Analyst Perspective

The key is in anticipation.

“We all encounter unexpected changes and our responses are often determined by how we perceive and understand those changes. We react according to the unexpected occurrence. Business organizations are no different.

When a company faces a major technology disruption in its markets – one that could fundamentally change the business or impact its processes and technology – the way its management perceive and understand the disruption influences how they describe and plan for it. In other words, the way management sets the context of a disruption – the way they frame it – shapes the strategy they adopt. Technology leaders can vastly influence business strategy by adopting a proactive approach to understanding disruptive and innovative technologies by simply adopting a process to review and evaluate technology impacts to the company’s lines of business.”

Troy Cheeseman
Practice Lead, Infrastructure & Operations Research
Info-Tech Research Group

Executive Summary

Your Challenge

• New technology can hit like a meteor. Not only disruptive to IT, technology provides opportunities for organization-wide advantage.
• Your role is endangered. If you don’t prepare for the most disruptive technologies, you could be overshadowed. Don’t let the chief marketing officer (CMO) set the technological innovation agenda.

Common Obstacles

• Predicting the future isn’t easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, predicting which specific technologies will become disruptive is difficult.
• Communication is difficult when the sky is falling. Even forward-looking IT leaders struggle with convincing others to devote time and resources to monitoring technologies with a formal process.

Info-Tech’s Approach

• Identify, resolve, and evaluate. Use an annual process as described in this blueprint: a formal evaluation of new technology that turns analysis into action.
• Lead the analysis from IT. Establish a team to carry out the annual process as a cure for the causes of “airline magazine syndrome” and to prevent it from happening in the future.
• Train your team on the patterns of progress, track technology over time in a central database, and read Info-Tech’s analysis of upcoming technology.
• Create your KPIs. Establish your success indicators to create measurable value when presenting to your executive.
• Produce a comprehensive proof-of-concept plan that will allow your company to minimize risk and maximize reward when engaging with new technology.

Info-Tech Insight

Proactively monitoring, evaluating, and exploiting disruptive tech isn’t optional.
This will protect your role, IT’s role, and the future of the organization.

A diverse working group maximizes the insight brought to bear.
An IT background is not a prerequisite.

The best technology is only the best when it brings immediate value.
Good technology might not be ready; ready technology might not be good.

Review

We help IT leaders make the most of disruptive impacts.

This research is designed for:

Target Audience: CIO, CTO, Head of Infrastructure

This research will help you:

• Develop a process for anticipating, analyzing, and exploiting disruptive technology.
• Communicate the business case for investing in disruptive technology.
• Categorize emerging technologies to decide what to do with them.
• Develop a plan for taking action to exploit the technology that will most affect your organization.

Problem statement:

As a CIO, there is a need to move beyond day-to-day technology management with an ever-increasing need to forecast technology impacts. Not just from a technical perspective but to map out the technical understandings aligned to potential business impacts and improvements. Technology transformation and innovation is moving more quickly than ever before and as an innovation champion, the CIO or CTO should have foresight in specific technologies with the understanding of how the company could be disrupted in the near future. Foresight + Current Technology + Business Understanding = Understanding the Business Disruption. This should be a repeatable process, not an exception or reactionary response.

Insight Summary

Establish the core working group, select a leader, and select a group of visionaries to help brainstorm emerging technologies.

The right team matters. A core working group will keep focus through the process and a leader will keep everyone accountable. Visionaries are out-of-the-box thinkers and once they understand how to think like a "futurists," they will drive the longlist and shortlist actions.

Train the group to think like futurists

To keep up with exponential technology growth you need to take a multi-threaded approach.

Brainstorm about creating a better future; begin brainstorming an initial longlist

Establish the longlist. The longlist helps create a holistic view of most technologies that could impact the business. Assigning values and quadrant scoring will shortlist the options and focus your PoC option.

Converge everyone’s longlists

Long to short...that's the short of it. Using SWOT, value readiness, and quadrant mapping review sessions will focus the longlist, creating a shortlist of potential POC candidates to review and consider.

Evaluate the shortlist

There is no such thing as a risk-free endeavor. Use a systematic process to ensure that the risks your organization takes have the potential to produce significant rewards.

Define your PoC list and schedule

Don’t be afraid to fail! Inevitably, some proof-of-concept projects will not benefit the organization. The projects that are successful will more than cover the costs of the failed projects. Roll out small scale and minimize losses.

Finalize, present the plan to stakeholders, and repeat!

Don't forget the C-suite. Effectively communicate and present the working group’s finding with a well-defined and succinct presentation. Start the process again!

1. Identify
   • Establish the core working group and select a leader; select a group of visionaries
   • Train the group to think like futurists
   • Hold your initial meeting
2. Resolve

• Create and winnow a longlist
• Assess and create the shortlist

The Key Is in Anticipation!

Use Info-Tech’s approach for analyzing disruptive technology in your own disruptive tech working group

Four key challenges make it essential for you to become a champion for exploiting disruptive technology

1. New technology can hit like a meteor. It doesn’t only disrupt IT; technology provides opportunities for organization-wide advantage.
2. Your role is endangered. If you don’t prepare for the most disruptive technologies, you could be overshadowed. Don’t let the CMO rule technological innovation.
3. Predicting the future isn’t easy. Most IT leaders fail to realize how quickly technology increases in capability. Even for the tech savvy, predicting which specific technologies will become disruptive is difficult.
4. Communication is difficult when the sky is falling. Even forward-looking IT leaders struggle with convincing others to devote time and resources to monitoring emerging technologies with a formal process.

“Look, you have never had this amount of opportunity for innovation. Don’t forget to capitalize on it. If you do not capitalize on it, you will go the way of the dinosaur.”
– Dave Evans, Co-Founder and CTO, Stringify

Technology can hit like a meteor

“ By 2025:

• 38.6 billion smart devices will be collecting, analyzing, and sharing data.
• The web hosting services market is to reach $77.8 billion in 2025.
• 70% of all tech spending is expected to go for cloud solutions.
• There are 1.35 million tech startups.
• Global AI market is expected to reach $89.8 billion.”

– Nick Gabov

IT Disruption

Technology disrupts IT by:

• Affecting the infrastructure and applications that IT needs to use internally.
• Affecting the technology of end users that IT needs to support and deploy, especially for technologies with a consumer focus.
• Allowing IT to run more efficiently and to increase the efficiency of other business units.
• Example: The rise of the smartphone required many organizations to rethink endpoint devices.

Business Disruption

Technology disrupts the business by:

• Affecting the viability of the business.
• Affecting the business’ standing in relation to competitors that better deal with disruptive technology.
• Affecting efficiency and business strategy. IT should have a role in technology-related business decisions.
• Example: BlackBerry failed to anticipate the rise of the apps ecosystem. The company struggled as it was unable to react with competitive products.

Senior IT leaders are expected to predict disruptions to IT and the business, while tending to today’s needs

You are expected to be both a firefighter and a forecaster

• Anticipating upcoming disruptions is part of your job, and you will be blamed if you fail to anticipate future business disruptions because you are focusing on the present.
• However, keeping IT running smoothly is also part of your job, and you will be blamed if today’s IT environment breaks down because you are focusing on the future.

You’re caught between the present and the future

• You don’t have a process that anticipates future disruptions but runs alongside and integrates with operations in the present.
• You can’t do it alone. Tending to both the present and the future will require a team that can help you keep the process running.

Info-Tech Insight

Be prepared when disruptions start coming down, even though it isn’t easy. Use this research to reduce the effort to a simple process that can be performed alongside everyday firefighting.

Make disruptive tech analysis and exploitation part of your innovation agenda

Organizations without high satisfaction with IT innovation leadership are only 20% likely to be highly satisfied with IT

“You rarely see a real-world correlation of .86!”
– Mike Battista, Staff Scientist, Cambridge Brain Sciences, PhD in Measurement

There is a clear relationship between satisfaction with IT and the IT department’s innovation leadership.

Prevent “airline magazine syndrome” by proactively analyzing disruptive technologies

“The last thing the CIO needs is an executive saying ‘I don’t what it is or what it does…but I want two of them!”
– Tim Lalonde

Airline magazine syndrome happens to IT leaders caught between the business and IT. It usually occurs in this manner:

1. While on a flight, a senior executive reads about an emerging technology that has exciting implications for the business in an airline magazine.
2. The executive returns and approaches IT, demanding that action be taken to address the disruptive technology – and that it should have been (ideally) completed already.

Without a Disruptive Technology Exploitation Plan:

“I don’t know”

With a Disruptive Technology Exploitation Plan:

“Here in IT, we have already considered that technology and decided it was overhyped. Let me show you our analysis and invite you to join our working group.”

OR

“We have already considered that technology and have started testing it. Let me show you our testing lab and invite you to join our working group.”

Info-Tech Insight

Airline magazine syndrome is a symptom of a wider problem: poor CEO-CIO alignment. Solve this problem with improved communication and documentation. Info-Tech’s disruptive tech iterative process will make airline magazine syndrome a thing of the past!

IT leaders who do not keep up with disruptive technology will find their roles diminished

“Today’s CIO dominion is in a decaying orbit with CIOs in existential threat mode.”
– Ken Magee

Protect your role within IT

• IT is threatened by disruptive technology:
  • Trends like cloud services, increased automation, and consumerization reduce the need for IT to be involved in every aspect of deploying and using technology.
  • In the long term, machines will replace even intellectually demanding IT jobs, such as infrastructure admin and high-level planning.
• Protect your role in IT by:
  • Anticipating new technology that will disrupt the IT department and your place within it.
  • Defining new IT roles and responsibilities that accurately reflect the reality of technology today.
  • Having a process for the above that does not diminish your ability to keep up with everyday operations that remain a priority today.

Protect your role against other departments

• Your role in the business is threatened by disruptive technology:
  • The trends that make IT less involved with technology allow other executives – such as the CMO – to make IT investments.
  • As the CMO gains the power and data necessary to embrace new trends, the CIO and IT managers have less pull.
• Protect your role in the business by:
  • Being the individual to consult about new technology. It isn’t just a power play; IT leaders should be the ones who know technology thoroughly.
  • Becoming an indispensable part of the entire business’ innovation strategy through proposing and executing a process for exploiting disruptive technology.

IT leaders who do keep up have an opportunity to solidify their roles as experts and aggregators

“The IT department plays a critical role in [innovation]. What they can do is identify a technology that potentially might introduce improvements to the organization, whether it be through efficiency, or through additional services to constituents.”
– Michael Maguire, Management Consultant

The contemporary CIO is a conductor, ensuring that IT works in harmony with the rest of the business.

The new CIO is a conductor, not a musician. The CIO is taking on the role of a business engineer, working with other executives to enable business innovation.

The new CIO is an expert and an aggregator. Conductor CIOs increasingly need to keep up on the latest technologies. They will rely on experts in each area and provide strategic synthesis to decide if, and how, developments are relevant in order to tune their IT infrastructure.

The pace of technological advances makes progress difficult to predict

“An analysis of the history of technology shows that technological change is exponential, contrary to the common-sense ‘intuitive linear’ view. So we won’t experience 100 years of progress in the 21st century – it will be more like 20,000 years of progress (at today’s rate).”
– Ray Kurzweil

Technology advances exponentially. Rather than improving by the same amount of capability each year, it multiplies in capability each year.

Think like a futurist to anticipate technology before it goes mainstream.

Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Even those who acknowledge exponential growth underestimate how capabilities can improve.

To predict new advances, turn innovation into a process

“We spend 70 percent of our time on core search and ads. We spend 20 percent on adjacent businesses, ones related to the core businesses in some interesting way. Examples of that would be Google News, Google Earth, and Google Local. And then 10 percent of our time should be on things that are truly new.”
– Eric Schmidt, Google

• Don’t get caught in the trap of refining your core processes to the exclusion of innovation. You should always be looking for new processes to improve, new technology to pilot, and where possible, new businesses to get into.
• Devote about 10% of your time and resources to exploring new technology: the potential rewards are huge.

You and your team need to analyze technology every year to predict where it’s going.

Foundational technologies, such as computing power, storage, and networks, are improving exponentially. Disruptive technologies are specific manifestations of foundational advancements. Advancements of greater magnitude give rise to more manifestations; therefore, there will be more disruptive technologies every year. There is a lot of noise to cut through. Remember Google Glasses? As technology becomes ubiquitous and consumerization reigns, everybody is a technology expert. How do you decide which technologies to focus on?

Protect IT and the business from disruption by implementing a simple, repeatable disruptive technology exploitation process

“One of the most consistent patterns in business is the failure of leading companies to stay at the top of their industries when technologies or markets change […] Managers must beware of ignoring new technologies that can’t initially meet the needs of their mainstream customers.”
– Joseph L. Bower and Clayton M. Christensen

Info-Tech Insight

Use Info-Tech’s tools and templates, along with this storyboard, to walk you through creating and executing an exploitation process in six steps.

Create measurable value by using Info-Tech’s process for evaluating the disruptive potential of technology

No business process is perfect. Use Info-Tech’s Proof of Concept Template to create a disruptive technology proof of concept implementation plan. Harness your company’s internal wisdom to systematically vet new technology. Engage only in calculated risk and maximize potential benefit.

Info-Tech Insight

Inevitably, some proof of concept projects will not benefit the organization. The projects that are successful will more than cover the costs of the failed projects. Roll out small scale and minimize losses.

Establish your key performance indicators (KPIs)

Key performance indicators allow for rigorous analysis, which generates insight into utilization by platform and consumption by business activity.

• Brainstorm metrics that indicate when process improvement is actually taking place.
• Have members of the group pitch KPIs; the facilitator should record each suggestion on a whiteboard.
• Make sure to have everyone justify the inclusion of each metric: how does it relate to the improvement that the proof of concept project is intended to drive? How does it relate to the overall goals of the business?
• Include a list of KPIs, along with a description and a target (ensuring that it aligns with SMART metrics).

Communicate your plan with the Disruptive Technology Exploitation Plan Template

Use the Disruptive Technology Exploitation Plan Template to summarize everything that the group does. Update the report continuously and use it to show others what is happening in the world of disruptive technology.

Whether you need a process for exploiting disruptive technology, or an analysis of current trends, Info-Tech can help

Two sets of research make up Info-Tech’s disruptive technology coverage:

This storyboard, and the associated tools and templates, will walk you through creating a disruptive technology working group of your own.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

Key deliverable:

The Disruptive Technology Exploitation Plan Template acts as an implementation plan for developing a long-term strategy for monitoring and implementing disruptive technologies.

Proof of Concept Template

The Proof of Concept Template will guide you through the creation of a minimum-viable proof-of-concept project.

Executive Presentation

The Disruptive Technology Executive Presentation Template will assist you to present an overview of the disruptive technology process, outlining the value to your company.

Disruptive Technology Value Readiness & SWOT Analysis Tool

The Disruptive Technology Value Readiness & SWOT Analysis Tool will assist you to systematize notional evaluations of the value and readiness of potential disruptive technologies.

Disruptive Technology Research Database Tool

The Disruptive Technology Research Database Tool will help you to keep track of the independent research that is conducted by members of the disruptive technology exploitation working group.

Disruptive Technology Shortlisting Tool

The Disruptive Technology Shortlisting Tool will help you to codify the results of the disruptive technology working group's longlist winnowing process.

Disruptive Technology Look to the Past Tool

The Disruptive Technology Look to the Past Tool will assist you to collect reasonability test notes when evaluating potential disruptive technologies.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is 8 to 12 calls over the course of 4 to 6 months.

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Exploit Disruptive Infrastructure Technology

Disrupt or be disrupted.

Identify

Create your working group.

PHASE 1

Use Info-Tech’s approach for analyzing disruptive technology in your own disruptive tech working group

1. Identify
   1. Establish the core working group and select a leader; select a group of visionaries
   2. Train the group to think like futurists
   3. Hold your initial meeting
2. Resolve
   1. Create and winnow a longlist
   2. Assess and create the shortlist
3. Evaluate
   1. Create process maps
   2. Develop proof of concept charter

The Key Is in Anticipation!

Phase 1: Identify

Create your working group.

Activities:

Step 1.1: Establish the core working group and select a leader; select a group of visionaries
Step 1.2: Train the group to think like futurists
Step 1.3: Hold the initial meeting

This step involves the following participants:

IT Infrastructure Manager

CIO or CTO

Potential members and visionaries of the working group

Outcomes of this step:

• Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
• Establish a process for including visionaries from outside of the working group who will provide insight and direction.
• Introduce the core working group members.
• Gain a better understanding of how technology advances.
• Brainstorm a list of organizational processes.
• Brainstorm an initial longlist.

Step 1.1

Establish the core working group and select a leader; select a group of visionaries.

Activities:

• Articulate the long- and short-term benefits and costs to the entire organization
• Gain support by articulating the long- and short-term benefits and costs to the IT department
• Gain commitment from key stakeholders and executives
• Help stakeholders understand what goes into formally exploiting disruptive tech by reviewing this process
• Establish the core working group and select a leader
• Create a schedule with a time commitment appropriate to your organization’s size; it doesn’t need to take long
• Select a group of visionaries external to IT to help the working group brainstorm disruptive technologies

This step involves the following participants:

• IT Infrastructure Manager
• CIO or CTO
• Potential members and visionaries of the working group

Outcomes of this step

• Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
• Establish a process for including visionaries from outside of the working group that will provide insight and direction.

1.1.A Articulate the long- and short-term benefits and costs to the entire organization

A cost/benefit analysis will give stakeholders a picture of how disruptive technology could affect the business. Use the chart as a starting point and customize it based on your organization.

1.1.B Gain support by articulating the long- and short-term benefits and costs to the IT department

A cost/benefit analysis will give stakeholders a picture of how disruptive technology could affect the business. Use the chart as a starting point and customize it based on your organization.

1.1.C Gain commitment from key stakeholders and executives

Gaining approval from executives and key stakeholders is the final obstacle. Ensure that you cover the following items to have the best chance for project approval.

• Use a sample deck similar to this section for gaining buy-in, ensuring that you add/remove information to make it specific to your organization. Cover this section, including:
  • Who: Who will lead the team and who will be on it (working group)?
  • What: What resources will be required by the team (costs)?
  • Where/When: How often and where will the team meet (meeting schedule)?
  • Why: Why is there a need to exploit disruptive technology (benefits and examples)?
  • How: How is the team going to exploit disruptive technology (the process)?
• Go through this blueprint prior to presenting the plan to stakeholders so that you have a strong understanding of the details behind each process and tool.
• Frame the first iteration of the cycle as a pilot program. Use the completed results of the pilot to establish exploiting disruptive technology as a necessary company initiative.

Insert the resources required by the disruptive tech exploitation team into Section 1.5 of the Disruptive Technology Exploitation Plan Template. Have executives sign-off on the project in Section 1.6.

Disruption has undermined some of the most successful tech companies

“The IT department plays a critical role in [innovation]. What they can do is identify a technology that potentially might introduce improvements to the organization, whether it be through efficiency or through additional services to constituents.”
- Michael Maguire, Management Consultant

VoIP’s transformative effects

Disruptive technology:
Voice over Internet Protocol (VoIP) is a modern means of making phone calls through the internet by sending voice packets using data, as opposed to the traditional circuit transmissions of the PSTN.

Who won:
Organizations that realized the cost savings that VoIP provided for businesses with a steady internet connection saved as much as 60% on telephony expenses. Even in the early stages, with a few more limitations, organizations were able to save a significant amount of money and the technology has continued to improve.

Who lost?
Telecom-related companies that failed to realize VoIP was a potential threat to their market, and organizations that lacked the ability to explore and implement the disruptive technology early.

Digital photography — the new norm

Disruptive technology:
Digital photography refers to the storing of photographs in a digital format, as opposed to traditional photography, which exposes light to sensitive photographic film.

Who won:
Photography companies and new players that exploited the evolution of data storage and applied it to photography succeeded. Those that were able to balance providing traditional photography and exploiting and introducing digital photography, such as Nikon, left competitors behind. Smartphone manufacturers also benefited by integrating digital cameras.

Who lost?
Photography companies, such as Kodak, that failed to respond to the digital revolution found themselves outcompeted and insolvent.

1.1.D Help stakeholders understand what goes into formally exploiting disruptive tech by reviewing this process

There are five steps to formally exploiting disruptive technology, each with its own individual outputs and tools to take analysis to the next level.

Info-Tech Insight

Before going to stakeholders, complete the entire blueprint to better understand the tools and outputs of the process.

