma Sikander, and Sofia Oberg. "Business Intelligence - a Maturity Model Covering Common Challenges." Lund University Publications. Lund University, 2014. Web. 23 Oct. 2015.
“DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK Guide).” First Edition. DAMA International. 2009. Digital. April 2014.
Davenport, Thomas H. and Bean, Randy. “Big Data and AI Executive Survey 2019.” NewVantage Partners LLC. 2019. Web.
"Debunking the Business of Analytics." Experian Data Quality. Sept. 2013. Web.
Drouin, Sue. "Value Chain." SAP Analytics. February 27, 2015.
Farrar, David. “BI & Data analytics workshop feedback.” Ricoh Canada. Sept. 2019.
Fletcher, Heather. "New England Patriots Use Analytics & Trigger Emails to Retain Season Ticket Holders." Target Marketing. 1 Dec. 2011. Web.
Gonçalves, Alex. "Social Media Analytics Strategy - Using Data to Optimize Business Performance.” Apress. 2017.
Imhoff, Claudia, and Colin White. "Self Service Business Intelligence: Empowering Users to Generate Insights." SAS Resource Page. The Data Warehouse Institute, 2011. Web.
Khamassi, Ahmed. "Building An Analytical Roadmap : A Real Life Example." Wipro. 2014.
Kuntz, Jerry, Pierre Haren, and Rebecca Shockley. IBM Insight 2015 Teleconference Series. Proc. of Analytics: The Upside of Disruption. IBM Institute for Business Value, 19 Oct. 2015. Web.
Kwan, Anne , Maximillian Schroeck, Jon Kawamura. “Architecting and operating model, A platform for accelerating digital transformation.” Part of a Deliotte Series on Digital Industrial Transformation, 2019. Web.
Lebied, Mona. "11 Steps on Your BI Roadmap To Implement A Successful Business Intelligence Strategy." Business Intelligence. July 20, 2018. Web.
Light, Rob. “Make Business Intelligence a Necessity: How to Drive User Adoption.” Sisense Blog. 30 July 2018.
Mazenko, Elizabeth. “Avoid the Pitfalls: 3 Reasons 80% of BI Projects Fail.” BetterBuys. October 2015.
Marr, Bernard. "Why Every Business Needs A Data And Analytics Strategy.” Bernard Marr & Co. 2019.
Mohr, Niko and Hürtgen, Holger. “Achieving Business Impact with Data.” McKinsey. April 2018.
MIT Sloan Management
Quinn, Kevin R. "Worst Practices in Business Intelligence: Why BI Applications Succeed Where BI Tools Fail." (2007): 1-19. BeyeNetwork. Information Builders, 2007. Web. 1 Dec. 2015.
Ringdal, Kristen. "Learning multilevel Analysis." European social Survey. 2019.
Schaefer, Dave, Ajay Chandramouly, Burt Carmak, and Kireeti Kesavamurthy. "Delivering Self-Service BI, Data Visualization, and Big Data Analytics." IT@Intel White Paper (2013): 1-11. June 2013. Web. 30 Nov. 2015.
Schultz, Yogi. “About.” Corvelle Consulting. 2019.
"The Current State of Analytics: Where Do We Go From Here?" SAS Resource Page. SAS & Bloomberg Businessweek, 2011. Web.
"The Four Steps to Defining a Customer Analytics Strategy." CCG Analytics Solutions & Services. Nov 10,2017.
Traore, Moulaye. "Without a strategic plan, your analytics initiatives are risky." Advisor. March 12, 2018. web.
Wells, Dave. "Ten Mistakes to Avoid When Gathering BI Requirements." Engineering for Industry. The Data Warehouse Institute, 2008. Web.
“What is a Business Intelligence Strategy and do you need one?” Hydra. Sept 2019. Web.
Williams, Steve. “Business Intelligence Strategy and Big Data Analytics.” Morgan Kaufman. 2016.
Wolpe, Toby. "Case Study: How One Firm Used BI Analytics to Track Staff Performance | ZDNet." ZDNet. 3 May 2013. Web.
Yuk, Mico. “11 Reasons Why Most Business Intelligence Projects Fail.” Innovative enterprise Channels. May 2019.
Having shifted operations almost overnight to a remote work environment, and with the crisis management phase of the COVID-19 pandemic winding down, IT leaders and organizations are faced with the following issues:
An organization’s shift back toward the pre-pandemic state cannot be carried out in isolation. Things have changed. Budgets, resource availability, priorities, etc., will not be the same as they were in early March. Organizations must ensure that all departments work collaboratively to support office repatriation. IT must quickly identify the must-dos to allow safe return to the office, while prioritizing tasks relating to the repopulation of employees, technical assets, and operational workloads via an informed and streamlined roadmap.
As employees return to the office, PMO and portfolio leaders must sift through unclear requirements and come up with a game plan to resume project activities mid-pandemic. You need to develop an approach, and fast.
Responsibly resume IT operations in the office:
Quickly restart the engine of your PPM:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify the new risk landscape and risk tolerance for your organization post-pandemic. Determine how this may impact the second wave of pandemic transition tasks.
Prepare to return your employees to the office. Ensure that IT takes into account the health and safety of employees, while creating an efficient and sustainable working environment
Prepare the organization's assets for return to the office. Ensure that IT takes into account the off-license purchases and new additions to the hardware family that took place during the pandemic response and facilitates a secure reintegration to the workplace.
Prepare and position IT to support workloads in order to streamline office reintegration. This may include leveraging pre-existing solutions in different ways and providing additional workstreams to support employee processes.
Once you've identified IT's supporting tasks, it's time to prioritize. This phase walks through the activity of prioritizing based on cost/effort, alignment to business, and security risk reduction weightings. The result is an operational action plan for resuming office life.
Restarting the engine of the project portfolio mid-pandemic won’t be as simple as turning a key and hitting the gas. Use this concise research to find the right path forward for your organization.
There is no “one size fits all.” Applying a rigid approach to rationalization with inflexible inputs can delay or prevent you from realizing value. Play to your strengths and build a framework that aligns to your goals and limitations.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define the motivations, goals, and scope of your rationalization effort. Build the action plan and engagement tactics to roll out the rationalization activities.
Understand the core assessments performed in application rationalizations. Define your application rationalization framework and degree of rigor in applying these assessments based on your goals and limitations.
Test your application rationalization framework using Info-Tech’s tool set on your first iteration. Perform a retrospective and adapt your framework based on that experience and outcomes.
Review, determine, and prioritize your dispositions to ensure they align to your goals. Initiate an application portfolio roadmap to showcase your rationalization decisions to key stakeholders.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Define the goals, scope, roles, and responsibilities of your rationalization effort.
Defined motivations, long and short-term goals, and metrics for your rationalization effort.
Definition of application.
Defined roles and responsibilities for your rationalization effort.
1.1 Define motivations and goals for rationalization.
1.2 Define “application.”
1.3 Identify team and responsivities.
1.4 Adapt target dispositions.
1.5 Initiate Application Rationalization Framework (ARF).
Goals, motivations, and metrics for rationalizations
Definition of “Application”
Defined dispositions
Defined core APM team and handoffs
Review and adapt Info-Tech’s methodology and toolset.
Assess business value of applications.
Tailored application rationalization framework
Defined business value drivers
Business value scores for applications
2.1 Review Application Rationalization Tool.
2.2 Review focused apps, capabilities, and areas of functionality overlap.
2.3 Define business value drivers.
2.4 Determine the value score of focused apps.
Application Rationalization Tool
List of functional overlaps
Weighed business value drivers
Value scores for focused application
Value Calculator
Continue to review and adapt Info-Tech’s methodology and toolset.
Tailored application rationalization framework
TCO values for applications
Technical health review of applications
Recommended dispositions for applications
3.1 Determine TCO for focused apps.
3.2 Determine technical health of focused apps.
3.3 Review APA.
3.4 Review recommended dispositions.
3.5 Perform retrospective of assessments and adapt ARF.
TCO of focused applications
TCO Calculator
Technical health of focused apps
Defined rationalization criteria
Recommended disposition for focused apps
Review and perform high-level prioritization of dispositions.
Build a roadmap for dispositions.
Determine ongoing rationalization and application portfolio management activities.
Application Portfolio Roadmap
Prioritized Dispositions
4.1 Determine dispositions.
4.2 Prioritize dispositions.
4.3 Initiate portfolio roadmap.
4.4 Build an action plan for next iterations and ongoing activities.
4.5 Finalize ARF.
Disposition Prioritization Tool
Application portfolio roadmap
Action plan for next iterations and ongoing activities
"You're not rationalizing for the sake of IT, you’re rationalizing your apps to create better outcomes for the business and your customers. Consider what’s in it for delivery, operations, the business, and the customer." – Cole Cioran, Senior Director – Research, Application Delivery and Management
Applying a rigid approach with inflexible inputs can delay or prevent you from realizing value. Play to your strengths and build a framework that aligns to your goals and limitations.
Of the 11 vendor capabilities asked about by Info-Tech’s SoftwareReviews, “business value created” has the second highest relationship with overall software satisfaction.
Larger approaches take longer and are more likely to fail. Identify the applications that best address your strategic objectives, then: rationalize, learn, repeat.
This phase is intended to establish the fundamentals in launching either a rationalization initiative or ongoing practice.
Here we define goals, scope, and the involvement of various roles from both IT and the business.
This phase is intended to review a high-level approach to rationalization and determine which analyses are necessary and their appropriate level of depth.
Here we produce an initial ARF and discuss any gaps in terms of the availability of necessary data points and additional collection methods that will need to be applied.
This phase is intended to put the ARF into action and adapt as necessary to ensure success in your organization.
If appropriate, here we apply Info-Tech’s ARF and toolset and test it against a set of applications to determine how best to adapt these materials for your needs.
This phase is intended to capture results of rationalization and solidify your rationalization initiative or ongoing practice.
Here we aim to inject your dispositions into an application portfolio roadmap and ensure ongoing governance of APM activities.
Portfolios are viewed as only supportive in nature. There is no strategy or process to evaluate application portfolios effectively. As a result, organizations build a roadmap with a lack of understanding of their portfolio.
72% of organizations do not have an excellent understanding of the application portfolio (Capgemini).
Applications fail to meet their intended function, resulting in duplication, a waste of resources, and a decrease in ROI. This makes it harder for IT to justify to the business the reasons to complete a roadmap.
48% of organizations believe that there are more applications than the business requires (Capgemini).
The application portfolio is complex and pervasive and requires constant support from IT. This makes it increasingly difficult for IT to adopt or develop new strategies since its immediate goal will always be to fix what already exists. This causes large delays and breaks in the timeline to complete a roadmap.
68% of IT directors have wasted time and money because they did not have better visibility of application roadmaps (ComputerWeekly).
An application portfolio roadmap provides a visual representation of your application portfolio, is used to plan out the portfolio’s strategy over a given time frame, and assists management in key decisions. But…
A roadmap is meaningless if you haven’t done any analysis to understand the multiple perspectives on your applications.
Your application rationalization effort increases the maturity of your roadmap efforts by increasing value to the business. Go beyond the discover phase – leverage application rationalization insights to reach the improve and transform phases.
79% of organizations with high application suite satisfaction believe that IT offers the organization a competitive edge over others in the industry. (Info-Tech Research Group, N=230)
Companies with an effective portfolio are twice as likely to report high-quality applications, four times as likely to report high proficiency in legacy apps management, and six times as likely to report strong business alignment.
Projecting the ROI of application rationalization is difficult and dangerous when used as the only marker for success.
However, rationalization, when done effectively, will help drop operational or maintenance costs of your applications as well as provide many more opportunities to add value to the business.
Rationalization fails without appropriately detailed, accurate, and up-to-date information. You need to identify what information is available and assemble the teams to collect and analyze it.
Rationalization fails when you lack a clear list of strategic and collaborative priorities; priorities need to be both IT and non-IT related to align with the business objectives and provide value.
Adhering to a rigid rationalization process can be complex and costly. Play to your strengths and build an ARF based on your goals and limitations.
Misaligned portfolio roadmaps are known to lead teams and projects into failure!
Building an up-to-date portfolio roadmap that aligns business objectives to IT objectives will increase approval and help the business see the long-term value of roadmapping.
Broad or unclear definitions of “application” can complicate the scope of rationalization. Take the time to define an application and come to a common understanding of the systems which will be the focus of your rationalization effort.
Bundling systems under common banner or taking a product view of your applications and components can be an effective way to ensure you include your full collection of systems, without having to perform too many individual assessments.
Single... | Capability enabled by... | Whole... | |
---|---|---|---|
Digital Product + Service | Digital Platform | Platform Portfolio | Customer Facing |
Product (one or more apps) | Product Family | Product Portfolio |
↕ |
Application | Application Architecture | Application Portfolio | Internal |
However you organize your tech stack, Info-Tech’s application rationalization framework can be applied.
There are many lenses to view your applications. Rationalize your applications using all perspectives to assess your portfolio and determine the most beneficial course of action.
How well does the entire portfolio align to your business capabilities?
Are there overlaps or redundancies in your application features?
Covered in Discover Your Applications.
Is the application producing sufficient business value?
Does it impact profitability, enable capabilities, or add any critical factor that fulfills the mission and vision?
What is the overall cost of the application?
What is the projected cost as your organization grows? What is the cost to maintain the application?
How does the end user perceive the application?
What is the user experience?
Do the features adequately support the intended functions?
Is the application important or does it have high utilization?
What is the state of the backend of the application?
Has the application maintained sufficient code quality? Is the application reliable? How does it fit into your application architecture?
Ideally, the richer the data the better the results, but the reality is in-depth analysis is challenging and you’ll need to play to your strengths to be successful.
Light-Weight Assessment |
App to capability alignment. Determine overlaps. |
Subjective 1-10 scale |
Subjective T-shirt size (high, med., low) |
End-user surveys |
Performance temperature check |
---|---|---|---|---|---|
Thorough Analysis |
App to process alignment. Determine redundancies. |
Apply a value measurement framework. |
Projected TCO with traceability to ALM & financial records. |
Custom build interviews with multiple end users |
Tool and metric-based analysis |
There is no one-size-fits all rationalization. The primary goal of this blueprint is to help you determine the appropriate level of analysis given your motivations and goals for this effort as well as the limitations of resources, timeline, and accessible information.
The approach in this blueprint has been designed in coordination with Info-Tech’s Application Portfolio Assessment (APA) Diagnostic. While it is not a prerequisite, your project will experience the best results and be completed much quicker by taking advantage of our diagnostic offering prior to initiating the activities in this blueprint.
At the center of this project is an Application Rationalization Tool that is used as a living document of your:
1. Customizable Application Rationalization Framework
2. Recommendation Dispositions
3. Application Portfolio Roadmap (seen below)
Use the step-by-step advice within this blueprint to rationalize your application portfolio and build a realistic and accurate application roadmap that drives business value.
Info-Tech uses the APQC and COBIT5 frameworks for certain areas of this research. Contextualizing application rationalization within these frameworks clarifies its importance and role and ensures that our assessment tool is focused on key priority areas. The APQC and COBIT5 frameworks are used as a starting point for assessing application effectiveness within specific business capabilities of the different components of application rationalization.
APQC is one of the world's leading proponents of business benchmarking, best practices, and knowledge management research.
COBIT 5 is the leading framework for the governance and management of enterprise IT.
In addition to industry-leading frameworks, our best-practice approach is enhanced by the insights and guidance from our analysts, industry experts, and our clients.
Our peer network of over 33,000 happy clients proves the effectiveness of our research.
Our team conducts 1,000+ hours of primary and secondary research to ensure that our approach is enhanced by best practices.
Source: Info-Tech Research Group
Digital Marketers working with an outdated or bad SEO strategy often see:
Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.
Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Update your on-page SEO strategy with competitively relevant keywords.
Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.
Leading search engine optimization methods focus on creating and posting relevant keyword-rich content, not just increasing page rank. Content and keywords should move a buyer along their journey, close a sale, and develop long-term relationships. Unfortunately, many SEO specialists focus on computers, not the buyer. What's even more concerning is that up to 70% of SaaS businesses have already been impacted by outdated and inefficient SEO techniques. Poor strategies often focus on ballooning SEO metrics in the short-term instead of building the company's long-term PageRank.
Best-in-class digital marketers stop chasing the short-term highs and focus on long-term growth. This starts with developing a competitive keyword strategy and updating website content with the new keywords.
SEO is a large topic, so we have broken the strategy into small, easy-to-implement steps, taking the guesswork out of how to use the data from SEO tools and giving CMOs a solid path to increase their SEO results.
Terra Higginson
Marketing Research Director
SoftwareReviews
Digital marketers working with an outdated or bad SEO strategy often see:
Search algorithms change all the time, which means that the strategy is often sitting on the sifting sands of technology, making SEO strategies quickly outdated.
Digital marketers are responsible for developing and implementing a competitive SEO strategy but increasingly encounter the following obstacles:
Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:
Our methodology will take a focused step-by-step strategy in a series of phases that will increase PageRank and competitive positioning.
The difference between good and bad SEO techniques.
Common Good SEO Techniques |
Common Poor |
---|---|
|
|
Search Volume: this measures the number of times a keyword is searched for in a certain time period. Target keywords with a volume of between 100-100,000. A search volume greater than 100,000 will be increasingly difficult to rank (A Beginner's Guide to Keyword Search Volume, 2022, Semrush).
Keyword Difficulty: the metric that quantifies how difficult it will be to rank for a certain keyword. The keyword difficulty percentage includes the number of competitors attempting to rank for the same keyword, the quality of their content, the search intent, backlinks, and domain authority (Keyword Difficulty: What Is It and Why Is It Important? 2022, Semrush).
Intent: this metric focuses on the intent of the user's search. All search intent is categorized into Informational, Commercial, Navigational, and Transactional (What Is Search Intent? A Complete Guide, 2022, Semrush).
On-Page SEO: refers to the practice of search engine optimizing elements of your site such as title tags, internal links, HTML code, URL optimization, on-page content, images, and user experience.
Off-Page SEO: refers to the practice of optimizing brand awareness (What Is Off-Page SEO? A Comprehensive Guide, 2022, Semrush).
H1: HTML code that tells a search engine the title of the page (neilpatel.com).
SEO Tool: A subscription-based all-in-one search engine optimization MarTech tool.
Google's mission is to organize the world's information and make it universally accessible and useful… We believe Search should deliver the most relevant and reliable information available.
– An excerpt from Google's mission statement
Digital marketers with SEO problems will often see the following issues:
The best place to hide a dead body is on page two of the search results.
– Huffington Post
SEO is a helpful activity when it's applied to people-first content. However, content created primarily for search engine traffic is strongly correlated with content that searchers find unsatisfying.
– Google Search Central Blog
61%
61% of marketers believe that SEO is the key to online success.
Source: Safari Digital
437%
Updating an existing title tag with an SEO optimised one can increase page clicks by more than 437%.
Source: Safari Digital
What type of content is the user searching for? Align your keyword to the logical search objective.
This term categorizes search intent for when a user wants to inform or educate themselves on a specific topic.
This term categorizes search intent for when a user wants to do research before making a purchase.
This term categorizes search intent for when a user wants to purchase something.
This term categorizes search intent for when a user wants to find a specific page.
1. Competitive Analysis & Keyword Discovery | 2. On-Page Keyword Optimization | |
---|---|---|
Phase Steps |
|
|
Phase Outcomes |
|
|
Phase 1 | Phase 2 | ||||
---|---|---|---|---|---|
Call #1: Identify your current SEO keyword strategy. |
Call #2: Discuss how to start a competitive keyword analysis. |
Call #4: Discuss how to build the list of target keywords. |
Call #6: Discuss keyword optimization of the product & services pages. |
Call #8: (optional) Schedule a call to update every three to six months. |
|
Call #3: Discuss the results of the competitive keyword analysis. |
Call #5: Discuss which pages to update with new target keywords. |
Call #7: Review final page content and tags. |
Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 1 to 2 months.
Phase 1 | Phase 2 | ||||
---|---|---|---|---|---|
Call #1: Identify your current SEO keyword strategy. |
Call #2: Discuss how to start a competitive keyword analysis. |
Call #4: Discuss how to build the list of target keywords. |
Call #6: Discuss keyword optimization of the product & services pages. |
Call #8: (optional) Schedule a call to update every three to six months. |
|
Call #3: Discuss the results of the competitive keyword analysis. |
Call #5: Discuss which pages to update with new target keywords. |
Call #7: Review final page content and tags. |
Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 1 to 2 months.
Included Within an Advisory Membership | Optional Add-Ons | ||
---|---|---|---|
DIY Toolkit | Guided Implementation | Workshop | Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Best-in-class SEO practitioners focus on people-first content, not computer-first content. Search engine algorithms continue to focus on how to rank better content first, and a strategy that moves your buyers through the funnel in a logical and cohesive way will beat any SEO trick over the long run.
A good SEO strategy uses competitive research to carve out white space and give them a competitive edge in an increasingly difficult ranking algorithm. An understanding of the ideal client profile and the needs of their buyer persona(s) sit as a pre-step to any good SEO strategy.
By optimizing the on-page strategy with competitively relevant keywords that target your ideal client profile, marketers are able to take an easy first step at improving the SEO content strategy.
If you don't understand the strategy of your SEO practitioner, you are in trouble. Marketers need to work hand in hand with their SEO specialists to quickly uncover gaps, create a strategy that aligns with the buyer persona(s), and execute the changes.
The quality of the prospect that your SEO efforts bring to your site is more important than the number of people brought to your site.
If not, stop here, and we can help you define your buyer persona and journey, as well as your ideal client profile before moving forward with SEO Phase 1.
Use your SEO tool to research keywords and find the following:
Use a quality tool like SEMRush to obtain SEO data.
Use your SEO tool to research keywords and find the following:
Use a quality tool like SEMRush to obtain SEO data.
Duplicate this page so that you have a separate page for each URL from Step 4
Date last optimized:
mm/dd/yyyy
Council, Y. "Council Post: The Rundown On Black Hat SEO Techniques And Why You Should Avoid Them." Forbes, 2022. Accessed September 2022.
"Our approach – How Google Search works." Google Search. Accessed September 2022.
"The Best Place to Hide a Dead Body is Page Two of Google." HuffPost, 2022. Accessed September 2022.
Patel, Neil. "How to Create the Perfect H1 Tag for SEO." neilpatel.com. Accessed September 2022.
Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.
Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand Workday’s business model, competitive options, and what to know when conducting due diligence and requirements gathering.
Review product options and licensing rules. Determine negotiation points. Evaluate and finalize the contract.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Manage organizational risk and viability during the first 30 days of a crisis.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Read our executive brief to understand why you should develop a PPM strategy and understand how our methodology can help you. We show you how we can support you.
Ensure your strategy is a cultural fit or cultural-add for your company.
Use the advice and tools in this stage to align the PPM processes.
Use the inputs from the previous stages and add a cost-benefit analysis and tool recommendation.
Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.
If you have not yet read "What is resilience?" I can recommend it. This pack contains the elements to start your resilience journey.
With this pack, we give you the right direction to become resilient. Please contact us to discuss the options. <br/>Tymans Group also offers consulting, as well as an extension to EU DORA compliance.
Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build your IT steering committee charter using results from the stakeholder survey.
Define your high level steering committee processes using SIPOC, and select your steering committee metrics.
Customize Info-Tech’s stakeholder presentation template to gain buy-in from your key IT steering committee stakeholders.
Build the new project intake and prioritization process for your new IT steering committee.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Lay the foundation for your IT steering committee (ITSC) by surveying your stakeholders and identifying the opportunities and threats to implementing your ITSC.
An understanding of the business environment affecting your future ITSC and identification of strategies for engaging with stakeholders
1.1 Launch stakeholder survey for business leaders.
1.2 Analyze results with an Info-Tech advisor.
1.3 Identify opportunities and threats to successful IT steering committee implementation.
1.4 Develop the fit-for-purpose approach.
Report on business leader governance priorities and awareness
Refined workshop agenda
Define the goals and roles of your IT steering committee.
Plan the responsibilities of your future committee members.
Groundwork for completing the steering committee charter
2.1 Review the role of the IT steering committee.
2.2 Identify IT steering committee goals and objectives.
2.3 Conduct a SWOT analysis on the five governance areas
2.4 Define the key responsibilities of the ITSC.
2.5 Define ITSC participation.
IT steering committee key responsibilities and participants identified
IT steering committee priorities identified
Document the information required to create an effective ITSC Charter.
Create the procedures required for your IT steering committee.
Clearly defined roles and responsibilities for your steering committee
Completed IT Steering Committee Charter document
3.1 Build IT steering committee participant RACI.
3.2 Define your responsibility cadence and agendas.
3.3 Develop IT steering committee procedures.
3.4 Define your IT steering committee purpose statement and goals.
IT steering committee charter: procedures, agenda, and RACI
Defined purpose statement and goals
Define and test your IT steering committee processes.