1.1.E Establish the core working group and select a leader

• Selecting your core membership for the working group is a critical step to the group’s success. Ensure that you satisfy the following criteria:
  • This is a team of subject matter experts. They will be overseeing the learning and piloting of disruptive technologies. Their input will also be valuable for senior executives and for implementing these technologies.
  • Choose members that can take time away from firefighting tasks to dedicate time to meetings.
  • It may be necessary to reach outside of the organization now or in the future for expertise on certain technologies. Use Info-Tech as a source of information.

• Once the team is established, you must decide who will lead the group. Ensure that you satisfy the following criteria:
  • A leader should be credible, creative, and savvy in both technology and business.
  • The leader should facilitate, acting as both an expert and an aggregator of the information gathered by the team.

Choose a compelling name

The working group needs a name. Be sure to select one with a positive connotation within your organization.

Section 1.3 of the Disruptive Technology Exploitation Plan Template

1.1.F Create a schedule with a time commitment appropriate to your organization’s size; it doesn’t need to take long

Time the disruptive technology working group’s meetings to coincide and integrate with your organization’s strategic planning — at least annually.

“Regardless of size, it’s incumbent upon every organization to have some familiarity of what’s happening over the next few years, [and to try] to anticipate what some of those trends may be. […] These trends are going to accelerate IT’s importance in terms of driving business strategy.”
– Vern Brownell, CEO, D-Wave

Section 1.4 of the Disruptive Technology Exploitation Plan Template

1.1.G Select a group of visionaries external to IT to help the working group brainstorm disruptive technologies

Selecting advisors for your group is an ongoing step, and the roster can change.

Ensure that you satisfy the following criteria:

• Look beyond IT to select a team representing several business units.
• Check for self-professed “geeks” and fans of science fiction that may be happy to join.
• Membership can be a reward for good performance.

This group does not have to meet as regularly as the core working group. Input from external advisors can occur between meetings. You can also include them on every second or third iteration of the entire process.

However, the more input you can get into the group, the more innovative it can become.

“It is … important to develop design fictions based on engagement with directly or indirectly implicated publics and not to be designed by experts alone.”
– Emmanuel Tsekleves, Senior Lecturer in Design Interactions, University of Lancaster

Section 1.3 of the Disruptive Technology Exploitation Plan Template

The following case study illustrates the innovative potential that is created when you include a diverse group of people

INDUSTRY - Chip Manufacturing
SOURCE - Clayton Christensen, Intel

To achieve insight, you need to collaborate with people from outside of your department.

Challenge

• Headquartered in California, through the 1990s, Intel was the largest microprocessor chip manufacturer in the world, with revenue of $25 billion in 1997.
• All was not perfect, however. Intel faced a challenge from Cyrix, a manufacturer of low-end chips. In 18 months, Cyrix’s share of the low-margin entry-level chip manufacturing business mushroomed from 10% to 70%.

Solution

• Troubled by the potential for significant disruption of the microprocessor market, Intel brought in external consultants to hold workshops to educate managers about disruptive innovation.
• Managers would break into groups and discuss ways Intel could facilitate the disruption of its competitors. In one year, Intel hosted 18 workshops, and 2,000 managers went through the process.

Results

• Intel launched the Celeron chip to serve the lower end of the PC market and win market share back from Cyrix (which no longer exists as an independent company) and other competitors like AMD.
• Within one year, Intel had captured 35% of the market.

“[The models presented in the workshops] gave us a common language and a common way to frame the problem so that we could reach a consensus around a counterintuitive course of action.” – Andy Grove, then-CEO, Intel Corporation

Phase 1: Identify

Create your working group.

Activities:

Step 1.1: Establish the core working group and select a leader; select a group of visionaries
Step 1.2: Train the group to think like futurists
Step 1.3: Hold the initial meeting

This step involves the following participants:

• IT Infrastructure Manager
• CIO or CTO
• Potential members and visionaries of the working group

Outcomes of this phase:

• Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
• Establish a process for including visionaries from outside of the working group who will provide insight and direction.
• Introduce the core working group members.
• Gain a better understanding of how technology advances.
• Brainstorm a list of organizational processes.
• Brainstorm an initial longlist.

Step 1.2

Train the group to think like futurists

Activities:

1. Look to the past to predict the future:
   • Step 1: Review the technology opportunities you missed
   • Step 2: Review and record what you liked about the tech
   • Step 3: Review and record your dislikes
   • Step 4: Record and test the reasonability
2. Crash course on futurology principles
3. Peek into the future

This step involves the following participants:

• IT Infrastructure Manager
• CIO or CTO
• Core working group members
• Visionaries

Outcomes of this step

• Team members thinking like futurists
• Better understanding of how technology advances
• List of past examples and characteristics

Info-Tech Insight

Business buy-in is essential. Manage your business partners by providing a summary of the EDIT methodology and process. Validate the process value, which will allow you create a team of IT and business representatives.

1.2 Train the group to think like futurists

1 hour

Ensure the team understands how technology advances and how they can identify patterns in upcoming technologies.

1. Lead the group through a brainstorming session.
2. Follow the next phases and steps.
3. This session should be led by someone who can facilitate a thought-provoking discussion.
4. This training deck finishes with a video.

Input

• Facilitated creativity
• Training deck [following slides]

Output

• Inspiration
• Anonymous ideas

Materials

• Futurist training “steps”
• Pen and paper

Participants

• Core working group
• Visionaries
• Facilitator

1.2.A Look to the past to predict the future

30 minutes

Use the Disruptive Technology Research Look to the Past Tool to record your output.

Input

• Facilitated creativity
• Speaker’s notes

Output

• Inspiration
• Anonymous ideas
• Recorded missed opportunities
• Recorded positive points
• Recorded dislikes
• Reasonability test list

Materials

• Futurist training “steps”
• Pen and paper
• “Look to the Past” tool

Participants

• Core working group
• Visionaries
• Facilitator

Understand how the difference between linear and exponential growth will completely transform many organizations in the next decade

“The last ten years have seen exponential growth in research on disruptive technologies and their impact on industries, supply chains, resources, training, education and employment markets … The debate is still open on who will be the winners and losers of future industries, but what is certain is that change has picked up pace and we are now in a new technology revolution whose impact is potentially greater than the industrial revolution.”
– Gary L. Evans

Exponential advancement will ensure that life in the next decade will be very different from life today.

• Linear growth happens one step at a time.
• The difference between linear and exponential is hard to notice, at first.
• We are now at the knee of the curve.

What about email?

• Consider the amount of email you get daily
• Double it
• Triple it

Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Technology grows exponentially, and we are approaching the knee of the curve.

This graph is adapted from research by Ray Kurzweil.

Growth: Linear vs. Exponential

1.2.B Crash course on futurology principles

1 hour

“An analysis of the history of technology shows that technological change is exponential, contrary to the common-sense ‘intuitive linear’ view. So we won’t experience 100 years of progress in the 21st century — it will be more like 20,000 years of progress (at today’s rate).”
- Ray Kurzweil

Review the differences between exponential and linear growth

The pace of technological advances makes progress difficult to predict.

Technology advances exponentially. Rather than improving by the same amount of capability each year, it multiplies in capability each year.

Think like a futurist to anticipate technology before it goes mainstream.

Exponential growth happens much faster than linear growth, especially when it hits the knee of the curve. Even those who acknowledge exponential growth underestimate how capabilities can improve.

The following case study illustrates the rise of social media providers

“There are 7.7 billion people in the world, with at least 3.5 billion of us online. This means social media platforms are used by one in three people in the world and more than two-thirds of all internet users.”
– Esteban Ortiz-Ospina

The following case study illustrates the rapid growth of Machine to Machine (M2M) connections

Ray Kurzweil’s Law of Accelerating Returns

“Ray Kurzweil has been described as ‘the restless genius’ by The Wall Street Journal, and ‘the ultimate thinking machine’ by Forbes. He was ranked #8 among entrepreneurs in the United States by Inc Magazine, calling him the ‘rightful heir to Thomas Edison,’ and PBS included Ray as one of 16 ‘revolutionaries who made America,’ along with other inventors of the past two centuries.”
Source: KurzweilAI.net

Growth is linear?

“Information technology is growing exponentially. That’s really my main thesis, and our intuition about the future is not exponential, it’s really linear. People think things will go at the current pace …1, 2, 3, 4, 5, and 30 steps later, you’re at 30.”

Better IT strategy enables future business innovation

“The reality of information technology like computers, like biological technologies now, is it goes exponentially … 2, 4, 8, 16. At step 30, you’re at a billion, and this is not an idle speculation about the future.” [emphasis added]

“When I was a student at MIT, we all shared a computer that cost tens of millions of dollars. This computer [pulling his smartphone out of his pocket] is a million times cheaper, a thousand times more powerful — that’s a billion-fold increase in MIPS per dollar, bits per dollar… and we’ll do it again in 25 years.”
Source: “IT growth and global change: A conversation with Ray Kurzweil,” McKinsey & Company

1.2.C Peak into the future

1 hour

Leverage industry roundtables and trend reports to understand the art of the possible

• Uncover important business and industry trends that can inform possibilities for technology disruption.
• Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.

Visit Info-Tech’s Trends & Priorities Research Center

Visit Info-Tech’s Industry Coverage Research to get started.

Phase 1: Identify

Create your working group

Activities:

Step 1.1: Establish the core working group and select a leader; select a group of visionaries
Step 1.2: Train the group to think like futurists
Step 1.3: Hold the initial meeting

This step involves the following participants:

• IT Infrastructure Manager
• CIO or CTO
• Potential members and visionaries of the working group

Outcomes of this phase:

• Establish a team of subject matter experts that will evaluate new, emerging, and potentially disruptive technologies.
• Establish a process for including visionaries from outside of the working group who will provide insight and direction.
• Introduce the core working group members.
• Gain a better understanding of how technology advances.
• Brainstorm a list of organizational processes.
• Brainstorm an initial longlist.

Info-Tech Insight

Establish the longlist. The longlist help create a holistic view of most technologies that could impact the business. Assigning values and quadrant scoring will shortlist the options and focus your PoC option.

Step 1.3

Hold the initial meeting

Activities:

1. Create an agenda for the meeting
2. Start the kick-off meeting with introductions and a recap
3. Brainstorm about creating a better future
4. Begin brainstorming an initial longlist
5. Have team members develop separate longlists for their next meeting

This step involves the following participants:

• IT Infrastructure Manager
• CIO or CTO
• Core working group members
• Visionaries

Outcomes of this step

• Introduce the core working group members
• Gain a better understanding of how technology advances
• Brainstorm a list of organizational processes
• Brainstorm an initial longlist

1.3.A Create an agenda for the meeting

1 hour

Kick-off this cycle of the disruptive technology process by welcoming your visionaries and introducing your core working group.

The purpose of the initial meeting is to brainstorm where new technology will be the most disruptive within the organization. You’ll develop two longlists: one of business processes and one of disruptive technology. These longlists are in addition to the independent research your core working group will perform before Phase 2.

• Find an outgoing facilitator. Sitting back will let you focus more on ideating, and an engaging presenter will help bring out ideas from your visionaries.
• The training deck (see step 1.2c) includes presenting a video. We’ve included some of our top choices for you to choose from.
  • Feel free to find your own video or bring in a keynote speaker.
  • The object of the video is to get the group thinking about the future.
  • Customize the training deck as needed.
• If a cycle has been completed, present your findings and all of the group’s completed deliverables in the first section.
• This session is the only time you have with your visionaries. Get their ideas on what technologies will be disruptive to start forming a longlist.

Info-Tech Insight

The disruptive tech team is prestigious. If your organization is large enough or has the resources, consider having this meeting in an offsite location. This will drive excitement to join the working group if the opportunity arises and incentivize good work.

Info-Tech Insight

The disruptive tech team is prestigious. If your organization is large enough or has the resources, consider having this meeting in an offsite location. This will drive excitement to join the working group if the opportunity arises and incentivize good work.

1.3.B Start the kick-off meeting with introductions and a summary of what work has been done so far

30 minutes

1. Start the meeting off with an icebreaker activity. This isn’t an ordinary business meeting – or even group – so we recommend starting off with an activity that will emphasize this unique nature. To get the group in the right mindset, try this activity:
   1. Go around the group and have people present:
   2. Their names and roles
   3. Pose some or all of the following questions/prompts to the group:
      • “Tell me about something you have created.”
      • “Tell me about a time you created a process or program considered risky.”
      • “Tell me about a situation in which you had to come up with several new ideas in a hurry. Were they accepted? Were they successful?”
      • “Tell me about a time you took a risk.”
      • “Tell me about one of your greatest failures and what you learned from it.”
2. Once everyone has been introduced, present any work that has already been completed.
   1. If you have already completed a cycle, give a summary of each technology that you investigated and the results from any piloting.
   2. If this is the first cycle for the working group, present the information decided in Step 1.1.

Input

• Disruptive technology exploitation plan

Output

• Networking
• Brainstorming

Materials

• Meeting agenda

Participants

• Core working group
• Visionaries
• Facilitator

1.3.C Brainstorm about creating a better future for the company, the stakeholders, and the employees

30 minutes

1. Have everyone put up at least two ideas for each chart paper.
2. Go around the room and discuss their ideas. You may generate some new ideas here.

These generated ideas are organizational processes that can be improved or disrupted with emerging technologies. This list will be referenced throughout Phases 2 and 3.

Input

• Inspiration
• Anonymous ideas

Output

• List of processes

Materials

• Chart paper and markers
• Pen and paper

Participants

• Core working group
• Visionaries

1.3.D Begin brainstorming a longlist of future technology, and discuss how these technologies will impact the business

30 minutes

• Use the Disruptive Technology Research Database Tool to organize technologies and ideas. Longstanding working groups can track technologies here over the course of several years, updating the tool between meetings.
• Guide the discussion with the following questions, and make sure to focus on the processes generated from Step 1.2.d.

Focus on

The Technology

• What is the technology and what does it do?
• What processes can it support?

Experts and Other Organizations

• What are the vendors saying about the technology?
• Are similar organizations implementing the technology?

Your Organization

• Is the technology ready for wide-scale distribution?
• Can the technology be tested and implemented now?

The Technology’s Value

• Is there any indication of the cost of the technology?
• How much value will the technology bring?

Download the Disruptive Technology Database Tool

Input

• Inspiration
• List of processes

Output

• Initial longlist

Materials

• Chart paper and markers
• Pen and paper
• Disruptive Technology Research Database Tool

Participants

• Core working group
• Visionaries

1.3.E Explore these sources to generate your disruptive technology longlist for the next meeting

30 Minutes

There are many sources of information on new and emerging technology. Explore as many sources as you can.

Science fiction is a valid source of learning. It drives and is influenced by disruptive technology.

“…the inventor of the first liquid-fuelled rocket … was inspired by H.G. Wells’ science fiction novel War of the Worlds (1898). More recent examples include the 3D gesture-based user interface used by Tom Cruise’s character in Minority Report (2002), which is found today in most touch screens and the motion sensing capability of Microsoft’s Kinect. Similarly, the tablet computer actually first appeared in Stanley Kubrick’s 2001: A Space Odyssey (1968) and the communicator – which we’ve come to refer today as the mobile phone – was first used by Captain Kirk in Star Trek (1966).”
– Emmanuel Tsekleves, senior lecturer, University of Lancaster

Right sources: blogs, tech news sites, tech magazines, the tech section of business sites, popular science books about technology, conferences, trade publications, and vendor announcements

Quantity over quality: early research is not the time to dismiss ideas.

Discuss with your peers: spark new and innovative ideas

Insert a brief summary of how independent research is conducted in Section 2.1 of the Disruptive Technology Exploitation Plan Template.

1.3.E (Cont.) Explore these sources to generate your disruptive technology longlist for the next meeting

30 Minutes

There are many sources of information on new and emerging technology. Use this list to kick-start your search.

• Technology journalists and bloggers are often on top of disruptive technologies and trends. Some sources we used for compiling our longlist include:
  • Ars Technica
  • Singularity Hub
  • Singularity Weblog
  • KurzweilAI
  • TechRepublic / Innovation
  • Transforming Network Infrastructure
  • r/Futurology
  • WIRED
• Vendors are also a valuable source of information, especially if they host webinars or publish whitepapers.
• Explore different academic organizations such as the IEEE and the Association of Computing Machinery.

Connect with practitioners that are worth their weight in Reddit gold. Check out topic-based LinkedIn groups and subreddits such as r/sysadmin and r/tech. People experienced with technology frequent these groups.

YouTube is for more than cat videos. Many vendors use YouTube for distributing their previous webinars. There are also videos showcasing various technologies that are uploaded by lecturers, geeks, researchers, and other technology enthusiasts.

Test your reasonability. Check your “Think Like a Futurist” Tool

Resolve

Evaluate Disruptive Technologies

PHASE 2

Phase 2: Resolve

Evaluate disrupted technologies

Activities:

Step 2.1: Create and Winnow a Longlist
Step 2.2: Assess Shortlist

Info-Tech Insight

Long to short … that’s the short of it. Using SWOT, value readiness, and quadrant mapping review sessions will focus the longlist, creating a shortlist of potential PoC candidates to review and consider.

This step involves the following participants:

• Core working group
• Infrastructure Management

Outcomes of this step:

• Finalized longlist
• Finalized shortlist
• Initial analysis of each technology on the shortlist

Step 2.1

Create and winnow a longlist

Activities:

1. Converge everyone’s longlists
2. Narrow technologies from the longlist down to a shortlist using Info-Tech’s Disruptive Technology Shortlisting Tool
3. Use the shortlisting tool to help participants visualize the potential
4. Input the technologies on your longlist into the Disruptive Technology Shortlisting Tool to produce a shortlist

This step involves the following participants:

• Core working group members

Outcomes of this step:

• Finalized longlist
• Finalized shortlist
• Initial analysis of each technology on the shortlist

2.1 Organize a meeting with the core working group to combine your longlists and create a shortlist

1 hour

Plan enough time to talk about each technology on the list. Each technology was included for a reason.

• Start with the longlist. Review the longlist compiled at the initial meeting, and then have everyone present the lists that they independently researched.
• Focus on the company’s context. Make sure that the working group analyzes these disruptive technologies in the context of the organization.
• Start to compile the shortlist. Begin narrowing down the longlist by excluding technologies that are not relevant.

Disruptive Technology Exploitation Plan Template

2.1.A Converge the longlists developed by your team

90 minutes

• Start with the longlist developed at the initial meeting. Write this list on the whiteboard.
• If applicable, have a member present the longlist that was created in the last cycle. Remove technologies that:
  • Are no longer disruptive (e.g. have been implemented or rejected).
  • Have become foundational.
• Eliminate redundancy: remove items that are very similar.
• Have members “pitch” items on their lists:
  • Explain why their technologies will be disruptive (2-5 minutes maximum)
  • Add new technologies to the whiteboard
• Record the following for metrics:
  • Each presented technology
  • Reasons the technology could be disruptive
  • Source of the information
• Use Info-Tech’s Disruptive Technology Research Database Tool as a starting point.

Insert the final longlist into Section 2.2 of your Disruptive Technology Exploitation Plan Template.

Input

• Longlist developed at first meeting
• Independent research
• Previous longlist

Output

• Finalized longlist

Materials

• Disruptive Technology Research Database Tool
• Whiteboard and markers
• Virtual whiteboard

Participants

• Core working group

Review the list of processes that were brainstormed by the visionary group, and ask for input from others

• IT innovation is most highly valued by the C-suite when it improves business processes, reduces costs, and improves core products and services.
• By incorporating this insight into your working group’s analysis, you help to attract the attention of senior management and reinforce the group’s necessity.
• Any input you can get from outside of IT will help your group understand how technology can be disruptive.
  • Visionaries consulted in Phase 1 are a great source for this insight.
• The list of processes that they helped to brainstorm in Step 1.2 reflects processes that can be impacted by technology.
• Info-Tech’s research has shown time and again that both CEOs and CIOs want IT to innovate around:
  • Improving business processes
  • Improving core products and services
  • Reducing costs

N=364 CXOs & CIOs from the CEO-CIO Alignment Diagnostic Questions were asked on a 7-point scale of 1 = Not at all to 7 = Very strongly. Results are displayed as percentage of respondents selecting 6 or 7.

Info-Tech Insight

The disruptive tech team is prestigious. If your organization is large enough or has the resources, consider having this meeting in an offsite location. This will drive excitement to join the working group if the opportunity arises and incentivize good work.