Get buy-in from your key stakeholders through your stakeholder presentation.
Stakeholder understanding of the purpose and procedures of IT steering committee membership
4.1 Define your high-level IT steering committee processes.
4.2 Conduct scenario testing on key processes, establish ITSC metrics.
4.3 Build your ITSC stakeholder presentation.
4.4 Manage potential objections.
IT steering committee SIPOC maps
Refined stakeholder presentation
5.1 Create prioritization criteria
5.2 Customize the project prioritization tool
5.3 Pilot test the tool
5.4 Define action plan and next steps
IT Steering Committee Project Prioritization Tool
Action plan
Leverage Info-Tech’s process and deliverables to see dramatic improvements in your business satisfaction through an effective IT steering committee. This blueprint will provide three core customizable deliverables that you can use to launch or optimize your IT steering committee. These include:
Effective IT governance critical in driving business satisfaction with IT. Yet 88% of CIOs believe that their governance structure and processes are not effective. The IT steering committee (ITSC) is the heart of the governance body and brings together critical organizational stakeholders to enable effective decision making (Info-Tech Research Group Webinar Survey).
"Everyone needs good IT, but no one wants to talk about it. Most CFOs would rather spend time with their in-laws than in an IT steering-committee meeting. But companies with good governance consistently outperform companies with bad. Which group do you want to be in?"
– Martha Heller, President, Heller Search Associates
67% of CIOs/CEOs are misaligned on the target role for IT.
47% of CEOs believe that business goals are going unsupported by IT.
64% of CEOs believe that improvement is required around IT’s understanding of business goals.
28% of business leaders are supporters of their IT departments.
A well devised IT steering committee ensures that core business partners are involved in critical decision making and that decisions are based on business goals – not who shouts the loudest. Leading to faster decision-making time, and better-quality decisions and outcomes.
Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.
The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.
Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.
These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.
IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.
Strategic | IT Steering Committee | |
Tactical | Project Governance Service Governance Risk Governance Information Governance |
IT Management |
Operational | Risk Task Force |
This blueprint focuses exclusively on building the IT steering committee. For more information on IT governance see Info-Tech’s blueprint Tailor an IT Governance Plan to Fit Organizational Needs.
As CIO I find that there is a lack of alignment between business and IT strategies. |
I’ve noticed that projects are thrown over the fence by stakeholders and IT is expected to comply. |
I’ve noticed that IT projects are not meeting target project metrics. |
I’ve struggled with a lack of accountability for decision making, especially by the business. |
I’ve noticed that the business does not understand the full cost of initiatives and projects. |
I don’t have the authority to say “no” when business requests come our way. |
We lack a standardized approach for prioritizing projects. |
IT has a bad reputation within the organization, and I need a way to improve relationships. |
Business partners are unaware of how decisions are made around IT risks. |
Business partners don’t understand the full scope of IT responsibilities. |
There are no SLAs in place and no way to measure stakeholder satisfaction with IT. |
Info-Tech’s IT steering committee development blueprint will provide you with the required tools, templates, and deliverables to implement a right-sized committee that’s effective the first time.
1 | 2 | 3 | 4 |
Build the Steering Committee Charter | Define ITSC Processes | Build the Stakeholder Presentation | Define the Prioritization Criteria |
|
|
|
|
COBIT METRICS | Alignment
|
Accountability
|
Value Generation
|
INFO-TECH METRICS | Survey Metrics:
|
Industry: Consumer Goods
Source: Interview
A newly hired CIO at a large consumer goods company inherited an IT department with low maturity from her predecessor. Satisfaction with IT was very low across all business units, and IT faced a lot of capacity constraints. The business saw IT as a bottleneck or red tape in terms of getting their projects approved and completed.
The previous CIO had established a steering committee for a short time, but it had a poorly established charter that did not involve all of the business units. Also the role and responsibilities of the steering committee were not clearly defined. This led the committee to be bogged down in politics.
Due to the previous issues, the business was wary of being involved in a new steering committee. In order to establish a new steering committee, the new CIO needed to navigate the bad reputation of the previous CIO.
The CIO established a new steering committee engaging senior members of each business unit. The roles of the committee members were clearly established in the new steering committee charter and business stakeholders were informed of the changes through presentations.
The importance of the committee was demonstrated through the new intake and prioritization process for projects. Business stakeholders were impressed with the new process and its transparency and IT was no longer seen as a bottleneck.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Build the Steering Committee Charter | Define ITSC Processes | Build the Stakeholder Presentation | Define the Prioritization Criteria | |
---|---|---|---|---|
Best-Practice Toolkit | 1.1 Survey Your Steering Committee Stakeholders 1.2 Build Your ITSC Charter |
2.1 Build a SIPOC 2.2 Define Your ITSC Process |
3.1 Customize the Stakeholder Presentation | 4.1 Establish your Prioritization Criteria 4.2 Customize the Project Prioritization Tool 4.3 Pilot Test Your New Prioritization Criteria |
Guided Implementations |
|
|
|
|
Onsite Workshop | Module 1: Build a New ITSC Charter |
Module 2: Design Steering Committee Processes |
Module 3: Present the New Steering Committee to Stakeholders |
Module 4: Establish Project Prioritization Criteria |
Phase 1 Results:
|
Phase 2 Results:
|
Phase 3 Results:
|
Phase 4 Results:
|
Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | Workshop Day 5 | |
---|---|---|---|---|---|
Activities | Build the IT Steering Committee 1.1 Launch stakeholder survey for business leaders 1.2 Analyze results with an Info-Tech Advisor 1.3 Identify opportunities and threats to successful IT steering committee implementation. 1.4 Develop the fit-for-purpose approach |
Define the ITSC Goals 2.1 Review the role of the IT steering committee 2.2 Identify IT steering committee goals and objectives 2.3 Conduct a SWOT analysis on the five governance areas 2.4 Define the key responsibilities of the ITSC 2.5 Define ITSC participation |
Define the ITSC Charter 3.1 Build IT steering committee participant RACI 3.2 Define your responsibility cadence and agendas 3.3 Develop IT steering committee procedures 3.4 Define your IT steering committee purpose statement and goals |
Define the ITSC Process 4.1 Define your high-level IT steering committee processes 4.2 Conduct scenario testing on key processes, establish ITSC metrics 4.3 Build your ITSC stakeholder presentation 4.4 Manage potential objections |
Define Project Prioritization Criteria 5.1 Create prioritization criteria 5.2 Customize the Project Prioritization Tool 5.3 Pilot test the tool 5.4 Define action plan and next steps |
Deliverables |
|
|
|
|
|
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 1: Formalize the Security Policy Program Proposed Time to Completion: 1-2 weeks |
---|
Select Your ITSC Members Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
|
Review Stakeholder Survey Results Review findings with analyst:
Then complete these activities…
With these tools & templates:
|
Finalize the ITSC Charter Finalize phase deliverable:
Then complete these activities…
With these tools & templates:
|
Be exclusive with your IT steering committee membership. Determine committee participation based on committee responsibilities. Select only those who are key decision makers for the activities the committee is responsible for and, wherever possible, keep membership to 5-8 people.
A charter is the organizational mandate that outlines the purpose, scope, and authority of the ITSC. Without a charter, the steering committee’s value, scope, and success criteria are unclear to participants, resulting in unrealistic stakeholder expectations and poor organizational acceptance.
Start by reviewing Info-Tech’s template. Throughout this section we will help you to tailor its contents.
Committee Purpose: The rationale, benefits of, and overall function of the committee.
Responsibilities: What tasks/decisions the accountable committee is making.
Participation: Who is on the committee
RACI: Who is accountable, responsible, consulted, and informed regarding each responsibility.
Committee Procedures and Agendas: Includes how the committee will be organized and how the committee will interact and communicate with business units.
IT Steering Committee Charter Template.">Leverage Info-Tech’s IT Steering Committee Stakeholder Surveyand reports to quickly identify business priorities and level of understanding of how decisions are made around the five governance areas.
Use these insights to drive the IT steering committee responsibilities, participation, and communication strategy.
The Stakeholder Survey consists of 17 questions on:
To simplify your data collection and reporting, Info-Tech can launch a web-based survey, compile the report data and assist in the data interpretation through one of our guided implementations.
Also included is a Word document with recommended questions, if you prefer to manage the survey logistics internally.
IT Steering Committee Stakeholder Survey ">You get:
So you can:
You get:
So you can:
INPUT
OUTPUT
Materials
Participants
Governance of risk establishes the risk framework, establishes policies and standards, and monitors risks.
Governance of risk ensures that IT is mitigating all relevant risks associated with IT investments, projects, and services.
Governance of the IT portfolio achieves optimum ROI through prioritization, funding, and resourcing.
PPM practices create value if they maximize the throughput of high-value IT projects at the lowest possible cost. They destroy value when they foster needlessly sophisticated and costly processes.
Governance of projects improves the quality and speed of decision making for project issues.
Don’t confuse project governance and management. Governance makes the decisions regarding allocation of funding and resources and reviews the overall project portfolio metrics and process methodology.
Management ensures the project deliverables are completed within the constraints of time, budget, scope, and quality.
Governance of services ensures delivery of a highly reliable set of IT services.
Effective governance of services enables the business to achieve the organization’s goals and strategies through the provision of reliable and cost-effective services.
Governance of information ensures the proper handling of data and information.
Effective governance of information ensures the appropriate classification, retention, confidentiality, integrity, and availability of data in line with the needs of the business.
Note: The bolded responsibilities are the ones that are most common to IT steering committees, and greyed out responsibilities are typical of a larger governance structure. Depending on their level of importance to your organization, you may choose to include the responsibility.
INPUT
OUTPUT
Materials
Participants
The bolded responsibilities are those that are most common to IT steering committees, and responsibilities listed in grey are typical of a larger governance structure.
MUNICIPALITY
EDUCATION
HEALTHCARE
PRIVATE ORGANIZATIONS
INPUT
OUTPUT
Materials
Participants
It is not enough to participate in committee meetings; there needs to be a clear understanding of who is accountable, responsible, consulted, and informed about matters brought to the attention of the committee.
Each committee responsibility should have one person who is accountable, and at least one person who is responsible. This is the best way to ensure that committee work gets done.
An authority matrix is often used within organizations to indicate roles and responsibilities in relation to processes and activities. Using the RACI model as an example, there is only one person accountable for an activity, although several people may be responsible for executing parts of the activity. In this model, accountable means end-to-end accountability for the process.
RESPONSIBLE: The one responsible for getting the job done.
ACCOUNTABLE: Only one person can be accountable for each task.
CONSULTED: Involvement through input of knowledge and information.
INFORMED: Receiving information about process execution and quality.
INPUT
OUTPUT
Materials
Participants
49% of people consider unfocused meetings as the biggest workplace time waster.*
63% of the time meetings do not have prepared agendas.*
80% Reduction of time spent in meetings by following a detailed agenda and starting on time.*
*(Source: http://visual.ly/fail-plan-plan-fail).
A consent agenda is a tool to free up time at meetings by combining previously discussed or simple items into a single item. Items that can be added to the consent agenda are those that are routine, noncontroversial, or provided for information’s sake only. It is expected that participants read this information and, if it is not pulled out, that they are in agreement with the details.
Members have the option to pull items out of the consent agenda for discussion if they have questions. Otherwise these are given no time on the agenda.
Agendas
Procedures:
INPUT
OUTPUT
Materials
Participants
INPUT
OUTPUT
Materials
Participants
Industry: Consumer Goods
Source: Interview
The new CIO at a large consumer goods company had difficulty generating interest in creating a new IT steering committee. The previous CIO had created a steering committee that was poorly organized and did not involve all of the pertinent members. This led to a committee focused on politics that would often devolve into gossip. Also, many members were dissatisfied with the irregular meetings that would often go over their allotted time.
In order to create a new committee, the new CIO needed to dispel the misgivings of the business leadership.
The new CIO decided to build the new steering committee from the ground up in a systematic way.
She collected information from relevant stakeholders about what they know/how they feel about IT and used this information to build a detailed charter.
Using this info she outlined the new steering committee charter and included in it the:
The new steering committee included all the key members of business units, and each member was clear on their roles in the meetings. Meetings were streamlined and effective. The adjustments in the charter and the improvement in meeting quality played a role in improving the satisfaction scores of business leaders with IT by 21%.
1.1
Survey your ITSC stakeholders
Prior to the workshop, Info-Tech’s advisors will work with you to launch the IT Steering Committee Stakeholder Survey to understand business priorities and level of understanding of how decisions are made. Using this data, we will create the IT steering committee responsibilities, participation, and communication strategy.
1.7
Define a participant RACI for each of the responsibilities
The analyst will facilitate several exercises to help you and your stakeholders create an authority matrix. The output will be defined responsibilities and authorities for members.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 2: Define your ITSC Processes Proposed Time to Completion: 2 weeks |
---|
Review SIPOCs and Process Creation Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates: Phase 2 of the Establish an Effective IT Steering Committee blueprint | Finalize the SIPOC Review Draft SIPOC:
Then complete these activities…
With these tools & templates: Phase 2 of the Establish an Effective IT Steering Committee blueprint | Finalize Metrics Finalize phase deliverable:
Then complete these activities…
With these tools & templates: Phase 2 of the Establish an Effective IT Steering Committee blueprint |
Building high-level IT steering committee processes brings your committee to life. Having a clear process will ensure that you have the right information from the right sources so that committees can operate and deliver the appropriate output to the customers who need it.
The IT steering committee is only valuable if members are able to successfully execute on responsibilities.
One of the most common mistakes organizations make is that they build their committee charters and launch into their first meeting. Without defined inputs and outputs, a committee does not have the needed information to be able to effectively execute on responsibilities and is unable to meet its stated goals.
The arrows in this picture represent the flow of information between the IT steering committee, other committees, and IT management.
Building high-level processes will define how that information flows within and between committees and will enable more rapid decision making. Participants will have the information they need to be confident in their decisions.
Strategic | IT Steering Committee | |
Tactical | Project Governance Service Governance Risk Governance Information Governance |
IT Management |
Operational | Risk Task Force |
Info-Tech recommends using SIPOC as a way of defining how the IT steering committee will operate.
Derived from the core methodologies of Six Sigma process management, SIPOC – a model of Suppliers, Inputs, Processes, Outputs, Customers – is one of several tools that organizations can use to build high level processes. SIPOC is especially effective when determining process scope and boundaries and to gain consensus on a process.
By doing so you’ll ensure that:
Remember: Your IT steering committee is not a working committee. Enable effective decision making by ensuring participants have the necessary information and appropriate recommendations from key stakeholders to make decisions.
Supplier | Input |
Who provides the inputs to the governance responsibility. | The documented information, data, or policy required to effectively respond to the responsibility. |
Process | |
In this case this represents the IT steering committee responsibility defined in terms of the activity the ITSC is performing. | |
Output | Customer |
The outcome of the meeting: can be approval, rejection, recommendation, request for additional information, endorsement, etc. | Receiver of the outputs from the committee responsibility. |
For atypical responsibilities:
INPUT
OUTPUT
Materials
Participants
SIPOC: Establish the target investment mix | |
Supplier | Input |
CIO |
|
Process | |
Responsibility: The IT steering committee shall review and approve the target investment mix. | |
Output | Customer |
|
|
SIPOC: Endorse the IT budget | |
Supplier | Input |
CIO |
See Info-Tech’s blueprint IT Budget Presentation |
Process | |
Responsibility: Review the proposed IT budget as defined by the CIO and CFO. |
|
Output | Customer |
|
|
SIPOC: Monitor IT value metrics | |
Supplier | Input |
CIO |
|
Process | |
Responsibility: Review recommendations and either accept or reject recommendations. Refine go-forward metrics. |
|
Output | Customer |
|
|
SIPOC: Evaluate and select programs/projects to fund | |
Supplier | Input |
PMO |
See Info-Tech’s blueprint Grow Your Own PPM Solution |
Process | |
Responsibility: The ITSC will approve the list of projects to fund based on defined prioritization criteria – in line with capacity and IT budget. It is also responsible for identifying the prioritization criteria in line with organizational priorities. |
|
Output | Customer |
|
|
SIPOC: Endorse the IT strategy | |
Supplier | Input |
CIO |
See Info-Tech’s blueprint IT Strategy and Roadmap |
Process | |
Responsibility: Review, understand, and endorse the IT strategy. | |
Output | Customer |
|
|
SIPOC: Monitor project management metrics | |
Supplier | Input |
PMO |
|
Process | |
Responsibility: Review recommendations around PM metrics and define target metrics. Endorse current effectiveness levels or determine corrective action. |
|
Output | Customer |
|
|
SIPOC: Approve launch of planned and unplanned project | |
Supplier | Input |
CIO |
See Info-Tech’s Blueprint: Grow Your Own PPM Solution |
Process | |
Responsibility: Review the list of projects and approve the launch or reprioritization of projects. | |
Output | Customer |
|
|
SIPOC: Monitor stakeholder satisfaction with services and other service metrics | |
Supplier | Input |
Service Manager |
|
Process | |
Responsibility: Review recommendations around service metrics and define target metrics. Endorse current effectiveness levels or determine corrective action. |
|
Output | Customer |
|
|
SIPOC: Approve plans for new or changed service requirements | |
Supplier | Input |
Service Manager |
|
Process | |
Responsibility: Review IT recommendations, approve changes, and communicate those to staff. |
|
Output | Customer |
|
|
SIPOC: Monitor risk management metrics | |
Supplier | Input |
CIO |
|
Process | |
Responsibility: Review recommendations around risk metrics and define target metrics. Endorse current effectiveness levels or determine corrective action. |
|
Output | Customer |
|
|
SIPOC: Review the prioritized list of risks | |
Supplier | Input |
Risk Manager |
|
Process | |
Responsibility: Accept the risk registrar and define any additional action required. | |
Output | Customer |
|
|
SIPOC: Define information lifecycle process ownership | |
Supplier | Input |
CIO |
|
Process | |
Responsibility: Define responsibility and accountability for information lifecycle ownership. |
|
Output | Customer |
|
|
SIPOC: Monitor information lifecycle metrics | |
Supplier | Input |
Information lifecycle owner |
|
Process | |
Responsibility: Review recommendations around information management metrics and define target metrics. Endorse current effectiveness levels or determine corrective action. |
|
Output | Customer |
|
|
New Metrics:
INPUT
OUTPUT
Materials
Participants
Industry: Consumer Goods
Source: Interview
"IT steering committee’s reputation greatly improved by clearly defining its process."
One of the major failings of the previous steering committee was its poorly drafted procedures. Members of the committee were unclear on the overall process and the meeting schedule was not well established.
This led to low attendance at the meetings and ineffective meetings overall. Since the meeting procedures weren’t well understood, some members of the leadership team took advantage of this to get their projects pushed through.
The first step the new CIO took was to clearly outline the meeting procedures in her new steering committee charter. The meeting agenda, meeting goals, length of time, and outcomes were outlined, and the stakeholders signed off on their participation.
She also gave the participants a SIPOC, which helped members who were unfamiliar with the process a high-level overview. It also reacquainted previous members with the process and outlined changes to the previous, out-of-date processes.
The participation rate in the committee meetings improved from the previous rate of approximately 40% to 90%. The committee members were much more satisfied with the new process and felt like their contributions were appreciated more than before.
2.1
Define a SIPOC for each of the ITSC responsibilities
Create SIPOCs for each of the governance responsibilities with the help of an Info-Tech advisor.
2.2
Establish the reporting metrics for the ITSC
The analyst will facilitate several exercises to help you and your stakeholders define the reporting metrics for the ITSC.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 3: Build the Stakeholder Presentation Proposed Time to Completion: 1 week |
---|
Customize the Presentation Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates: IT Steering Committee Stakeholder Presentation
| Review and Practice the Presentation Review findings with analyst:
Then complete these activities…
With these tools & templates:
| Review the First ITSC Meeting Finalize phase deliverable:
Then complete these activities…
With these tools & templates: Establish an Effective IT Steering Committee blueprint |
Stakeholder engagement will be critical to your ITSC success, don't just focus on what is changing. Ensure stakeholders know why you are engaging them and how it will help them in their role.
Don’t take on too much in your first IT steering committee meeting. Many participants may not have participated in an IT steering committee before, or some may have had poor experiences in the past.
Use this meeting to explain the role of the IT steering committee and why you are implementing one, and help participants to understand their role in the process.
Quickly customize Info-Tech’s IT Steering Committee Stakeholder Presentation template to explain the goals and benefits of the IT steering committee, and use your own data to make the case for governance.
At the end of the meeting, ask committee members to sign the committee charter to signify their agreement to participate in the IT steering committee.
Review the IT Steering Committee Stakeholder Presentation template. This document should be presented at the first IT steering committee meeting by the assigned Committee Chair.
Customization Options
Overall: Decide if you would like to change the presentation template. You can change the color scheme easily by copying the slides in the presentation deck and pasting them into your company’s standard template. Once you’ve pasted them in, scan through the slides and make any additional changes needed to formatting.
Slide 2-3: Review the text on each of the slides and see if any wording should be changed to better suite your organization.
Slide 4: Review your list of the top 10 challenges and opportunities as defined in section 2 of this blueprint. Document those in the appropriate sections. (Note: be careful that the language is business-facing; challenges and opportunities should be professionally worded.)
Slide 5: Review the language on slide 5 to make any necessary changes to suite your organization. Changes here should be minimal.
INPUT
OUTPUT
Materials
Participants
Customization Options
Slide 6: The goal of this slide is to document and share the names of the participants on the IT steering committee. Document the names in the right-hand side based on your IT Steering Committee Charter.
Slides 7-9:
Slide 10: Review and understand the rollout timeline. Make any changes needed to the timeline.
INPUT
OUTPUT
Materials
Participants
INPUT
Participants
By this point, you should have customized the meeting presentation deck and be ready to meet with your IT steering committee participants.
The meeting should be one hour in duration and completed in person.
Before holding the meeting, identify who you think is going to be most supportive and who will be least. Consider meeting with those individuals independently prior to the group meeting to elicit support or minimize negative impacts on the meeting.
Customize this calendar invite script to invite business partners to participate in the meeting.
Hello [Name],
As you may have heard, we recently went through an exercise to develop an IT steering committee. I’d like to take some time to discuss the results of this work with you, and discuss ways in which we can work together in the future to better enable corporate goals.
The goals of the meeting are:
I look forward to starting this discussion with you and working with you more closely in the future.
Warm regards,
Industry:Consumer Goods
Source: Interview
"CIO gains buy-in from the company by presenting the new committee to its stakeholders."
Communication was one of the biggest steering committee challenges that the new CIO inherited.
Members were resistant to joining/rejoining the committee because of its previous failures. When the new CIO was building the steering committee, she surveyed the members on their knowledge of IT as well as what they felt their role in the committee entailed.
She found that member understanding was lacking and that their knowledge surrounding their roles was very inconsistent.
The CIO dedicated their first steering committee meeting to presenting the results of that survey to align member knowledge.
She outlined the new charter and discussed the roles of each member, the goals of the committee, and the overarching process.
Members of the new committee were now aligned in terms of the steering committee’s goals. Taking time to thoroughly outline the procedures during the first meeting led to much higher member engagement. It also built accountability within the committee since all members were present and all members had the same level of knowledge surrounding the roles of the ITSC.
3.1
Create a presentation for ITSC stakeholders to be presented at the first ITSC meeting
Work with an Info-Tech advisor to customize our IT Steering Committee Stakeholder Presentation template. Use this presentation to gain stakeholder buy-in by making the case for an ITSC.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation : Define the Prioritization Criteria Proposed Time to Completion: 4 weeks |
---|
Discuss Prioritization Criteria Start with an analyst kick-off call:
Then complete these activities...
With these tools & templates: IT Steering Committee Project Prioritization Tool | Customize the IT Steering Committee Project Prioritization Tool Review findings with analyst:
Then complete these activities…
With these tools & templates: IT Steering Committee Project Prioritization Tool | Review Results of the Pilot Test Finalize phase deliverable:
Then complete these activities…
With these tools & templates: IT Steering Committee Project Prioritization Tool |
The steering committee sets and agrees to principles that guide prioritization decisions. The agreed upon principles will affect business unit expectations and justify the deferral of requests that are low priority. In some cases, we have seen the number of requests drop substantially because business units are reluctant to propose initiatives that do not fit high prioritization criteria.
One of the key roles of the IT steering committee is to review and prioritize the portfolio of IT projects.
What is the prioritization based on? Info-Tech recommends selecting four broad criteria with two dimensions under each to evaluate the value of the projects. The criteria are aligned with how the project generates value for the organization and the execution of the project.
What is the role of the steering committee in prioritizing projects? The steering committee is responsible for reviewing project criteria scores and making decisions about where projects rank on the priority list. Planning, resourcing, and project management are the responsibility of the PMO or the project owner.