2.1.B Narrow technologies from the longlist down to a shortlist using Info-Tech’s Disruptive Technology Shortlisting Tool

90 minutes

To decide which technology has potential for your organization, have the working group or workshop participants evaluate each technology:

1. Record each potentially disruptive technology in the longlist on a whiteboard.
2. Making sure to carefully consider the meaning of the terms, have each member of the group evaluate each technology as “high” or “low” along each of the axes, innovation and transformation, on a piece of paper.
3. The facilitator collects each piece of paper and inputs the results by technology into the Disruptive Technology Shortlisting Tool.

Insert the final shortlist into Section 2.2 of your Disruptive Technology Exploitation Plan Template.

Input

• Longlist
• Futurist brainstorming

Output

• Shortlist

Materials

• Disruptive Technology Research Database Tool
• Whiteboard and markers
• Virtual whiteboard

Participants

• Core working group

Disruptive technologies are innovative and transformational

Info-Tech Insight

Technology can be transformational but not innovative. Not every new technology is disruptive. Even where technology has improved the efficiency of the business, if it does this in an incremental way, it might not be worth exploring using this storyboard.

2.1.C Use the shortlisting tool to help participants visualize the potential

1 hour

Use the Disruptive Technology Shortlisting Tool, tabs 2 and 3.

Assign quadrants

• Input group members’ names and the entire longlist (up to 30 technologies) into tab 2 of the Disruptive Technology Shortlisting Tool.
• On tab 3 of the Disruptive Technology Shortlisting Tool, input the quadrant number that corresponds to the innovation and transformation scores each participant has assigned to each technology.

Note

This is an assessment meant to serve as a guide. Use discretion when moving forward with a proof-of-concept project for any potentially disruptive technology.

2.1.D Use the Disruptive Technology Shortlisting Tool to produce a shortlist

1 hour

Use the Disruptive Technology Shortlisting Tool, tabs 3 and 4.

Use the populated matrix and the discussion list to arrive at a shortlist of four to six potentially disruptive technologies.

• The tool populates each quadrant based on how many votes it received in the voting exercise.
• Technologies selected for a particular quadrant by a majority of participants are placed in the quadrant on the graph. Where there was no consensus, the technology is placed in the discussion list.
• Technologies in the upper right quadrant – high transformation and high innovation – are more likely to be good candidates for a proof-of-concept project. Those in the bottom left are likely to be poor candidates, while those in the remaining quadrants are strong on one of the axes and are unlikely candidates for further systematic evaluation.

Input the results of the vote into tab 3 of the Disruptive Technology Shortlisting Tool.

View the results on tab 4.

Phase 2: Resolve

Evaluate disrupted technologies

Activities:

Step 2.1: Create and Winnow a Longlist
Step 2.2:- Assess Shortlist

This step involves the following participants:

• Core working group
• Infrastructure Management

Outcomes of this step:

• Finalized longlist
• Finalized shortlist
• Initial analysis of each technology on the shortlist

Assess Shortlist

Activities:

1. Assess the value of each technology to your organization by breaking it down into quality and cost
2. Investigate the overall readiness of the technologies on the shortlist
3. Interpret each technology’s value score
4. Conduct a SWOT analysis for each technology on the shortlist
5. Use Info-Tech’s disruptive technology shortlist analysis to visualize the tool’s outputs
6. Select the shortlisted technologies you would like to move forward with

This step involves the following participants:

• Core working group members
• IT Management

Outcomes of this step:

• Finalized shortlist
• Initial analysis of each technology on the shortlist

2.2 Evaluate technologies based on their value and readiness, and conduct a SWOT analysis for each one

Use the Disruptive Technology Value-Readiness and SWOT Analysis Tool

• A technology monitor diagram prioritizes investment in technology by analyzing its readiness and value.
  • Readiness: how close the technology is to being practical and implementable in your industry and organization.
  • Value: how worthwhile the technology is, in terms of its quality and its cost.
• Value and readiness questionnaires are included in the tool to help determine current and future values for each, and the next four slides explain the ratings further.
• Categorize technology by its value-readiness score, and evaluate how much potential value each technology has and how soon your company can realize that value.
• Use a SWOT analysis to qualitatively evaluate the potential that each technology has for your organization in each of the four categories (strengths, weaknesses, opportunities, and threats).

The technology monitor diagram appears in tab 9 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

2.2.A Assess the value of each technology to your organization by breaking it down into quality and cost

1 hour

Update the Disruptive Technology Value-Readiness and SWOT Analysis Tool, tab 4.

Populate the chart to produce a score for each technology’s overall value to the company conceptualized as the interaction of quality and cost.

The value assessment is part of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

Info-Tech Insight

Watch your costs: Technology that seems cheap at first can actually be expensive over time. Be sure to account for operational and opportunity costs as well.

2.2.B Investigate the overall readiness of the technologies on the shortlist

1 hour

Update the Disruptive Technology Value-Readiness and SWOT Analysis Tool, tab 4.

Overall Readiness

Age

How much time has the technology had to mature? Older technology is more likely to be ready for adoption.

Venture Capital

The amount of venture capital gathered by important firms in the space is an indicator of market faith.

Market Size

How big is the market for the technology? It is more difficult to break into a giant market than a niche market.

Market Players

Have any established vendors (Microsoft, Facebook, Google, etc.) thrown their weight behind the technology?

Fragmentation

A large number of small companies in the space indicates that the market has yet to reach equilibrium.

The readiness assessment is part of the Disruptive Technology Value-Readiness and SWOT Analysis Tool

Use a variety of sources to populate the chart

Google is your friend: search each shortlisted technology to find details about its development and important vendors.

Websites like Crunchbase, VentureBeat, and Mashable are useful sources for information on the companies involved in a space and the amount of money they have each raised.

2.2.C Interpret each technology’s value score

1 hour

Insert the result of the SWOT analysis into tab 7 of Info-Tech’s Disruptive Technology Value-Readiness and SWOT Analysis Tool.

Visualize the results of the quality-cost analysis

• Quality and cost are independently significant; it is essential to understand how each technology stacks up on the axes.
• Use tab 6 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool for an illustration of how quality and cost interact to produce each technology’s final position on the tech monitor graph.
• Remember: the score is notional and reflects the values that you have assigned. Be sure to treat it accordingly.

Green represents a technology that scores extremely high on one axis or the other, or quite high on both. These technologies are the best candidates for proof-of-concept projects from a value perspective.

Red represents a technology that has scored very low on both axes. These technologies will be expensive, time consuming, and of poor quality.

Yellow represents the fuzzy middle ground. These technologies score moderately on both axes. Be especially careful when considering the SWOT analysis of these technologies.

2.2.D Conduct a SWOT analysis for each technology on the shortlist

1 hour

Use tab 6 of the Disruptive Technology Value-Readiness and SWOT Analysis Tool.

A formal process for analyzing disruptive technology is the only way to ensure that it is taken seriously.

Write each technology as a heading on a whiteboard. Spend 10-15 minutes on each technology conducting a SWOT analysis together.

Consider four categories for each technology:

• Strengths: Current uses of the technology or supporting technology and ways in which it helps your organization.
• Weaknesses: Current limitations of the technology and challenges or barriers to adopting it in your organization.
• Opportunities: Potential uses of the technology, especially as it advances or improves.
• Threats: Potential negative disruptions resulting from the technology, especially as it advances or improves.

The list of processes generated at the cycle’s initial meeting is a great source for opportunities and threats.

Disruptive Technology Value-Readiness and SWOT Analysis Tool

2.2.E Use Info-Tech’s disruptive technology shortlist analysis to visualize the tool’s outputs

1 hour

Disruptive Technology Value-Readiness and SWOT Analysis Tool, tab 9

The tool’s final tab displays the results of the value-readiness analysis and the SWOT analysis in a single location.

Insert the shortlist analysis report into Section 3 of your Disruptive Technology Exploitation Plan Template.

2.2.F Select the shortlisted technologies you would like to move forward with

1 hour

Present your findings to the working group.

• The Disruptive Technology Value-Readiness and SWOT Analysis Tool aggregates your inputs in an easy-to-read, consistent way.
• Present the tool’s outputs to members of the core working group.
• Explain the scoring and present the graphic to the group. Go over each technology’s strengths and weaknesses as well as the opportunities and threats it presents/poses to the organization.
• Go through the proof-of-concept planning phase before striking any technologies from the list.

Info-Tech Insight

A technology’s exceptional value and immediate usability make it the best. A technology can be promising and compelling, but it is unsuitable unless it can bring immediate and exceptional value to your organization. Don’t get caught up in the hype.

Evaluate

Create an Action Plan to Exploit Disruptive Technologies

PHASE 3

Phase 3: Evaluate

Create an Action Plan to Exploit Disruptive Technologies

Activities:

Step 3.1: Create Process Maps
Step 3.2: Develop Proof of Concept Charter

This step involves the following participants:

• Core working group
• Infrastructure Management
• Working group leader
• CIO

Outcomes of this step:

• Business process maps before and after disruption
• Proof of concept charter
• Key performance indicators
• Estimation of required resources

Step 3.1

Create Process Maps

Activities:

1. Creating a problem canvas by identifying stakeholders, jobs, pains, and gains
2. Clarify the problem the proof-of-concept project will solve
3. Identify jobs and stakeholders
4. Outline how disruptive technology will solve the problem
5. Map business processes
6. Identify affected business units
7. Outline and map the business processes likely to be disrupted
8. Recognize how the new technology will impact business processes
9. Make the case: Outline why the new business process is superior to the old

This step involves the following participants:

• Working group leader
• CIO

Outcomes of this step:

• Business process maps before and after disruption

3.1 Create an action plan to exploit disruptive technologies

Clarify the problem in order to make the case. Fill in section 1.1 of Info-Tech’s Proof of Concept Template to clearly outline the problem each proof of concept is designed to solve.

Establish roles and responsibilities. Use section 1.2 of the template to outline the roles and responsibilities that fall to each member of the team. Ensure that clear lines of authority are delineated and that the list of stakeholders is exhaustive: include the executives whose input will be required for project approval, all the way to the technicians on the frontline responsible for implementing it.

Outline the solution to the problem. Demonstrate how each proof-of-concept project provides a solution to the problem outlined in section 1.1. Be sure to clarify what makes the particular technology under investigation a potential solution and record the results in section 1.3.

Use the Proof of Concept Project Template to track the information you gather throughout Phase 3.

3.1.A Creating a problem canvas by identifying stakeholders, jobs, pains, and gains

2 hours

Instructions:

1. On a whiteboard, draw the visual canvas supplied below.
2. Select your issue area, and list jobs, pains, and gains in the associated sections.
3. Record the pains, jobs, and gains in sections 1.1-1.3 of the Proof of Concept Template.

Gains

1. More revenue

2. Job security

3. ……

Jobs

1. Moving product

2. Per sale value

3. ……

Pains

1. Clunky website

2. Bad site navigation

3. ……

Input

• Inspiration
• Anonymous ideas

Output

• List of processes

Materials

• Chart paper and markers
• Pen and paper

Participants

• Core working group
• Visionaries

3.1.B Clarify the problem the proof-of-concept project will solve

2 hours

What is the problem?

• Every technology is designed to solve a problem faced by somebody somewhere. For each technology that your team has decided to move forward with, identify and clearly state the problem it would solve.
• A clear problem statement is a crucial part of a new technology’s business case. It is impossible to earn buy-in from the rest of the organization without demonstrating the necessity of a solution.
• Perfection is impossible to achieve: during the course of their work, everyone encounters pain points. Identify those pain points to arrive at the problem that needs to be solved.

Example:

List of pains addressed by conversational commerce:

• Search functions can be clunky and unresponsive.
• Corporate websites can be difficult to navigate.
• Customers are uncomfortable in unfamiliar internet environments.
• Customers do not like waiting in a long queue to engage with customer service representatives when they have concerns.

“If I were given one hour to solve a problem, I would spend 59 minutes defining the problem and one minute resolving it.”
– Albert Einstein

Input the results of this exercise into Section 1.1 of the Proof of Concept Template.

3.1.C Identify jobs and stakeholders

1 hour

Jobs

Job: Anything that the “customer” (the target of the solution) needs to get done but that is complicated by a pain.

Examples:
The job of the conversational commerce interface is to make selling products easier for the company.
From the customer perspective, the job of the conversational interface is to make the act of purchasing a product simpler and easier.

Stakeholders

Stakeholder: Anyone who is impacted by the new technology and who will end up using, approving, or implementing it.

Examples:
The executive is responsible for changing the company’s direction and approving investment in a new sales platform.
The IT team is responsible for implementing the new technology.
Marketing will be responsible for selling the change to customers.
Customers, the end users, will be the ones using the conversational commerce user interface.

Input the results of this exercise into Section 1.2 of the Proof of Concept Template.

Info-Tech Insight

Process deconstruction reveals strengths and weaknesses. Promising technology should improve stakeholders’ abilities to do jobs.

3.1.D Outline how disruptive technology will solve the problem

1 hour

How will the technology in question make jobs easier?

• How will the disruptive technology you have elected to move forward with create gains for the organization?
• First, identify the gains that are supposed to come with the project. Consider the benefits that the various stakeholders expect to derive from the jobs identified.
• Second, make note of how the technology in question facilitates the gains you have noted. Be sure to articulate the exclusive features of the new technology that make it an improvement over the current state.

Note: The goal of this exercise is to make the case for a particular technology. Sell it!

Expected Gain: Increase in sales.

Conversational Commerce’s Contribution: Customers are more likely to purchase products using interfaces they are comfortable with.

Expected Gain: Decrease in costs.

Conversational Commerce’s Contribution: Customers who are satisfied with the conversational interface are less likely to interact with live agents, saving labor costs.

Input the results of this exercise into Section 1.3 of the Proof of Concept Template.

3.1.E Map business processes

1 hour

Map the specific business processes the new technology will impact.

• Disruptive technologies will impact a wide variety of business processes.
• Map business processes to visualize what parts of your organization (departments, silos, divisions) will be impacted by the new technology, should it be adopted after the proof of concept.
• Identify how the disruption will take place.
• Demonstrate the value of each technology by including the results of the Disruptive Technology Value-Readiness and SWOT Analysis Tool with your process map.

Use the Proof of Concept Project Template to track the information you gather throughout Phase 3.

3.1.F Identify affected business units

30 minutes per technology

Disruptive technology will impact business units.

• Using the stakeholders identified earlier in the project, map each technology to the business units that will be affected.
• Make your list exhaustive. While some technologies will have a limited impact on the business as a whole, others will have ripple effects throughout the organization.
• Examine affected units at all scales: How will the technology impact operations at the team level? The department level? The division level?

“The disruption is not just in the technology. Sometimes a good business model can be the disruptor.”
– Jason Hong, Associate Professor, Carnegie Mellon

Example:

• Customer service teams: Conversational commerce will replace some of the duties of the customer service representative. They will have to reorganize to account for this development.
• IT department: The IT department will be responsible for building/maintaining the conversational interface (or, more likely, they will be responsible for managing the contract with the vendor).
• Sales analytics: New data from customers in natural language might provide a unique opportunity for the analytics team to develop new initiatives to drive sales growth.

Input the results of this exercise into Section 2.1 of the Proof of Concept Template.

3.1.G Outline and map the business processes likely to be disrupted

15 minutes per technology

Leverage the insights of the diverse working group.

• Processes are designed to transform inputs into outputs. All business activities can be mapped into processes.
• A process map illustrates the sequence of actions and decisions that transform an input into an output.
• Effective mapping gives managers an “aerial” view of the company’s processes, making it easier to identify inefficiencies, reduce waste, and ultimately, streamline operations.
• To identify business processes, have group members familiar with the affected business units identify how jobs are typically accomplished within those units.

“To truly understand a business process, we need information from both the top-down and bottom-up points of view. Informants higher in the organizational hierarchy with a strategic focus are less likely to know process details or problems. But they might advocate and clearly articulate an end-to-end, customer-oriented philosophy that describes the process in an idealized form. Conversely, the salespeople, customer service representatives, order processors, shipping clerks, and others who actually carry out the processes will be experts about the processes, their associated documents, and problems or exception cases they encounter.”
– Robert J. Glushko, Professor at UC Berkeley and Tim McGrath, Business Consultant

Info-Tech Insight

Opinions gathered from a group that reflect the process in question are far more likely to align with your organization’s reality. If you have any questions about a particular process, do not be afraid to go outside of the working group to ask someone who might know.

3.1.G Outline and map the business processes likely to be disrupted (continued)

15 minutes per technology

Create a simple diagram of identified processes.

• Use different shapes to identify different points in the process.
• Rectangles represent actions, diamonds represent decisions.
• On a whiteboard, map out the actions and decisions that take place to transform an input into an output.
• Input the result into section 2.2 of the Proof of Concept Template.

Source: Edraw Visualization Solutions

Example: simplified process map

1. User: visits company website
2. User: engages search function or browses links
3. User: selects and purchases product from a menu
4. Company: ships product to customer

3.1.H Recognize how the new technology will impact business processes

15 minutes per technology

Using the information gleaned from the previous activities, develop a new process map that takes the new technology into account.

Identify the new actions or decisions that the new technology will affect.

User: selects and purchases product from a menu; Company: ships product to customer; Company: ships product to customer">

Info-Tech Insight

It’s ok to fail! The only way to know you’re getting close to the “knee of curve" is from multiple failed PoC tests. The more PoC options you have, the more likely it will be that you will have two to three successful results.

3.1.I Make the case: Outline why the new business process is superior to the old

15 minutes per technology

Articulate the main benefits of the new process.

• Using the revised process map, make the case for each new action.
• Questions to consider: How does the new technology relieve end-user/customer pains? How does the new technology contribute to the streamlining of the business process? Who will benefit from the new action? What are the implications of those benefits?
• Record the results of this exercise in section 2.4 of the Proof of Concept Template.

Info-Tech Insight

If you cannot articulate how a new technology will benefit a business process, reconsider moving forward with the proof-of-concept project.

Phase 3: Evaluate

Create an Action Plan to Exploit Disruptive Technologies

Activities:

Step 3.1: Create Process Maps
Step 3.2: Develop Proof of Concept Charter

Develop Proof of Concept Charter

This step involves the following participants:

• Core working group
• Infrastructure Management
• Working group leader
• CIO

Outcomes of this step:

• Business process maps before and after disruption
• Proof of concept charter
• Key performance indicators
• Estimation of required resources

Step 3.2

Develop Proof of Concept Charter

Activities:

1. Use SMART success metrics to define your objectives
2. Develop key performance indicators (KPIs)
3. Identify key success factors for the project
4. Outline the project’s scope
5. Identify the structure of the team responsible for the proof-of-concept project
6. Estimate the resources required by the project
7. Be aware of common IT project concerns
8. Communicate your working group’s findings and successes to a wide audience
9. Hand off the completed proof-of-concept project plan
10. Disruption is constant: Repeat the evaluation process regularly to protect the business

This step involves the following participants:

• Working group leader
• CIO

Outcomes of this step:

• Proof of concept charter
• Key performance indicators
• Estimation of required resources

3.2 Develop a proof of concept charter

Keep your proof of concept on track by defining five key dimensions.

1. Objective: Giving an overview of the planned proof of concept will help to focus and clarify the rest of this section. What must the proof of concept achieve? Objectives should be: specific, measurable, attainable, relevant, and time bound. Outline and track key performance indicators.
2. Key Success Factors: These are conditions that will positively impact the proof of concept’s success.
3. Scope: High-level statement of scope. More specifically, state what is in scope and what is out of scope.
4. Project Team: Identify the team’s structure, e.g. sponsors, subject-matter experts.
5. Resource Estimation: Identify what resources (time, materials, space, tools, expertise, etc.) will be needed to build and socialize your prototype. How will they be secured?

Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

3.2.A Use SMART success metrics to define your objectives

Examples:

1. Increase in sales by $40,000 per month by the end of next quarter.
2. Immediate increase in web traffic by 600 unique page views per day.
3. Number of pilots approved per year.
4. Number of successfully deployed solutions per year.

Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

3.2.B Develop key performance indicators (KPIs)

30 minutes per technology

Key performance indicators allow for rigorous analysis, which generates insight into utilization by platform and consumption by business activity.

• Use the process improvements identified in step 3.1 to brainstorm metrics that indicate when process improvement is actually taking place.
• Have members of the group pitch KPIs; the facilitator should record each suggestion on a whiteboard.
• Make sure to have everyone justify the inclusion of each metric: How does it relate to the improvement that the proof of concept project is intended to drive? How does it relate to the overall goals of the business?
• Include a list of KPIs, along with a description and a target (ensuring that it aligns with SMART metrics) in section 3.1 of the Proof of Concept Template.

“An estimated 70% of performance measurement systems fail after implementation. Carefully select your KPIs and avoid this trap!”
Source: Collins et al. 2016

Input the results of this exercise into Section 3.1 of the Proof of Concept Template.

3.2.C Identify key success factors for the project

30 minutes per technology

Effective project management involves optimizing four key success factors (Clarke, 1999)

• Communication: Communicate the expected changes to stakeholders, making sure that everyone who needs to know does know. Example: Make sure customer service representatives know their duties will be impacted by the conversational UI well before the proof-of-concept project begins.
• Clarity: All involved in the project should be apprised of what the project is intended to accomplish and what the project is not intended to accomplish. Example: The conversational commerce project is not intended to be rolled out to the entire customer base all at once; it is not intended to disrupt normal online sales.
• Compartmentalization: The working group should suggest some ways that the project can be broken down to facilitate its effective implementation. Example: Sales provides details of customers who might be amenable to a trial, IT secures a vendor, customer service writes a script.
• Flexibility: The working group’s final output should not be treated as gospel. Ensure that the document can be altered to account for unexpected events. Example: The conversational commerce platform might drive sales of a particular product more than others, necessitating adjustments at the warehouse and shipping level.

Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

3.2.D Outline the project’s scope

10 minutes per technology

Create a high-level outline of the project’s scope.

• Questions to consider: Broadly speaking, what are the project’s goals? What is the desired future state? Where in the company will the project be rolled out? What are some of the company’s goals that the project is not designed to cover?
• Be sure to avoid scope creep! Remember: The goal of the proof-of-concept project is to produce a minimum case for viability in a carefully defined area. Reserve a detailed accounting of costs and benefits for the post-proof-of-concept stage.
• Example: The conversational user interface will only be rolled out in an e-commerce setting. Other business units (HR, for example) are beyond the scope of this particular project.

“Although scope creep is not the only nemesis a project can have, it does tend to have the farthest reach. Without a properly defined project and/or allowing numerous changes along the way, a project can easily go over budget, miss the deadline, and wreak havoc on project success.”
– University Alliance, Villanova University

Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

3.2.E Identify the structure of the team responsible for the proof-of-concept project

10 minutes per technology

Brainstorm who will be involved in project implementation.

• Refer back to the list of stakeholders identified in 3.1.a. Which stakeholders should be involved in implementing the proof-of-concept plan?
• What business units do they represent?
• Who should be accountable for the project? At a high level, sketch the roles of each of the participants. Who will be responsible for doing the work? Who will approve it? Who needs to be informed at every stage? Who are the company’s internal subject matter experts?

Example

Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

3.2.F Estimate the resources required by the project

10 minutes per technology

Time and Money

• Recall: Costs can be operational, capital, or opportunity.
• Revisit the Disruptive Technology Value-Readiness and SWOT Analysis Tool. Record the capital and operational expenses expected to be associated with each technology, and add detail where possible (use exact figures from particular vendors instead of percentages).
• Write the names and titles of each expected participant in the project on a whiteboard. Next to each name, write the number of hours they are expected to devote to the project and include a rough estimate of the cost of their participation to the company. Use full-time employee equivalent (FTE measures) as a base.
• Outline how other necessary resources (space, tools, expertise, etc.) will be secured.

Example: Conversational Commerce

• OpEx: $149/month + 2.9¢/transaction* (2,000 estimated transactions)
• CapEx: $0!
• IT Manager: 5 hours at $100/hour
• IT Technician: 40 hours at $45/hour
• CMO: 1 hour at $300/hour
• Customer Service Representative: 10 hours at $35/hour
• *Estimated total cost for a one-month proof-of-concept project: $3,157

*This number is a sample taken from the vendor Rhombus

Input the results of this exercise into Section 3.0 of the Proof of Concept Template.

3.2.G Be aware of common IT project concerns

Of projects that did not meet business expectations or were cancelled, how significant were the following issues?

This survey data did not specifically address innovation projects.

• Disruptive technology projects will be under increased scrutiny in comparison to other projects.
• Be sure to meet deadlines and stay within budget.
• Be cognizant that your projects can go out of scope, and there will be projects that may have to be cancelled due to low quality. Remember: Even a failed test is a learning opportunity!

Info-Tech’s CIO-CEO Alignment Survey, N=225

Organization size was determined by the number of IT employees within the organization

Small = 10 or fewer IT staff, medium = 11 to 25 IT staff, and large/enterprise = 26 or greater IT staff

3.2.H Communicate your working group’s findings and successes to a wide audience

Advertise the group’s successes and help prevent airline magazine syndrome from occurring.

• Share your group’s results internally:
  • Run your own analysis by senior management and then share it across the organization.
  • Maintain a list of technologies that the working group has analyzed and solicit feedback from the wider organization.
  • Post summaries of the technologies in a publicly available repository. The C-suite may not read it right away, but it will be easy to provide when they ask.
  • If senior management has declined to proceed with a certain technology, avoid wasting time and resources on it. However, include notes about why the technology was rejected.
• These postings will also act as an advertisement for the group. Use the garnered interest to attract visionaries for the next cycle.
• These postings will help to reiterate the innovative value of the IT department and help bring you to the decision-making table.

“Some CIOs will have to battle the bias that they belong in the back office and shouldn’t be included in product architecture planning. CIOs must ‘sell’ IT’s strength in information architecture.”
– Chris Curran, Chief Technologist, PwC (Curran, 2014)

Info-Tech Insight

Cast a wide net. By sharing your results with as many people as possible within your organization, you’ll not only attract more attention to your working group, but you will also get more feedback and ideas.

3.2.I Hand off the completed proof-of-concept project plan

The proof of concept template is filled out – now what?

• The core working group is responsible for producing a vision of the future and outlining new technology’s disruptive potential. The actual implementation of the proof of concept (purchasing the hardware, negotiating the SLA with the vendor) is beyond the working group’s responsibilities.
• If the proof of concept goes ahead, the facilitator should block some time to evaluate the completed project against the key performance indicators identified in the initial plan.
• A cure for airline magazine syndrome: Be prepared when executives ask about new technology. Present them with the results of the shortlist analysis and the proof-of-concept plan. A clear accounting of the value, readiness, strengths, weaknesses, opportunities, and threats posed by each technology, along with its impact on business processes, is an invaluable weapon against poor technology choices.

Use section 3.2.b to identify the decision-making stakeholder who has the most to gain from a successful proof-of-concept project. Self-interest is a powerful motivator – the project is more likely to succeed in the hands of a passionate champion.

Info-Tech Insight

Set a date for the first meeting of the new iteration of the disruptive technology working group before the last meeting is done. Don’t risk pushing it back indefinitely.

3.2.J Hand off the completed proof-of-concept project plan

Record the results of the proof of concept. Keep track of what worked and what didn’t.

Repeat the process regularly.

• Finalize the proof of concept template, but don’t stop there: Keep your ear to the ground; follow tech developments using the sources identified in step 1.2.
• Continue expanding the potential longlist with independent research: Be prepared to expand your longlist. Remember, the more technologies you have on the longlist, the more potential airline magazine syndrome cures you have access to.
• Have the results of the previous session’s proof of concept plan on hand: At the start of each new iteration, conduct a review. What technologies were successful beyond the proof of concept phase? Which parts of the process worked? Which parts did not? How could they be improved?

Info-Tech Insight

The key is in anticipation. This is not a one-and-done exercise. Technology innovation operates at a faster pace than ever before, well below the Moores Law "18 month" timeline as an example. Success is in making EDIT a repeatable process.

Related Info-Tech Research

Define Your Digital Business Strategy
After a major crisis, find your place in the digital economy.

Develop a Project Portfolio Management Strategy
Drive project throughput by throttling resource capacity.

Adopt Design Thinking in Your Organization
Innovation needs design thinking.

Digital Maturity Improvement Service
Prepare your organization for digital transformation – or risk falling behind.

Research contributors and experts

Nitin Babel, Co-Founder, niki.ai

Nitin Babel, MSc, co-created conversational commerce platform niki.ai in early 2015. Since then, the technology has been featured on the front page of the Economic Times, and has secured the backing of Ratan Tata, former chairman of the Tata Group, one of the largest companies in the world.

Mark Hubbard, Senior Vice President, FirstOnSite

Mark is the SVP for Information Technology in Canada with FirstOnSite, a full service disaster recovery and property restoration company. Mark has over 25 years of technology leadership guiding global organizations through the development of strategic and tactical plans to strengthen their technology platforms and implement business aligned technology strategies.

Chris Green, Enterprise Architect, Boston Private
Chris is an IT architect with over 15 years’ experience designing, building, and implementing solutions. He is a results-driven leader and contributor, skilled in a broad set of methods, tools, and platforms. He is experienced with mobile, web, enterprise application integration, business process, and data design.

Andrew Kope, Head of Data Analytics
Big Blue Bubble
Andrew Kope, MSc, oversees a team that develops and maintains a user acquisition tracking solution and a real-time metrics dashboard. He also provides actionable recommendations to the executive leadership of Big Blue Bubble – one of Canada’s largest independent mobile game development studios.

Jason Hong, Associate Professor, School of Computer Science, Human-Computer Interaction Institute, Carnegie Mellon University

Jason Hong is a member of the faculty at Carnegie Mellon’s School of Computer Science. His research focus lies at the intersection of human-computer interaction, privacy and security, and systems. He is a New America National Cyber Security Fellow (2015-2017) and is widely published in academic and industry journals.

Tim Lalonde, Vice President, Mid-Range

Tim Lalonde is the VP of Technical Operations at Mid-Range. He works with leading-edge companies to be more competitive and effective in their industries. He specializes in developing business roadmaps leveraging technology that create and support change from within — with a focus on business process re-engineering, architecture and design, business case development and problem-solving. With over 30 years of experience in IT, Tim’s guiding principle remains simple: See a problem, fix a problem.

Jon Mavor, Co-Founder and CTO, Envelop VR
Jon Mavor is a programmer and entrepreneur, whose past work includes writing the graphics engine for the PC game Total Annihilation. As Chief Technology Officer of Envelop VR, a virtual reality start-up focused on software for the enterprise, Jon has overseen the launch of Envelop for Windows’s first public beta.

Dan Pitt, President, Palo Alto Innovation Advisors
Dan Pitt is a network architect who has extensive experience in both the academy and industry. Over the course of his career, Dan has served as Executive Director of the Open Networking Foundation, Dean of Engineering at Santa Clara University, Vice President of Technology and Academic Partnerships at Nortel, Vice President of the Architecture Lab at Bay Networks, and, currently, as President of Palo Alto Innovation Advisors, where he advises and serves as an executive for technology start-ups in the Palo Alto area and around the world.

Courtney Smith, Co-Founder, Executive Creative Director
PureMatter
Courtney Smith is an accomplished creative strategist, storyteller, writer, and designer. Under her leadership, PureMatter has earned hundreds of creative awards and been featured in the PRINT International Design Annual. Courtney has juried over 30 creative competitions, including Creativity International. She is an invited member of the Academy of Interactive and Visual Arts.

Emmanuel Tsekleves, Senior Lecturer in Design Interactions, University of Lancaster
Dr. Emmanuel Tsekleves is a senior lecturer and writer based out of the United Kingdom. Emmanuel designs interactions between people, places, and products by forging creative design methods along with digital technology. His design-led research in the areas of health, ageing, well-being, and defence has generated public interest and attracted media attention by the national press, such as the Daily Mail, Daily Mirror, The Times, the Daily Mail, Discovery News, and several other international online media outlets.

Bibliography

Airini Ab Rahman. “Emerging Technologies with Emerging Effects; A Review”. Universiti Teknologi Malaysia. PERINTIS eJournal, June 2017. Web.

Anthony, Scott. “Kodak’s Downfall Wasn’t About Technology.” Harvard Business Review, 15 July 2016. Web.

ARM. The Intelligent Flexible Cloud. 26 Feb. 2015. Web.

Association of Computing Machinery. Communications of the ACM, n.d. Web.

Barnett, Thomas. “Three Mobile Trends to Watch.” Cisco Blogs, 3 Feb. 2015. Web.

Batelle, John. “The 70 Percent Solution.” CNN, 1 Dec 2005. Web.

Booz Allen Hamilton. Managing Technological Change: 7 Ways to Talk Tech with Management, n.d. Web.

Brynjolfsson, Erik, and Andrew McAfee. The Second Machine Age: Work, Progress, and Prosperity in a Time of Brilliant Technologies. W. W. Norton, 2014. Print.

Christensen, Clayton M. “What is Disruptive Innovation?” Harvard Business Review, Dec 2015. Web.

Christensen, Clayton M. and James Euchner. “Managing Disruption: An Interview With Clayton Christensen.” Research-Technology Management, 22 Dec 2015. vol. 54, no. 1. Web.

Christensen, Clayton M., Rory McDonald, and Elizabeth J. Altman. “Disruptive Innovation: An Intellectual History and Directions for Future Research”. Wiley Online Library. Web.

Christensen, Clayton M., Taddy Hall, Karen Dillon, and David S. Duncan. “Know Your Customers’ Jobs to be Done.” Harvard Business Review, Sept. 2016. Web.

Cisco. “Cisco Annual Internet Report.” n.d. Web.

Cisco. Cisco Visual Networking Index: Forecast and Methodology, 2014-2019, 27 May 2015. Web.

Clark, Steven. “Elon Musk hopes SpaceX will send humans to Mars in 2024.” Spaceflight Now, 2 June 2016. Web.

Clarke, Angela. “A practical use of key success factors to improve the effectiveness of project management,” International Journal of Project Management, June 1999 (17): 139-145.

Collins, Andrew L., Patrick Hester, Barry Ezell, and John Horst. “An improvement selection methodology for key performance indicators.” Environmental Systems and Decisions, June 2016, 36 (2): 196-208.

Computer Sciences Corporation. CSC Global CIO Survey: 2014-2015: CIOs Emerge as Disruptive Innovators: An Annual Barometer of Global CIOs’ Plans, Priorities, Threats, and Opportunities, 2014. Web.

Constine, John. “Voice is Chat’s Next Battleground.” TechCrunch, 19 Sept. 2016. Web.

Cressman, Daryl. “Disruptive Innovation and the Idea of Technology”. Maastricht University, June 2019. Web.

Crown Prosecution Service. A Guide to Process Mapping and Improvement. n.d. Web.

Curran, Chris. “The CIO’s Role in the Internet of Things.” PwC, 13 Mar. 2014. Web.

Darbha, Sheta, Mike Shevenell, and Jason Normandin. “Impact of Software-Defined Networking on Infrastructure Management.” CA Technology Exchange, 4.3, Nov. 2013, pp. 33-43. Web.

Denecken, Sven. Conquering Disruption Through Digital Transformation: Technologies, Leadership Strategies, and Best Practices to Create Opportunities for Innovation. SAP, 2014. Web.

DHL Trend Research and Cisco Consulting Services. Internet of Things in Logistics: A Collaborative Report by DHL and Cisco on Implications and Use Cases for the Logistics Industry, 2015. Web.

Dirican, Cüneyt. “The Impacts of Robotics, Artificial Intelligence on Business and Economics.” Procedia: Social and Behavioral Sciences, vol. 195, 2015, pp. 564-573. Web.

Edraw Visualization Solutions. Examples of Flowcharts, Org Charts and More. “Cross-Function Flowchart Examples – Service Flowchart.”

Emerson. Data Center 2025: Exploring the Possibilities, 2014. Web.

Ericsson. Next-Generation Data Center Infrastructure, Feb. 2015. Web.

Eurotech. Connecting M2M Applications to the Cloud to Bolster Hardware Sales, 2014. Web.

Evans Gary, Llewellyn. “Disruptive Technology and the Board: The Tip of the Iceberg”. Economics and Business Review, n.d. Web.

Evans Gary, Llewellyn. “Disruptive Technology and the Board: The Tip of the Iceberg”. Economics and Business Review, n.d. Web.

Gage, Deborah. “The Venture Capital Secret: 3 Out of 4 Start-Ups Fail.” Wall Street Journal, 20 Sept. 2012. Web.

Garvin, David A. “Competing on the Eight Dimensions of Quality.” Harvard Business Review, November 1987. Web.

Gibbs, Colin. Augmented Reality in the Enterprise: Opportunities and Challenges. Gigaom Research, 26 Jan. 2015. Web.

Glushko, Robert J. and Tim McGrath. Document Engineering: Analyzing and Designing Documents for Business Informatics and Web Services. MIT Press, 2005.

Hadfield, Tom. “Facebook’s Messenger Bot Store could be the most important launch since the App Store.” TechCrunch, 17 March 2016. Web.

Healey, Nic. “Microsoft's mixed reality vision: 80 million devices by 2020.” CNET, 1 June 2016. Web.

Hewlett-Packard. Go Beyond Cost Reduction: Use Robotic Process Automation, Oct. 2015. Web.

Hewlett-Packard. HP Composable Infrastructure: Bridging Traditional IT with the New Style of Business, June 2015. Web.

Hewlett-Packard. HP Labs, n.d. Web.

Hong, Jason. “Inside the Great Wall.” Communications of the ACM, 25 May 2016. Web.

IBM Institute for Value. Your Cognitive Future: How Next-Gen Computing Changes the Way We Live and Work, 2015. Web.

IBM. A New Way to Work: Futurist Insights to 2025 and Beyond, Jan. 2015. Web.

Infinity. The Evolution of the Data Centre [sic], 2015. Web.

Intel Corporation. Intel Annual Report, 1997. Web.

Isaac, Mike. “Facebook Bets on Bots for its Messenger App.” New York Times, 12 April 2016. Web.

ISACA. COBIT 5: Enabling Processes. ISACA, 2012. Print.

K-12 Blueprint. “Planning a Proof of Concept.” 2014. Web.

Kaushik Rukmini, Meenakshi. “The Impact of Pandemic COVID -19 in Workplace.” European Journal of Business Management and Research, May 2020. Web.

Knight, Will. “Conversational Interfaces Powerful speech technology from China’s leading Internet company makes it much easier to use a smartphone.” MIT Technology Review, n.d. Web.

Kostoff, Ronald N., Robert Boylan, and Gene R. Simons. “Disruptive Technology Roadmaps.” Technological Forecasting and Social Change, 2004. Vol. 71. Web.

Kurzweil, Ray. “The Accelerating Power of Technology.” TED, Feb. 2005. Web.

Kurzweil, Ray. Kurzweil: Accelerating Intelligence, 2015. Web.

MacFarquhar, Larissa. “When Giants Fall: What Business Has Learned From Clayton Christensen,” New Yorker, 14 May 2012. Web.

McClintock, Cat. “2016: The Year for Augmented Reality in the Enterprise.” PTC, n.d. Web.

McKinsey & Company. IT Growth and Global Change: A Conversation with Ray Kurzweil. 29 Feb. 2012, YouTube. Web.

Messina, Chris. “2016 Will be the Year of Conversational Commerce.” Medium, 19 Jan 2016. Web.

Microsoft. Microsoft Research, n.d. Web.

Miller, Ron. “Forget the Apple Watch, Think Drones in the Enterprise.” TechCrunch, 10 Sep. 2015. Web.

Nokia Networks. FutureWorks [sic]: Teaching Networks to be Self-Aware: Technology Vision 2020. 2014. Web.

Nokia Networks. Internet of Things. n.d. Web.

O’Reilly, Charles, and Andrew J. M. Binns, “The Three Stages of Disruptive Innovation: Idea Generation, Incubation, and Scaling”. Sage Journals, n.d. Web.

Pew Research Center. AI, Robotics, and the Future of Jobs: Experts Envision Automation and Intelligent Digital Agents Permeating Vast Areas of Our Work and Personal Lives by 2025, but they are Divided on Whether these Advances will Displace More Jobs than they Create. Aug. 2014. Web.

Ramiller, Neil. “Airline Magazine Syndrome: Reading a Myth of Mismanagement.” Information Technology & People, Sept 2001. Print.

Raymond James & Associates. The Internet of Things: A Study in Hype, Reality, Disruption, and Growth. 2014. Web.

Richter, Felix. “No Growth in Sight for Global PC Market.” Statista, 14 March 2016. Web.

Roy, Mekhala. “4 Examples of Digital Transformation Success in Business”. TechTarget, n.d. Web.