Info-Tech’s Sample Criteria |
---|
Value Strategic Alignment: How much a project supports the strategic goals of the organization. Customer Satisfaction: The impact of the project on customers and how visible a project will be with customers. Operational Alignment: Whether the project will address operational issues or compliance. |
Execution Financial: Predicted ROI and cost containment strategies. Risk: Involved with not completing projects and strategies to mitigate it. Feasibility: How easy the project is to complete and whether staffing resources exist. |
INPUT
OUTPUT
Materials
Participants
INPUT
OUTPUT
Materials
Participants
Document the prioritization criteria weightings in Info-Tech’s IT Steering Committee Project Prioritization Tool.
Download Info-Tech’s Project Intake and Prioritization Tool.
Rank: Project ranking will dynamically update relative to your portfolio capacity (established in Settings tab) and the Size, Scoring Progress, Remove from Ranking, and Overall Score columns. The projects in green represent top priorities based on these inputs, while yellow projects warrant additional consideration should capacity permit.
Scoring Progress: You will be able to determine some items on the scorecard earlier in the scoring progress (such as strategic and operational alignment). As you fill in scoring columns on the Project Data tab, the Scoring Progress column will dynamically update to track progress.
The Overall Score will update automatically as you complete the scoring columns (refer to Activity 4.2).
Days in Backlog: This column will help with backlog management, automatically tracking the number of days since an item was added to the list based on day added and current date.
INPUT
OUTPUT
Materials
Participants
Projects that are scored but not prioritized will populate the portfolio backlog. Items in the backlog will need to be rescored periodically, as circumstances can change, impacting scores. Factors necessitating rescoring can include:
Score projects using the Project Data tab in Info-Tech’s IT Steering Committee Project Prioritization Tool
IT Steering Committee Project Prioritization Tool is depicted. The Data Tab is shown.">Consult these Info-Tech blueprints on project portfolio management to create effective portfolio project management resourcing processes.
Create Project Management Success Develop a Project Portfolio Management StrategyIndustry: Consumer Goods
Source: Interview
"Clear project intake and prioritization criteria allow for the new committee to make objective priority decisions."
One of the biggest problems that the previous steering committee at the company had was that their project intake and prioritization process was not consistent. Projects were being prioritized based on politics and managers taking advantage of the system.
The procedure was not formalized so there were no objective criteria on which to weigh the value of proposed projects. In addition to poor meeting attendance, this led to the overall process being very inconsistent.
The new CIO, with consultation from the newly formed committee, drafted a set of criteria that focused on the value and execution of their project portfolio. These criteria were included on their intake forms to streamline the rating process.
All of the project scores are now reviewed by the steering committee, and they are able to facilitate the prioritization process more easily.
The objective criteria process also helped to prevent managers from taking advantage of the prioritization process to push self-serving projects through.
This was seen as a contributor to the increase in satisfaction scores for IT, which improved by 12% overall.
The new streamlined process helped to reduce capacity constraints on IT, and it alerted the company to the need for more IT employees to help reduce these constraints further. The IT department was given permission to hire two new additional staff members.
4.1
IT Steering Committee Project Prioritization Tool.">
Define your prioritization criteria and customize our IT Steering Committee Project Prioritization Tool
With the help of Info-Tech advisors, create criteria for determining a project’s priority. Customize the tool to reflect the criteria and their weighting. Run pilot tests of the tool to verify the criteria and enter your current project portfolio.
Organizations often blur the line between governance and management, resulting in the business having say over the wrong things. Understand the differences and make sure both groups understand their role.
The ITSC is the most senior body within the IT governance structure, involving key business executives and focusing on critical strategic decisions impacting the whole organization.
Within a holistic governance structure, organizations may have additional committees that evaluate, direct, and monitor key decisions at a more tactical level and report into the ITSC.
These committees require specialized knowledge and are implemented to meet specific organizational needs. Those operational committees may spark a tactical task force to act on specific needs.
IT management is responsible for executing on, running, and monitoring strategic activities as determined by IT governance.
Strategic | IT Steering Committee | |
Tactical | Project Governance Service Governance Risk Governance Information Governance | IT Management |
Operational | Risk Task Force |
This blueprint focuses exclusively on building the IT Steering committee. For more information on IT governance see Info-Tech’s related blueprint: Tailor an IT Governance Plan to Fit Organizational Needs.
By bucketing responsibilities into these areas, you’ll be able to account for most key IT decisions and help the business to understand their role in governance, fostering ownership and joint accountability.
The five governance areas are:
Governance of the IT Portfolio and Investments: Ensures that funding and resources are systematically allocated to the priority projects that deliver value.
Governance of Projects: Ensures that IT projects deliver the expected value, and that the PM methodology is measured and effective.
Governance of Risks: Ensures the organization’s ability to assess and deliver IT projects and services with acceptable risk.
Governance of Services: Ensures that IT delivers the required services at the acceptable performance levels.
Governance of Information and Data: Ensures the appropriate classification and retention of data based on business need.
Overall, survey respondents indicated a lack of understanding about how decisions are made around risk, services, projects, and investments, and that business involvement in decision making was too minimal.
72% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).
62% of stakeholders do not understand how decisions around IT services are made (quality, availability, etc.).
70% of stakeholders do not understand how decisions around projects selection, success, and changes are made.
78% of stakeholders do not understand how decisions around risk are made
67% of stakeholders believe they do understand how decisions around information (data) retention and classification are made.
IBM i remains a vital platform and now many CIOs, CTOs, and IT leaders are faced with the same IBM i challenges regardless of industry focus: how do you evaluate the future viability of this platform, assess the future fit and purpose, develop strategies, and determine the future of this platform for your organization?
For organizations that are struggling with the iSeries/IBM i platform, resourcing challenges are typically the culprit. An aging population of RPG programmers and system administrators means organizations need to be more pro-active in maintaining in-house expertise. Migrating off the iSeries/IBM i platform is a difficult option for most organizations due to complexity, switching costs in the short term, and a higher long-term TCO.
The most common tactic is for the organization to better understand their IBM i options and adopt some level of outsourcing for the non-commodity platform retaining the application support/development in-house. To make the evident, obvious; the options here for the non-commodity are not as broad as with commodity server platforms. Options include co-location, onsite outsourcing, managed and public cloud services.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This project will help you evaluate the future viability of this platform; assess the fit, purpose, and price; develop strategies for overcoming potential challenges; and determine the future of this platform for your organization.
Use this scoring sheet to help you define and evaluate IBM i vendor responses.
IBM i remains a vital platform and now many CIO, CTO, and IT leaders are faced with the same IBM i challenges regardless of industry focus; how do you evaluate the future viability of this platform, assess the future fit and purpose, develop strategies, and determine the future of this platform for your organization?
For organizations that are struggling with the iSeries/IBM i platform, resourcing challenges are typically the culprit. An aging population of RPG programmers and system administrators means organizations need to be more proactive in maintaining in-house expertise. Migrating off the iSeries/IBM i platform is a difficult option for most organizations due to complexity, switching costs in the short term, and a higher long-term TCO.
The most common tactic is for the organization to better understand its IBM i options and adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house. To make the evident, obvious: the options here for the non-commodity are not as broad as with commodity server platforms. Options include co-location, onsite outsourcing, managed hosting, and public cloud services.
“For over twenty years, IBM was ‘king,’ dominating the large computer market. By the 1980s, the world had woken up to the fact that the IBM mainframe was expensive and difficult, taking a long time and a lot of work to get anything done. Eager for a new solution, tech professionals turned to the brave new concept of distributed systems for a more efficient alternative. On June 21, 1988, IBM announced the launch of the AS/400, their answer to distributed computing.” (Dale Perkins)
We help IT leaders make the most of their IBM i environment.
The IBM i remains a vital platform for many businesses and continues to deliver exceptional reliability and performance and play a key role in the enterprise. With the limited resources at hand, CIOs and the like must continually review and understand their migration path with the same regard as any other distributed system roadmap.
Thought ModelWe will investigate the aspect of different IBM i scenarios as they impact business, what that means, and how that can guide the questions that you are asking as you move to an aligned IBM i IT strategy. Our model considers:
Info-Tech InsightsWith multiple control points to be addressed, care must be taken in simplifying your options while addressing all concerns to ease operational load. |
“The IBM i Reality” – Darin Stahl Most members relying on business applications/workloads running on non-commodity platforms (zSeries, IBM i, Solaris, AIX, etc.) are first motivated to get out from under the perceived higher costs for the hardware platform. An additional challenge for non-commodity platforms is that from an IT Operations Management perspective they become an island with a diminishing number of integrated operations skills and solutions such as backup/restore and monitoring tools. The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support and development in-house. | Key challenges with current IBM i environments:
|
Co-Location A customer transitions their hardware environment to a provider’s data center. The provider can then manage the hardware and “system.” | Onsite Outsourcing A provider will support the hardware/system environment at the client’s site. | Managed Hosting A customer transitions their legacy application environment to an off-prem hosted, multi-tenanted environment. | Public Cloud A customer can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings “re-host.” |
Provider manages the data center hardware environment.
Abstract Here a provider manages the system data center environment and hardware; however, the client’s in-house IBM i team manages the IBM i hardware environment and the system applications. The client manages all of the licenses associated with the platform as well as the hardware asset management considerations. This is typically part of a larger services or application transformation. This effectively outsources the data center management while maintaining all IBM i technical operations in-house. Advantages
| Considerations
Info-Tech InsightsThis model is extremely attractive for organizations looking to reduce their data center management footprint. Idea for the SMB. |
A provider will support the hardware/system environment at the client’s site.
Abstract Here a provider will support and manage the hardware/system environment at the client’s site. The provider may acquire the customer’s hardware and provide software licenses. This could also include hiring or “rebadging” staff supporting the platform. This type of arrangement is typically part of a larger services or application transformation. While low risk, it is not as cost-effective as other deployment models. Advantages
| Considerations
Info-Tech InsightsDepending on the application lifecycle and viability, in-house skill and technical depth is a key consideration when developing your IBM i strategy. |
Transition legacy application environment to an off-prem hosted multi-tenanted environment.
Abstract This type of arrangement is typically part of an application migration or transformation. In this model, a client can “re-platform” the application into an off-premises-hosted provider platform. This would yield many of the cloud benefits however in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux) and the associated application. Advantages
| Considerations
Info-Tech InsightsThere is a difference between a “re-host” and “re-platform” migration strategy. Determine which solution aligns to the application requirements. |
Leverage “public cloud” alternatives with AWS, Google, or Microsoft AZURE.
Abstract This type of arrangement is typically part of a larger migration or application transformation. While low risk, it is not as cost-effective as other deployment models. In this model, client can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings “re-host.” This would yield many of the cloud benefits however in a different scaling capacity as experienced with commodity workloads (e.g. Windows, Linux). Advantages
| Considerations
Info-Tech InsightsThis model is extremely attractive for organizations that consume primarily cloud services and have a large remote workforce. |
|
Info-Tech InsightsCreating vendor profiles will help quickly filter the solution providers that directly meet your IBM i needs. |
Vendor Profile #1 | Rowton IT | |
Summary of Vendor “Rowton IT thrive on creating robust and simple solutions to today's complex IT problems. We have a highly skilled and motivated workforce that will guarantee the right solution. Working with select business partners, we can offer competitive and cost effective packages tailored to suit your budget and/or business requirements. Our knowledge and experience cover vast areas of IT including technical design, provision and installation of hardware (Wintel and IBM Midrange), technical engineering services, support services, IT project management, application testing, documentation and training.” | IBM i Services
| |
URL Regional Coverage: |
Vendor Profile #2 | Connectria | |
Summary of Vendor “Every journey starts with a single step and for Connectria, that step happened to be with the world’s largest bank, Deutsche Bank. Followed quickly by our second client, IBM. Since then, we have added over 1,000 clients worldwide. For 25 years, each customer, large or small, has relied on Connectria to deliver on promises made to make it easy to do business with us through flexible terms, scalable solutions, and straightforward pricing. Join us on our journey.” | IBM i Services
| |
Regional Coverage: |
Vendor Profile #3 | Mid-Range | |
Summary of Vendor “Founded in 1988 and profitable throughout all of those 31 years, we have a solid track record of success. At Mid-Range, we use our expertise to assess your unique needs, in order to proactively develop the most effective IT solution for your requirements. Our full-service approach to technology and our diverse and in-depth industry expertise keep our clients coming back year after year. Serving clients across North America in a variety of industries, from small and emerging organizations to large, established enterprises – we’ve seen it all. Whether you need hardware or software solutions, disaster recovery and high availability, managed services or hosting or full ERP services with our JD Edwards offerings – we have the methods and expertise to help.” | IBM i Services
| |
URL Regional Coverage: |
This check-point process creates transparency around agreement costs with the business and gives the business an opportunity to re-evaluate its requirements for a potentially leaner agreement.
|
Vendor Profile Template | [Vendor Name] | |
Summary of Vendor [Vendor Summary] | IBM i Services
| |
URL Regional Coverage: | *Insert the Vendor Logo* |
Use the IT Infrastructure Outsourcing Scoring Tool to manage vendor responses. | |
Use Info-Tech’s IT Infrastructure Outsourcing Scoring Tool to systematically score your vendor responses. The overall quality of the IBM i questions can help you understand what it might be like to work with the vendor. Consider the following questions:
Once you have the vendor responses, you will select two or three vendors to continue assessing in more depth leading to an eventual final selection. |
Watch out for misleading scores that result from poorly designed criteria weightings.
Vendor Conference CallDevelop an agenda for the conference call. Here is a sample agenda:
Commonly Debated Question: Many organizations worry that if vendors can identify each other, they will price fix. However, price fixing is extremely rare due to its consequences and most vendors likely have a good idea which other vendors are participating in the bid. Another thought is that revealing vendors could either result in a higher level of competition or cause some vendors to give up:
| Vendor WorkshopA vendor workshop day is an interactive way to provide context to your vendors and to better understand the vendors’ offerings. The virtual or in-person interaction also offers a great way to understand what it’s like to work with each vendor and decide whether you could build a partnership with them in the long run. The main focus of the workshop is the vendors’ service solution presentation. Here is a sample agenda for a two-day workshop: Day 1
|
Use the IT Infrastructure Outsourcing Scoring Tool to manage vendor responses. |
Effectively Acquire Infrastructure Services
Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.
Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery
There are very few IT infrastructure components you should be housing internally – outsource everything else.
Build Your Infrastructure Roadmap
Move beyond alignment: Put yourself in the driver’s seat for true business value.
Define Your Cloud Vision
Make the most of cloud for your organization.
Document Your Cloud Strategy
Drive consensus by outlining how your organization will use the cloud.
Create a Right-Sized Disaster Recovery Plan
Close the gap between your DR capabilities and service continuity requirements.
Create a Better RFP Process
Improve your RFPs to gain leverage and get better results.
Darin Stahl, Principal Research Advisor, Info-Tech Research Group Principal Research Advisor within the Infrastructure Practice and leveraging 38+ years of experience, his areas of focus include: IT Operations Management, Service Desk, Infrastructure Outsourcing, Managed Services, Cloud Infrastructure, DRP/BCP, Printer Management, Managed Print Services, Application Performance Monitoring (APM), Managed FTP, and non-commodity servers (zSeries, mainframe, IBM i, AIX, Power PC). | |
Troy Cheeseman, Practice Lead, Info-Tech Research Group Troy has over 24 years of experience and has championed large, enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT Operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) start-ups. |
Dan Duffy, President & Owner, Mid-Range Dan Duffy is the President and Founder of Mid-Range Computer Group Inc., an IBM Platinum Business Partner. Dan and his team have been providing the Canadian and American IBM Power market with IBM infrastructure solutions including private cloud, hosting and disaster recovery, high availability and data center services since 1988. He has served on numerous boards and associations including the Toronto Users Group for Mid-Range Systems (TUG), the IBM Business Partners of the Americas Advisory Council, the Cornell Club of Toronto, and the Notre Dame Club of Toronto. Dan holds a Bachelor of Science from Cornell University. | |
George Goodall, Executive Advisor, Info-Tech Research Group George Goodall is an Executive Advisor in the Research Executive Services practice at Info-Tech Research Group. George has over 20 years of experience in IT consulting, enterprise software sales, project management, and workshop delivery. His primary focus is the unique challenges and opportunities in organizations with small and constrained IT operations. In his long tenure at Info-Tech, George has covered diverse topics including voice communications, storage, and strategy and governance. |
“Companies using IBM i (formerly known as i5/OS).” Enlyft, 21 July 2021. Web.
Connor, Clare. “IBM i and Meeting the Challenges of Modernization.” Ensono, 22 Mar. 2022. Web.
Huntington, Tom. “60+ IBM i User Groups and Communities to Join?” HelpSystems, 16 Dec. 2021. Web.
Perkins, Dale. “The Road to Power Cloud: June 21st 1988 to now. The Journey Continues.” Mid-Range, 1 Nov. 2021. Web.
Prickett Morgan, Timothy. “How IBM STACKS UP POWER8 AGAINST XEON SERVERS.” The Next Platform, 13 Oct. 2015. Web.
“Why is AS/400 still used? Four reasons to stick with a classic.” NTT, 21 July 2016. Web.
Appendix – | AWS
|
Appendix – |
|
Appendix – | Azure
|
Appendix – | IBM
|
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the true drivers of customer satisfaction and build a process for managing and improving customer satisfaction.
EXECUTIVE BRIEF
“Healthy customer relationships are the paramount to long-term growth. When customers are satisfied, they remain loyal, spend more, and promote your company to others in their network. The key to high satisfaction is understanding and measuring the true drivers of satisfaction to enable the delivery of real customer value.
Most companies believe they know who their satisfied customers are and what keeps them satisfied, and 76% of B2B buyers expect that providers understand their unique needs (Salesforce Research, 2020). However, on average B2B companies have customer experience scores of less than 50% (McKinsey, 2016). This disconnect between customer expectations and provider experience indicates that businesses are not effectively measuring and monitoring satisfaction and therefore are not making meaningful enhancements to their service, offerings, and overall experience.
By focusing on the underlying drivers of customer satisfaction, organizations develop a truly accurate picture of what is driving deep satisfaction and loyalty, ensuring that their company will achieve sustainable growth and stay competitive in a highly competitive market.”
Emily Wright
Senior Research Analyst, Advisory
SoftwareReviews
Your Challenge |
Common Obstacles |
SoftwareReviews’ Approach |
---|---|---|
Getting a truly accurate picture of satisfaction levels among customers, and where to focus efforts to improve satisfaction, is challenging. Providers often find themselves reacting to customer challenges and being blindsided when customers leave. More effective customer satisfaction measurement is possible when providers self-assess for the following challenges:
|
What separates customer success leaders from developing a full view of their customers are several nagging obstacles:
|
Through the SoftwareReviews’ approach, customer success leaders will:
|
All companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about. This will keep them coming back to you to have their needs met.
Measuring customer satisfaction is critical to understanding the overall health of your customer relationships and driving growth.
Through effective customer satisfaction measurement, organizations can:
Improve Customer Experience |
Increase Retention and CLV |
Increase Profitability |
Reduce Costs |
---|---|---|---|
|
|
|
|
“Measuring customer satisfaction is vital for growth in any organization; it provides insights into what works and offers opportunities for optimization. Customer satisfaction is essential for improving loyalty rate, reducing costs and retaining your customers.”
-Ken Brisco, NICE, 2019
Direct and Indirect Costs |
Being unaware of true drivers of satisfaction that are never remedied costs your business directly through customer churn, service costs, etc. |
---|---|
Tarnished Brand |
Tarnished brand through not resolving issues drives dissatisfaction; dissatisfied customers share their negative experiences, which can damage brand image and reputation. |
Waste Limited Resources |
Putting limited resources towards vanity programs and/or fixes that have little to no bearing on core satisfaction drivers wastes time and money. |
“When customer dissatisfaction goes unnoticed, it can slowly kill a company. Because of the intangible nature of customer dissatisfaction, managers regularly underestimate the magnitude of customer dissatisfaction and its impact on the bottom line.”
- Lakshmiu Tatikonda, “The Hidden Costs of Customer Dissatisfaction”, 2013
Most companies struggle to understand what’s truly driving customers to stay or leave. By understanding the true satisfaction drivers, tech providers can measure and monitor satisfaction more effectively, avoiding the numerous harmful consequences that result from average customer satisfaction measurement.
|
|
Surface-level satisfaction has immediate effects, but they are usually short-term or limited to certain groups of users. There are several factors that contribute to satisfaction including:
Deep satisfaction has long-term and meaningful impacts on the way that organizations work. Deep satisfaction has staying power and increases or maintains satisfaction over time, by reducing complexity and delivering exceptional quality for end-users and IT alike. This report found that the following capabilities provided the deepest levels of satisfaction:
The above solve issues that are part of everyday problems, and each drives satisfaction in deep and meaningful ways. While surface-level satisfaction is important, deep and impactful capabilities can sustain satisfaction for a longer time.
Driving deep satisfaction among software customers vs. surface-level measures is key
Vendor capabilities and product features correlate significantly to buyer satisfaction
Yet, it’s the emotional attributes – what we call the “Emotional Footprint”, that correlate more strongly
Software companies looking to improve customer satisfaction will focus on business value created and the Emotional Footprint attributes outlined here.
The essential ingredient is understanding how each is defined by your customers.
Leaders focus on driving improvements as described by customers.
These true drivers of satisfaction should be considered in your customer satisfaction measurement and monitoring efforts. The experience customers have with your product and brand is what will differentiate your brand from competitors, and ultimately, power business growth. Talk to a SoftwareReviews Advisor to learn how users rate your product on these satisfaction drivers in the SoftwareReviews Emotional Footprint Report.
“81% of organizations cite CX as a competitive differentiator. The top factor driving digital transformation is improving CX […] with companies reporting benefits associated with improving CX including:
– Dan Cote, “Advocacy Blooms and Business Booms When Customers and Employees Engage”, Influitive, 2021
1. Identify true customer satisfaction drivers |
2. Develop metrics dashboard |
3. Develop customer satisfaction measurement and management plan |
|
---|---|---|---|
Phase Steps |
|
|
|
Phase Outcomes |
|
|
|
All software companies measure satisfaction in some way, but many lack understanding of what’s truly driving customers to stay or leave. By understanding the true drivers of satisfaction, solution providers can measure and monitor satisfaction more effectively, pull actionable insights and feedback, and make changes to products and services that customers really care about and which will keep them coming back to you to have their needs met.
Positive experiences drive satisfaction more so than features and cost
According to our analysis of software buyer reviews data*, the biggest drivers of satisfaction and likeliness to recommend are the positive experiences customers have with vendors and their products. Customers want to feel that:
Measure Key Relationship KPIs to gauge satisfaction
Key metrics to track include the Business Value Created score, Net Emotional Footprint, and the Love/Hate score (the strength of emotional connection).
Orient the organization around customer experience excellence
Have a designated committee for customer satisfaction measurement
Best in class organizations create customer satisfaction committees that meet regularly to measure and monitor customer satisfaction, resolve issues quickly, and work towards improved customer experience and profit outcomes.
Use metrics that align to top satisfaction drivers
This will give you a more accurate and fulsome view of customer satisfaction than standard satisfaction metrics alone will.
Identify True Customer Satisfaction Drivers |
Develop Metrics Dashboard | Develop Customer Satisfaction Measurement and Management Plan |
---|---|---|
Call #1: Discuss current pain points and barriers to successful customer satisfaction measurement, monitoring and maintenance. Plan next call – 1 week. Call #2: Discuss all available data, noting any gaps. Develop plan to fill gaps, discuss feasibility and timelines. Plan next call – 1 week. Call #3: Walk through SoftwareReviews reports to understand EF and satisfaction drivers. Plan next call – 3 days. Call #4: Segment customers and document key satisfaction drivers. Plan next call – 2 week. |
Call #5: Document business goals and align them to metrics. Plan next call – 1 week. Call #6: Complete the SoftwareReviews satisfaction measurement diagnostic. Plan next call – 3 days. Call #7: Score list of metrics that align to satisfaction drivers. Plan next call – 2 days. Call #8: Develop metrics dashboard and definitions. Plan next call – 2 weeks. Call #9: Finalize metrics dashboard and definitions. Plan next call – 1 week. |
Call #10: Discuss committee and determine governance. Plan next call – 2 weeks. Call #11: Map out gaps in satisfaction along customer journey as they relate to top satisfaction drivers. Plan next call –2 weeks. Call #12: Develop plan and roadmap for satisfaction improvement. Plan next call – 1 week. Call #13: Finalize plan and roadmap. Plan next call – 1 week. Call # 14: Review and coach on communication deck. |
A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.
For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.
Your engagement managers will work with you to schedule analyst calls.
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
---|---|---|---|
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” | “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” | “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” | “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.” |
Included within Advisory Membership | Optional add-ons |
“Are you experienced?” Bain & Company, Apr. 2015. Accessed 6 June. 2022.