Simon Weinreich, “How to Manage Disruptive Innovation - a conceptional methodology for value-oriented portfolio planning,” Sciencedirect. 31st CIRP Design Conference 2021.

Spice Works. The Devices are Coming! How the “Internet of Things” will affect IT… and why resistance is futile. May 2014. Web.

Spradlin, Dwayne. “Are You Solving the Right Problem?” Harvard Business Review, Sept. 2012. Web.

Statista. “Number of smartphones sold to end users worldwide from 2007 to 2015 (in million units).” N.d. Web.

Statista. “Worldwide tablet shipments from 2nd quarter 2010 to 2nd quarter 2016 (in million units).” N.d. Web.

Sven Schimpf, “Disruptive Field Study; How Companies Identify, Evaluate, Develop and Implement Disruptive Technologies.” Fraunhofer Group for Innovation Research, 2020. Web.

Tsekleves, Emmanuel. “Science fiction as fact: how desires drive discoveries.” The Guardian. 13 Aug. 2015. Web.

Tsekleves, Emmanuel. “Science fiction as fact: how desires drive discoveries.” The Guardian, 13 Aug. 2015. Web.

United States Department of Transportation. “National Motor Vehicle Crash Causation Survey: Report to Congress.” National Highway Traffic Safety Administration, July 2008. Web.

United States Department of Transportation. “National Motor Vehicle Crash Causation Survey: Report to Congress.” National Highway Traffic Safety Administration, July 2008. Web.

University Alliance (Villanova U). Managing Scope Creep in Project Management. N.d. Web.

Vavoula, Giasemi N., and Mike Sharples. “Future Technology Workshop: A Collaborative Method for the Design of New Learning Technologies and Activities.” International Journal of Computer Supported Collaborative Learning, Dec 2007. Vol. 2 no. 4. Web.

Walraven Pieter. “It’s Operating Systems Vs. Messaging Apps In The Battle For Tech’s Next Frontier.” TechCrunch, 11 Aug 2015. Web.

Webb, Amy. “The Tech Trends You Can’t Ignore in 2015.” Harvard Business Review, 5 Jan. 2015. Web.

Wenger, Albert. “The Great Bot Rush of 2015-16.” Continuations, 16 Dec 2015. Web.

White, Chris. “IoT Tipping Point Propels Digital Experience Era.” Cisco Blogs, 12 Nov. 2014. Web.

World Economic Forum and Accenture. Industrial Internet of Things: Unleashing the Potential of Connected Products and Services. 2015. Web.

Yu Dan and Hang Chang Chieh, "A reflective review of disruptive innovation theory," PICMET '08 - 2008 Portland International Conference on Management of Engineering & Technology, 2008, pp. 402-414, doi: 10.1109/PICMET.2008.4599648.

Develop an Availability and Capacity Management Plan

Manage capacity to increase uptime and reduce costs.

ANALYST PERSPECTIVE

The cloud changes the capacity manager’s job, but it doesn’t eliminate it.

"Nobody doubts the cloud’s transformative power. But will its ascent render “capacity manager” an archaic term to be carved into the walls of datacenters everywhere for future archaeologists to puzzle over? No. While it is true that the cloud has fundamentally changed how capacity managers do their jobs , the process is more important than ever. Managing capacity – and, by extent, availability – means minimizing costs while maximizing uptime. The cloud era is the era of unlimited capacity – and of infinite potential costs. If you put the infinity symbol on a purchase order… well, it’s probably not a good idea. Manage demand. Manage your capacity. Manage your availability. And, most importantly, keep your stakeholders happy. You won’t regret it."

Jeremy Roberts,

Consulting Analyst, Infrastructure Practice

Info-Tech Research Group

Availability and capacity management transcend IT

This Research Is Designed For:

✓ CIOs who want to increase uptime and reduce costs

✓ Infrastructure managers who want to deliver increased value to the business

✓ Enterprise architects who want to ensure stability of core IT services

✓ Dedicated capacity managers

This Research Will Help You:

✓ Develop a list of core services

✓ Establish visibility into your system

✓ Solicit business needs

✓ Project future demand

✓ Set SLAs

✓ Increase uptime

✓ Optimize spend

This Research Will Also Assist:

✓ Project managers

✓ Service desk staff

This Research Will Help Them:

✓ Plan IT projects

✓ Better manage availability incidents caused by lack of capacity

Executive summary

Situation

• IT infrastructure leaders are responsible for ensuring that the business has access to the technology needed to keep the organization humming along. This requires managing capacity and availability.
• Dependencies go undocumented. Services are provided on an ad hoc basis, and capacity/availability are managed reactively.

Complication

• Organizations are overprovisioning an average of 59% for compute, and 48% for storage. This is expensive. With budget pressure mounting, the cost of this approach can’t be ignored.
• Lead time to respond to demand is long. Half of organizations have experienced capacity-related downtime, and almost 60% wait 3+ months for additional capacity. (451 Research, 3)

Resolution

• Conduct a business impact analysis to determine which of your services are most critical, and require active capacity management that will reap more in benefits than it produces in costs.
• Establish visibility into your system. You can’t track what you can’t see, and you can’t see when you don’t have proper monitoring tools in place.
• Develop an understanding of business needs. Use a combination of historical trend analyses and consultation with line of business and project managers to separate wants from needs. Overprovisioning used to be necessary, but is no longer required.
• Project future needs in line with your hardware lifecycle. Never suffer availability issues as a result of a lack of capacity again.

Info-Tech Insight

1. Components are critical. The business doesn’t care about components. You, however, are not so lucky…
2. Ask what the business is working on, not what they need. If you ask them what they need, they’ll tell you – and it won’t be cheap. Find out what they’re going to do, and use your expertise to service those needs.
3. Cloud shmoud. The role of the capacity manager is changing with the cloud, but capacity management is as important as ever.

Save money and drive efficiency with an effective availability and capacity management plan

Overprovisioning happens because of the old style of infrastructure provisioning (hardware refresh cycles) and because capacity managers don’t know how much they need (either as a result of inaccurate or nonexistent information).

According to 451 Research, 59% of enterprises have had to wait 3+ months for new capacity. It is little wonder, then, that so many opt to overprovision. Capacity management is about ensuring that IT services are available, and with lead times like that, overprovisioning can be more attractive than the alternative. Fortunately there is hope. An effective availability and capacity management plan can help you:

• Identify your gold systems
• Establish visibility into them
• Project your future capacity needs

Balancing overprovisioning and spending is the capacity manager’s struggle.

Availability and capacity management go together like boots and feet

Availability and capacity are not the same, but they are related and can be effectively managed together as part of a single process.

If an IT department is unable to meet demand due to insufficient capacity, users will experience downtime or a degradation in service. To be clear, capacity is not the only factor in availability – reliability, serviceability, etc. are significant as well. But no organization can effectively manage availability without paying sufficient attention to capacity.

"Availability Management is concerned with the design, implementation, measurement and management of IT services to ensure that the stated business requirements for availability are consistently met."

– OGC, Best Practice for Service Delivery, 12

"Capacity management aims to balance supply and demand [of IT storage and computing services] cost-effectively…"

– OGC, Business Perspective, 90

Integrate the three levels of capacity management

Successful capacity management involves a holistic approach that incorporates all three levels.

The C-suite cares about business capacity as part of the organization’s strategic planning. Service leads care about their assigned services. IT infrastructure is concerned with components, but not for their own sake. Components mean services that are ultimately designed to facilitate business.

A healthcare organization practiced poor capacity management and suffered availability issues as a result

CASE STUDY

Industry: Healthcare

Source: Interview

New functionalities require new infrastructure

There was a project to implement an elastic search feature. This had to correlate all the organization’s member data from an Oracle data source and their own data warehouse, and pool them all into an elastic search index so that it could be used by the provider portal search function. In estimating the amount of space needed, the infrastructure team assumed that all the data would be shared in a single place. They didn’t account for the architecture of elastic search in which indexes are shared across multiple nodes and shards are often split up separately.

Beware underestimating demand and hardware sourcing lead times

As a result, they vastly underestimated the amount of space that was needed and ended up short by a terabyte. The infrastructure team frantically sourced more hardware, but the rush hardware order arrived physically damaged and had to be returned to the vendor.

Sufficient budget won’t ensure success without capacity planning

The project’s budget had been more than sufficient to pay for the extra necessary capacity, but because a lack of understanding of the infrastructure impact resulted in improper forecasting, the project ended up stuck in a standstill.

Manage availability and keep your stakeholders happy

If you run out of capacity, you will inevitably encounter availability issues like downtime and performance degradation . End users do not like downtime, and neither do their managers.

There are three variables that are monitored, measured, and analyzed as part of availability management more generally (Valentic).

1. Uptime:

The availability of a system is the percentage of time the system is “up,” (and not degraded) which can be calculated using the following formula: uptime/(uptime + downtime) x 100%. The more components there are in a system, the lower the availability, as a rule.

1. Reliability:

The length of time a component/service can go before there is an outage that brings it down, typically measured in hours.

1. Maintainability:

The amount of time it takes for a component/service to be restored in the event of an outage, also typically measured in hours.

Enter the cloud: changes in the capacity manager role

There can be no doubt – the rise of the public cloud has fundamentally changed the nature of capacity management.

Vendors will sell you the cloud as a solution to your capacity/availability problems

Traditionally, increases in capacity have come in bursts as a reaction to availability issues. This model inevitably results in overprovisioning, driving up costs. Access to the cloud changes the equation. On-demand capacity means that, ideally, nobody should pay for unused capacity.

Reality check: even in the cloud era, capacity management is necessary

You will likely find vendors to nurture the growth of a gap between your expectations and reality. That can be damaging.

The cloud reality does not look like the cloud ideal. Even with the ostensibly elastic cloud, vendors like the consistency that longer-term contracts offer. Enter reserved instances: in exchange for lower hourly rates, vendors offer the option to pay a fee for a reserved instance. Usage beyond the reserved will be billed at a higher hourly rate. In order to determine where that line should be drawn, you should engage in detailed capacity planning. Unfortunately, even when done right, this process will result in some overprovisioning, though it does provide convenience from an accounting perspective. The key is to use spot instances where demand is exceptional and bounded. Example: A university registration server that experiences exceptional demand at the start of term but at no other time.

Use best practices to optimize your cloud resources

Even in the era of elasticity, capacity planning is crucial. Spot instances – the spikes in the graph above – are more expensive, but if your capacity needs vary substantially, reserving instances for all of the space you need can cost even more money. Efficiently planning capacity will help you draw this line.

Evaluate business impact; not all systems are created equal

Limited resources are a reality. Detailed visibility into every single system is often not feasible and could be too much information.

Simple and effective. Sometimes a simple display can convey all of the information necessary to manage critical systems. In cars it is important to know your speed, how much fuel is in the tank, and whether or not you need to change your oil/check your engine.

Where to begin?! Specialized information is sometimes necessary, but it can be difficult to navigate.

Take advantage of a business impact analysis to define and understand your critical services

Ideally, downtime would be minimal. In reality, though, downtime is a part of IT life. It is important to have realistic expectations about its nature and likelihood.

Info-Tech Insight

According to end users, every system is critical and downtime is intolerable. Of course, once they see how much totally eliminating downtime can cost, they might change their tune. It is important to have this discussion to separate the critical from the less critical – but still important – services.

Establish visibility into critical systems

You may have seen “If you can’t measure it, you can’t manage it” or a variation thereof floating around the internet. This adage is consumable and makes sense…doesn’t it?

"It is wrong to suppose that if you can’t measure it, you can’t manage it – a costly myth."

– W. Edwards Deming, statistician and management consultant, author of The New Economics

While it is true that total monitoring is not absolutely necessary for management, when it comes to availability and capacity – objectively quantifiable service characteristics – a monitoring strategy is unavoidable. Capturing fluctuations in demand, and adjusting for those fluctuations, is among the most important functions of a capacity manager, even if hovering over employees with a stopwatch is poor management.

Solicit needs from line of business managers

Unless you head the world’s most involved IT department (kudos if you do) you’re going to have to determine your needs from the business.

Demand: manage or be managed

You might think you can get away with uncritically accepting your users’ demands, but this is not best practice. If you provide it, they will use it.

The company meeting

“I don’t need this much RAM,” the application developer said, implausibly. Titters wafted above the assembled crowd as her IT colleagues muttered their surprise. Heads shook, eyes widened. In fact, as she sat pondering her utterance, the developer wasn’t so sure she believed it herself. Noticing her consternation, the infrastructure manager cut in and offered the RAM anyway, forestalling the inevitable crisis that occurs when seismic internal shifts rock fragile self-conceptions. Until next time, he thought.

"Work expands as to fill the resources available for its completion…"

– C. Northcote Parkinson, quoted in Klimek et al.

Combine historical data with the needs you’ve solicited to holistically project your future needs

Predicting the future is difficult, but when it comes to capacity management, foresight is necessary.

Critical inputs

In order to project your future needs, the following inputs are necessary.

1. Usage trends: While it is true that past performance is no indication of future demand, trends are still a good way to validate requests from the business.
2. Line of business requests: An understanding of the projects the business has in the pipes is important for projecting future demand.
3. Institutional knowledge: Read between the lines. As experts on information technology, the IT department is well-equipped to translate needs into requirements.

Follow best practice guidelines to maximize the efficiency of your availability and capacity management process

Understand how the key frameworks relate and interact

BA104: Manage availability and capacity

• Current state assessment
• Forecasting based on business requirements
• Risk assessment of planning and implementation of requirements

Availability management

• Determine business requirements
• Match requirements to capabilities
• Address any mismatch between requirements and capabilities in a cost-effective manner

Capacity management

• Monitoring services and components
• Tuning for efficiency
• Forecasting future requirements
• Influencing demand
• Producing a capacity plan

Availability and capacity management

• Conduct a business impact analysis
• Establish visibility into critical systems
• Solicit and incorporate business needs
• Identify and mitigate risks

Disaster recovery and business continuity planning are forms of availability management

The scope of this project is managing day-to-day availability, largely but not exclusively, in the context of capacity. For additional important information on availability, see the following Info-Tech projects.

• Develop a Business Continuity Plan

If your focus is on ensuring process continuity in the event of a disaster.

• Establish a Program to Enable Effective Performance Monitoring

If your focus is on flow mapping and transaction monitoring as part of a plan to engage APM vendors.

• Create a Right-Sized Disaster Recovery Plan

If your focus is on hardening your IT systems against major events.

Info-Tech’s approach to availability and capacity management is stakeholder-centered and cloud ready

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Availability & capacity management – project overview

Workshop overview

Contact your account representative or email Workshops@InfoTech.com for more information.

PHASE 1

Conduct a Business Impact Analysis

Step 1.1: Conduct a business impact analysis

This step will walk you through the following activities:

• Record applications and dependencies in the Business Impact Analysis Tool.
• Define a scale to estimate the impact of various applications’ downtime.
• Estimate the impact of applications’ downtime.

This involves the following participants:

• Capacity manager
• Infrastructure team

Outcomes of this step

• Estimated impact of downtime for various applications

Execute a business impact analysis (BIA) as part of a broader availability plan

1.1a Business Impact Analysis Tool

Business impact analyses are an invaluable part of a broader IT strategy. Conducting a BIA benefits a variety of processes, including disaster recovery, business continuity, and availability and capacity management

Info-Tech Insight

Engaging in detailed capacity planning for an insignificant service draws time and resources away from more critical capacity planning exercises. Time spent tracking and planning use of the ancient fax machine in the basement is time you’ll never get back.

Control the scope of your availability and capacity management planning project with a business impact analysis

Don’t avoid conducting a BIA because of a perception that it’s too onerous or not necessary. If properly managed, as described in this blueprint, the BIA does not need to be onerous and the benefits are tangible.

A BIA enables you to identify appropriate spend levels, continue to drive executive support, and prioritize disaster recovery planning for a more successful outcome. For example, an Info-Tech survey found that a BIA has a significant impact on setting appropriate recovery time objectives (RTOs) and appropriate spending.

Terms

No BIA: lack of a BIA, or a BIA bases solely on the perceived importance of IT services.

BIA: based on a detailed evaluation or estimated dollar impact of downtime.

Source: Info-Tech Research Group; N=70

Select the services you wish to evaluate with the Business Impact Analysis Tool

1.1b 1 hour

In large organizations especially, collating an exhaustive list of applications and services is going to be onerous. For the purposes of this project, a subset should suffice.

Instructions

1. Gather a diverse group of IT staff and end users in a room with a whiteboard.
2. Solicit feedback from the group. Questions to ask:

• What services do you regularly use? What do you see others using? (End users)
• Which service inspires the greatest number of service calls? (IT)
• What services are you most excited about? (Management)
• What services are the most critical for business operations? (Everybody)

Input

• Applications/services

Output

• Candidate applications for the business impact analysis

Materials

• Whiteboard
• Markers

Participants

• Infrastructure manager
• Enterprise architect
• Application owners
• End users

Info-Tech Insight

Include a variety of services in your analysis. While it might be tempting to jump ahead and preselect important applications, don’t. The process is inherently valuable, and besides, it might surprise you.

Record the applications and dependencies in the BIA tool

1.1c Use tab 1 of the Business Impact Analysis Tool

1. In the Application/System column, list the applications identified for this pilot as well as the Core Infrastructure category. Also indicate the Impact on the Business and Business Owner.
2. List the dependencies for each application in the appropriate columns:

• Hosted On-Premises (In-House) – If the physical equipment is in a facility you own, record it here, even if it is managed by a vendor.
• Hosted by a Co-Lo/MSP – List any dependencies hosted by a co-lo/MSP vendor.
• Cloud (includes "as a Service”) – List any dependencies hosted by a cloud vendor.

Note: If there are no dependencies for a particular category, leave it blank.

Example

ID is optional. It is a sequential number by default.

In-House, Co-Lo/MSP, and Cloud dependencies; leave blank if not applicable.

Add notes as applicable – e.g. critical support services.

Define a scoring scale to estimate different levels of impact

1.1d Use tab 2 of the Business Impact Analysis Tool

Modify the Business Impact Scales headings and Overall Criticality Rating terminology to suit your organization. For example, if you don’t have business partners, use that column to measure a different goodwill impact or just ignore that column in this tool (i.e. leave it blank). Estimate the different levels of potential impact (where four is the highest impact and zero is no impact) and record these in the Business Impact Scales columns.

Estimate the impact of downtime for each application

1.1e Use tab 3 of the Business Impact Analysis Tool

In the BIA tab columns for Direct Costs of Downtime, Impact on Goodwill, and Additional Criticality Factors, use the drop-down menu to assign a score of zero to four based on levels of impact defined in the Scoring Criteria tab. For example, if an organization’s ERP is down, and that affects call center sales operations (e.g. ability to access customer records and process orders), the impact might be as described below:

• Loss of Revenue might score a two or three depending on the proportion of overall sales lost due to the downtime.
• The Impact on Customers might be a one or two depending on the extent that existing customers might be using the call center to purchase new products or services, and are frustrated by the inability to process orders.
• The Legal/Regulatory Compliance and Health or Safety Risk might be a zero.

On the other hand, if payroll processing is down, this may not impact revenue, but it certainly impacts internal goodwill and productivity.

Rank service criticality: gold, silver, and bronze

Gold

Mission critical services. An outage is catastrophic in terms of cost or public image/goodwill. Example: trading software at a financial institution.

Silver

Important to daily operations, but not mission critical. Example: email services at any large organization.

Bronze

Loss of these services is an inconvenience more than anything, though they do serve a purpose and will be missed if they are never brought back online. Example: ancient fax machines.

Info-Tech Best Practice

Info-Tech recommends gold, silver, and bronze because of this typology’s near universal recognition. If you would prefer a particular designation (it might help with internal comprehension), don’t hesitate to use that one instead.

Use the results of the business impact analysis to sort systems based on their criticality

1.1f 1 hour

Every organization has its own rules about how to categorize service importance. For some (consumer-facing businesses, perhaps) reputational damage may trump immediate costs.

Instructions

1. Gather a group of key stakeholders and project the completed Business Impact Analysis Tool onto a screen for them.
2. Share the definitions of gold, silver, and bronze services with them (if they are not familiar), and begin sorting the services by category,

• How long would it take to notice if a particular service went out?
• How important are the non-quantifiable damages that could come with an outage?

Input

• Results of the business impact analysis exercise

Output

• List of gold, silver, and bronze systems

Materials

• Projector
• Business Impact Analysis Tool
• Capacity Plan Template

Participants

• Infrastructure manager
• Enterprise architect

Leverage the rest of the BIA tool as part of your disaster recovery planning

Disaster recovery planning is a critical activity, and while it is a sort of availability management, it is beyond this project’s scope. You can complete the business impact analysis (including RTOs and RPOs) for the complete disaster recovery package.

See Info-Tech’s Create a Right-Sized Disaster Recovery Plan blueprint for instructions on how to complete your business impact analysis.

Step 1.2: Assign criticality ratings to services

This step will walk you through the following activities:

• Create a list of dependencies for your most important applications.
• Identify important sub-components.
• Use best practices to develop and negotiate SLAs.

This involves the following participants:

• Capacity manager
• Infrastructure team

Outcomes of this step

• List of dependencies of most important applications
• List of important sub-components
• SLAs based on best practices

Determine the base unit of the capacity you’re looking to purchase

Not every IT organization should approach capacity the same way. Needs scale, and larger organizations will inevitably deal in larger quantities.

"Cloud capacity management is not exactly the same as the ITIL version because ITIL has a focus on the component level. I actually don’t do that, because if I did I’d go crazy. There’s too many components in a cloud environment."

– Richie Mendoza, IT Consultant, SMITS Inc.

Consider the relationship between component capacity and service capacity

End users’ thoughts about IT are based on what they see. They are, in other words, concerned with service availability: does the organization have the ability to provide access to needed services?

Service

• Email
• CRM
• ERP

Component

• Switch
• SMTP server
• Archive database
• Storage

"You don’t ask the CEO or the guy in charge ‘What kind of response time is your requirement?’ He doesn’t really care. He just wants to make sure that all his customers are happy."

– Todd Evans, Capacity and Performance Management SME, IBM.

One telco solved its availability issues by addressing component capacity issues

CASE STUDY

Industry: Telecommunications

Source: Interview

Coffee and Wi-Fi – a match made in heaven

In tens of thousands of coffee shops around the world, patrons make ample use of complimentary Wi-Fi. Wi-Fi is an important part of customers’ coffee shop experience, whether they’re online to check their email, do a YouTube, or update their Googles. So when one telco that provided Wi-Fi access for thousands of coffee shops started encountering availability issues, the situation was serious.

Wi-Fi, whack-a-mole, and web woes

The team responsible for resolving the issue took an ad hoc approach to resolving complaints, fixing issues as they came up instead of taking a systematic approach.

Resolution

Looking at the network as a whole, the capacity manager took a proactive approach by using data to identify and rank the worst service areas, and then directing the team responsible to fix those areas in order of the worst first, then the next worst, and so on. Soon the availability of Wi-Fi service was restored across the network.

Create a list of dependencies for your most important applications

1.2a 1.5 hours

Instructions

1. Work your way down the list of services outlined in step 1, starting with your gold systems. During the first iteration of this exercise select only 3-5 of your most important systems.
2. Write the name of each application on a sticky note or at the top of a whiteboard (leaving ample space below for dependency mapping).
3. In the first tier below the application, include the specific services that the general service provides.

• This will vary based on the service in question, but an example for email is sending, retrieving, retrieving online, etc.

Input

• List of important applications

Output

• List of critical dependencies

Materials

• Whiteboard
• Markers
• Sticky notes

Participants

• Infrastructure manager
• Enterprise architect

Info-Tech Insight

Dependency mapping can be difficult. Make sure you don’t waste effort creating detailed dependency maps for relatively unimportant services.

Dependency mapping can be difficult. Make sure you don’t waste effort creating detailed dependency maps for relatively unimportant services.

Ride sharing cannot work, at least not at maximum effectiveness, without these constituent components. When one or more of these components are absent or degraded, the service will become unavailable. This example illustrates some challenges of capacity management; some of these components are necessary, but beyond the ride-sharing company’s control.

Leverage a sample dependency tree for a common service

Info-Tech Best Practice

Email is an example here not because it is necessarily a “gold system,” but because it is common across industries. This is a useful exercise for any service, but it can be quite onerous, so it should be conducted on the most important systems first.

Separate the wheat from the chaff; identify important sub-components and separate them from unimportant ones

1.2b 1.5 hours

Use the bottom layer of the pyramid drawn in step 1.2a for a list of important sub-components.

Instructions

1. Record a list of the gold services identified in the previous activity. Leave space next to each service for sub-components.
2. Go through each relevant sub-component. Highlight those that are critical and could reasonably be expected to cause problems.

• Has this sub-component caused a problem in the past?
• Is this sub-component a bottleneck?
• What could cause this component to fail? Is it such an occurrence feasible?

Input

• List of important applications

Output

• List of critical dependencies

Materials

• Whiteboard
• Markers

Participants

• Infrastructure manager
• Enterprise architect

Understand availability commitments with SLAs

With the rise of SaaS, cloud computing, and managed services, critical services and their components are increasingly external to IT.

• IT’s lack of access to the internal working of services does not let them off the hook for performance issues (as much as that might be the dream).
• Vendor management is availability management. Use the dependency map drawn earlier in this phase to highlight the components of critical services that rely on capacity that cannot be managed internally.
• For each of these services ensure that an appropriate SLA is in place. When acquiring new services, ensure that the vendor SLA meets business requirements.

In terms of service provision, capacity management is a form of availability management. Not all availability issues are capacity issues, but the inverse is true.

Info-Tech Insight

Capacity issues will always cause availability issues, but availability issues are not inherently capacity issues. Availability problems can stem from outages unrelated to capacity (e.g. power or vendor outages).

Use best practices to develop and negotiate SLAs

1.2c 20 minutes per service

When signing contracts with vendors, you will be presented with an SLA. Ensure that it meets your requirements.

1. Use the business impact analysis conducted in this project’s first step to determine your requirements. How much downtime can you tolerate for your critical services?
2. Once you have been presented with an SLA, be sure to scour it for tricks. Remember, just because a vendor offers “five nines” of availability doesn’t mean that you’ll actually get that much uptime. It could be that the vendor is comfortable eating the cost of downtime or that the contract includes provisions for planned maintenance. Whether or not the vendor anticipated your outage does little to mitigate the damage an outage can cause to your business, so be careful of these provisions.
3. Ensure that the person ultimately responsible for the SLA (the approver) understands the limitations of the agreement and the implications for availability.

Input

• List of external component dependencies

Output

• SLA requirements

Materials

• Whiteboard
• Markers

Participants

• Infrastructure manager
• Enterprise architect

Info-Tech Insight

Vendors are sometimes willing to eat the cost of violating SLAs if they think it will get them a contract. Be careful with negotiation. Just because the vendor says they can do something doesn’t make it true.

Negotiate internal SLAs using Info-Tech’s rigorous process

Talking past each other can drive misalignment between IT and the business, inconveniencing all involved. Quantify your needs through an internal SLA as part of a comprehensive availability management plan.

See Info-Tech’s Improve IT-Business Alignment Through an Internal SLA blueprint for instructions on why you should develop internal SLAs and the potential benefits they bring.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

Book a workshop with our Info-Tech analysts:

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

1.2

Create a list of dependencies for your most important applications

Using the results of the business impact analysis, the analyst will guide workshop participants through a dependency mapping exercise that will eventually populate the Capacity Plan Template.

Phase 1 Guided Implementation

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

PHASE 2

Establish Visibility Into Core Systems

Step 2.1: Define your monitoring strategy

This step will walk you through the following activities:

• Determine the indicators you should be tracking for each sub-component.

This involves the following participants:

• Capacity manager
• Infrastructure team

Outcomes of this step

• List of indicators to track for each sub-component

Data has its significance—but also its limitations

The rise of big data can be a boon for capacity managers, but be warned: not all data is created equal. Bad data can lead to bad decisions – and unemployed capacity managers.

Your findings are only as good as your data. Remember: garbage in, garbage out. There are three characteristics of good data:*

1. Accuracy: is the data exact and correct? More detail and confidence is better.
2. Reliability: is the data consistent? In other words, if you run the same test twice will you get the same results?
3. Validity: is the information gleaned believable and relevant?

*National College of Teaching & Leadership, “Reliability and Validity”

"Data is king. Good data is absolutely essential to [the capacity manager] role."

– Adrian Blant, Independent Capacity Consultant, IT Capability Solutions

Info-Tech Best Practice

Every organization’s data needs are different; your data needs are going to be dictated by your services, delivery model, and business requirements. Make sure you don’t confuse volume with quality, even if others in your organization make that mistake.

Take advantage of technology to establish visibility into your systems

Managing your availability and capacity involves important decisions about what to monitor and how thresholds should be set.

• Use the list of critical applications developed through the business impact analysis and the list of components identified in the dependency mapping exercise to produce a plan for effectively monitoring component availability and capacity.
• The nature of IT service provision – the multitude of vendors providing hardware and services necessary for even simple IT services to work effectively – means that it is unlikely that capacity management will be visible through a single pane of glass. In other words, “email” and “CRM” don’t have a defined capacity. It always depends.
• Establishing visibility into systems involves identifying what needs to be tracked for each component.

Too much monitoring can be as bad as the inverse

In 2013, a security breach at US retailer Target compromised more than 70 million customers’ data. The company received an alert, but it was thought to be a false positive because the monitoring system produced so many false and redundant alerts. As a result of the daily deluge, staff did not respond to the breach in time.

Info-Tech Insight

Don’t confuse monitoring with management. While establishing visibility is a crucial step, it is only part of the battle. Move on to this project’s next phase to explore opportunities to improve your capacity/availability management process.

Determine the indicators you should be tracking for each sub-component

2.1a Tab 3 of the Capacity Snapshot Tool

It is nearly impossible to overstate the importance of data to the process of availability and capacity management. But the wrong data will do you no good.

Instructions

1. Open the Capacity Snapshot Tool to tab 2. The tool should have been populated in step 1.2 as part of the component mapping exercise.
2. For each service, determine which metric(s) would most accurately tell the component’s story. Consider the following questions when completing this activity (you may end up with more than one metric):

• How would the component’s capacity be measured (storage space, RAM, bandwidth, vCPUs)?
• Is the metric in question actionable?

Info-Tech Insight

Bottlenecks are bad. Use the Capacity Snapshot Tool (or another tool like it) to ensure that when the capacity manager leaves (on vacation, to another role, for good) the knowledge that they have accumulated does not leave as well.

Understand the limitations of this approach

Although we’ve striven to make it as easy as possible, this process will inevitably be cumbersome for organizations with a complicated set of software, hardware, and cloud services.

Tracking every single component in significant detail will produce a lot of noise for each bit of signal. The approach outlined here addresses that concern in two ways:

• A focus on gold services
• A focus on sub-components that have a reasonable likelihood of being problematic in the future.

Despite this effort, however, managing capacity at the component level is a daunting task. Ultimately, tools provided by vendors like SolarWinds and AppDynamics will fill in some of the gaps. Nevertheless, an understanding of the conceptual framework underlying availability and capacity management is valuable.

Step 2.2: Implement your monitoring tool/aggregator

This step will walk you through the following activities:

• Clarify visibility.
• Determine whether or not you have sufficiently granular visibility.
• Develop strategies to .any visibility issues.

This involves the following participants:

• Capacity manager
• Infrastructure team
• Applications personnel

Outcomes of this step

• Method for measuring and monitoring critical sub-components

Companies struggle with performance monitoring because 95% of IT shops don’t have full visibility into their environments

CASE STUDY

Industry: Financial Services

Source: AppDynamics

Challenge

• Users are quick to provide feedback when there is downtime or application performance degradation.
• The challenge for IT teams is that while they can feel the pain, they don’t have visibility into the production environment and thus cannot identify where the pain is coming from.
• The most common solution that organizations rely on is leveraging the log files for issue diagnosis. However, this method is slow and often unable to pinpoint the problem areas, leading to delays in problem resolution.

Solution

• Application and infrastructure teams need to work together to develop infrastructure flow maps and transaction profiles.
• These diagrams will highlight the path that each transaction travels across your infrastructure.
• Ideally at this point, teams will also capture latency breakdowns across every tier that the business transaction flows through.
  • This will ultimately kick start the baselining process.

Results

• Ninety-five percent of IT departments don’t have full visibility into their production environment. As a result, a slow business transaction will often require a war-room approach where SMEs from across the organization gather to troubleshoot.
• Having visibility into the production environment through infrastructure flow mapping and transaction profiling will help IT teams pinpoint problems.
  • At the very least, teams will be able to identify common problem areas and expedite the root-cause analysis process.

Source: “Just how complex can a Login Transaction be? Answer: Very!,” AppDynamics

Monitor your critical sub-components

Establishing a monitoring plan for your capacity involves answering two questions: can I see what I need to see, and can I see it with sufficient granularity?

• Having the right tool for the job is an important step towards effective capacity and availability management.
• Application performance management tools (APMs) are essential to the process, but they tend to be highly specific and vertically oriented, like using a microscope.
• Some product families can cover a wider range of capacity monitoring functions (SolarWinds, for example). It is still important, however, to codify your monitoring needs.

"You don’t use a microscope to monitor an entire ant farm, but you might use many microscopes to monitor specific ants."

– Fred Chagnon, Research Director, Infrastructure Practice, Info-Tech Research Group

Monitor your sub-components: clarify visibility

2.2a Tab 2 of the Capacity Snapshot Tool

The next step in capacity management is establishing whether or not visibility (in the broad sense) is available into critical sub-components.

Instructions

1. Open the Capacity Snapshot Tool and record the list of sub-components identified in the previous step.
2. For each sub-component answer the following question:

• Do I have easy access to the information I need to monitor to ensure this component remains available?

• What tool provides the information? Where can it be found?

Monitor your sub-components; determine whether or not you have sufficient granular visibility

2.2b Tab 2 of the Capacity Snapshot Tool

Like ideas and watches, not all types of visibility are created equal. Ensure that you have access to the right information to make capacity decisions.

Instructions

1. For each of the sub-components clarify the appropriate level of granularity for the visibility gained to be useful. In the case of storage, for example, is raw usage (in gigabytes) sufficient, or do you need a breakdown of what exactly is taking up the space? The network might be more complicated.
2. Record the details of this ideation in the adjacent column.
3. Select “Yes” or “No” from the drop-down menu to track the status of each sub-component.

For most mobile phone users, this breakdown is sufficient. For some, more granularity might be necessary.

Info-Tech Insight

Make note of monitoring tools and strategies. If anything changes, be sure to re-evaluate the visibility status. An outdated spreadsheet can lead to availability issues if management is unaware of looming problems.

Develop strategies to ameliorate any visibility issues

2.2c 1 hour

The Capacity Snapshot Tool color-codes your components by status. Green – visibility and granularity are both sufficient; yellow – visibility exists, though not at sufficient granularity; and red – visibility does not exist at all.

Instructions

1. Write each of the yellow and red sub-components on a whiteboard or piece of chart paper.
2. Brainstorm amelioration strategies for each of the problematic sub-components.

• Does the current monitoring tool have sufficient functionality?
• Does it need to be further configured/customized?
• Do we need a whole new tool?

Input

• Sub-components
• Capacity Snapshot Tool

Output

• Amelioration strategies

Materials

• Whiteboard
• Markers
• Capacity Snapshot Tool

Participants

• Infrastructure manager

Info-Tech Best Practice

It might be that there is no amelioration strategy. Make note of this difficulty and highlight it as part of the risk section of the Capacity Plan Template.

See Info-Tech’s projects on storage and network modernization for additional details

Leverage other products for additional details on how to modernize your network and storage services.

The process of modernizing the network is fraught with vestigial limitations. Develop a program to gather requirements and plan.

As part of the blueprint, Modernize Enterprise Storage, the Modernize Enterprise Storage Workbook includes a section on storage capacity planning.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

Book a workshop with our Info-Tech analysts:

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

2.2

Develop strategies to ameliorate visibility issues

The analyst will guide workshop participants in brainstorming potential solutions to visibility issues and record them in the Capacity Snapshot Tool.

Phase 2 Guided Implementation

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

PHASE 3

Solicit and Incorporate Business Needs

Step 3.1: Solicit business needs and gather data

This step will walk you through the following activities:

• Build relationships with business stakeholders.
• Analyze usage data and identify trends.
• Correlate usage trends with business needs.

This involves the following participants:

• Capacity manager
• Infrastructure team members
• Business stakeholders

Outcomes of this step

• System for involving business stakeholders in the capacity planning process
• Correlated data on business level, service level, and infrastructure level capacity usage

Summarize your capacity planning activities in the Capacity Plan Template

The availability and capacity management summary card pictured here is a handy way to capture the results of the activities undertaken in the following phases. Note its contents carefully, and be sure to record specific outputs where appropriate. One such card should be completed for each of the gold services identified in the project’s first phase. Make note of the results of the activities in the coming phase, and populate the Capacity Snapshot Tool. These will help you populate the tool.

Info-Tech Best Practice

The Capacity Plan Template is designed to be a part of a broader mapping strategy. It is not a replacement for a dedicated monitoring tool.

Analyze historical trends as a crucial source of data

The first place to look for information about your organization is not industry benchmarks or your gut (though those might both prove useful).

• Where better to look than internally? Use the data you’ve gathered from your APM tool or other sources to understand your historical capacity needs and to highlight any periods of unavailability.
• Consider monitoring the status of the capacity of each of your crucial components. The nature of this monitoring will vary based on the component in question. It can range from a rough Excel sheet all the way to a dedicated application performance monitoring tool.

"In all cases the very first thing to do is to look at trending…The old adage is ‘you don’t steer a boat by its wake,’ however it’s also true that if something is growing at, say, three percent a month and it has been growing at three percent a month for the last twelve months, there’s a fairly good possibility that it’s going to carry on going in that direction."

– Mike Lynch, Consultant, CapacityIQ

Gather relevant data at the business level

3.1a 2 hours per service

A holistic approach to capacity management involves peering beyond the beaded curtain partitioning IT from the rest of the organization and tracking business metrics.

Instructions

1. Your service/application owners know how changes in business activities impact their systems. Business level capacity management involves responding to those changes. Ask service/application owners what changes will impact their capacity. Examples include:

• Business volume (net new customers, number of transactions)
• Staff changes (new hires, exits, etc.)

Input

• Brainstorming
• List of gold services

Output

• Business level data

Materials

• In-house solution or commercial tool

Participants

• Capacity manager
• Application/service owners

Gather relevant data at the service level

3.1b 2 hours per service

One level of abstraction down is the service level. Service level capacity management, recall that service level capacity management is about ensuring that IT is meeting SLAs in its service provision.

Instructions

1. There should be internal SLAs for each service IT offers. (If not, that’s a good place to start. See Info-Tech’s research on the subject.) Prod each of your service owners for information on the metrics that are relevant for their SLAs. Consider the following:

• Peak hours, requests per second, etc.
• This will usually include some APM data.

Input

• Brainstorming
• List of gold services

Output

• Service level data

Materials

• In-house solution or commercial tool

Participants

• Capacity manager
• Application/service owners

Leverage the visibility into your infrastructure components and compare all of your data over time

You established visibility into your components in the second phase of this project. Use this data, and that gathered at the business and service levels, to begin analyzing your demand over time.

• Different organizations will approach this issue differently. Those with a complicated service catalog and a dedicated capacity manager might employ a tool like TeamQuest. If your operation is small, or you need to get your availability and capacity management activities underway as quickly as possible, you might consider using a simple spreadsheet software like Excel.
• If you choose the latter option, select a level of granularity (monthly, weekly, etc.) and produce a line graph in Excel.
• Example: Employee count (business metric)

Note: the strength of this approach is that it is easy to visualize. Use the same timescale to facilitate simple comparison.

Manage, don’t just monitor; mountains of data need to be turned into information

Information lets you make a decision. Understand the questions you don’t need to ask, and ask the right ones.

"Often what is really being offered by many analytics solutions is just more data or information – not insights."

– Brent Dykes, Director of Data Strategy, Domo

Info-Tech Best Practice

You can have all the data in the world and absolutely nothing valuable to add. Don’t fall for this trap. Use the activities in this phase to structure your data collection operation and ensure that your organization’s availability and capacity management plan is data driven.

Analyze historical trends and track your services’ status

3.1c Tab 3 of the Capacity Snapshot Tool

At-a-glance – it’s how most executives consume all but the most important information. Create a dashboard that tracks the status of your most important systems.

Instructions

1. Consult infrastructure leaders for information about lead times for new capacity for relevant sub-components and include that information in the tool.

• Look to historical lead times. (How long does it traditionally take to get more storage?)
• If you’re not sure, contact an in-house expert, or speak to your vendor

This tool collates and presents information gathered from other sources. It is not a substitute for a performance monitoring tool.