Brisco, Ken. “Measuring Customer Satisfaction and Why It’s So Important.” NICE, Feb. 2019. Accessed 6 June. 2022.
CMO.com Team. “The Customer Experience Management Mandate.” Adobe Experience Cloud Blog, July 2019. Accessed 14 June. 2022.
Cote, Dan. “Advocacy Blooms and Business Booms When Customers and Employees Engage.” Influitive, Dec. 2021. Accessed 15 June. 2022.
Fanderl, Harald and Perrey, Jesko. “Best of both worlds: Customer experience for more revenues and lower costs.” McKinsey & Company, Apr. 2014. Accessed 15 June. 2022.
Gallemard, Jeremy. “Why – And How – Should Customer Satisfaction Be Measured?” Smart Tribune, Feb. 2020. Accessed 6 June. 2022.
Kumar, Swagata. “Customer Success Statistics in 2021.” Customer Success Box, 2021. Accessed 17 June. 2022.
Lakshmiu Tatikonda, “The Hidden Costs of Customer Dissatisfaction”, Management Accounting Quarterly, vol. 14, no. 3, 2013, pp 38. Accessed 17 June. 2022.
Loper, Matthew. “Why ‘Customer Satisfaction’ Misses the Mark – And What to Measure Instead.” Newsweek, Jan. 2022. Accessed 16 June. 2022.
Maechler, Nicolas, et al. “Improving the business-to-business customer experience.” McKinsey & Company, Mar. 2016. Accessed 16 June.
“New Research from Dimension Data Reveals Uncomfortable CX Truths.” CISION PR Newswire, Apr. 2017. Accessed 7 June. 2022.
Sheth, Rohan. 75 Must-Know Customer Experience Statistics to move Your Business Forward in 2022.” SmartKarrot, Feb. 2022. Accessed 17 June. 2022.
Smith, Mercer. “111 Customer Service Statistics and Facts You Shouldn’t Ignore.” HelpScout, May 2022. Accessed 17 June. 2022.
“State of the Connected Customer.” Salesforce, 2020. Accessed 14 June. 2022
“The true value of customer experiences.” Deloitte, 2018. Accessed 15 June. 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the use cases and benefits of using text-based services for customer support, and establish how they align to the organization’s current service strategy.
Identify the right applications that will be needed to adequately support a text-based support strategy.
Create repeatable workflows and escalation policies for text-centric support.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Create the business case for text-based support.
A clear direction on the drivers and value proposition of text-based customer support for your organization.
1.1 Identify customer personas.
1.2 Define business and IT drivers.
Identification of IT and business drivers.
Project framework and guiding principles for the project.
Create a technology enablement framework for text-based support.
Prioritized requirements for text-based support and a vetted shortlist of the technologies needed to enable it.
2.1 Determine the correct migration strategy based on the current version of Exchange.
2.2 Plan the user groups for a gradual deployment.
Exchange migration strategy.
User group organization by priority of migration.
Create service workflows for text-based support.
Customer service workflows and escalation policies, as well as risk mitigation considerations.
Present final deliverable to key stakeholders.
3.1 Review the text channel matrix.
3.2 Build the inventory of customer service applications that are needed to support text-based service.
Extract requirements for text-based customer support.
Finalize the text service strategy.
Resource and risk mitigation plan.
4.1 Build core customer service workflows for text-based support.
4.2 Identify text-centric risks and create a mitigation plan.
4.3 Identify metrics for text-based support.
Business process models assigned to text-based support.
Formulation of risk mitigation plan.
Key metrics for text-based support.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This blueprint guides you through a value-driven approach to digital transformation that allows you to identify what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. This approach to digital transformation unifies digital possibilities with your customer experiences.
This tool guides you in planning and prioritizing projects to build an effective digital business strategy. Key activities include conducting a horizon scan, conducting a journey mapping exercise, prioritizing opportunities from a journey map, expanding opportunities into projects, and lastly, building the digital transformation roadmap using a Gantt chart visual to showcase project execution timelines.
This deck is a visual presentation template for this blueprint. The intent is to capture the contents of the activities in a presentation PowerPoint. It uses sample data from “City of X” to demonstrate the digital business strategy.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand how your organization creates value today.
Identify opportunities for digital transformation in how you currently deliver value today.
1.1 Validate business context.
1.2 Assess business ecosystem.
1.3 Identify and prioritize value streams.
1.4 Break down value stream into value chains.
Business context
Overview of business ecosystem
Value streams and value chains
Leverage strategic foresight to evaluate how complex trends can evolve over time and identify opportunities to leapfrog competitors.
Identify a leapfrog idea to sidestep competitors.
2.1 Conduct a horizon scan.
2.2 Identify leapfrog ideas.
2.3 Identify impact to existing or new value chains.
One leapfrog idea
Corresponding value chain
Design a journey map to empathize with your customers and identify opportunities to streamline or enhance existing and new experiences.
Identify a unified view of customer experience.
Identify opportunities to automate non-routine cognitive tasks.
Identify gaps in value delivery.
Improve customer journey.
3.1 Identify stakeholder persona.
3.2 Identify journey scenario.
3.3 Conduct one journey mapping exercise.
3.4 Identify opportunities to improve stakeholder journey.
3.5 Break down opportunities into projects.
Stakeholder persona
Stakeholder scenario
Journey map
Journey-based projects
Build a customer-centric digital transformation roadmap.
Keep your team on the same page with key projects, objectives, and timelines.
4.1 Prioritize and categorize initiatives.
4.2 Build roadmap.
Digital goals
Unified roadmap
35,000 members sharing best practices you can leverage
Millions spent developing tools and templates annually
Leverage direct access to over 100 analysts as an extension of your team
Use our massive database of benchmarks and vendor assessments
Get up to speed in a fraction of the time
Dana Daher
Senior Research Analyst
To survive one of the greatest economic downturns since the Great Depression, organizations had to accelerate their digital transformation by engaging with the Digital Economy. To sustain growth and thrive as the pandemic eases, organizations must focus their attention on building business resilience by transforming how they deliver value today.
This requires a value-driven approach to digital transformation that is capable of identifying what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. And most importantly, it needs to unify digital possibilities with your customer experiences.
If there was ever a time for an organization to become a digital business, it is today.
After a major crisis, focus on restarting the growth engine and bolstering business resilience.
Business activities (tasks, procedures, and processes, etc.) are used to create, sell, buy, and deliver goods and services.
When we convert information into a readable format used by computers, we call this digitization (e.g. converting paper into digital format). When we convert these activities into a format to be processed by a computer, we have digitalization (e.g. scheduling appointments online).
These two processes alter how work takes place in an organization and form the foundation of the concept digital transformation.
We maintain that digital transformation is all about becoming a “digital business” – an organization that performs more than 66% of all work activities via executable code.
As organizations take a step closer to this optimal state, new avenues are open to identify advances to promote growth, enhance customer experiences, secure sustainability, drive operational efficiencies, and unearth potential future business ventures.
Digital: The representation of a physical item in a format used by computers
Digitization: Conversion of information and processes into a digital format
Digitalization: Conversion of information into a format to be processed by a computer
COVID-19 has irrefutably changed livelihoods, businesses, and the economy. During the pandemic, digital tools have acted as a lifeline, helping businesses and economies survive, and in the process, have acted as a catalyst for digital transformation.
As organizations continue to safeguard business continuity and financial recovery, in the long term, recovery won’t be enough.
Although many pandemic/recession recovery periods have occurred before, this next recovery period will present two first-time challenges no one has faced before. We must find ways to:
To grow and thrive in this post-pandemic world, organizations must provide meaningful and lasting changes to brace for a future defined by digital technologies.
– Dana Daher, Info-Tech Research Group
In the last 60 years alone, performance and productivity have been vastly improved by IT in virtually all economic activities and sectors. And today, digital technologies continue to advance IT's contribution even further by bringing unprecedented insights into economic activities that have largely been untouched by IT.
As technological innovation and the digitalization of products and services continue to support economic activities, a fundamental shift is occurring that is redefining how we live, work, shop, and relate to one another.
These rapid changes are captured in a new 21st century term:
The Digital Economy.
90% of CEOs believe the digital economy will impact their industry. But only 25% have a plan in place.
– Paul Taylor, Forbes, 2020
Kenneth McGee
Research Fellow
Today, the world faces two profoundly complex, mega-challenges simultaneously:
Within the past year, healthcare professionals have searched for and found solutions that bring real hope to the belief the global pandemic/recession will soon end.
As progress towards ending COVID-19 continues, business professionals are searching for the most effective near-term and long-term methods of restoring or exceeding the rates of growth they were enjoying prior to 2020.
We believe developing a digital business strategy can deliver cost savings to help achieve near-term business growth while preparing an enterprise for long-term business growth by effectively competing within the digital economy of the future.
The digital economy refers to a concept in which all economic activity is facilitated or managed through digital technologies, data, infrastructure, services, and products (OECD, 2020).
The digital economy captures decades of digital trends including:
These trends among others have set the stage to permanently alter how buying and selling will take place within and between local, regional, national, and international economies.
The emerging digital economy concept is so compelling that the world economists, financial experts, and others are currently investigating how they must substantially rewrite the rules governing how taxes, trade, tangible and intangible assets, and countless other financial issues will be assessed and valued in a digital economy.
Download Info-Tech’s Digital Economy Report
60% of People on Earth Use the Internet (DataReportal, 2021) |
20% of Global Retail Sales Performed via E-commerce (eMarketer, 2021) |
6.64T Global Business-to-Business E-commerce Market (Derived from The Business Research Company, 2021) |
9.6% of US GDP ($21.4T) accounted for by the digital economy ($2.05T) (Bureau of Economic Analysis, 2021) |
Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.
As digital transformation is an effort to transform how you deliver value today, it is important to understand the different value-generating activities that deliver an outcome for and from your customers.
We do this by looking at value streams –which refer to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer (and so the question to ask is, how do you make money as an organization?).
Our approach helps you to digitally transform those value streams that generate the most value for your organization.
Recruitment → Admission → Student Enrolment → Instruction & Research → Graduation → Advancement
Sustain Land, Property, and the Environment → Facilitate Civic Engagement → Protect Local Health and Safety → Grow the Economy → Provide Regional Infrastructure
Design Product → Produce Product → Sell Product
Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams
Assessing your external environment allows you to identify trends that will have a high impact on how you deliver value today.
Traditionally, a PESTLE analysis is used to assess the external environment. While this is a helpful tool, it is often too broad as it identifies macro trends that are not relevant to an organization's addressable market. That is because not every factor that affects the macro environment (for example, the country of operation) affects a specific organization’s industry in the same way.
And so, instead of simply assessing the macro environment and trying to project its evolution along the PESTLE factors, we recommend to:
While PESTLE is helpful to scan the macro environment, the analysis often lacks relevance to an organization’s industry.
A Market Evolution Trend Analysis (META) identifies changes in prevailing market conditions that are directly relevant to an organization’s industry, and thus provides some critical input to the strategy design process, since these trends can bring about strategic risks or opportunities.
Shifts in these five characteristics directly impact an organization:
As we prioritize value streams, we break them down into value chains – that is the “string” of processes that interrelate that work.
However, once we identify these value chains and determine what parts we wish to digitally transform, we take on the perspective of the user, as the way they interact with your products and services will be different to the view of those within the organization who implement and provide those services.
This method allows us to build an empathetic and customer-centric lens, granting the capability to uncover challenges and potential opportunities. Here, we may define new experiences or redesign existing ones.
Pre-pandemic, a digital transformation was primarily focused around improving customer experiences. Today, we are facing a paradigm shift in the way in which we capture the priorities and strategies for a digital transformation.
As the world grows increasingly uncertain, organizations need to continue to focus on improving customer experience while simultaneously protecting their enterprise value.
Ultimately, a digital transformation has two purposes:
Old Paradigm | → | New Paradigm |
---|---|---|
Predictable regulatory changes with incremental impact | → | Unpredictable regulatory changes with sweeping impact |
Reluctance to use digital collaboration | → | Wide acceptance of digital collaboration |
Varied landscape of brick-and-mortar channels | → | Last-mile consolidation |
Customers value brand | → | Customers value convenience/speed of fulfilment |
Intensity of talent wars depends on geography | → | Broadened battlefields for the war for talent |
Cloud-first strategies | → | Cloud-only strategies |
Physical assets | → | Aggressive asset decapitalization |
Digitalization of operational processes | → | Robotization of operational processes |
Customer experience design as an ideation mechanism | → | Business resilience for value protection and risk reduction |
A highly visual and compelling presentation template that enables easy customization and executive-facing content.
*Coming in 2022
The Digital Business Strategy Workbook supports each step of this blueprint to help you accomplish your goals:
Initiative Prioritization
Use the weighted scorecard approach to evaluate and prioritize your opportunities and initiatives.
Roadmap Gantt Chart
Populate your Gantt chart to visually represent your key initiative plan over the next 12 months.
Journey Mapping Workbook
Populate the journey maps to evaluate a user experience over its end-to-end journey.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
What does a typical GI on this topic look like?
Phase 0 | Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|---|
Call #1: Discuss business context and customize your organization’s capability map. |
Call #2: Assess business ecosystem. |
Call #3: Perform horizon scanning and trends identification. |
Call #5: Identify stakeholder personas and scenarios. |
Call #7: Discuss initiative generation and inputs into roadmap. |
Call #3: Identify how your organization creates value. |
Call #4: Discuss value chain impact. |
Call #6: Complete journey mapping exercise. |
Call #8: Summarize results and plan next steps. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 2 to 4 months.
Gather business strategy documents and find information on:
Interview the following stakeholders to uncover business context information:
Download the Business Context Discovery Tool
Understand how your organization delivers value today and identify value chains to be transformed.
A cross-functional cohort across all levels of the organization.
Understand the business
Identify top value chains to be transformed
In this section you will gain an understanding of the business context for your strategy.
A cross-functional cohort across levels in the organization.
Business Context
Understanding the business context is a must for all strategic initiatives. A pre-requisite to all strategic planning should be to elicit the business context from your business stakeholders.
Inputs | Document(s)/ Method | Outputs |
---|---|---|
Key stakeholders | Strategy Document | Stakeholders that are actively involved in, affected by or influence outcome of the organization, e.g. employers, customers, vendors. |
Vision and mission of the organization | Website Strategy Document | What the organization wants to achieve and how it strives to accomplish those goals. |
Business drivers | CEO Interview | Inputs and activities that drive the operational and financial results of the organization. |
Key targets | CEO Interview | Quantitative benchmarks to support strategic goals, e.g. double the enterprise EBITD, improve top-of-mind brand awareness by 15%, |
Strategic investment goals | CFO Interview Digital Strategy |
Financial investments corresponding with strategic objectives of the organization, e.g. geographic expansion, digital investments. |
Top three value-generating lines of business | Financial Document | Identification of your top three value-generating products and services or lines of business. |
Goals of the organization over the next 12 months | Strategy Document Corporate Retreat Notes |
Strategic goals to support the vision, e.g. hire 100 new sales reps, improve product management and marketing. |
Top business initiatives over the next 12 months | Strategy Document CEO Interview |
Internal campaigns to support strategic goals, e.g. invest in sales team development, expand the product innovation team. |
Business model | Strategy Document | Products or services that the organization plans to sell, the identified market and customer segments, price points, channels and anticipated expenses. |
Competitive landscape | Internal Research Analysis | Who your typical or atypical competitors are. |
Assess your digital readiness with Info-Tech’s Digital Maturity Assessment
Assess your business ecosystem
Your digital business strategy cannot be formulated without a clear vision of the evolution of your industry.
Identify top value chains to be transformed
In this section, we will assess who the incumbents and disruptors are in your ecosystem and identify who your stakeholders are.
A cross-functional cohort across levels in the organization.
Business Ecosystem
Learn what your competitors are doing.
To survive, grow, or transform in today's digital era, organizations must first have a strong pulse on their business ecosystem. Learning what your competitors are doing to grow their bottom line is key to identifying how to grow your own. Start by understanding who the key incumbents and disruptors in your industry are to identify where your industry is heading.
Incumbents: These are established leaders in the industry that possess the largest market share. Incumbents often focus their attention to their most demanding or profitable customers and neglect the needs of those down market.
Disruptors: Disruptors are primarily new entrants (typically startups) that possess the ability to displace the existing market, industry, or technology. Disruptors are often focused on smaller markets that the incumbents aren’t focused on. (Clayton Christenson, 1997)
’Disruption’ specifically refers to what happens when the incumbents are so focused on pleasing their most profitable customers that they neglect or misjudge the needs of their other segments.
– Ilan Mochari, Inc., 2015
Business | Target Market & Customer | Product/Service & Key Features | Key Differentiators | Market Positioning | |
---|---|---|---|---|---|
University XYZ |
|
|
|
Affordable education with low tuition cost and access to bursaries & scholarships. | |
University CDE | University CDE |
|
|
|
Outcome focused university with strong co-ops/internship programs and career placements for graduates |
University MNG |
|
|
|
Nurturing university with small student population and classroom sizes. University attractive to adult learners. | |
Disruptors | Online Learning Company EFG |
|
|
|
Competitive pricing with an open acceptance policy |
University JKL Online Credential Program |
|
|
|
Borderless and free (or low cost) education |
Value-chain prioritization
Identify top value chains to be transformed
Identify and prioritize how your organization currently delivers value today and identify value chains to be transformed.
A cross-functional cohort across levels in the organization.
Prioritized Value Chains
Value streams and value chains connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities. Those activities are dependent on the specific industry segment an organization operates within.
A value stream refers to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer.
A value chain is a ”string” of processes within a company that interrelate and work together to meet market demand. Examining the value chain of a company will reveal how it achieves competitive advantage.
Visit Info-Tech’s Industry Coverage Research to identify value streams
Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.
There are two types of value streams: core value streams and support value streams.
An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.
A business capability defines what a business does to enable value creation, rather than how. Business capabilities:
A capability map is a great starting point to identify value chains within an organization as it is a strong indicator of the processes involved to deliver on the value streams.
Leverage your industry reference architecture to define value streams and value chains.
Visit Info-Tech’s Industry Coverage Research to identify value streams
Use an evaluation criteria that considers both the human and business value generators that these streams provide.
To produce maximum impact, focus on value streams that provide two-thirds of your enterprise value.
Business Value
Assess the value generators to the business, e.g. revenue dollars, enterprise value, cost or differentiation (competitiveness), etc.
Assess the value generators to people, e.g. student/faculty satisfaction, well-being, and social cohesion.
Value chains, pioneered by the academic Michael Porter, refer to the ”string” of processes within a company that interrelate and work together to meet market demand. An organization’s value chain is connected to the larger part of the value stream. This perspective of how value is generated encourages leaders to see each activity as a part of a series of steps required deliver value within the value stream and opens avenues to identify new opportunities for value generation.
Once we have identified the key value chains within each value stream element, evaluate the individual processes within the value chain to identify opportunities for transformation. Evaluate the value chain processes based on the level of pain experienced by a stakeholder to accomplish that task, and the financial impact that level of the process has on the organization.
stringof processes within the value stream element. Each value chain also captures a particular stakeholder that benefits from the value chain.
Visit Info-Tech’s Industry Coverage Research to identify value streams and capability maps
Assess trends that are impacting your industry and identify strategic growth opportunities.
A cross-functional cohort across levels in the organization.
Identify new growth opportunities and value chains impacted
Horizon scanning
Systematically scan your environment to identify avenues or opportunities to skip one or several stages of technological development and stay ahead of disruption.
Scan the environment for external environment for megatrends, trends, and drivers. Prioritize trends and build a trends radar to keep track of trends within your environment.
A cross-functional cohort across levels in the organization.
Growth opportunity
Horizon scanning is a systematic analysis of detecting early signs of future changes or threats.
Horizon scanning involves scanning, analyzing, and communicating changes in an organization’s environment to prepare for potential threats and opportunities. Much of what we know about the future is based around the interactions and trajectory of macro trends, trends, and drivers. These form the foundations for future intelligence.
A macro trend captures a large-scale transformative trend that could impact your addressable market.
A trend captures a business use case of the macro trend. Consider trends in relation to competitors in your industry.
A driver is an underlying force causing the trend to occur. There can be multiple causal forces, or drivers, that influence a trend, and multiple trends can be influenced by the same causal force.
Identify signals of change in the present and their potential future impacts.
A macro trend captures a large-scale transformative trend that could change the addressable market. Here are some examples of macro trends to consider when horizon scanning for your own organization:
A trend captures a business use case of a macro trend. Assessing trends can reduce some uncertainties about the future and highlight potential opportunities for your organization. A driver captures the internal or external forces that lead the trend to occur. Understanding and capturing drivers is important to understanding why these trends are occurring and the potential impacts to your value chains.
Uncover important business and industry trends that can inform possibilities for technology innovation.
Explore trends in areas such as:
Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.
Visit Info-Tech’s Trends & Priorities Research Center
Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams
Images are from Info-Tech’s Rethinking Higher Education Report and 2021 Tech Trends Report
Macro Trends | Trends | Drivers | |
---|---|---|---|
Talent Availability | Diversity | Inclusive campus culture | Systemic inequities |
Hybrid workforce | Online learning staff | COVID-19 and access to physical institutions | |
Customer Expectations | Digital experience | eLearning for working learners | Accommodate adult learners |
Accessibility | Micro-credentials for non-traditional students | Addressing skills gap | |
Technological Landscape | Artificial intelligence and robotics | AI for personalized learning | Hyper personalization |
IoT | IoT for monitoring equipment | Asset tracking | |
Augmented reality | Immersive education AR and VR | Personalized experiences | |
Regulatory System | Regulatory System | Alternative funding for research | Changes in federal funding |
Global Green | Environmental and sustainability education curricula | Regulatory and policy changes | |
Supply Chain Continuity | Circular supply chains | Vendors recycling outdated technology | Sustainability |
Cloud-based solutions | Cloud-based eLearning software | Convenience and accessibility |
Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams
Develop a cross-industry holistic view of trends.
Moving from horizon scanning to action requires an evaluation process to determine which trends can lead to growth opportunities. First, we need to make a short list of trends to analyze. For your digital strategy, consider trends on the time horizon that are under 24 months. Next, we need to evaluate the shortlisted opportunities by a second set of criteria: relevance to your organization and impact on industry.
The estimated time to disruption this trend will have for your industry. Assess whether the trend will require significant developments to support its entry into the ecosystem.
The relevance of the trend to your organization. Does the trend fulfil the vision or goals of the organization?
The degree of impact the trend will have on your industry. A trend with high impact will drive new business models, products, or services.
Trend | Timing (S/M/L) |
Impact (1-5) |
Relevance ( 1-5) |
|
---|---|---|---|---|
1. | Micro-credentialing | S | 5 | 5 |
2. | IoT-connected devices for personalized experience | S | 1 | 3 |
3. | International partnerships with educational institutions | M | ||
4. | Use of chatbots throughout enrollment process | L | ||
5. | IoT for energy management of campus facilities | L | ||
6. | Gamification of digital course content | M | ||
7. | Flexible learning curricula | S | 4 | 3 |
Deprioritize trends that have a time frame to disruption of more than 24 months. |
A systematic approach to leapfrog ideation is one of the most critical ways in which an organization can build the capacity for resilient innovation.
Evaluate trend opportunities and determine the strategic opportunities they pose. You will also work towards identifying the impact the trend has on your value chain.
A cross-functional cohort across levels in the organization.
In this digital era, organizations are often playing catch up to a rapidly evolving technological landscape and following a strict linear approach to innovation. However, this linear catch-up approach does not help companies get ahead of competitors. Instead, organizations must identify avenues to skip one or several stages of technological development to leapfrog ahead of their competitors.
The best way to predict the future is to invent it.
– Alan Kay
Leapfrogging takes place when an organization introduces disruptive innovation into the market and sidesteps competitors who are unable to mobilize to respond to the opportunities.
Higher Education: Barco’s Virtual Classroom at UCL
University College London (UCL), in the United Kingdom, selected Barco weConnect virtual classroom technology for its continuing professional development medical education offering. UCL uses the platform for synchronous teaching, where remote students can interact with a lecturer.
One of the main advantages of the system is that it enables direct interaction with students through polls, questions, and whiteboarding. The system also allows you to track student engagement in real time.
The system has also been leveraged for scientific research and publications. In their “Delphi” process, key opinion leaders were able to collaborate in an effective way to reach consensus on a subject matter. The processes that normally takes months were successfully completed in 48 hours (McCann, 2020).
The system has been largely successful and has supported remote, real-time teaching, two-way engagement, engagement with international staff, and an overall enriched teaching experience.
Brainstorm ways of generating leapfrog ideas from trend insights.
Dealing with trends is one of the most important tasks for innovation. It provides the basis of developing the future orientation of the organization. However, being aware of a trend is one thing, to develop strategies for response is another.