Build a list of key business stakeholders

3.1d 10 minutes

Stakeholder analysis is crucial. Lines of authority can be diffuse. Understand who needs to be involved in the capacity management process early on.

Instructions

1. With the infrastructure team, brainstorm a group of departments, roles, and people who may impact demand on capacity.
2. Go through the list with your team and identify stakeholders from two groups:

• Line of business: who in the business makes use of the service?
• Application owner: who in IT is responsible for ensuring the service is up?

Input

• Gold systems
• Personnel Information

Output

• List of key business stakeholders

Materials

• Whiteboard
• Markers

Participants

• Capacity manager
• Infrastructure staff

Info-Tech Best Practice

Consider which departments are most closely aligned with the business processes that fuel demand. Prioritize those that have the greatest impact. Consider the stakeholders who will make purchasing decisions for increasing infrastructure capacity.

Organize stakeholder meetings

3.1e 10 hours

Establishing a relationship with your stakeholders is a necessary step in managing your capacity and availability.

Instructions

1. Gather as many of the stakeholders identified in the previous activity as you can and present information on availability and capacity management

• If you can’t get everyone in the same room, a virtual meeting or even an email blast could get the job done.

• Consider highlighting the trade-offs between cost and availability.

Input

• List of business stakeholders
• Hard work

Output

• Working relationship, trust
• Regular meetings

Materials

• Work ethic
• Executive brief

Participants

• Capacity manager
• Business stakeholders

Info-Tech Insight

The best capacity managers develop new business processes that more closely align their role with business stakeholders. Building these relationships takes hard work, and you must first earn the trust of the business.

Bake stakeholders into the planning process

3.1f Ongoing

Convince, don’t coerce. Stakeholders want the same thing you do. Bake them into the planning process as a step towards this goal.

1. Develop a system to involve stakeholders regularly in the capacity planning process.

• Your system will vary depending on the structure and culture of your organization.
• See the case study on the following slide for ideas.
• It may be as simple as setting a recurring reminder in your own calendar to touch base with stakeholders.

• Ensure stakeholders have reasonable expectations about IT’s available resources, the costs of providing capacity, and the lead times required to source additional needed capacity.

Input

• List of business stakeholders
• Ideas

Output

• Capacity planning process that involves stakeholders

Materials

• Meeting rooms

Participants

• Capacity manager
• Business stakeholders
• Infrastructure team

A capacity manager in financial services wrangled stakeholders and produced results

CASE STUDY

Industry: Financial Services

Source: Interview

In financial services, availability is king

In the world of financial services, availability is absolutely crucial. High-value trades occur at all hours, and any institution that suffers outages runs the risk of losing tens of thousands of dollars, not to mention reputational damage.

People know what they want, but sometimes they have to be herded

While line of business managers and application owners understand the value of capacity management, it can be difficult to establish the working relationship necessary for a fruitful partnership.

Proactively building relationships keeps services available

He built relationships with all the department heads on the business side, and all the application owners.

• He met with department heads quarterly.
• He met with application owners and business liaisons monthly.

He established a steering committee for capacity.

He invited stakeholders to regular capacity planning meetings.

• The first half of each meeting was high-level outlook, such as business volume and IT capacity utilization, and included stakeholders from other departments.
• The second half of the meeting was more technical, serving the purpose for the infrastructure team.

He scheduled lunch and learn sessions with business analysts and project managers.

• These are the gatekeepers of information, and should know that IT needs to be involved when things come down the pipeline.

Step 3.2: Analyze data and project future needs

This step will walk you through the following activities:

• Solicit needs from the business.
• Map business needs to technical requirements, and technical requirements to infrastructure requirements.
• Identify inefficiencies in order to remedy them.
• Compare the data across business, component, and service levels, and project your capacity needs.

This involves the following participants:

• Capacity manager
• Infrastructure team members
• Business stakeholders

Outcomes of this step

• Model of how business processes relate to technical requirements and their demand on infrastructure
• Method for projecting future demand for your organization’s infrastructure
• Comparison of current capacity usage to projected demand

“Nobody tells me anything!” – the capacity manager’s lament

Sometimes “need to know” doesn’t register with sales or marketing. Nearly every infrastructure manager can share a story about a time when someone has made a decision that has critically impacted IT infrastructure without letting anyone in IT in on the “secret.”

In brief

Imagine working for a media company as an infrastructure capacity manager. Now imagine that the powers that be have decided to launch a content-focused web service. Seems like something they would do, right? Now imagine you find out about it the same way the company’s subscribers do. This actually happened – and it shouldn’t have. But a similar lack of alignment makes this a real possibility for any organization. If you don’t establish a systematic plan for soliciting and incorporating business requirements, prepare to lose a chunk of your free time. The business should never be able to say, in response to “nobody tells me anything,” “nobody asked.”

Pictured: an artist’s rendering of the capacity manager in question.

Directly solicit requirements from the business

3.2a 30 minutes per stakeholder

Once you’ve established, firmly, that everyone’s on the same team, meet individually with the stakeholders to assess capacity.

Instructions

1. Schedule a one-on-one meeting with each line of business manager (stakeholders identified in 3.1). Ideally this will be recurring.

• Experienced capacity managers suggest doing this monthly.

• What are some upcoming major initiatives?
• Is the department going to expand or contract in a noticeable way?
• Have customers taken to a particular product more than others?

Input

• Stakeholder opinions

Output

• Business requirements

Materials

• Whiteboard
• Markers

Participants

• Capacity manager
• Infrastructure staff

Info-Tech Insight

Sometimes line of business managers will evade or ignore you when you come knocking. They do this because they don’t know and they don’t want to give you the wrong information. Explain that a best guess is all you can ask for and allay their fears.

Below, you will find more details about what to look for when soliciting information from the line of business manager you’ve roped into your scheme.

1. Consider the following:

• Projected sales pipeline
• Business growth
• Seasonal cycles
• Marketing campaigns
• New applications and features
• New products and services

Directly solicit requirements from the business (optional)

3.2a 1 hour

IT staff and line of business staff come with different skillsets. This can lead to confusion, but it doesn’t have to. Develop effective information solicitation techniques.

Instructions

1. Gather your IT staff in a room with a whiteboard. As a group, select a gold service/line of business manager you would like to use as a “practice dummy.”
2. Have everyone write down a question they would ask of the line of business representative in a hypothetical business/service capacity discussion.
3. As a group discuss the merits of the questions posed:

• Are they likely to yield productive information?
• Are they too vague or specific?
• Is the person in question likely to know the answer?
• Is the information requested a guarded trade secret?

Input

• Workshop participants’ ideas

Output

• Interview skills

Materials

• Whiteboard
• Markers
• Sticky notes

Participants

• Capacity manager
• Infrastructure staff

Map business needs to technical requirements, and technical requirements to infrastructure requirements

3.2b 5 hours

When it comes to mapping technical requirements, IT alone has the ability to effectively translate business needs.

Instructions

1. Use your notes from stakeholder meetings to assess the impact of any changes on gold systems.
2. For each system brainstorm with infrastructure staff (and any technical experts as necessary) about what the information gleaned from stakeholder discussions. Consider the following discussion points:

• How has demand for the service been trending? Does it match what the business is telling us?
• Have we had availability issues in the past?
• Has the business been right with their estimates in the past?

• E.g. how much RAM does a new email user require?

Input

• Business needs

Output

• Technical and infrastructure requirements

Materials

• Whiteboard
• Markers

Participants

• Capacity manager
• Infrastructure staff

Info-Tech Insight

Adapt the analysis to the needs of your organization. One capacity manager called the one-to-one mapping of business process to infrastructure demand the Holy Grail of capacity management. If this level of precision isn’t attainable, develop your own working estimates using the higher-level data

Avoid putting too much faith in the cloud as a solution to your problem

Has the rise of on-demand, functionally unlimited services eliminated the need for capacity and availability management?

Info-Tech Insight

The cloud comes at the cost of detailed performance data. Sourcing a service through an SLA with a third party increases the need to perform your own performance testing of gold level applications. See performance monitoring.

Beware Parkinson’s law

A consequence of our infinite capacity for creativity, people have the enviable skill of making work. In 1955, C. Northcote Parkinson pointed out this fact in The Economist . What are the implications for capacity management?

"It is a commonplace observation that work expands so as to fill the time available for its completion. Thus, an elderly lady of leisure can spend the entire day in writing and despatching a postcard to her niece at Bognor Regis. An hour will be spent in finding the postcard, another in hunting for spectacles, half-an-hour in a search for the address, an hour and a quarter in composition, and twenty minutes in deciding whether or not to take an umbrella when going to the pillar-box in the next street."

C. Northcote Parkinson, The Economist, 1955

Info-Tech Insight

If you give people lots of capacity, they will use it. Most shops are overprovisioned, and in some cases that’s throwing perfectly good money away. Don’t be afraid to prod if someone requests something that doesn’t seem right.

Optimally align demand and capacity

When it comes to managing your capacity, look for any additional efficiencies.

Questions to ask:

• Are there any infrastructure services that are not being used to their full potential, sitting idle, or allocated to non-critical or zombie functions?
  • Are you managing your virtual servers? If, for example, you experience a seasonal spike in demand, are you leaving virtual machines running after the fact?
• Do your organization’s policies and your infrastructure setup allow for the use of development resources for production during periods of peak demand?
• Can you make organizational or process changes in order to satisfy demand more efficiently?

In brief

Who isn’t a sports fan? Big games mean big stakes for pool participants and armchair quarterbacks—along with pressure on the network as fans stream games from their work computers. One organization suffered from this problem, and, instead of taking a hardline and banning all streams, opted to stream the game on a large screen in a conference room where those interested could work for its duration. This alleviated strain on the network and kept staff happy.

Shutting off an idle cloud to cut costs

CASE STUDY

Industry:Professional Services

Source:Interview

24/7 AWS = round-the-clock costs

A senior developer realized that his development team had been leaving AWS instances running without any specific reason.

Why?

The development team appreciated the convenience of an always-on instance and, because the people spinning them up did not handle costs, the problem wasn’t immediately apparent.

Resolution

In his spare time over the course of a month, the senior developer wrote a program to manage the servers, including shutting them down during times when they were not in use and providing remote-access start-up when required. His team alone saved $30,000 in costs over the next six months, and his team lead reported that it would have been more than worth paying the team to implement such a project on company time.

Identify inefficiencies in order to remediate them

3.2c 20 minutes per service

Instructions

1. Gather the infrastructure team together and discuss existing capacity and demand. Use the inputs from your data analysis and stakeholder meetings to set the stage for your discussion.
2. Solicit ideas about potential inefficiencies from your participants:

• Are VMs effectively allocated? If you need 7 VMs to address a spike, are those VMs being reallocated post-spike?
• Are developers leaving instances running in the cloud?
• Are particular services massively overprovisioned?
• What are the biggest infrastructure line items? Are there obvious opportunities for cost reduction there?

Input

• Gold systems
• Data inputs

Output

• Inefficiencies

Materials

• Whiteboard
• Markers

Participants

• Capacity manager
• Infrastructure staff

Info-Tech Insight

The most effective capacity management takes a holistic approach and looks at the big picture in order to find ways to eliminate unnecessary infrastructure usage, or to find alternate or more efficient sources of required capacity.

Dodging the toll troll by rerouting traffic

CASE STUDY

Industry:Telecommunications

Source: Interview

High-cost lines

The capacity manager at a telecommunications provider mapped out his firm’s network traffic and discovered they were using a number of VP circuits (inter building cross connects) that were very expensive on the scale of their network.

Paying the toll troll

These VP circuits were supplying needed network services to the telecom provider’s clients, so there was no way to reduce this demand.

Resolution

The capacity manager analyzed where the traffic was going and compared this to the cost of the lines they were using. After performing the analysis, he found he could re-route much of the traffic away from the VP circuits and save on costs while delivering the same level of service to their users.

Compare the data across business, component, and service levels, and project your capacity needs

3.2d 2 hour session/meeting

Make informed decisions about capacity. Remember: retain all documentation. It might come in handy for the justification of purchases.

Instructions

1. Using either a dedicated tool or generic spreadsheet software like Excel or Sheets, evaluate capacity trends. Ask the following questions:

• Are there times when application performance degraded, and the service level was disrupted?
• Are there times when certain components or systems neared, reached, or exceeded available capacity?
• Are there seasonal variations in demand?
• Are there clear trends, such as ongoing growth of business activity or the usage of certain applications?
• What are the ramifications of trends or patterns in relation to infrastructure capacity?

Compare current capacity to your projections

3.2e Section 5 of the Capacity Plan Template

Capacity management (and, by extension, availability management) is a combination of two balancing acts: cost against capacity and supply and demand.*

Instructions

1. Compare your projections with your reality. You already know whether or not you have enough capacity given your lead times. But do you have too much? Compare your sub-component capacity projections to your current state.
2. Highlight any outliers. Is there a particular service that is massively overprovisioned?
3. Evaluate the reasons for the overprovisioning.

• Is the component critically important?
• Did you get a great deal on hardware?
• Is it an oversight?

*Office of Government Commerce 2001, 119.

In brief

The fractured nature of the capacity management space means that every organization is going to have a slightly different tooling strategy. No vendor has dominated, and every solution requires some level of customization. One capacity manager (a cloud provider, no less!) relayed a tale about a capacity management Excel sheet programmed with 5,000+ lines of code. As much work as that is, a bespoke solution is probably unavoidable.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

Book a workshop with our Info-Tech analysts:

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

3.2

Map business needs to technical requirements and technical requirements to infrastructure requirements

The analyst will guide workshop participants in using their organization’s data to map out the relationships between applications, technical requirements, and the underlying infrastructure usage.

Phase 3 Guided Implementation

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

PHASE 4

Identify and Mitigate Risks

Step 4.1: Identify and mitigate risks

This step will walk you through the following activities:

• Identify potential risks.
• Determine strategies to mitigate risks.
• Complete your capacity management plan.

This involves the following participants:

• Capacity manager
• Infrastructure team members
• Business stakeholders

Outcomes of this step

• Strategies for reducing risks
• Capacity management plan

Understand what happens when capacity/availability management fails

1. Services become unavailable. If availability and capacity management are not constantly practiced, an inevitable consequence is downtime or a reduction in the quality of that service. Critical sub-component failures can knock out important systems on their own.
2. Money is wasted. In response to fears about availability, it’s entirely possible to massively overprovision or switch entirely to a pay-as-you-go model. This, unfortunately, brings with it a whole host of other problems, including overspending. Remember: infinite capacity means infinite potential cost.
3. IT remains reactive and is unable to contribute more meaningfully to the organization. If IT is constantly putting out capacity/availability-related fires, there is no room for optimization and activities to increase organizational maturity. Effective availability and capacity management will allow IT to focus on other work.

Mitigate availability and capacity risks

Availability: how often a service is usable (that is to say up and not too degraded to be effective). Consequences of reduced availability can include financial losses, impacted customer goodwill, and reduced faith in IT more generally.

Causes of availability issues:

• Poor capacity management – a service becomes unavailable when there is insufficient supply to meet demand. This is the result of poor capacity management.
• Scheduled maintenance – services go down for maintenance with some regularity. This needs to be baked into service-level negotiations with vendors.
• Vendor outages – sometimes vendors experience unplanned outages. There is typically a contract provision that covers unplanned outages, but that doesn’t change the fact that your service will be interrupted.

Capacity: a particular component’s/service’s/business’ wiggle room. In other words, its usage ceiling.

Causes of capacity issues:

• Poor demand management – allowing users to run amok without any regard for how capacity is sourced and paid for.
• Massive changes in legitimate demand – more usage means more demand.
• Poor capacity planning – predictable changes in demand that go unaddressed can lead to capacity issues.

Add additional potential causes of availability and capacity risks as needed

4.1a 30 minutes

Availability and capacity issues can stem from a number of different causes. Include a list in your availability and capacity management plan.

Instructions

1. Gather the group together. Go around the room and have participants provide examples of incidents and problems that have been the result of availability and capacity issues.
2. Pose questions to the group about the source of those availability and capacity issues.

• What could have been done differently to avoid these issues?
• Was the availability/capacity issue a result of a faulty internal/external SLA?

Input

• Capacity Snapshot Tool results

Output

• Additional sources of availability and capacity risks

Materials

• Capacity Plan Template

Participants

• Capacity manager
• Infrastructure staff

Info-Tech Insight

Availability and capacity problems result in incidents, critical incidents, and problems. These are addressed in a separate project (incident and problem management), but information about common causes can streamline that process.

Identify capacity risks and mitigate them

4.1b 30 minutes

Based on your understanding of your capacity needs (through written SLAs and informal but regular meetings with the business) highlight major risks you foresee.

Instructions

1. Make a chart with two columns on a whiteboard. They should be labelled “risk” and “mitigation” respectively.
2. Record risks to capacity you have identified in earlier activities.

• Refer to the Capacity Snapshot Tool for components that are highlighted in red and yellow. These are specific components that present special challenges. Identify the risk(s) in as much detail as possible. Include service and business risks as well.
• Examples: a marketing push will put pressure on the web server; a hiring push will require more Office 365 licenses; a downturn in registration will mean that fewer VMs will be required to run the service.

Input

• Capacity Snapshot Tool results

Output

• Inefficiencies

Materials

• Whiteboard
• Markers

Participants

• Capacity manager
• Infrastructure staff

Info-Tech Insight

It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.

Identify capacity risks and mitigate them (cont.)

4.1b 1.5 hours

Instructions (cont.)

3. Begin developing mitigation strategies. Options for responding to known capacity risks fall into one of two camps:

• Acceptance: responding to the risk is costlier than acknowledging its existence without taking any action. For gold systems, acceptance is typically not acceptable.
• Mitigation: limiting/reducing, eliminating, or transferring risk (Herrera) comprise the sort of mitigation discussed here.
  • Limiting/reducing: taking steps to improve the capacity situation, but accepting some level of risk (spinning up a new VM, pushing back on demands from the business, promoting efficiency).
  • Eliminating: the most comprehensive (and most expensive) mitigation strategy, elimination could involve purchasing a new server or, at the extreme end, building a new datacenter.
  • Transfer: “robbing Peter to pay Paul,” in the words of capacity manager Todd Evans, is one potential way to limit your exposure. Is there a less critical service that can be sacrificed to keep your gold service online?

Input

• Capacity Snapshot Tool results

Output

• Capacity risk mitigations

Materials

• Whiteboard
• Markers

Participants

• Capacity manager
• Infrastructure staff

Info-Tech Insight

It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.

Identify availability risks and mitigate them

4.1c 30 minutes

While capacity management is a form of availability management, it is not the only form. In this activity, outline the specific nature of threats to availability.

Instructions

1. Make a chart with two columns on a whiteboard. They should be labelled “risk” and “mitigation” respectively.
2. Begin brainstorming general availability risks based on the following sources of information/categories:

• Vendor outages
• Disaster recovery
• Historical availability issues

Input

• Capacity Snapshot Tool results

Output

• Availability risks and mitigations

Materials

• Whiteboard
• Markers

Participants

• Capacity manager
• Infrastructure staff

Info-Tech Best Practice

A dynamic central repository is a good way to ensure that availability issues stemming from a variety of causes are captured and mitigated.

Identify availability risks and mitigate them (cont.)

4.1c 1.5 hours

Although it is easier said than done, identifying potential mitigations is a crucial part of availability management as an activity.

Instructions (cont.)

3. Begin developing mitigation strategies. Options for responding to known capacity risks fall into one of two camps:

• Acceptance – responding to the risk is costlier than taking it on. Some unavailability is inevitable, between maintenance and unscheduled downtime. Record this, though it may not require immediate action.
• Mitigation strategies:
  • Limiting/reducing – taking steps to increase availability of critical systems. This could include hot spares for unreliable systems or engaging a new vendor.
  • Eliminating – the most comprehensive (and most expensive) mitigation strategy. It could include selling.
  • Transfer – “robbing Peter to pay Paul,” in the words of capacity manager Todd Evans, is one potential way to limit your exposure. Is there a less critical service that can be sacrificed to keep your gold service online?

Input

• Capacity Snapshot Tool results

Output

• Availability risks and mitigations

Materials

• Whiteboard
• Markers

Participants

• Capacity manager
• Infrastructure staff

Iterate on the process and present your completed availability and capacity management plan

The stakeholders consulted as part of the process will be interested in its results. Share them, either in person or through a collaboration tool.