To identify the impact the trend has on the organization, consider the four areas of growth strategies for the organization:
Trend | New Customer | New Market | New Business Model | New Product or Service |
---|---|---|---|---|
What trends pose a high-immediate impact to the organization? | Target new customers for existing products or services | Enter or create new markets by applying existing products or services to different problems | Adjust the business model to capture a change in how the organization delivers value | Introduce new products or services to the existing market |
Micro-credentials for non-traditional students | Target non-traditional learners/students | - | Online delivery | Introduce mini MBA program |
Evaluate trend opportunities and determine the strategic opportunities they pose. Prioritize the opportunities and identify impact to your value chain.
A cross-functional cohort across levels in the organization.
As we identify and prioritize the opportunities available to us, we need to assess their impacts on value chains. Does the opportunity directly impact an existing value chain? Or does it open us to the creation of a new value chain?
The value chain perspective allows an organization to identify how to best minimize or enhance impacts and generate value.
As we move from opportunity to impact, it is important to break down opportunities into the relevant pieces so we can see a holistic picture of the sources of differentiation.
Take the prioritized value chains and create a journey map to capture the end-to-end experience of a stakeholder.
Through a journey mapping exercise, you will identify opportunities to digitize parts of the journey. These opportunities will be broken down into functional initiatives to tackle in your strategy.
A cross-functional cohort across levels in the organization.
Transform stakeholder journeys
In this step, you with identify stakeholder personas and scenarios relating to the prioritized value chains.
A cross-functional cohort across levels in the organization.
Stakeholder personas and scenarios help us build empathy towards our customers. It helps put us into the shoes of a stakeholder and relate to their experience to solve problems or understand how they experience the steps or processes required to accomplish a goal. A user persona is a valuable basis for stakeholder journey mapping.
A stakeholder scenario describes the situation the journey map addresses. Scenarios can be real (for existing products and services) or anticipated.
A stakeholder persona is a fictitious profile to represent a customer or a user segment. Creating this persona helps us understand who your customers really are and why they are using your service or product.
For your digital strategy, leverage the existing and opportunity value chains identified in phase 1 and 2 for journey mapping.
Identify two existing value chains to be transformed. In section 1, we identified existing value chains to be transformed. For example, your stakeholder persona is a member of the faculty (engineering), and the scenario is the curricula design process. |
Identify one new value chain. In section 2, we identified a new value chain. However, for a new opportunity, the scenario is more complex as it may capture many different areas of a value chain. Subsequently, a journey map for a new opportunity may require mapping all parts of the value chain. |
To define a stakeholder scenario, we need to understand who we are mapping for. In each value chain, we identified a stakeholder who gains value from that value chain. We now need to develop a stakeholder persona: a representation of the end user to gain a strong understanding of who they are, what they need, and their pains and gains.
One of the best ways to flesh out your stakeholder persona is to engage with the stakeholders directly or to gather the input of those who may engage with them within the organization.
For example, if we want to define a journey map for a student, we might want to gather the input of students or teaching faculty that have firsthand encounters with different student types and are able to define a common student type.
Run a survey to understand your end users and develop a stronger picture of who they are and what they are seeking to gain from your organization.
Name: Anne
Age: 35
Occupation: Engineering Faculty
Location: Toronto, Canada
What are their frustrations, fears, and anxieties?
What do they want to get done? How will they know they are successful?
What are their wants, needs, hopes, and dreams?
(Adapted from Osterwalder, et al., 2014)
Now that we understand who we are mapping for, we need to define a journey statement to capture the stakeholder journey.
Leverage the following format to define the journey statement.
As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].
As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].
Prioritize the journeys by focusing on what matters most to the stakeholders and estimating the organizational effort to improve those experiences.
A cross-functional cohort across levels in the organization.
A journey-based approach helps an organization understand how a stakeholder moves through a process and interacts with the organization in the form of touch points, channels, and supporting characters. By identifying pain points in the journey and the activity types, we can identify opportunities for innovation and automation along the journey.
Embrace design thinking methodologies to elevate the stakeholder journey and to build a competitive advantage for your organization.
In journey mapping, we always start with the stakeholder's perspective, then eventually transition into what the organization does business-wise to deliver value to each stakeholder. It is important to keep in mind both perspectives while conducting a journey mapping exercise as there are often different roles, processes, and technologies associated with each of the journey steps.
Take the perspective of an end user, who interacts with your products and services, as it is different from the view of those inside the organization, who implement and provide those services.
A stakeholder journey map is a tool used to illustrate the user’s perceptions, emotions, and needs as they move through a process and interact with the organization in the form of touch points, channels, and supporting characters.
The journey activity refers to the steps taken to accomplish a goal.
The journey activity comprises the steps or sequence of tasks the stakeholder takes to accomplish their goal. These steps reflect the high-level process your candidates perform to complete a task or solve a problem.
Touch points are the points of interaction between a stakeholder and the organization.
A touch point refers to any time a stakeholder interacts with your organization or brand. Consider three main points of interaction with the customer in the journey:
The nature of activity refers to the type of task the journey activity captures.
We categorize the activity type to identify opportunities for automation. There are four main types of task types, which in combination (as seen in the table below) capture a task or job to be automated.
Routine | Non-Routine | |
---|---|---|
Cognitive | Routine Cognitive: repeatable tasks that rely on knowledge work, e.g. sales, administration Prioritize for automation (2) |
Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection Prioritize for automation (3) |
Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection Prioritize for automation (3) | Routine Manual: repeatable tasks that rely on physical work, e.g. manufacturing, production Prioritize for automation (1) |
Non-Routine Manual: infrequent tasks that rely on physical work, e.g. food preparation Not mature for automation |
Where automation makes sense, routine manual activities should be transformed first, followed by routine cognitive activities. Non-routine cognitive activities are the final frontier.
Metrics are a quantifiable measurement of a process, activity, or initiative.
Metrics are crucial to justify expenses and to estimate growth for capacity planning and resourcing. There are multiple benefits to identifying and implementing metrics in a journey map:
Example of journey mapping metrics: Cost, effort, turnaround time, throughput, net promoter score (NPS), satisfaction score
Key moments and pain points refer to the emotional status of a stakeholder at each stake of the customer journey.
The key moments are defining pieces or periods in a stakeholder's experience that create a critical turning point or memory.
The pain points are the critical problems that the stakeholder is facing during the journey or business continuity risks. Prioritize identifying pain points around key moments.
To identify key moments, look for moments that can dramatically influence the quality of the journey or end the journey prematurely. To improve the experience, analyze the hidden needs and how they are or aren’t being met.
An opportunity is an investment into people, process, or technology for the purposes of building or improving a business capability and accomplishing a specific organizational objective.
An opportunity refers to the initiatives or projects that should address a stakeholder pain. Opportunities should also produce a demonstrable financial impact – whether direct (e.g. cost reduction) or indirect (e.g. risk mitigation) – and be evaluated based on how technically difficult it will be to implement.
Create new or different experiences for customers
Generate new organizational skills or new ways of working
Improve responsiveness and resilience of operations
Develop different products or services
Stakeholder: A faculty member
Journey: As an engineering faculty member, I want to design my curricula in a hybrid mode of delivery so that I can simulate in-classroom experiences
Journey activity | Understanding the needs of students | Construct the course material | Deliver course material | Conduct assessments | Upload grades into system |
---|---|---|---|---|---|
Touch Points |
|
|
|
|
|
Nature of Activity | Non-routine cognitive | Non-routine cognitive | Non-routine cognitive | Routine cognitive | Routine Manual |
Metrics |
|
|
|
|
|
Ken Moments & Pain Points | Lack of centralized repository for research knowledge |
|
|
|
No existing critical pain points; process already automated |
Opportunities |
|
|
|
|
Stakeholder Journeytab
Aim to build out 90% of the stakeholder journey map with the working team; validate the last 10% with the stakeholder themselves.
Prioritize the opportunities that arose from the stakeholder journey mapping exercise.
A cross-functional cohort across levels in the organization.
Prioritized opportunities
As there may be many opportunities arising from the journey map, we need to prioritize ideas to identify which ones we can tackle first – or at all. Leverage IDEO’s design-thinking “three lenses of innovation” to support prioritization:
Opportunities | Feasibility (L/M/H) |
Desirability (L/M/H) |
Viability (L/M/H) |
---|---|---|---|
Centralized repository for research knowledge | H | H | H |
Rationalize course creation tool set | H | H | H |
Connectivity self-assessment/ checklist | H | M | H |
Forums for students | M | H | H |
Exam preparation (e.g. education or practice exams) | H | H | H |
Define a digital goal as it relates to the prioritized opportunities and the stakeholder journey map.
A cross-functional cohort across levels in the organization.
Digital goals
With the prioritized set of opportunities for each stakeholder journey, take a step back and assess what the sum of these opportunities mean for the journey. What is the overall goal or objective of these opportunities? How do these opportunities change or facilitate the journey experience? From here, identify a single goal statement for each stakeholder journey.
Stakeholder | Scenario | Prioritized Opportunities | Goal |
---|---|---|---|
Faculty (Engineering) | As a faculty (Engineering), I want to prepare and teach my course in a hybrid mode of delivery | Centralized repository for research knowledge Rationalized course creation tool set |
Support hybrid course curricula development through value-driven toolsets and centralized knowledge |
Identify people, process, and technology initiatives for the opportunities identified.
A cross-functional cohort across levels in the organization.
Brainstorm initiatives for each high-priority opportunity using the framework below. Describe each initiative as a plan or action to take to solve the problem.
People: What initiatives are required to manage people, data, and other organizational factors that are impacted by this opportunity?
Process: What processes must be created, changed, or removed based on the data?
Technology: What systems are required to support this opportunity?
Initiatives | ||
---|---|---|
Centralized repository for research knowledge | Technology | Acquire and implement knowledge management application |
People | Train researchers on functionality | |
Process | Periodically review and validate data entries into repository | |
Initiatives | ||
Rationalize course creation toolset | Technology | Retire duplicate or under-used tools |
People | Provide training on tool types and align to user needs | |
Process | Catalog software applications and tools across the organization Identify under-used or duplicate tools/applications |
Ruthlessly evaluate if a initiative should stand alone or if it can be rolled up with another. Fewer initiatives or opportunities increases focus and alignment, allowing for better communication.
Build a digital transformation roadmap that captures people, process, and technology initiatives.
A cross-functional cohort across levels in the organization.
Build a digital transformation roadmap
Detail initiatives for each priority initiative on your horizon.
A cross-functional cohort across levels in the organization.
Build a digital transformation roadmap
A roadmap that balances growth opportunities with business resilience will transform your organization for long-term success in the digital economy.
Identify timing of initiatives and build a Gantt chart roadmap.
A cross-functional cohort across levels in the organization.
Develop a high-level document that travels with the initiative from inception through executive inquiry, project management, and finally execution.
A initiative needs to be discrete: able to be conceptualized and discussed as an independent item. Each initiative must have three characteristics:
Learn more about project portfolio management strategy
Build a digital transformation roadmap
A digital strategy is a design process, it must be revisited to pressure test and account for changes in the external environment.
Detail a refresh strategy.
A cross-functional cohort across levels in the organization.
It is important to dedicate time to your strategy throughout the year. Create a refresh plan to assess for the changing business context and its impact on the digital business strategy. Make sure the regular planning cycle is not the primary trigger for strategy review. Put a process in place to review the strategy and make your organization proactive. Start by examining the changes to the business context and how the effect would trickle downwards. It’s typical for organizations to build a refresh strategy around budget season and hold planning and touch points to accommodate budget approval time.
Example:
Example:
Frequency | Audience | Scope | Date |
---|---|---|---|
Annually | Executive Leadership | Resurvey, review/ validate, update schedule | Pre-budget |
Touch Point | Executive Leadership | Status update, risks/ constraints, priorities | Oct 2021 |
Every Year (Re-build) | Executive Leadership | Full planning | Jan 2022 |
Establish a new way of working to deliver value on your digital transformation initiatives.
Drive project throughput by throttling resource capacity.
Innovation needs design thinking.
Prepare your organization for digital transformation – or risk falling behind.
Research Fellow
Info-Tech Research Group
Kenneth McGee is a Research Fellow within the CIO practice at Info-Tech Research Group and is focused on IT business and financial management issues, including IT Strategy, IT Budgets and Cost Management, Mergers & Acquisitions (M&A), and Digital Transformation. He also has extensive experience developing radical IT cost reduction and return-to-growth initiatives during and following financial recessions.
Ken works with CIOs and IT leaders to help establish twenty-first-century IT organizational charters, structures, and responsibilities. Activities include IT organizational design, IT budget creation, chargeback, IT strategy formulation, and determining the business value derived from IT solutions. Ken’s research has specialized in conducting interviews with CEOs of some of the world’s largest corporations. He has also interviewed a US Cabinet member and IT executives at the White
House. He has been a frequent keynote speaker at industry conventions, client sales kick-off meetings, and IT offsite planning sessions.
Ken obtained a BA in Cultural Anthropology from Dowling College, Oakdale, NY, and has pursued graduate studies at Polytechnic Institute (now part of NYU University). He has been an adjunct instructor at State University of New York, Westchester Community College.Vice President
Info-Tech Research Group
Jack has more than 25 years of technology and management consulting experience. He has served multi-billion dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.
Prior to joining the Info-Tech Research Group, he worked for leading consulting players such as Accenture, Deloitte, EY, and IBM.
Jack led digital business strategy engagements as well as corporate strategy and M&A advisory services for clients across North America, Europe, the Middle East, and Africa. He is a seasoned technology consultant who has developed IT strategies and technology roadmaps, led large business transformations, established data governance programs, and managed the deployment of mission-critical CRM and ERP applications.
He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.
Abrams, Karin von. “Global Ecommerce Forecast 2021.” eMarketer, Insider Intelligence, 7 July 2021. Web.
Christenson, Clayton. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business School, 1997. Book.
Drucker, Peter F., and Joseph A. Maciariello. Innovation and Entrepreneurship. Routledge, 2015.
Eagar, Rick, David Boulton, and Camille Demyttenaere. “The Trends in Megatrends.” Arthur D Little, Prism, no. 2, 2014. Web.
Enright, Sara, and Allison Taylor. “The Future of Stakeholder Engagement.” The Business of a Better World, October 2016. Web.
Hatem, Louise, Daniel Ker, and John Mitchell. “A roadmap toward a common framework for measuring the digital economy.” Report for the G20 Digital Economy Task Force, OECD, 2020. Web.
Kemp, Simon. “Digital 2021 April Statshot Report.” DataReportal, Global Digital Insights, 21 Apr. 2021. Web.
Larson, Chris. “Disruptive Innovation Theory: 4 Key Concepts.” Business Insights, Harvard Business School, HBS Online, 15 Nov. 2016. Web.
McCann, Leah. “Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?” rAVe, 2 July 2020. Web.
Mochari, Ilan. “The Startup Buzzword Almost Everyone Uses Incorrectly.” Inc., 19 Nov. 2015. Web.
Osterwalder, Alexander, et al. Value Proposition Design. Wiley, 2014.
Reed, Laura. “Artificial Intelligence: Is Your Job at Risk?” Science Node, 9 August 2017.
Rodeck, David. “Alphabet Soup: Understanding the Shape of a Covid-19 Recession.” Forbes, 8 June 2020. Web.
Tapscott, Don. Wikinomics. Atlantic Books, 2014.
Taylor, Paul. “Don't Be A Dodo: Adapt to the Digital Economy.” Forbes, 27 Aug. 2015. Web.
The Business Research Company. "Wholesale Global Market Report 2021: COVID-19 Impact and Recovery to 2030." Research and Markets, January 2021. Press Release.
“Topic 1: Megatrends and Trends.” BeFore, 11 October 2018.
“Updated Digital Economy Estimates – June 2021.” Bureau of Economic Analysis, June 2021. Web.
Williamson, J. N. The Leader Manager. John Wiley & Sons, 1984.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Kick off an acquisition by establishing acquisition goals, validating the decision to acquire a service, and structuring an acquisition approach. There are several RFP approaches and strategies – evaluate the options and develop one that aligns with the nature of the acquisition.
A solid RFP is critical to the success of this project. Assess the current and future requirements, examine the characteristics of an effective RFP, and develop an RFP.
Manage the activities surrounding vendor questions and score the RFP responses to select the best-fit solution.
Perform due diligence in reviewing the SLAs and contract before signing. Plan to transition the service into the environment and manage the vendor on an ongoing basis for a successful partnership.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Establish procurement goals and success metrics.
Develop a projected acquisition timeline.
Establish the RFP approach and strategy.
Defined acquisition approach and timeline.
1.1 Establish your acquisition goals.
1.2 Establish your success metrics.
1.3 Develop a projected acquisition timeline.
1.4 Establish your RFP process and refine your RFP timeline.
Acquisition goals
Success metrics
Acquisition timeline
RFP strategy and approach
Gather requirements for services to build into the RFP.
Gathered requirements.
2.1 Assess the current state.
2.2 Evaluate service requirements and targets.
2.3 Assess the gap and validate the service acquisition.
2.4 Define requirements to input into the RFP.
Current State Assessment
Service requirements
Validation of services being acquired and key processes that may need to change
Requirements to input into the RFP
Build the RFP.
RFP development.
3.1 Build the RFP requirement section.
3.2 Develop the rest of the RFP.
Service requirements input into the RFP
Completed RFP
Review RFP responses to select the best solution for the acquisition.
Vendor selected.
4.1 Manage vendor questions regarding the RFP.
4.2 Review RFP responses and shortlist the vendors.
4.3 Conduct additional due diligence on the vendors.
4.4 Select a vendor.
Managed RFP activities
Imperceptive scoring of RFP responses and ranking of vendors
Additional due diligence and further questions for the vendor
Selected vendor
Aimbetter
data monitoring
solutions
as a service.
Data processing has come a long way since the dawn of the digital revolution. We’re moving our platforms to the cloud, private or public. Enterprise resource management (ERM), resource planning (ERP), and other systems are growing in complexity.
The days of simple database systems are also over. Today’s complex systems consist of thousands, if not hundreds of thousands, queries and updates every minute of the day.
To handle this, you must have a scalable and reliable infrastructure and application landscape in place.
The only way to handle this is to have a software solution in place that proactively monitors, detects issues, problems, bottlenecks, and more.
You want that system to help with root cause identification, give proper alerting, and even propose faster issue resolution options.
The performance control monitoring (PCM) suite by Aimbetter handles the management of SQL Server database installations, including underlying and upstream components, such as Microsoft Server and IIS. PCM can manage both on-premise and cloud-based patterns.
Built with Microsoft technology, the solution provides complete visibility of your database environment via traditional interfaces, as well as on your mobile device. That allows you to ensure operational efficiency and business continuity.
Our SaaS solution is easy to install and requires no local storage or computing resources. And, it guarantees the highest level of security via zero-trust, ISO-compliant access control.
Read over 400 individual metrics
Read over 100 core Windows server metrics
Track 20 different network performance metrics
A-Z assistance, 24/7
Work remote, even from your cell phone
Tailor your security program according to what makes your organization unique.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard will help you lay foundations for your security program that will inform future security program decisions and give your leadership team the information they need to support your success. You will evaluate design factors that make your organization unique, prioritize the security capabilities to suit, and assess the maturity of key security program components including security governance, security strategy, security architecture, service design, and service metrics.
Use this Excel workbook to evaluate your security program against ten key design factors. The tool will produce a goals cascade that shows the relationship between business and security goals, a prioritized list of security capabilities that align to business requirements, and a list of program accountabilities.
This second Excel workbook will help you conduct a gap analysis on key security program components and identify improvement initiatives. You can then use the Security Program Design and Implementation Plan to collect results from the design and implementation tools and draft a communication deck.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine the initial design of your security program.
An initial prioritized list of security capabilities that aligns with enterprise strategy and goals.
1.1 Review Info-Tech diagnostic results.
1.2 Identify project context.
1.3 Identify enterprise strategy.
1.4 Identify enterprise goals.
1.5 Build a goal cascade.
1.6 Assess the risk profile.
1.7 Identify IT-related issues.
1.8 Evaluate initial program design.
Stakeholder satisfaction with program
Situation, challenges, opportunities
Initial set of prioritized security capabilities
Initial set of prioritized security capabilities
Initial set of prioritized security capabilities
Initial set of prioritized security capabilities
Initial set of prioritized security capabilities
Initial set of prioritized security capabilities
Refine the design of your security program.
A refined, prioritized list of security capabilities that reflects what makes your organization unique.
2.1 Gauge threat landscape.
2.2 Identify compliance requirements.
2.3 Categorize the role of IT.
2.4 Identify the sourcing model.
2.5 Identify the IT implementation model.
2.6 Identify the tech adoption strategy.
2.7 Refine the scope of the program.
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Finalize security program design.
Key accountabilities to support the security program
Gap analysis to produce an improvement plan
3.1 Identify program accountabilities.
3.2 Conduct program gap analysis.
3.3 Prioritize initiatives.
Documented program accountabilities.
Security program gap analysis
Security program gap analysis
Create and communicate an improvement roadmap for the security program.
Security program design and implementation plan to organize and communicate program improvements.
4.1 Build program roadmap
4.2 Finalize implementation plan
4.3 Sponsor check-in
Roadmap of program improvement initiatives
Roadmap of program improvement initiatives
Communication deck for program design and implementation
EXECUTIVE BRIEF
Security leaders often tout their choice of technical security framework as the first and most important program decision they make. While the right framework can help you take a snapshot of the maturity of your program and produce a quick strategy and roadmap, it won’t help you align, modernize, or transform your program to meet emerging business requirements. Common technical security frameworks focus on operational controls rather than business services and value creation. They are difficult to convey to business stakeholders and provide little program management or implementation guidance. Focus on business value first, and the security services that enable it. Your organization has its own distinct character and profile. Understand what makes your organization unique, then design and refine the design of your security program to ensure it supports the right capabilities. Next, collaborate with stakeholders to ensure the right accountabilities, roles, and responsibilities are in place to support the implementation of the security program. |
|
Michel Hébert |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
|
|
Tailor your security program according to what makes your organization unique.
|
Info-Tech Insight
You are a business leader who supports business goals and mitigates risk. Focus first on business value and the security services that enable it, not security controls.
Cybercriminals deploying ransomware are evolving into a growing and sophisticated criminal ecosystem that will continue to adapt to maximize its profits.
Malicious agents continue to target critical infrastructure to harm industrial processes and the customers they serve State-sponsored actors are expected to continue to target critical infrastructure to collect information through espionage, pre-position in case of future hostilities, and project state power.
Malicious actors increasingly deceive or exploit cryptocurrencies, machine learning, and artificial intelligence technologies to support their activities.
50% Only half of leaders are framing the impact of security threats as a business risk.
49% Less than half of leaders align security program cost and risk reduction targets with the business.
57% Most leaders still don’t regularly review security program performance of the business.
Organizations with misaligned security programs have 48% more security incidents...
…and the cost of their data breaches are 40% higher than those with aligned programs.
37% of stakeholders still lack confidence in their security program.
54% of senior leaders still doubt security gets the goals of the organization.
“There's so much focus on better risk management that every leadership team in every organization wants to be part of the solution.
If you can give them good data about what things they really need to do, they will work to understand it and help you solve the problem.”
1. New CISO
“I need to understand the business, prioritize core security capabilities, and identify program accountabilities quickly.”
2. Program Renewal
“The business is changing, and the threat landscape is shifting. I am concerned the program is getting stale.”
Use this blueprint to understand what makes your organization unique:
If you need a deep dive into governance, move on to a security governance and management initiative.
3. Program Update
“I am happy with the fundamentals of my security program. I need to assess and improve our security posture.”
Move on to our guidance on how to Build an Information Security Strategy instead.
Define Scope of |
Refine Scope of |
Finalize Security |
|
---|---|---|---|
Phase steps |
1.1 Identify enterprise strategy 1.2 Identify enterprise goals 1.3 Assess the risk profile 1.4 Identify IT-related issues 1.5 Define initial program design |
2.1 Gage threats and compliance 2.2 Assess IT role and sourcing 2.3 Assess IT implementation model 2.4 Assess tech adoption strategy 2.5 Refine program design |
3.1 Identify program accountabilities 3.2 Define program target state 3.3 Build program roadmap |
Phase outcomes |
|
|
|
Tools |
You are a business leader first and a security leader second
Technical security frameworks are static and focused on operational controls and standards. They belong in your program’s solar system but not at its center. Design your security program with business value and the security services that enable it in mind, not security controls.
There is no one-size-fits-all security program
Tailor your security program to your organization’s distinct profile to ensure the program generates value.
Lay the right foundations to increase engagement
Map out accountabilities, roles, and responsibilities to ensure the components of your security program work together over time to secure and enable business services.
If you build it, they will come
Your executive team wants to be part of the solution. If you give them reliable data for the things they really need to do, they will work to understand and help you solve the problem.
Security Program Design Tool
Tailor the security program to what makes your organization unique to ensure alignment.
Security Program Implementation Tool
Assess the current state of different security program components and plan next steps.
SecurityProgram Design and Implementation Plan
Communicate capabilities, accountabilities, and implementation initiatives.
Key deliverable
Security Program Design and Implementation Plan
The design and implementation plan captures the key insights your work will generate, including:
IT Benefits |
Business Benefits |
---|---|
|
|
Deliverable |
Challenge |
|
---|---|---|
Security Program Design |
|
|
Program Assessment and Implementation Plan |
|
|
Measured Value |
|
Governance & Management Maturity Scorecard
Understand the maturity of your security program across eight domains.
Audience: Security Manager
Security Business Satisfaction and Alignment Report
Assess the organization’s satisfaction with the security program.
Audience: Business Leaders
CIO Business Vision
Assess the organization’s satisfaction with IT services and identify relevant challenges.
Audience: Business Leaders
INDUSTRY: Higher Education
SOURCE: Interview
Building a business-aligned security program
Portland Community College (PCC) is the largest post-secondary institution in Oregon and serves more than 50,000 students each year. The college has a well-established information technology program, which supports its education mission in four main campuses and several smaller centers.
PCC launched a security program modernization effort to deal with the evolving threat landscape in higher education. The CISO studied the enterprise strategy and goals and reviewed the college’s risk profile and compliance requirements. The exercise helped the organization prioritize security capabilities for the renewal effort and informed the careful assessment of technical controls in the current security program.
Results
Laying the right foundations for the security program helped the security function understand how to provide the organization with a clear report of its security posture. The CISO now reports directly to the board of directors and works with stakeholders to align cost, performance, and risk reduction objectives with the needs of the college.
The security program modernization effort prioritized several critical design factors
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Phase 1 | Phase 2 | Phase 3 |
---|---|---|
Call #1: Call #2: |
Call #3: Call #4: |
Call #5: Call #6: |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is 4 to 6 calls over the course of 6 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
---|---|---|---|---|---|
Initial Security |
Refine Security |
Security Program |
Roadmap and Implementation Plan |
Next Steps and |
|
Activities |
1.1.0 Review Info-Tech diagnostic results 1.1.1 Identify project context 1.1.2 Identify enterprise strategy 1.2.1 Identify enterprise goals 1.2.2 Build a goals cascade 1.3 Assess the risk profile 1.4 Identify IT-related issues 1.5 Evaluate initial program design |
2.1.1 Gauge threat landscape 2.1.2 Identify compliance requirements 2.2.1 Categorize the role of IT 2.2.2 Identify the sourcing model 2.3.1 Identify the IT implementation model 2.4.1 Identify the tech adoption strategy 2.5.1 Refine the design of the program |
3.1 Identify program accountabilities 3.2.1 Conduct program gap analysis 3.2.2 Prioritize initiatives |
3.3.1 Build program roadmap 3.3.2 Finalize implementation plan 3.3.3 Sponsor check-in |
4.1 Complete in-progress deliverables from previous four days 4.2 Set up review time for workshop deliverables and to discuss next steps |
Deliverables |
|
|
|
|
|
Workshop |
Workshop |
---|---|
Security Program Design Factors |
Security Program Gap Analysis or |
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Determine the most critical business services to ensure availability.
Craft a monitoring strategy to gather usage data.
Integrate business stakeholders into the capacity management process.
Identify and mitigate risks to your capacity and availability.
[infographic]
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine the most important IT services for the business.
Understand which services to prioritize for ensuring availability.
1.1 Create a scale to measure different levels of impact.
1.2 Evaluate each service by its potential impact.
1.3 Assign a criticality rating based on the costs of downtime.
RTOs/RPOs
List of gold systems
Criticality matrix
Monitor and measure usage metrics of key systems.
Capture and correlate data on business activity with infrastructure capacity usage.
2.1 Define your monitoring strategy.
2.2 Implement your monitoring tool/aggregator.
RACI chart
Capacity/availability monitoring strategy
Determine how to project future capacity usage needs for your organization.
Data-based, systematic projection of future capacity usage needs.
3.1 Analyze historical usage trends.
3.2 Interface with the business to determine needs.
3.3 Develop a plan to combine these two sources of truth.
Plan for soliciting future needs
Future needs
Identify potential risks to capacity and availability.
Develop strategies to ameliorate potential risks.
Proactive approach to capacity that addresses potential risks before they impact availability.
4.1 Identify capacity and availability risks.
4.2 Determine strategies to address risks.
4.3 Populate and review completed capacity plan.
List of risks
List of strategies to address risks
Completed capacity plan
"Nobody doubts the cloud’s transformative power. But will its ascent render “capacity manager” an archaic term to be carved into the walls of datacenters everywhere for future archaeologists to puzzle over? No. While it is true that the cloud has fundamentally changed how capacity managers do their jobs , the process is more important than ever. Managing capacity – and, by extent, availability – means minimizing costs while maximizing uptime. The cloud era is the era of unlimited capacity – and of infinite potential costs. If you put the infinity symbol on a purchase order… well, it’s probably not a good idea. Manage demand. Manage your capacity. Manage your availability. And, most importantly, keep your stakeholders happy. You won’t regret it."
Jeremy Roberts,
Consulting Analyst, Infrastructure Practice
Info-Tech Research Group
✓ CIOs who want to increase uptime and reduce costs
✓ Infrastructure managers who want to deliver increased value to the business
✓ Enterprise architects who want to ensure stability of core IT services
✓ Dedicated capacity managers
✓ Develop a list of core services
✓ Establish visibility into your system
✓ Solicit business needs
✓ Project future demand
✓ Set SLAs
✓ Increase uptime
✓ Optimize spend
✓ Project managers
✓ Service desk staff
✓ Plan IT projects
✓ Better manage availability incidents caused by lack of capacity
According to 451 Research, 59% of enterprises have had to wait 3+ months for new capacity. It is little wonder, then, that so many opt to overprovision. Capacity management is about ensuring that IT services are available, and with lead times like that, overprovisioning can be more attractive than the alternative. Fortunately there is hope. An effective availability and capacity management plan can help you:
Balancing overprovisioning and spending is the capacity manager’s struggle.
If an IT department is unable to meet demand due to insufficient capacity, users will experience downtime or a degradation in service. To be clear, capacity is not the only factor in availability – reliability, serviceability, etc. are significant as well. But no organization can effectively manage availability without paying sufficient attention to capacity.
"Availability Management is concerned with the design, implementation, measurement and management of IT services to ensure that the stated business requirements for availability are consistently met."
– OGC, Best Practice for Service Delivery, 12
"Capacity management aims to balance supply and demand [of IT storage and computing services] cost-effectively…"
– OGC, Business Perspective, 90
Business | The highest level of capacity management, business capacity management, involves predicting changes in the business’ needs and developing requirements in order to make it possible for IT to adapt to those needs. Influx of new clients from a failed competitor. |
---|---|
Service | Service capacity management focuses on ensuring that IT services are monitored to determine if they are meeting pre-determined SLAs. The data gathered here can be used for incident and problem management. Increased website traffic. |
Component | Component capacity management involves tracking the functionality of specific components (servers, hard drives, etc.), and effectively tracking their utilization and performance, and making predictions about future concerns. Insufficient web server compute. |
The C-suite cares about business capacity as part of the organization’s strategic planning. Service leads care about their assigned services. IT infrastructure is concerned with components, but not for their own sake. Components mean services that are ultimately designed to facilitate business.
Industry: Healthcare
Source: Interview
New functionalities require new infrastructure
There was a project to implement an elastic search feature. This had to correlate all the organization’s member data from an Oracle data source and their own data warehouse, and pool them all into an elastic search index so that it could be used by the provider portal search function. In estimating the amount of space needed, the infrastructure team assumed that all the data would be shared in a single place. They didn’t account for the architecture of elastic search in which indexes are shared across multiple nodes and shards are often split up separately.
Beware underestimating demand and hardware sourcing lead times
As a result, they vastly underestimated the amount of space that was needed and ended up short by a terabyte. The infrastructure team frantically sourced more hardware, but the rush hardware order arrived physically damaged and had to be returned to the vendor.
Sufficient budget won’t ensure success without capacity planning
The project’s budget had been more than sufficient to pay for the extra necessary capacity, but because a lack of understanding of the infrastructure impact resulted in improper forecasting, the project ended up stuck in a standstill.
There are three variables that are monitored, measured, and analyzed as part of availability management more generally (Valentic).
The availability of a system is the percentage of time the system is “up,” (and not degraded) which can be calculated using the following formula: uptime/(uptime + downtime) x 100%. The more components there are in a system, the lower the availability, as a rule.
The length of time a component/service can go before there is an outage that brings it down, typically measured in hours.
The amount of time it takes for a component/service to be restored in the event of an outage, also typically measured in hours.
Features of the public cloud | Implications for capacity management |
---|---|
Instant, or near-instant, instantiation | Lead times drop; capacity management is less about ensuring equipment arrives on time. |
Pay-as-you go services | Capacity no longer needs to be purchased in bulk. Pay only for what you use and shut down instances that are no longer necessary. |
Essentially unlimited scalability | Potential capacity is infinite, but so are potential costs. |
Offsite hosting | Redundancy, but at the price of the increasing importance of your internet connection. |
Traditionally, increases in capacity have come in bursts as a reaction to availability issues. This model inevitably results in overprovisioning, driving up costs. Access to the cloud changes the equation. On-demand capacity means that, ideally, nobody should pay for unused capacity.
The cloud reality does not look like the cloud ideal. Even with the ostensibly elastic cloud, vendors like the consistency that longer-term contracts offer. Enter reserved instances: in exchange for lower hourly rates, vendors offer the option to pay a fee for a reserved instance. Usage beyond the reserved will be billed at a higher hourly rate. In order to determine where that line should be drawn, you should engage in detailed capacity planning. Unfortunately, even when done right, this process will result in some overprovisioning, though it does provide convenience from an accounting perspective. The key is to use spot instances where demand is exceptional and bounded. Example: A university registration server that experiences exceptional demand at the start of term but at no other time.
Even in the era of elasticity, capacity planning is crucial. Spot instances – the spikes in the graph above – are more expensive, but if your capacity needs vary substantially, reserving instances for all of the space you need can cost even more money. Efficiently planning capacity will help you draw this line.
Simple and effective. Sometimes a simple display can convey all of the information necessary to manage critical systems. In cars it is important to know your speed, how much fuel is in the tank, and whether or not you need to change your oil/check your engine.
Where to begin?! Specialized information is sometimes necessary, but it can be difficult to navigate.
STEP 1 |
STEP 2 |
STEP 3 |
STEP 4 |
STEP 5 |
---|---|---|---|---|
Record applications and dependencies Utilize your asset management records and document the applications and systems that IT is responsible for managing and recovering during a disaster. |
Define impact scoring scale Ensure an objective analysis of application criticality by establishing a business impact scale that applies to all applications. |
Estimate impact of downtime Leverage the scoring criteria from the previous step and establish an estimated impact of downtime for each application. |
Identify desired RTO and RPO Define what the RTOs/RPOs should be based on the impact of a business interruption and the tolerance for downtime and data loss. |
Determine current RTO/RPO Conduct tabletop planning and create a flowchart of your current capabilities. Compare your current state to the desired state from the previous step. |
According to end users, every system is critical and downtime is intolerable. Of course, once they see how much totally eliminating downtime can cost, they might change their tune. It is important to have this discussion to separate the critical from the less critical – but still important – services.
"It is wrong to suppose that if you can’t measure it, you can’t manage it – a costly myth."
– W. Edwards Deming, statistician and management consultant, author of The New Economics
While it is true that total monitoring is not absolutely necessary for management, when it comes to availability and capacity – objectively quantifiable service characteristics – a monitoring strategy is unavoidable. Capturing fluctuations in demand, and adjusting for those fluctuations, is among the most important functions of a capacity manager, even if hovering over employees with a stopwatch is poor management.
Do |
Do not |
---|---|
✓ Develop a positive relationship with business leaders responsible for making decisions. ✓ Make yourself aware of ongoing and upcoming projects. ✓ Develop expertise in organization-specific technology. ✓ Make the business aware of your expenses through chargebacks or showbacks. ✓ Use your understanding of business projects to predict business needs; do not rely on business leaders’ technical requests alone. |
X Be reactive. X Accept capacity/availability demands uncritically. X Ask line of business managers for specific computing requirements unless they have the technical expertise to make informed judgments. X Treat IT as an opaque entity where requests go in and services come out (this can lead to irresponsible requests). |
The company meeting
“I don’t need this much RAM,” the application developer said, implausibly. Titters wafted above the assembled crowd as her IT colleagues muttered their surprise. Heads shook, eyes widened. In fact, as she sat pondering her utterance, the developer wasn’t so sure she believed it herself. Noticing her consternation, the infrastructure manager cut in and offered the RAM anyway, forestalling the inevitable crisis that occurs when seismic internal shifts rock fragile self-conceptions. Until next time, he thought.
"Work expands as to fill the resources available for its completion…"
– C. Northcote Parkinson, quoted in Klimek et al.
Critical inputs
In order to project your future needs, the following inputs are necessary.
If your focus is on ensuring process continuity in the event of a disaster.
If your focus is on flow mapping and transaction monitoring as part of a plan to engage APM vendors.
If your focus is on hardening your IT systems against major events.
Phase 1: Conduct a business impact analysis |
Phase 2: Establish visibility into core systems |
Phase 3: Solicit and incorporate business needs |
Phase 4: Identify and mitigate risks |
---|---|---|---|
1.1 Conduct a business impact analysis 1.2 Assign criticality ratings to services |
2.1 Define your monitoring strategy 2.2 Implement monitoring tool/aggregator |
3.1 Solicit business needs 3.2 Analyze data and project future needs |
4.1 Identify and mitigate risks |
Deliverables |
|||
|
|
|
|
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Conduct a business impact analysis |
Establish visibility into core systems |
Solicit and incorporate business needs |
Identify and | |
---|---|---|---|---|
Best-Practice Toolkit |
1.1 Create a scale to measure different levels of impact 1.2 Assign criticality ratings to services |
2.1 Define your monitoring strategy 2.2 Implement your monitoring tool/aggregator |
3.1 Solicit business needs and gather data 3.2 Analyze data and project future needs |
4.1 Identify and mitigate risks |
Guided Implementations |
Call 1: Conduct a business impact analysis | Call 1: Discuss your monitoring strategy |
Call 1: Develop a plan to gather historical data; set up plan to solicit business needs Call 2: Evaluate data sources |
Call 1: Discuss possible risks and strategies for risk mitigation Call 2: Review your capacity management plan |
Onsite Workshop |
Module 1: Conduct a business impact analysis |
Module 2: Establish visibility into core systems |
Module 3: Develop a plan to project future needs |
Module 4: Identify and mitigate risks |
Phase 1 Results:
|
Phase 2 Results:
|
Phase 3 Results:
|
Phase 4 Results:
|
Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 |
Workshop Day 2 |
Workshop Day 3 |
Workshop Day 4 | |
---|---|---|---|---|
Conduct a business |
Establish visibility into |
Solicit and incorporate business needs |
Identify and mitigate risks |
|
Activities |
1.1 Conduct a business impact analysis 1.2 Create a list of critical dependencies 1.3 Identify critical sub-components 1.4 Develop best practices to negotiate SLAs |
2.1 Determine indicators for sub-components 2.2 Establish visibility into components 2.3 Develop strategies to ameliorate visibility issues |
3.1 Gather relevant business-level data 3.2 Gather relevant service-level data 3.3 Analyze historical trends 3.4 Build a list of business stakeholders 3.5 Directly solicit requirements from the business 3.6 Map business needs to technical requirements 3.7 Identify inefficiencies and compare historical data |
|
Deliverables |
|
|
|
|
Business impact analyses are an invaluable part of a broader IT strategy. Conducting a BIA benefits a variety of processes, including disaster recovery, business continuity, and availability and capacity management
STEP 1 |
STEP 2 |
STEP 3 |
STEP 4 |
STEP 5 |
---|---|---|---|---|
Record applications and dependencies Utilize your asset management records and document the applications and systems that IT is responsible for managing and recovering during a disaster. |
Define impact scoring scale Ensure an objective analysis of application criticality by establishing a business impact scale that applies to all applications. |
Estimate impact of downtime Leverage the scoring criteria from the previous step and establish an estimated impact of downtime for each application. |
Identify desired RTO and RPO Define what the RTOs/RPOs should be based on the impact of a business interruption and the tolerance for downtime and data loss. |
Determine current RTO/RPO Conduct tabletop planning and create a flowchart of your current capabilities. Compare your current state to the desired state from the previous step. |
Engaging in detailed capacity planning for an insignificant service draws time and resources away from more critical capacity planning exercises. Time spent tracking and planning use of the ancient fax machine in the basement is time you’ll never get back.
A BIA enables you to identify appropriate spend levels, continue to drive executive support, and prioritize disaster recovery planning for a more successful outcome. For example, an Info-Tech survey found that a BIA has a significant impact on setting appropriate recovery time objectives (RTOs) and appropriate spending.
Terms
No BIA: lack of a BIA, or a BIA bases solely on the perceived importance of IT services.
BIA: based on a detailed evaluation or estimated dollar impact of downtime.
In large organizations especially, collating an exhaustive list of applications and services is going to be onerous. For the purposes of this project, a subset should suffice.
Instructions
Input
Output
Materials
Participants
Include a variety of services in your analysis. While it might be tempting to jump ahead and preselect important applications, don’t. The process is inherently valuable, and besides, it might surprise you.
Note: If there are no dependencies for a particular category, leave it blank.
Example
ID is optional. It is a sequential number by default.
In-House, Co-Lo/MSP, and Cloud dependencies; leave blank if not applicable.
Add notes as applicable – e.g. critical support services.
Modify the Business Impact Scales headings and Overall Criticality Rating terminology to suit your organization. For example, if you don’t have business partners, use that column to measure a different goodwill impact or just ignore that column in this tool (i.e. leave it blank). Estimate the different levels of potential impact (where four is the highest impact and zero is no impact) and record these in the Business Impact Scales columns.
In the BIA tab columns for Direct Costs of Downtime, Impact on Goodwill, and Additional Criticality Factors, use the drop-down menu to assign a score of zero to four based on levels of impact defined in the Scoring Criteria tab. For example, if an organization’s ERP is down, and that affects call center sales operations (e.g. ability to access customer records and process orders), the impact might be as described below:
On the other hand, if payroll processing is down, this may not impact revenue, but it certainly impacts internal goodwill and productivity.
Mission critical services. An outage is catastrophic in terms of cost or public image/goodwill. Example: trading software at a financial institution.
Important to daily operations, but not mission critical. Example: email services at any large organization.
Loss of these services is an inconvenience more than anything, though they do serve a purpose and will be missed if they are never brought back online. Example: ancient fax machines.
Info-Tech recommends gold, silver, and bronze because of this typology’s near universal recognition. If you would prefer a particular designation (it might help with internal comprehension), don’t hesitate to use that one instead.
Every organization has its own rules about how to categorize service importance. For some (consumer-facing businesses, perhaps) reputational damage may trump immediate costs.
Instructions
Input
Output
Materials
Participants
See Info-Tech’s Create a Right-Sized Disaster Recovery Plan blueprint for instructions on how to complete your business impact analysis.
Large cloud provider |
Local traditional business |
---|---|
|
|
"Cloud capacity management is not exactly the same as the ITIL version because ITIL has a focus on the component level. I actually don’t do that, because if I did I’d go crazy. There’s too many components in a cloud environment."
– Richie Mendoza, IT Consultant, SMITS Inc.
Service
Component
"You don’t ask the CEO or the guy in charge ‘What kind of response time is your requirement?’ He doesn’t really care. He just wants to make sure that all his customers are happy."
– Todd Evans, Capacity and Performance Management SME, IBM.
Industry: Telecommunications
Source: Interview
Coffee and Wi-Fi – a match made in heaven
In tens of thousands of coffee shops around the world, patrons make ample use of complimentary Wi-Fi. Wi-Fi is an important part of customers’ coffee shop experience, whether they’re online to check their email, do a YouTube, or update their Googles. So when one telco that provided Wi-Fi access for thousands of coffee shops started encountering availability issues, the situation was serious.
Wi-Fi, whack-a-mole, and web woes
The team responsible for resolving the issue took an ad hoc approach to resolving complaints, fixing issues as they came up instead of taking a systematic approach.
Resolution
Looking at the network as a whole, the capacity manager took a proactive approach by using data to identify and rank the worst service areas, and then directing the team responsible to fix those areas in order of the worst first, then the next worst, and so on. Soon the availability of Wi-Fi service was restored across the network.
Instructions
Input
Output
Materials
Participants
Dependency mapping can be difficult. Make sure you don’t waste effort creating detailed dependency maps for relatively unimportant services.
Ride sharing cannot work, at least not at maximum effectiveness, without these constituent components. When one or more of these components are absent or degraded, the service will become unavailable. This example illustrates some challenges of capacity management; some of these components are necessary, but beyond the ride-sharing company’s control.
Email is an example here not because it is necessarily a “gold system,” but because it is common across industries. This is a useful exercise for any service, but it can be quite onerous, so it should be conducted on the most important systems first.
Use the bottom layer of the pyramid drawn in step 1.2a for a list of important sub-components.
Instructions
Input
Output
Materials
Participants
In terms of service provision, capacity management is a form of availability management. Not all availability issues are capacity issues, but the inverse is true.
Capacity issues will always cause availability issues, but availability issues are not inherently capacity issues. Availability problems can stem from outages unrelated to capacity (e.g. power or vendor outages).
When signing contracts with vendors, you will be presented with an SLA. Ensure that it meets your requirements.
Input
Output
Materials
Participants
Vendors are sometimes willing to eat the cost of violating SLAs if they think it will get them a contract. Be careful with negotiation. Just because the vendor says they can do something doesn’t make it true.
See Info-Tech’s Improve IT-Business Alignment Through an Internal SLA blueprint for instructions on why you should develop internal SLAs and the potential benefits they bring.
1.2
Create a list of dependencies for your most important applications
Using the results of the business impact analysis, the analyst will guide workshop participants through a dependency mapping exercise that will eventually populate the Capacity Plan Template.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 1: Conduct a business impact analysis Proposed Time to Completion: 1 week | |
---|---|
Step 1.1: Create a scale to measure different levels of impact Review your findings with an analyst Discuss how you arrived at the rating of your critical systems and their dependencies. Consider whether your external SLAs are appropriate. Then complete these activities…
With these tools & templates: Business Impact Analysis Tool |
Step 1.2: Assign criticality ratings to services Review your findings with an analyst Discuss how you arrived at the rating of your critical systems and their dependencies. Consider whether your external SLAs are appropriate. Then complete these activities…
With these tools & templates: Capacity Snapshot Tool |
Phase 1 Results & Insights:
|
Your findings are only as good as your data. Remember: garbage in, garbage out. There are three characteristics of good data:*
*National College of Teaching & Leadership, “Reliability and Validity”
"Data is king. Good data is absolutely essential to [the capacity manager] role."
– Adrian Blant, Independent Capacity Consultant, IT Capability Solutions
Every organization’s data needs are different; your data needs are going to be dictated by your services, delivery model, and business requirements. Make sure you don’t confuse volume with quality, even if others in your organization make that mistake.
Too much monitoring can be as bad as the inverse
In 2013, a security breach at US retailer Target compromised more than 70 million customers’ data. The company received an alert, but it was thought to be a false positive because the monitoring system produced so many false and redundant alerts. As a result of the daily deluge, staff did not respond to the breach in time.
Info-Tech Insight
Don’t confuse monitoring with management. While establishing visibility is a crucial step, it is only part of the battle. Move on to this project’s next phase to explore opportunities to improve your capacity/availability management process.
It is nearly impossible to overstate the importance of data to the process of availability and capacity management. But the wrong data will do you no good.
Instructions
Bottlenecks are bad. Use the Capacity Snapshot Tool (or another tool like it) to ensure that when the capacity manager leaves (on vacation, to another role, for good) the knowledge that they have accumulated does not leave as well.
Tracking every single component in significant detail will produce a lot of noise for each bit of signal. The approach outlined here addresses that concern in two ways:
Despite this effort, however, managing capacity at the component level is a daunting task. Ultimately, tools provided by vendors like SolarWinds and AppDynamics will fill in some of the gaps. Nevertheless, an understanding of the conceptual framework underlying availability and capacity management is valuable.
Industry: Financial Services
Source: AppDynamics
Challenge
Solution
Results
Source: “Just how complex can a Login Transaction be? Answer: Very!,” AppDynamics
"You don’t use a microscope to monitor an entire ant farm, but you might use many microscopes to monitor specific ants."
– Fred Chagnon, Research Director, Infrastructure Practice, Info-Tech Research Group
The next step in capacity management is establishing whether or not visibility (in the broad sense) is available into critical sub-components.
Instructions
Like ideas and watches, not all types of visibility are created equal. Ensure that you have access to the right information to make capacity decisions.
Instructions
For most mobile phone users, this breakdown is sufficient. For some, more granularity might be necessary.
Make note of monitoring tools and strategies. If anything changes, be sure to re-evaluate the visibility status. An outdated spreadsheet can lead to availability issues if management is unaware of looming problems.
The Capacity Snapshot Tool color-codes your components by status. Green – visibility and granularity are both sufficient; yellow – visibility exists, though not at sufficient granularity; and red – visibility does not exist at all.
Instructions
Input
Output
Materials
Participants
It might be that there is no amelioration strategy. Make note of this difficulty and highlight it as part of the risk section of the Capacity Plan Template.
The process of modernizing the network is fraught with vestigial limitations. Develop a program to gather requirements and plan.
As part of the blueprint, Modernize Enterprise Storage, the Modernize Enterprise Storage Workbook includes a section on storage capacity planning.
2.2
Develop strategies to ameliorate visibility issues
The analyst will guide workshop participants in brainstorming potential solutions to visibility issues and record them in the Capacity Snapshot Tool.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 2: Establish visibility into core systems Proposed Time to Completion: 3 weeks | |
---|---|
Step 2.1: Define your monitoring strategy Review your findings with an analyst Discuss your monitoring strategy and ensure you have sufficient visibility for the needs of your organization. Then complete these activities…
With these tools & templates:
|
Step 2.2: Implement your monitoring tool/aggregator Review your findings with an analyst Discuss your monitoring strategy and ensure you have sufficient visibility for the needs of your organization. Then complete these activities…
With these tools & templates:
|
Phase 2 Results & Insights:
|
The availability and capacity management summary card pictured here is a handy way to capture the results of the activities undertaken in the following phases. Note its contents carefully, and be sure to record specific outputs where appropriate. One such card should be completed for each of the gold services identified in the project’s first phase. Make note of the results of the activities in the coming phase, and populate the Capacity Snapshot Tool. These will help you populate the tool.
The Capacity Plan Template is designed to be a part of a broader mapping strategy. It is not a replacement for a dedicated monitoring tool.
"In all cases the very first thing to do is to look at trending…The old adage is ‘you don’t steer a boat by its wake,’ however it’s also true that if something is growing at, say, three percent a month and it has been growing at three percent a month for the last twelve months, there’s a fairly good possibility that it’s going to carry on going in that direction."
– Mike Lynch, Consultant, CapacityIQ
A holistic approach to capacity management involves peering beyond the beaded curtain partitioning IT from the rest of the organization and tracking business metrics.
Instructions
Input
Output
Materials
Participants
One level of abstraction down is the service level. Service level capacity management, recall that service level capacity management is about ensuring that IT is meeting SLAs in its service provision.
Instructions
Input
Output
Materials
Participants
Jan |
Feb |
Mar |
Apr |
May |
June |
July |
---|---|---|---|---|---|---|
74 |
80 |
79 |
83 |
84 |
100 |
102 |
Note: the strength of this approach is that it is easy to visualize. Use the same timescale to facilitate simple comparison.
"Often what is really being offered by many analytics solutions is just more data or information – not insights."
– Brent Dykes, Director of Data Strategy, Domo
You can have all the data in the world and absolutely nothing valuable to add. Don’t fall for this trap. Use the activities in this phase to structure your data collection operation and ensure that your organization’s availability and capacity management plan is data driven.
At-a-glance – it’s how most executives consume all but the most important information. Create a dashboard that tracks the status of your most important systems.
Instructions
This tool collates and presents information gathered from other sources. It is not a substitute for a performance monitoring tool.
Stakeholder analysis is crucial. Lines of authority can be diffuse. Understand who needs to be involved in the capacity management process early on.
Instructions
Input
Output
Materials
Participants
Consider which departments are most closely aligned with the business processes that fuel demand. Prioritize those that have the greatest impact. Consider the stakeholders who will make purchasing decisions for increasing infrastructure capacity.
Establishing a relationship with your stakeholders is a necessary step in managing your capacity and availability.
Instructions
Input
Output
Materials
Participants
The best capacity managers develop new business processes that more closely align their role with business stakeholders. Building these relationships takes hard work, and you must first earn the trust of the business.
Convince, don’t coerce. Stakeholders want the same thing you do. Bake them into the planning process as a step towards this goal.
Input
Output
Materials
Participants
Industry: Financial Services
Source: Interview
In financial services, availability is king
In the world of financial services, availability is absolutely crucial. High-value trades occur at all hours, and any institution that suffers outages runs the risk of losing tens of thousands of dollars, not to mention reputational damage.
People know what they want, but sometimes they have to be herded
While line of business managers and application owners understand the value of capacity management, it can be difficult to establish the working relationship necessary for a fruitful partnership.
Proactively building relationships keeps services available
He built relationships with all the department heads on the business side, and all the application owners.
He established a steering committee for capacity.
He invited stakeholders to regular capacity planning meetings.
He scheduled lunch and learn sessions with business analysts and project managers.
Sometimes “need to know” doesn’t register with sales or marketing. Nearly every infrastructure manager can share a story about a time when someone has made a decision that has critically impacted IT infrastructure without letting anyone in IT in on the “secret.”
In brief
Imagine working for a media company as an infrastructure capacity manager. Now imagine that the powers that be have decided to launch a content-focused web service. Seems like something they would do, right? Now imagine you find out about it the same way the company’s subscribers do. This actually happened – and it shouldn’t have. But a similar lack of alignment makes this a real possibility for any organization. If you don’t establish a systematic plan for soliciting and incorporating business requirements, prepare to lose a chunk of your free time. The business should never be able to say, in response to “nobody tells me anything,” “nobody asked.”
Pictured: an artist’s rendering of the capacity manager in question.
Once you’ve established, firmly, that everyone’s on the same team, meet individually with the stakeholders to assess capacity.
Instructions
Input
Output
Materials
Participants
Sometimes line of business managers will evade or ignore you when you come knocking. They do this because they don’t know and they don’t want to give you the wrong information. Explain that a best guess is all you can ask for and allay their fears.
IT staff and line of business staff come with different skillsets. This can lead to confusion, but it doesn’t have to. Develop effective information solicitation techniques.
Instructions
Input
Output
Materials
Participants
When it comes to mapping technical requirements, IT alone has the ability to effectively translate business needs.
Instructions
Input
Output
Materials
Participants
Adapt the analysis to the needs of your organization. One capacity manager called the one-to-one mapping of business process to infrastructure demand the Holy Grail of capacity management. If this level of precision isn’t attainable, develop your own working estimates using the higher-level data
Capacity management The role of the capacity manager is changing, but it still has a purpose. Consider this:
|
Availability management Ensuring services are available is still IT’s wheelhouse, even if that means a shift to a brokerage model:
|
The cloud comes at the cost of detailed performance data. Sourcing a service through an SLA with a third party increases the need to perform your own performance testing of gold level applications. See performance monitoring.
"It is a commonplace observation that work expands so as to fill the time available for its completion. Thus, an elderly lady of leisure can spend the entire day in writing and despatching a postcard to her niece at Bognor Regis. An hour will be spent in finding the postcard, another in hunting for spectacles, half-an-hour in a search for the address, an hour and a quarter in composition, and twenty minutes in deciding whether or not to take an umbrella when going to the pillar-box in the next street."
C. Northcote Parkinson, The Economist, 1955
If you give people lots of capacity, they will use it. Most shops are overprovisioned, and in some cases that’s throwing perfectly good money away. Don’t be afraid to prod if someone requests something that doesn’t seem right.
Questions to ask:
In brief
Who isn’t a sports fan? Big games mean big stakes for pool participants and armchair quarterbacks—along with pressure on the network as fans stream games from their work computers. One organization suffered from this problem, and, instead of taking a hardline and banning all streams, opted to stream the game on a large screen in a conference room where those interested could work for its duration. This alleviated strain on the network and kept staff happy.
Industry:Professional Services
Source:Interview
24/7 AWS = round-the-clock costs
A senior developer realized that his development team had been leaving AWS instances running without any specific reason.
Why?
The development team appreciated the convenience of an always-on instance and, because the people spinning them up did not handle costs, the problem wasn’t immediately apparent.
Resolution
In his spare time over the course of a month, the senior developer wrote a program to manage the servers, including shutting them down during times when they were not in use and providing remote-access start-up when required. His team alone saved $30,000 in costs over the next six months, and his team lead reported that it would have been more than worth paying the team to implement such a project on company time.
Instructions
Input
Output
Materials
Participants
The most effective capacity management takes a holistic approach and looks at the big picture in order to find ways to eliminate unnecessary infrastructure usage, or to find alternate or more efficient sources of required capacity.
Industry:Telecommunications
Source: Interview
High-cost lines
The capacity manager at a telecommunications provider mapped out his firm’s network traffic and discovered they were using a number of VP circuits (inter building cross connects) that were very expensive on the scale of their network.
Paying the toll troll
These VP circuits were supplying needed network services to the telecom provider’s clients, so there was no way to reduce this demand.
Resolution
The capacity manager analyzed where the traffic was going and compared this to the cost of the lines they were using. After performing the analysis, he found he could re-route much of the traffic away from the VP circuits and save on costs while delivering the same level of service to their users.
Make informed decisions about capacity. Remember: retain all documentation. It might come in handy for the justification of purchases.
Instructions
Capacity management (and, by extension, availability management) is a combination of two balancing acts: cost against capacity and supply and demand.*
Instructions
In brief
The fractured nature of the capacity management space means that every organization is going to have a slightly different tooling strategy. No vendor has dominated, and every solution requires some level of customization. One capacity manager (a cloud provider, no less!) relayed a tale about a capacity management Excel sheet programmed with 5,000+ lines of code. As much work as that is, a bespoke solution is probably unavoidable.
3.2
Map business needs to technical requirements and technical requirements to infrastructure requirements
The analyst will guide workshop participants in using their organization’s data to map out the relationships between applications, technical requirements, and the underlying infrastructure usage.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 3: Solicit and incorporate business needs Proposed Time to Completion: 2 weeks | |
---|---|
Step 3.1: Solicit business needs and gather data Review your findings with an analyst Discuss the effectiveness of your strategies to involve business stakeholders in the planning process and your methods of data collection and analysis. Then complete these activities…
With these tools & templates: Capacity Plan Template |
Step 3.2: Analyze data and project future needs Review your findings with an analyst Discuss the effectiveness of your strategies to involve business stakeholders in the planning process and your methods of data collection and analysis. Then complete these activities…
With these tools & templates: Capacity Snapshot Tool Capacity Plan Template |
Phase 3 Results & Insights:
|
Availability: how often a service is usable (that is to say up and not too degraded to be effective). Consequences of reduced availability can include financial losses, impacted customer goodwill, and reduced faith in IT more generally.
Causes of availability issues:
Capacity: a particular component’s/service’s/business’ wiggle room. In other words, its usage ceiling.
Causes of capacity issues:
Availability and capacity issues can stem from a number of different causes. Include a list in your availability and capacity management plan.
Instructions
Input
Output
Materials
Participants
Availability and capacity problems result in incidents, critical incidents, and problems. These are addressed in a separate project (incident and problem management), but information about common causes can streamline that process.
Based on your understanding of your capacity needs (through written SLAs and informal but regular meetings with the business) highlight major risks you foresee.
Instructions
Input
Output
Materials
Participants
It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.
Instructions (cont.)
Input
Output
Materials
Participants
It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.
While capacity management is a form of availability management, it is not the only form. In this activity, outline the specific nature of threats to availability.
Instructions
Input
Output
Materials
Participants
A dynamic central repository is a good way to ensure that availability issues stemming from a variety of causes are captured and mitigated.
Although it is easier said than done, identifying potential mitigations is a crucial part of availability management as an activity.
Instructions (cont.)
Input
Output
Materials
Participants
The stakeholders consulted as part of the process will be interested in its results. Share them, either in person or through a collaboration tool.
The current status of your availability and capacity management plan should be on the agenda for every stakeholder meeting. Direct the stakeholders’ attention to the parts of the document that are relevant to them, and solicit their thoughts on the document’s accuracy. Over time you should get a pretty good idea of who among your stakeholder group is skilled at projecting demand, and who over- or underestimates, and by how much. This information will improve your projections and, therefore, your management over time.
Use the experience gained and the artifacts generated to build trust with the business. The meetings should be regular, and demonstrating that you’re actually using the information for good is likely to make hesitant participants in the process more likely to open up.
4.1
Identify capacity risks and mitigate them
The analyst will guide workshop participants in identifying potential risks to capacity and determining strategies for mitigating them.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 4: Identify and mitigate risks Proposed Time to Completion: 1 week |
---|
Step 4.1: Identify and mitigate risks Review your findings with an analyst
Then complete these activities…
With these tools & templates: Capacity Snapshot Tool Capacity Plan Template |
Phase 4 Results & Insights:
|
Components are critical to availability and capacity management.
The CEO doesn’t care about the SMTP server. She cares about meeting customer needs and producing profit. For IT capacity and availability managers, though, the devil is in the details. It only takes one faulty component to knock out a service. Keep track and keep the lights on.
Ask what the business is working on, not what they need.
If you ask them what they need, they’ll tell you – and it won’t be cheap. Find out what they’re going to do, and use your expertise to service those needs. Use your IT experience to estimate the impact of business and service level changes on the components that secure the availability you need.
Cloud shmoud.
The role of the capacity manager might be changing with the advent of the public cloud, but it has not disappeared. Capacity managers in the age of the cloud are responsible for managing vendor relationships, negotiating external SLAs, projecting costs and securing budgets, reining in prodigal divisions, and so on.
Client Project: Develop an Availability and Capacity Management Plan
This project has the ability to fit the following formats:
Adrian Blant, Independent Capacity Consultant, IT Capability Solutions
Adrian has over 15 years' experience in IT infrastructure. He has built capacity management business processes from the ground up, and focused on ensuring a productive dialogue between IT and the business.
James Zhang, Senior Manager Disaster Recovery, AIG Technology
James has over 20 years' experience in IT and 10 years' experience in capacity management. Throughout his career, he has focused on creating new business processes to deliver value and increase efficiency over the long term.
Mayank Banerjee, CTO, Global Supply Chain Management, HelloFresh
Mayank has over 15 years' experience across a wide range of technologies and industries. He has implemented highly automated capacity management processes as part of his role of owning and solving end-to-end business problems.
Mike Lynch, Consultant, CapacityIQ
Mike has over 20 years' experience in IT infrastructure. He takes a holistic approach to capacity management to identify and solve key problems, and has developed automated processes for mapping performance data to information that can inform business decisions.
Paul Waguespack, Manager of Application Systems Engineering, Tufts Health Plan
Paul has over 10 years' experience in IT. He has specialized in implementing new applications and functionalities throughout their entire lifecycle, and integrating with all aspects of IT operations.
Richie Mendoza, IT Consultant, SMITS Inc.
Richie has over 10 years' experience in IT infrastructure. He has specialized in using demand forecasting to guide infrastructure capacity purchasing decisions, to provide availability while avoiding costly overprovisioning.
Rob Thompson, President, IT Tools & Process
Rob has over 30 years’ IT experience. Throughout his career he has focused on making IT a generator of business value. He now runs a boutique consulting firm.
Todd Evans, Capacity and Performance Management SME, IBM
Todd has over 20 years' experience in capacity and performance management. At Kaiser Permanente, he established a well-defined mapping of the businesses workflow processes to technical requirements for applications and infrastructure.
451 Research. “Best of both worlds: Can enterprises achieve both scalability and control when it comes to cloud?” 451 Research, November 2016. Web.
Allen, Katie. “Work Also Shrinks to Fit the Time Available: And We Can Prove It.” The Guardian. 25 Oct. 2017.
Amazon. “Amazon Elastic Compute Cloud.” Amazon Web Services. N.d. Web.
Armandpour, Tim. “Lies Vendors Tell about Service Level Agreements and How to Negotiate for Something Better.” Network World. 12 Jan 2016.
“Availability Management.” ITIL and ITSM World. 2001. Web.
Availability Management Plan Template. Purple Griffon. 30 Nov. 2012. Web.
Bairi, Jayachandra, B., Murali Manohar, and Goutam Kumar Kundu. “Capacity and Availability Management by Quantitative Project Management in the IT Service Industry.” Asian Journal on Quality 13.2 (2012): 163-76. Web.
BMC Capacity Optimization. BMC. 24 Oct 2017. Web.
Brooks, Peter, and Christa Landsberg. Capacity Management in Today’s IT Environment. MentPro. 16 Aug 2017. Web.
"Capacity and Availability Management." CMMI Institute. April 2017. Web.
Capacity and Availability Management. IT Quality Group Switzerland. 24 Oct. 2017. Web.
Capacity and Performance Management: Best Practices White Paper. Cisco. 4 Oct. 2005. Web.
"Capacity Management." Techopedia.
“Capacity Management Forecasting Best Practices and Recommendations.” STG. 26 Jan 2015. Web.
Capacity Management from the Ground up. Metron. 24 Oct. 2017. Web.
Capacity Management in the Modern Datacenter. Turbonomic. 25 Oct. 2017. Web.
Capacity Management Maturity Assessing and Improving the Effectiveness. Metron. 24 Oct. 2017. Web.
“Capacity Management Software.” TeamQuest. 24 Oct 2017. Web,
Capacity Plan Template. Purainfo. 11 Oct 2012. Web.
“Capacity Planner—Job Description.” Automotive Industrial Partnership. 24 Oct. 2017. Web.
Capacity Planning. CDC. Web. Aug. 2017.
"Capacity Planning." TechTarget. 24 Oct 2017. Web.
“Capacity Planning and Management.” BMC. 24 Oct 2017. Web.
"Checklist Capacity Plan." IT Process Wiki. 24 Oct. 2017. Web.
Dykes, Brent. “Actionable Insights: The Missing Link Between Data and Business Value.” Forbes. April 26, 2016. Web.
Evolved Capacity Management. CA Technologies. Oct. 2013. Web.
Francis, Ryan. “False positives still cause threat alert fatigue.” CSO. May 3, 2017. Web.
Frymire, Scott. "Capacity Planning vs. Capacity Analytics." ScienceLogic. 24 Oct. 2017. Web.
Glossary. Exin. Aug. 2017. Web.
Herrera, Michael. “Four Types of Risk Mitigation and BCM Governance, Risk and Compliance.” MHA Consulting. May 17, 2013.
Hill, Jon. How to Do Capacity Planning. TeamQuest. 24 Oct. 2017. Web.
“How to Create an SLA in 7 Easy Steps.” ITSM Perfection. 25 Oct. 2017. Web.
Hunter, John. “Myth: If You Can’t Measure It: You Can’t Manage It.” W. Edwards Deming Institute Blog. 13 Aug 2015. Web.
IT Service Criticality. U of Bristol. 24 Oct. 2017. Web.
"ITIL Capacity Management." BMC's Complete Guide to ITIL. BMC Software. 22 Dec. 2016. Web.
“Just-in-time.” The Economist. 6 Jul 2009. Web.
Kalm, Denise P., and Marv Waschke. Capacity Management: A CA Service Management Process Map. CA. 24 Oct. 2017. Web.
Klimek, Peter, Rudolf Hanel, and Stefan Thurner. “Parkinson’s Law Quantified: Three Investigations in Bureaucratic Inefficiency.” Journal of Statistical Mechanics: Theory and Experiment 3 (2009): 1-13. Aug. 2017. Web.
Landgrave, Tim. "Plan for Effective Capacity and Availability Management in New Systems." TechRepublic. 10 Oct. 2002. Web.
Longoria, Gina. “Hewlett Packard Enterprise Goes After Amazon Public Cloud in Enterprise Storage.” Forbes. 2 Dec. 2016. Web.
Maheshwari, Umesh. “Understanding Storage Capacity.” NimbleStorage. 7 Jan. 2016. Web.
Mappic, Sandy. “Just how complex can a Login Transaction be? Answer: Very!” Appdynamics. Dec. 11 2011. Web.
Miller, Ron. “AWS Fires Back at Larry Ellison’s Claims, Saying It’s Just Larry Being Larry.” Tech Crunch. 2 Oct. 2017. Web.
National College for Teaching & Leadership. “The role of data in measuring school performance.” National College for Teaching & Leadership. N.d. Web,
Newland, Chris, et al. Enterprise Capacity Management. CETI, Ohio State U. 24 Oct. 2017. Web.
Office of Government Commerce . Best Practice for Service Delivery. London: Her Majesty’s Stationery Office, 2001.
Office of Government Commerce. Best Practice for Business Perspective: The IS View on Delivering Services to the Business. London: Her Majesty’s Stationery Office, 2004.
Parkinson, C. Northcote. “Parkinson’s Law.” The Economist. 19 Nov. 1955. Web.
“Parkinson’s Law Is Proven Again.” Financial Times. 25 Oct. 2017. Web.
Paul, John, and Chris Hayes. Performance Monitoring and Capacity Planning. VM Ware. 2006. Web.
“Reliability and Validity.” UC Davis. N.d. Web.
"Role: Capacity Manager." IBM. 2008. Web.
Ryan, Liz. “‘If You Can’t Measure It, You Can’t Manage It’: Not True.” Forbes. 10 Feb. 2014. Web.
S, Lalit. “Using Flexible Capacity to Lower and Manage On-Premises TCO.” HPE. 23 Nov. 2016. Web.
Snedeker, Ben. “The Pros and Cons of Public and Private Clouds for Small Business.” Infusionsoft. September 6, 2017. Web.
Statement of Work: IBM Enterprise Availability Management Service. IBM. Jan 2016. Web.
“The Road to Perfect AWS Reserved Instance Planning & Management in a Nutshell.” Botmetric. 25 Oct. 2017. Web.
Transforming the Information Infrastructure: Build, Manage, Optimize. Asigra. Aug. 2017. Web.
Valentic, Branimir. "Three Faces of Capacity Management." ITIL/ISO 20000 Knowledge Base. Advisera. 24 Oct. 2017. Web.
"Unify IT Performance Monitoring and Optimization." IDERA. 24 Oct. 2017. Web.
"What is IT Capacity Management?" Villanova U. Aug. 2017. Web.
Wolstenholme, Andrew. Final internal Audit Report: IT Availability and Capacity (IA 13 519/F). Transport For London. 23 Feb. 2015. Web.
Do you experience challenges with the following:
Use the reference architecture to plan for the solution you need and want to deploy. Infrastructure planning and strategy optimizes the container image supply chain, uses your current infrastructure, and reduces costs for compute and image scan time.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
A document that walks you through the components of a container management solution and helps align your business objectives with your current infrastructure services and plan for your future assets.
Complete the reference architecture tool to strategize your container management.
Containers have become popular as enterprises use DevOps to develop and deploy applications faster. Containers require managed services because the sheer number of containers can become too complex for IT teams to handle. Orchestration platforms like Kubernetes can be complex, requiring management to automatically deploy container-based applications to operating systems and public clouds. IT operations staff need container management skills and training.
Installing and setting up container orchestration tools can be laborious and error-prone. IT organizations must first implement the right infrastructure setup for containers by having a solid understanding of the scope and scale of containerization projects and developer requirements. IT administrators also need to know how parts of the existing infrastructure connect and communicate to maintain these relationships in a containerized environment. Containers can run on bare metal servers, virtual machines in the cloud, or hybrid configurations, depending on your IT needs
Nitin Mukesh
Senior Research Analyst, Infrastructure and Operations
Info-Tech Research Group
Your Challenge | Common Obstacles | Info-Tech’s Approach |
The container software market is constantly evolving. Organizations must consider many factors to choose the right container management software for their specific needs and fit their future plans. It's important to consider your organization's current and future infrastructure strategy and how it fits with your container management strategy. The container management platform you choose should be compatible with the existing network infrastructure and storage capabilities available to your organization. |
IT operations staff have not been thinking the same way as developers who have now been using an agile approach for some time. Container image builds are highly automated and have several dependencies including scheduling, testing, and deployment that the IT staff is not trained for or lack the ability to create anything more than a simple image. |
Use the reference architecture to plan for the solution you need and want to deploy. Infrastructure planning and strategy optimizes the container image supply chain and reduces costs for compute and image scan time. Plan ahead to ensure your container strategy aligns with your infrastructure roadmap. Before deciding between bare metal and cloud, understand the different components of a container management solution and plan for current and future infrastructure services. |
Choosing the right container technology: IT is a rapidly changing and evolving market, with startups and seasoned technology vendors maintaining momentum in everything from container platforms to repositories to orchestration tools. The rapid evolution of container platform components such as orchestration, storage, networking, and system services such as load balancing has made the entire stack a moving target.
However, waiting for the industry to be standardized can be a recipe for paralysis, and waiting too long to decide on solutions and approaches can put a company's IT operations in catch-up mode.
Keeping containers secure: Security breaches in containers are almost identical to operating system level breaches in virtual machines in terms of potential application and system vulnerabilities. It is important for any DevOps team working on container and orchestration architecture and management to fully understand the potential vulnerabilities of the platforms they are using.
Optimize your infrastructure strategy for containers: One of the challenges enterprise IT operations management teams face when it comes to containers is the need to rethink the underlying infrastructure to accommodate the technology. While you may not want to embrace the public cloud for your critical applications just yet, IT operations managers will need an on-premises infrastructure so that applications can scale up and down the same way as they are containerized.
A Separation of responsibilities
Containerization provides a clear separation of responsibilities as developers can focus on application logic and dependencies, while IT operations teams can focus on deployment and management instead of application details such as specific software versions and configurations.
B Workload portability
Containers can run almost anywhere: physical servers or on-premise data centers on virtual machines or developer machines, as well as public clouds on Linux, Windows, or Mac operating systems, greatly easing development and deployment.
“Lift and shift” existing applications into a modern cloud architecture. Some organizations even use containers to migrate existing applications to more modern environments. While this approach provides some of the basic benefits of operating system virtualization, it does not provide all the benefits of a modular, container-based application architecture.
C Application isolation
Containers virtualize CPU, memory, storage, and network resources at the operating system level, providing developers with a logically isolated view of the operating system from other applications.
Source: TechTarget, 2021
A container is a partially isolated environment in which an application or parts of an application can run. You can use a single container to run anything from small microservices or software processes to larger applications. Inside the container are all the necessary executable, library, and configuration files. Containers do not contain operating system images. This makes them lighter and more portable with much less overhead. Large application deployments can deploy multiple containers into one or more container clusters (CapitalOne, 2020).
Containers have the following advantages:
Source: CapitalOne, 2020
On-premises containers | Public cloud-based containers |
---|---|
Advantages:
Disadvantages:
|
Advantages:
Disadvantages:
|
Info-Tech Insight
Start-ups and small businesses that don't typically need to be closely connected to hardware can easily move (or start) to the cloud. Large (e.g. enterprise-class) companies and companies that need to manage and control local hardware resources are more likely to prefer an on-premises infrastructure. For enterprises, on-premises container deployments can serve as a bridge to full public cloud deployments or hybrid private/public deployments. The answer to the question of public cloud versus on premises depends on the specific needs of your business.
From container labeling that identifies workloads and ownership to effective reporting that meets the needs of different stakeholders across the organization, it is important that organizations establish an effective framework for container management.
Four key considerations for your container management strategy:
01 Container Image Supply Chain
How containers are built
02 Container Infrastructure and Orchestration
Where and how containers run together
03 Container Runtime Security and Policy Enforcement
How to make sure your containers only do what you want them to do
04 Container Observability
Runtime metrics and debugging
To effectively understand container management solutions, it is useful to define the various components that make up a container management strategy.
To run a workload as a container, it must first be packaged into a container image. The image supply chain includes all libraries or components that make up a containerized application. This includes CI/CD tools to test and package code into container images, application security testing tools to check for vulnerabilities and logic errors, registries and mirroring tools for hosting container images, and attribution mechanisms such as image signatures for validating images in registries.
Important functions of the supply chain include the ability to:
Source: Rancher, 2022
Info-Tech Insight
It is important to consider disaster recovery for your image registry. As mentioned above, it is wise to isolate yourself from registry disruptions. However, external registry mirroring is only one part of the equation. You also want to make sure you have a high availability plan for your internal registry as well as proper backup and recovery processes. A highly available, fault-tolerant container management platform is not just a runtime environment.
Orchestration tools
Once you have a container image to run, you need a location to run it. That means both the computer the container runs on and the software that schedules it to run. If you're working with a few containers, you can make manual decisions about where to run container images, what to run with container images, and how best to manage storage and network connectivity. However, at scale, these kinds of decisions should be left to orchestration tools like Kubernetes, Swarm, or Mesos. These platforms can receive workload execution requests, determine where to run based on resource requirements and constraints, and then actually launch that workload on its target. And if a workload fails or resources are low, it can be restarted or moved as needed.
Source: DevOpsCube, 2022
Storage
Storage is another important consideration. This includes both the storage used by the operating system and the storage used by the container itself. First, you need to consider the type of storage you actually need. Can I outsource my storage concerns to a cloud provider using something like Amazon Relational Database Service instead? If not, do you really need block storage (e.g. disk) or can an external object store like AWS S3 meet your needs? If your external object storage service can meet your performance and durability requirements as well as your governance and compliance needs, you're in luck. You may not have to worry about managing the container's persistent storage. Many external storage services can be provisioned on demand, support discrete snapshots, and some even allow dynamic scaling on demand.
Networking
Network connectivity inside and outside the containerized environment is also very important. For example, Kubernetes supports a variety of container networking interfaces (CNIs), each providing different functionality. Questions to consider here are whether you can set traffic control policies (and the OSI layer), how to handle encryption between workloads and between workloads and external entities, and how to manage traffic import for containerized workloads. The impact of these decisions also plays a role on performance.
Backups
Backups are still an important task in containerized environments, but the backup target is changing slightly. An immutable, read-only container file system can be recreated very easily from the original container image and does not need to be backed up. Backups or snapshots on permanent storage should still be considered. If you are using a cloud provider, you should also consider fault domain and geo-recovery scenarios depending on the provider's capabilities. For example, if you're using AWS, you can use S3 replication to ensure that EBS snapshots can be restored in another region in case of a full region outage.
Ensuring that containers run in a place that meets the resource requirements and constraints set for them is necessary, but not sufficient. It is equally important that your container management solution performs continuous validation and ensures that your workloads comply with all security and other policy requirements of your organization. Runtime security and policy enforcement tools include a function for detecting vulnerabilities in running containers, handling detected vulnerabilities, ensuring that workloads are not running with unnecessary or unintended privileges, and ensuring that only other workloads that need to be allowed can connect.
One of the great benefits of (well implemented) containerized software is reducing the attackable surface of the application. But it doesn't completely remove it. This means you need to think about how to observe running applications to minimize security risks. Scanning as part of the build pipeline is not enough. This is because an image without vulnerabilities at build time can become a vulnerable container because new flaws are discovered in its code or support libraries. Instead, some modern tools focus on detecting unusual behavior at the system call level. As these types of tools mature, they can make a real difference to your workload’s security because they rely on actual observed behavior rather than up-to-date signature files.
Finally, if your container images are being run somewhere by orchestration tools and well managed by security and policy enforcement tools, you need to know what your containers are doing and how well they are doing it. Orchestration tools will likely have their own logs and metrics, as will networking layers, and security and compliance checking tools; there is a lot to understand in a containerized environment. Container observability covers logging and metrics collection for both your workloads and the tools that run them.
One very important element of observability is the importance of externalizing logs and metrics in a containerized environment. Containers come and go, and in many cases the nodes running on them also come and go, so relying on local storage is not recommended.
A container management platform typically consists of a variety of tools from multiple sources. Some container management software vendors or container management services attempt to address all four key components of effective container management. However, many organizations already have tools that provide at least some of the features they need and don't want to waste existing licenses or make significant changes to their entire infrastructure just to run containers.
When choosing tools from multiple sources, it's important to understand what needs each tool meets and what it doesn't. This holistic approach is necessary to avoid gaps and duplication of effort.
For example, scanning an image as part of the build pipeline and then rescanning the image while the container is running is a waste of CPU cycles in the runtime environment. Similarly, using orchestration tools and separate host-based agents to aggregate logs or metrics can waste CPU cycles as well as storage and network resources.
1 | DIY, Managed Services, or Packaged Products Developer satisfaction is important, but it's also wise to consider the team running the container management software. Migrating from bare metal or virtual machine-based deployment methodologies to containers can involve a significant learning curve, so it's a good idea to choose a tool that will help smooth this curve. |
2 | Kubernetes In the world of container management, Kubernetes is fast becoming the de facto standard for container orchestration and scheduling. Most of the products that address the other aspects of container management discussed in this post (image supply chain, runtime security and policy enforcement, observability) integrate easily with Kubernetes. Kubernetes is open-source software and using it is possible if your team has the technical skills and the desire to implement it themselves. However, that doesn't mean you should automatically opt to build yourself. |
3 | Managed Kubernetes Kubernetes is difficult to implement well. As a result, many solution providers offer packaged products or managed services to facilitate Kubernetes adoption. All major cloud providers now offer Kubernetes services that reduce the operational burden on your teams. Organizations that have invested heavily in the ecosystem of a particular cloud provider may find this route suitable. Other organizations may be able to find a fully managed service that provides container images and lets the service provider worry about running the images which, depending on the cost and capacity of the organization, may be the best option. |
4 | Third-Party Orchestration Products A third approach is packaged products from providers that can be installed on the infrastructure (cloud or otherwise). These products can offer several potential advantages over DIY or cloud provider offerings, such as access to additional configuration options or cluster components, enhanced functionality, implementation assistance and training, post-installation product support, and reduced risk of cloud provider lock-in. |
Source: Kubernetes, 2022; Rancher, 2022
It's important to describe your organization’s current and future infrastructure strategy and how it fits into your container management strategy. It’s all basic for now, but if you plan to move to a virtual machine or cloud provider next year, your container management solution should be able to adapt to your environment now and in the future. Similarly, if you’ve already chosen a public cloud, you may want to make sure that the tool you choose supports some of the cloud options, but full compatibility may not be an important feature.
Infrastructure considerations extend beyond computing. Choosing a container management platform should be compatible with the existing network infrastructure and storage capacity available to your organization. If you have existing policy enforcement, monitoring, and alerting tools, the ideal solution should be able to take advantage of them. Moving to containers can be a game changer for developers and operations teams, so continuing to use existing tools to reduce complexity where possible can save time and money.
Using the examples as a guide, complete the tool to strategize your container management
Download the Reference Architecture
Mell, Emily. “What is container management and why is it important?” TechTarget, April 2021.
https://www.techtarget.com/searchitoperations/definition/container-management-software#:~:text=A%20container%20management%20ecosystem%20automates,operator%20to%20keep%20up%20with
Conrad, John. “What is Container Orchestration?” CapitalOne, 24 August 2020.
https://www.capitalone.com/tech/cloud/what-is-container-orchestration/?v=1673357442624
Kubernetes. “Cluster Networking.” Kubernetes, 2022.
https://kubernetes.io/docs/concepts/cluster-administration/networking/
Rancher. “Comparing Kubernetes CNI Providers: Flannel, Calico, Canal, and Weave.” Rancher, 2022.
https://www.suse.com/c/rancher_blog/comparing-kubernetes-cni-providers-flannel-calico-canal-and-weave/
Wilson, Bob. “16 Best Container Orchestration Tools and Services.” DevopsCube, 5 January 2022.
https://devopscube.com/docker-container-clustering-tools/
Without the control over the areas in which employees are working, businesses are opening themselves up to a greater degree of risk during the pandemic. How does a business raise awareness for employees who are going to be working remotely?
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use Info-Tech’s training materials to get you started on remote training and awareness.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build action-based metrics to measure the success of your chatbot proof of concept.
Put business value first to architect your chatbot before implementation.
Continue to grow your chatbot beyond the proof of concept.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Build your strategy.
Calculate your chatbot’s ROI to determine its success.
Organize your chatbot proof of concept (POC) metrics to keep the project on track.
Objectively choose chatbot ticket categories.
1.1 Customize your chatbot ROI calculator.
1.2 Choose your proof of concept ticket categories.
1.3 Design chatbot metrics to measure success.
Chatbot ROI Calculator
Chatbot POC Implementation Roadmap
Chatbot POC Metrics Tool
Architect your chatbot.
Design your integrations with business value in mind.
Begin building chatbot decision trees.
2.1 List and map your chatbot integrations.
2.2 Build your conversation tree library.
Chatbot Integration Map
Chatbot Conversation Tree Library
Architect your chatbot conversations.
Detail your chatbot conversations in the decision trees.
3.1 Build your conversation tree library.
Chatbot Conversation Tree Library
Continually grow your chatbot.
Identify talent for chatbot support.
Create an implementation plan.
4.1 Outline the support responsibilities for your chatbot.
4.2 Build a communication plan.
Chatbot POC RACI
Chatbot POC Communication Plan
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Determine how to establish the foundation of your security operations.
Assess the maturity of your prevention, detection, analysis, and response processes.
Design a target state and improve your governance and policy solutions.
Make your case to the board and develop a roadmap for your prioritized security initiatives.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify security obligations and the security operations program’s pressure posture.
Assess current people, process, and technology capabilities.
Determine foundational controls and complete system and asset inventory.
Identified the foundational elements needed for planning before a security operations program can be built
1.1 Define your security obligations and assess your security pressure posture.
1.2 Determine current knowledge and skill gaps.
1.3 Shine a spotlight on services worth monitoring.
1.4 Assess and document your information system environment.
Customized security pressure posture
Current knowledge and skills gaps
Log register of essential services
Asset management inventory
Identify the maturity level of existing security operations program processes.
Current maturity assessment of security operations processes
2.1 Assess the current maturity level of the existing security operations program processes.
Current maturity assessment
Design your optimized target state.
Improve your security operations processes with governance and policy solutions.
Identify and prioritize gap initiatives.
A comprehensive list of initiatives to reach ideal target state
Optimized security operations with repeatable and standardized policies
3.1 Complete standardized policy templates.
3.2 Map out your ideal target state.
3.3 Identify gap initiatives.
Security operations policies
Gap analysis between current and target states
List of prioritized initiatives
Formalize project strategy with a project charter.
Determine your sourcing strategy for in-house or outsourced security operations processes.
Assign responsibilities and complete an implementation roadmap.
An overarching and documented strategy and vision for your security operations
A thorough rationale for in-house or outsourced security operations processes
Assigned and documented responsibilities for key projects
4.1 Complete a security operations project charter.
4.2 Determine in-house vs. outsourcing rationale.
4.3 Identify dependencies of your initiatives and prioritize initiatives in phases of implementation.
4.4 Complete a security operations roadmap.
Security operations project charter
In-house vs. outsourcing rationale
Initiatives organized according to phases of development
Planned and achievable security operations roadmap
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
By defining your goals, framing solutions based on end-user workloads, and understanding the pros and cons of various solutions, you can visualize what success looks like for your VDI/DaaS deployment. This includes defining your KPIs by end-user experience, knowing the decision gates for a successful deployment, and defining your hypothesis for value to make your decision more accurate and gain C-suite buy-in.
Virtual desktop infrastructure (VDI)/desktop as a service (DaaS) users expect their user experience to be at least equal to that provided by a physical PC, and they do not care about the underlying infrastructure. If the experience is less, then IT has failed in the considerations for VDI/ DaaS. In this research we analyze the data that the IT industry tracks but doesn't use or sometimes even look at regarding user experience (UX).
Understanding the strengths and weaknesses in your in-house technical skills and business requirements will assist you in making the right decision when it comes to VDI or DaaS solutions. In the case of DaaS this will include a managed service provider for small to medium-sized IT teams. Many IT teams lack a seasoned IT project manager who can identify gaps, risks, and weaknesses in the organization's preparedness. Redeploy your IT staff to new roles that impact management and monitoring of UX.
Ultimately, IT needs to reduce its complexity, increase user satisfaction, reduce management and storage costs, and maintain a secure and effective environment for both the end user and the business. They must also ensure productivity standards throughout the considerations, strategically, tactically, and in support of a move to a VDI or DaaS solution.
Your Challenge With the evolution of VDI over the last 15-plus years, there has been a proliferation of solutions, such as Citrix desktop services, VMware Horizon, and in-house hypervisor solutions (e.g. ESX hosts). There has also been a great deal of growth and competition of DaaS and SaaS solutions in the cloud space. Hybrid work environments, remote from anywhere and any device, and the security concerns that go hand-in-hand with these strategies have certainly accelerated the move to VDI and DaaS. How will you manage and navigate the right solution for your organization? | Common Obstacles IT departments can encounter many obstacles to VDI and DaaS, many of which will be determined by your business model and other factors, such as:
| Info-Tech’s Approach By defining your end goals, framing solutions based on end-user workloads, and understanding the pros and cons of what solution(s) will meet your needs, you can visualize what success looks like.
|
Every IT organization needs to be asking what success looks like. If you do not consider how your end user will be impacted, whether they are doing something as simple as holding a team meeting with voice and video or working with highly technical workloads on a virtual environment, you will run into multiple issues that affect end-user satisfaction, productivity, and adoption. Understand the tension metrics that may conflict with meeting business objectives and KPIs.
Client-Driven InsightDifferent industries have different requirements and issues, so they look at solutions differently. Info-Tech InsightIf end-user experience is at the forefront of business requirements, then any solution that fits the business KPIs can be successful. |
|
Questions you should be asking before you create your RFP
| How would you rate the user experience on your VDI/DaaS solution?
Info-Tech InsightAsking critical use-case questions should give you a clear picture of the end-user experience outcome. |
Security is always quoted as a primary justification for VDI/DaaS, while UX is far down the list of KPIs. WHY?IT engineers use network and performance metrics to manage end-user complaints of “slowness,” which in reality is not what the user is experiencing.IT needs to invest in more meaningful metrics to manage end-user pain:
| (Source: Enterprise Strategy Group, 2020) |
The dimensions of end-user experience can be broken down into four distinct categories that will impact not only the end user but also the business. Picturing your landscape in this framework will help clearly define your considerations when deciding on whether a VDI or DaaS solution is right for your business. We will investigate how these scenarios impact the end user, what that means, and how that can guide the questions that you are asking as you move to an RFP. Info-Tech InsightIn the world of VDI and DaaS, if you do not get buy-in from the end user, the rate of adoption and the overall success of the implementation will prove difficult to measure. It will be impossible to calculate ROI even as you feel the impact of your TCO. |
What IT measuresMost business KPI objectives concentrate on business goals, whether it be cost containment, security, simplification, ease of management, or centralization of apps and data, but rarely is there a KPI for end-user experience. You can’t fix what you can’t see. Putting a cost benefit to end-user satisfaction may come in the form of productivity. This may be a central reason why VDI has not been widely adopted as an architecture since it came to the marketplace more than 15 years ago. |
Monitoring end-user metrics will mitigate the tension between business KPIs and end-user satisfaction
Metric | Description | ||
End-User | PERFORMANCE | Logon duration | Once the user puts in their password, how long does it take to get to their desktop? What is the measurement and how do you measure? |
App load time | When an app is launched by the user there should be immediate indication that it is loading. | ||
App response time | When the user performs a task, there should be no wait time, or hourglass icon, waiting for the app to catch up to the user input. (There is no succinct way to measure this.) | ||
Session response time | How does the user’s OS respond to I/O? The user should not experience any latency issues when doing a drag and drop, clicking on a menu item, or doing a search. | ||
AVAILABILITY | SLAs | When something goes wrong in the VDI/DaaS environment, how quickly can the user expect to get back to their tasks? | |
Geographic location | When all other considerations are configured correctly, the user experience may be impacted by their location. So, for example, a user working out of Mexico and logging into a VDI may experience latency based on location compared to a user in California, for example, where the resources are stored, managed, and monitored. | ||
Application availability | Much like app load time and response time, the only factor affecting the user experience is the back-end load on the app itself, for example a CAD or heavy resource app not properly resourced. | ||
FUNCTIONALITY | Configuration of user desktop | Degradation in functionality is caused by improper allocation of CPU, RAM, and GPU for the tasks at hand, creating a bad UX and end-user satisfaction score. | |
Graphics quality and responsiveness | The user should have the same experience as if on their own physical machine. A video experience should not have any lag in it, for example. MS Teams should not have latency or sound quality issues. | ||
Predictive analysis | Continuous performance and availability monitoring. | ||
END USER | Browser real user monitoring (RUM) | A real-time view into how the web application is performing from the point of view of a real end user. | |
Customer satisfaction score | Survey-based metrics on customer satisfaction. |
“If employees are the competitive edge and key differentiator for a business, I&O has a duty of care to ensure that the employees’ digital experience enables and does not impede the value of that asset.” (John Annand, Principal Director, Info-Tech Research Group)
Is security and data sovereignty the only reason?
Technical capability | |
AVAILABILITY | VDI is a better fit than DaaS in organizations that have limited or unreliable internet connectivity. |
FUNCTIONALITY | Application flexibility: Resource-intensive applications may require specific virtual desktop configurations, for example in-house GIS apps, CAD, and gaming software requiring specific GPU configurations. |
SECURITY | Data protection is often stated as a need to maintain an on-premises VDI solution, ensuring sensitive and highly privileged data does not travel across the internet. |
AVAILABILITY | While some cloud providers will allow you to bring your OS licensing along with a cloud migration, many subscriptions already include OS licensing, and you may be paying additional licensing costs. |
SECURITY | VDI makes sense if security and control are primary business KPIs, the IT resources are experienced virtual infrastructure engineers and administrators, and funding is not a hindrance. |
PERFORMANCE | When processing power is a functional requirement, such as CPU, GPU, and storage capacity, VDI offers performance benefits over a standard PC, reducing the need to deploy high-powered PCs to end users. |
“Though the desktops are moving to the cloud, accountability is not.” (Gary Bea, Director of Consulting Services and Technical Operations, Goliath Technologies)
Any device anywhere: key benefits of DaaS
Technical capability | Challenges | |
AVAILABILITY | Delivers a consistent user experience regardless of location or device. | Info-Tech InsightThe total cost of the solution will be higher than you anticipate, and management is complex. Additionally, your ability to set your conditions and controls is limited. Info-Tech InsightDepending on your technical abilities and experience with cloud services, you will likely benefit from professional third-party services, technical services, and consulting, which can be critical when deciding if DaaS can fit into your current IT architecture, processes, and security posture. |
SECURITY | Enhances security posture by eliminating your client VPN and keeping sensitive data off the endpoint device. | |
FUNCTIONALITY | Onboard and offboard users quickly and securely. | |
FUNCTIONALITY | Provides centralize workspace management. | |
FUNCTIONALITY | Scale up or down on demand with a consumption- and subscription-based contract. | |
FUNCTIONALITY | Significantly reduce operational overhead compared to managing a traditional VDI deployment. |
From an end-user experience perspective, what makes sense in terms of usage and cost?
Thin Client
| Desktop as a Service
| Thick Client
| Device as a Service
| Web Client
|
What is the better security posture and control plane? Clarify your stakeholders’ objectives, then see if VDI is an adequate solution.
Modernize and Transform Your End-User Computing Strategy Phase 3.2 of this research set covers virtual desktop infrastructure. | |
Implement Desktop Virtualization and Transition to Everything as a Service Follow Info-Tech’s process for implementing the right desktop virtualization solution to create a project plan that will help ensure that you not only choose the right solution but also implement it effectively. | |
Cloud Strategy Workbook Use this tool to assess cloud services (desktop-as-a-service). | |
Desktop Virtualization TCO Calculator This tool is designed to help you understand what desktop virtualization looks like from a cost perspective. |
Anderson, Joseph. “Five Ways VDI Will Grow in 2022 Thanks to Hybrid Work.” StratoDesk, 28 Feb. 2022. Web.
Bowker, Mark. “Are Desktops Doomed? Trends in Digital Workspaces, VDI, and DaaS.” ESG, May 2020. Web.
“The CISO's Dilemma: How Chief Information Security Officers Are Balancing Enterprise Endpoint Security and Worker Productivity in Response to COVID-19.” Hysolate, Oct. 2020. Web.
King, Val. “Why the End-User Experience Is Not Good for Your Remote Workforce .” Whitehat Virtual Technologies, 2 Dec. 2021. Web.
Perry, Yifat. “VDI vs DaaS: 5 Key Differences and 6 Leading Solutions.” NetApp, 26 Aug. 2020. Web.
Rigg, Christian. “Best virtual desktop services 2022.” TechRadar, 20 Jan. 2022 . Web.
Seget, Vladan. “Key metrics to consider when assessing the performance of your VDI/DaaS environment.” vladan.fr, 19 April 2021. Web.
Spruijt, Ruben. “Why Should You Care About VDI and Desktop-as-a-Service?” Nutanix, 28 Jan. 2020. Web.
Stowers, Joshua. “The Best Desktop as a Service (DaaS) Providers 2022.” business.com, 21 Dec. 2021. Web.
“Virtual Desktop Infrastructure(VDI) Market 2022.” MarketWatch, 5 Jan. 2022. Web. Press release.
Zamir, Tal. “VDI Security Best Practices: Busting the Myths.” Hysolate, 29 Nov. 2021. Web.
Zychowicz, Paul. “Why do virtual desktop deployments fail?” Turbonomic Blog, 16 Dec. 2016. Web.