The current status of your availability and capacity management plan should be on the agenda for every stakeholder meeting. Direct the stakeholders’ attention to the parts of the document that are relevant to them, and solicit their thoughts on the document’s accuracy. Over time you should get a pretty good idea of who among your stakeholder group is skilled at projecting demand, and who over- or underestimates, and by how much. This information will improve your projections and, therefore, your management over time.

Info-Tech Insight

Use the experience gained and the artifacts generated to build trust with the business. The meetings should be regular, and demonstrating that you’re actually using the information for good is likely to make hesitant participants in the process more likely to open up.

If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop.

Book a workshop with our Info-Tech analysts:

• To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
• Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
• Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

The following are sample activities that will be conducted by Info-Tech analysts with your team:

4.1

Identify capacity risks and mitigate them

The analyst will guide workshop participants in identifying potential risks to capacity and determining strategies for mitigating them.

Phase 4 Guided Implementation

Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

Insight breakdown

Insight 1

Components are critical to availability and capacity management.

The CEO doesn’t care about the SMTP server. She cares about meeting customer needs and producing profit. For IT capacity and availability managers, though, the devil is in the details. It only takes one faulty component to knock out a service. Keep track and keep the lights on.

Insight 2

Ask what the business is working on, not what they need.

If you ask them what they need, they’ll tell you – and it won’t be cheap. Find out what they’re going to do, and use your expertise to service those needs. Use your IT experience to estimate the impact of business and service level changes on the components that secure the availability you need.

Insight 3

Cloud shmoud.

The role of the capacity manager might be changing with the advent of the public cloud, but it has not disappeared. Capacity managers in the age of the cloud are responsible for managing vendor relationships, negotiating external SLAs, projecting costs and securing budgets, reining in prodigal divisions, and so on.

Summary of accomplishment

Knowledge Gained

• Impact of downtime on the organization
• Gold systems
• Key dependencies and sub-components
• Strategy for monitoring components
• Strategy for soliciting business needs
• Projected capacity needs
• Availability and capacity risks and mitigations

Processes Optimized

• Availability management
• Capacity management

Deliverables Completed

• Business Impact Analysis
• Capacity Plan Template

Project step summary

Client Project: Develop an Availability and Capacity Management Plan

1. Conduct a business impact analysis
2. Assign criticality ratings to services
3. Define your monitoring strategy
4. Implement your monitoring tool/aggregator
5. Solicit business needs and gather data
6. Analyze data and project future needs
7. Identify and mitigate risks

Info-Tech Insight

This project has the ability to fit the following formats:

• Onsite workshop by Info-Tech Research Group consulting analysts.
• Do-it-yourself with your team.
• Remote delivery via Info-Tech Guided Implementation.

Research contributors and experts

Adrian Blant, Independent Capacity Consultant, IT Capability Solutions

Adrian has over 15 years' experience in IT infrastructure. He has built capacity management business processes from the ground up, and focused on ensuring a productive dialogue between IT and the business.

James Zhang, Senior Manager Disaster Recovery, AIG Technology

James has over 20 years' experience in IT and 10 years' experience in capacity management. Throughout his career, he has focused on creating new business processes to deliver value and increase efficiency over the long term.

Mayank Banerjee, CTO, Global Supply Chain Management, HelloFresh

Mayank has over 15 years' experience across a wide range of technologies and industries. He has implemented highly automated capacity management processes as part of his role of owning and solving end-to-end business problems.

Mike Lynch, Consultant, CapacityIQ

Mike has over 20 years' experience in IT infrastructure. He takes a holistic approach to capacity management to identify and solve key problems, and has developed automated processes for mapping performance data to information that can inform business decisions.

Paul Waguespack, Manager of Application Systems Engineering, Tufts Health Plan

Paul has over 10 years' experience in IT. He has specialized in implementing new applications and functionalities throughout their entire lifecycle, and integrating with all aspects of IT operations.

Richie Mendoza, IT Consultant, SMITS Inc.

Richie has over 10 years' experience in IT infrastructure. He has specialized in using demand forecasting to guide infrastructure capacity purchasing decisions, to provide availability while avoiding costly overprovisioning.

Rob Thompson, President, IT Tools & Process

Rob has over 30 years’ IT experience. Throughout his career he has focused on making IT a generator of business value. He now runs a boutique consulting firm.

Todd Evans, Capacity and Performance Management SME, IBM

Todd has over 20 years' experience in capacity and performance management. At Kaiser Permanente, he established a well-defined mapping of the businesses workflow processes to technical requirements for applications and infrastructure.

Bibliography

451 Research. “Best of both worlds: Can enterprises achieve both scalability and control when it comes to cloud?” 451 Research, November 2016. Web.

Allen, Katie. “Work Also Shrinks to Fit the Time Available: And We Can Prove It.” The Guardian. 25 Oct. 2017.

Amazon. “Amazon Elastic Compute Cloud.” Amazon Web Services. N.d. Web.

Armandpour, Tim. “Lies Vendors Tell about Service Level Agreements and How to Negotiate for Something Better.” Network World. 12 Jan 2016.

“Availability Management.” ITIL and ITSM World. 2001. Web.

Availability Management Plan Template. Purple Griffon. 30 Nov. 2012. Web.

Bairi, Jayachandra, B., Murali Manohar, and Goutam Kumar Kundu. “Capacity and Availability Management by Quantitative Project Management in the IT Service Industry.” Asian Journal on Quality 13.2 (2012): 163-76. Web.

BMC Capacity Optimization. BMC. 24 Oct 2017. Web.

Brooks, Peter, and Christa Landsberg. Capacity Management in Today’s IT Environment. MentPro. 16 Aug 2017. Web.

"Capacity and Availability Management." CMMI Institute. April 2017. Web.

Capacity and Availability Management. IT Quality Group Switzerland. 24 Oct. 2017. Web.

Capacity and Performance Management: Best Practices White Paper. Cisco. 4 Oct. 2005. Web.

"Capacity Management." Techopedia.

“Capacity Management Forecasting Best Practices and Recommendations.” STG. 26 Jan 2015. Web.

Capacity Management from the Ground up. Metron. 24 Oct. 2017. Web.

Capacity Management in the Modern Datacenter. Turbonomic. 25 Oct. 2017. Web.

Capacity Management Maturity Assessing and Improving the Effectiveness. Metron. 24 Oct. 2017. Web.

“Capacity Management Software.” TeamQuest. 24 Oct 2017. Web,

Capacity Plan Template. Purainfo. 11 Oct 2012. Web.

“Capacity Planner—Job Description.” Automotive Industrial Partnership. 24 Oct. 2017. Web.

Capacity Planning. CDC. Web. Aug. 2017.

"Capacity Planning." TechTarget. 24 Oct 2017. Web.

“Capacity Planning and Management.” BMC. 24 Oct 2017. Web.

"Checklist Capacity Plan." IT Process Wiki. 24 Oct. 2017. Web.

Dykes, Brent. “Actionable Insights: The Missing Link Between Data and Business Value.” Forbes. April 26, 2016. Web.

Evolved Capacity Management. CA Technologies. Oct. 2013. Web.

Francis, Ryan. “False positives still cause threat alert fatigue.” CSO. May 3, 2017. Web.

Frymire, Scott. "Capacity Planning vs. Capacity Analytics." ScienceLogic. 24 Oct. 2017. Web.

Glossary. Exin. Aug. 2017. Web.

Herrera, Michael. “Four Types of Risk Mitigation and BCM Governance, Risk and Compliance.” MHA Consulting. May 17, 2013.

Hill, Jon. How to Do Capacity Planning. TeamQuest. 24 Oct. 2017. Web.

“How to Create an SLA in 7 Easy Steps.” ITSM Perfection. 25 Oct. 2017. Web.

Hunter, John. “Myth: If You Can’t Measure It: You Can’t Manage It.” W. Edwards Deming Institute Blog. 13 Aug 2015. Web.

IT Service Criticality. U of Bristol. 24 Oct. 2017. Web.

"ITIL Capacity Management." BMC's Complete Guide to ITIL. BMC Software. 22 Dec. 2016. Web.

“Just-in-time.” The Economist. 6 Jul 2009. Web.

Kalm, Denise P., and Marv Waschke. Capacity Management: A CA Service Management Process Map. CA. 24 Oct. 2017. Web.

Klimek, Peter, Rudolf Hanel, and Stefan Thurner. “Parkinson’s Law Quantified: Three Investigations in Bureaucratic Inefficiency.” Journal of Statistical Mechanics: Theory and Experiment 3 (2009): 1-13. Aug. 2017. Web.

Landgrave, Tim. "Plan for Effective Capacity and Availability Management in New Systems." TechRepublic. 10 Oct. 2002. Web.

Longoria, Gina. “Hewlett Packard Enterprise Goes After Amazon Public Cloud in Enterprise Storage.” Forbes. 2 Dec. 2016. Web.

Maheshwari, Umesh. “Understanding Storage Capacity.” NimbleStorage. 7 Jan. 2016. Web.

Mappic, Sandy. “Just how complex can a Login Transaction be? Answer: Very!” Appdynamics. Dec. 11 2011. Web.

Miller, Ron. “AWS Fires Back at Larry Ellison’s Claims, Saying It’s Just Larry Being Larry.” Tech Crunch. 2 Oct. 2017. Web.

National College for Teaching & Leadership. “The role of data in measuring school performance.” National College for Teaching & Leadership. N.d. Web,

Newland, Chris, et al. Enterprise Capacity Management. CETI, Ohio State U. 24 Oct. 2017. Web.

Office of Government Commerce . Best Practice for Service Delivery. London: Her Majesty’s Stationery Office, 2001.

Office of Government Commerce. Best Practice for Business Perspective: The IS View on Delivering Services to the Business. London: Her Majesty’s Stationery Office, 2004.

Parkinson, C. Northcote. “Parkinson’s Law.” The Economist. 19 Nov. 1955. Web.

“Parkinson’s Law Is Proven Again.” Financial Times. 25 Oct. 2017. Web.

Paul, John, and Chris Hayes. Performance Monitoring and Capacity Planning. VM Ware. 2006. Web.

“Reliability and Validity.” UC Davis. N.d. Web.

"Role: Capacity Manager." IBM. 2008. Web.

Ryan, Liz. “‘If You Can’t Measure It, You Can’t Manage It’: Not True.” Forbes. 10 Feb. 2014. Web.

S, Lalit. “Using Flexible Capacity to Lower and Manage On-Premises TCO.” HPE. 23 Nov. 2016. Web.

Snedeker, Ben. “The Pros and Cons of Public and Private Clouds for Small Business.” Infusionsoft. September 6, 2017. Web.

Statement of Work: IBM Enterprise Availability Management Service. IBM. Jan 2016. Web.

“The Road to Perfect AWS Reserved Instance Planning & Management in a Nutshell.” Botmetric. 25 Oct. 2017. Web.

Transforming the Information Infrastructure: Build, Manage, Optimize. Asigra. Aug. 2017. Web.

Valentic, Branimir. "Three Faces of Capacity Management." ITIL/ISO 20000 Knowledge Base. Advisera. 24 Oct. 2017. Web.

"Unify IT Performance Monitoring and Optimization." IDERA. 24 Oct. 2017. Web.

"What is IT Capacity Management?" Villanova U. Aug. 2017. Web.

Wolstenholme, Andrew. Final internal Audit Report: IT Availability and Capacity (IA 13 519/F). Transport For London. 23 Feb. 2015. Web.

Transform Your Field Technical Support Services

Improve service and reduce costs through digital transformation.

Analyst Perspective

Improve staffing challenges through digital transformation.

Many IT teams are struggling to keep up with demand while trying to refocus on customer service. With more remote workers than ever, organizations who have traditionally provided desktop and field services have been revaluating the role of the field service technicians. Add in the price of fuel, and there is even more reason to assess the support model. Often changes to the way IT does support, especially if moving centralized support to an outsourcer, is met with resistance by end users who don’t see the value of phoning someone else when their local technician is still available to problem solve. This speaks to the need to ensure the central group is providing value to end users as well as the technical team. With the challenges of finding the right number of technicians with the right skills, it’s time to rethink remote support and how that can be used to train and upskill the people you have. And it’s time to think about how to use field services tools to make the best use of your technician’s time.

Sandi Conrad

Principal Research Director

Infrastructure & Operations Practice

Info-Tech Research Group

Executive Summary

Your Challenge

With remote work becoming a normal employee offering for many organizations, self-serve/self-solve becoming more prominent, and a common call out to improve customer service, there is a need to re-examine the way many organizations are supplying onsite support. For organizations with a small number of offices, a central desk with remote tools may be enough or can be combined with a concierge service or technical center, but for organizations with multiple offices it becomes difficult to provide a consistent level of service for all customers unless there is a team onsite for each location. This may not be financially possible if there isn’t enough work to keep a technical team busy full-time.

Common Obstacles

Where people have a choice between calling a central phone number or talking to the technician down the hall, the in-person experience often wins out. End users may resist changes to in-person support as work is rerouted to a centralized group by choosing to wait for their favorite technician to show up onsite rather than reporting issues centrally. This can make the job of the onsite technician more challenging as they need to schedule time in every visit for unplanned work. And where technicians need to support multiple locations, travel needs to be calculated into lost technician time and costs.

Info-Tech’s Approach

• Service needs to be defined in a way that considers the organizational need for local, hands-on technicians, the need for customer service, and the need to make the best use of resources that you have.
• Service-level agreements will need to be refined and metrics will need to be analyzed for capacity and skilled planning.
• Organizational change management will be key to persuade users to engage with the technical team in a way that supports the new structure.

Info-Tech Insight

Improving process will be helpful for smaller teams, but as teams expand or work gets more complicated, investment in appropriate tools to support field services technicians will enable them to be more efficient, reduce costs, and improve outcomes when visits are warranted.

Your challenge

This research is designed to help organizations who are looking to:

• Redefine the role of deskside or field technicians as demand for service evolves and service teams are restructured.
• Redefine the role of onsite technicians when the help desk is outsourced.
• Define requirements when supplementing with outsourced field services teams.
• Identify barriers to streamlining processes.
• Look for opportunities to streamline processes and better use technical teams.
• Communicate and manage change to support roles.

With many companies having new work arrangements for users, where remote work may be a permanent offering or if your digital transformation is well underway, this provides an opportunity to rethink how field support needs to be done.

What is field services?

Field services is in-person support delivered onsite at one or more locations. Management of field service technicians may include queue management, scheduling service and maintenance requests, triaging incidents, dispatching technicians, ordering parts, tracking job status, and billing.

What challenges are you trying to solve within your field services offering?

Focus on the reasons for the change to ensure the outcome can be met. Common goals include improved customer service, better technician utilization, and increased response time and stability.

• Discuss specific challenges the team feels are contributing to less-than-ideal customer service.
• Does the team have the skills, knowledge, and tools they need to be successful? Technicians may be solving issues with the customer looking over their shoulder. Having quick access to knowledge articles or to subject matter experts who can provide deeper expertise remotely may be the difference between a single visit to resolve or multiple or extended visits.
• What percentage of tickets would benefit from triage and troubleshooting done remotely before sending a technician onsite? Where there are a high number of no-fault-found visits, this may be imperative to improving technician availability.
• Review method for distribution of tickets, including batching criteria and dispatching of technicians. Are tickets being dispatched efficiently? By location and/or priority? Is there an attempt to solve more tickets centrally? Should there be? What SLA adjustment is reasonable for onsite visits?
• Has the support value been defined?

Field services will see the biggest improvements through technology updates

Customer Intake Provide tools for scheduling technicians, self-serve and self- or assisted-solve through ITSM or CRM-based portal and visual remote tools.		Triage and Troubleshoot Upgrade remote tools to visual remote solutions to troubleshoot equipment as well as software. Eliminate no-fault-found visits and improve first-time fix rate by visually inspecting equipment before technician deployments.
Improve Communications FSM GPS and SMS updates can be set to notify customers when a technician is close by and can be used for customer sign-off to immediately update service records and launch survey or customer billing where applicable.		Schedule Technicians Field service management (FSM) ITSM modules will allow skills-based scheduling for remote technicians and determine best route for multi-site visits.
Enable Work From Anywhere FSM mobile applications can provide technicians with daily schedules, turn-by-turn directions, access to inventory, knowledge articles, maintenance, and warranty and asset records. Visual remote captures service records and enables access to SMEs.		Manage Expectations Know where technicians are for routing to emergency calls and managing workload using field service management solutions with GPS.

Digital transformation can dramatically improve customer and technician experience

Sources: 1 - TechSee, 2019; 2 - Glartek; 3 - Geoforce; 4 - TechSee, 2020

Improve technician utilization and scheduling with field services management software

Field services management (FSM) software is designed to improve scheduling of technicians by skills and location while reducing travel time and mileage. When integrated with ITSM software, the service record is transferred to the field technician for continuity and to prepare for the job. FSM mobile apps will enable technicians to receive schedule updates through the day and through GPS update the dispatcher as technicians move from site to site.

Improve time to resolve while cutting costs by using visual remote support tools

Visual remote support tools enable live video sessions to clearly see what the client or field service technician sees, enabling the experts to provide real-time assistance where the experts will provide guidance to the onsite person. Getting a view of the technology will reduce issues with getting the right parts, tools, and technicians onsite and dramatically reduce second visits.

Develop Infrastructure & Operations Policies and Procedures

Document what you need to document and forget the rest.

Table of contents

Project Rationale

Project Outlines

• Phase 1: Identify Policy and Procedure Gaps
• Phase 2: Develop Policies
• Phase 3: Document Effective Procedures

Bibliography

ANALYST PERSPECTIVE

Document what you need to document now and forget the rest.

Our understanding of the problem

This Research Is Designed For:

• Infrastructure Managers
• Chief Technology Officers
• IT Security Managers

This Research Will Help You:

• Address policy gaps
• Develop effective procedures and procedure documentation to support policy compliance

This Research Will Also Assist:

• Chief Information Officers
• Enterprise Risk and Compliance Officers
• Chief Human Resources Officers
• Systems Administrators and Engineers

This Research Will Help Them:

• Understand the importance of a coherent approach to policy development
• Understand the importance of Infrastructure & Operations policies
• Support Infrastructure & Operations policy development and enforcement

Info-Tech Best Practice

This blueprint supports templates for key policies and procedures that help Infrastructure & Operations teams to govern and manage internal operations. For security policies, see the NIST SP 800-171 aligned Info-Tech blueprint, Develop and Deploy Security Policies.

Executive Summary

Situation

• Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
• Standard operating procedures are less effective without a policy to provide a clear mandate and direction.

Complication

• Existing policies were written, approved, signed – and forgotten for years because no one has time to maintain them.
• Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
• Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.

Resolution

• Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
• Create effective policies that are reasonable, measurable, auditable, and enforceable.
• Create and document procedures to support policy changes.

Info-Tech Insight

1. Document what you need to document and forget the rest.
   Always check if a previously approved policy exists before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.
2. Support policies with documented procedures.
   Build procedures that embed policy adherence in daily operations. Find opportunities to automate policy adherence (e.g. removing local admin rights from user computers).

What are policies, procedures, and processes?

A policy is a governing document that states the long-term goals of the organization and in broad strokes outlines how they will be achieved (e.g. a Data Protection Policy).

In the context of policies, a procedure is composed of the steps required to complete a task (e.g. a Backup and Restore Procedure). Procedures are informed by required standards and recommended guidelines. Processes, guidelines, and standards are three pillars that support the achievement of policy goals.

A process is higher level than a procedure – a set of tasks that deliver on an organizational goal.

Better policies and procedures reduce organizational risk and, by strengthening the ability to execute processes, enhance the organization’s ability to execute on its goals.

Document to improve governance and operational processes

Deliver value

Build, deliver, and support Infrastructure assets in a consistent way, which ultimately reduces costs associated with downtime, errors, and rework. A good manual process is the foundation for a good automated process.

Simplify Training

Use documentation for knowledge transfer. Routine tasks can be delegated to less-experienced staff.

Maintain compliance

Comply with laws and regulations. Policies are often required for compliance, and formally documented and enforced policies help the organization maintain compliance by mandating required due diligence, risk reduction, and reporting activities.

Provide transparency

Build an open kitchen. Other areas of the organization may not understand how Infra & Ops works. Your documentation can provide the answer to the perennial question: “Why does that take so long?”

Info-Tech Best Practice

Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

Document what you need to document – and forget the rest

Half of all organizations believe their policy suite is insufficient. (Info-Tech myPolicies Survey Data (N=59))

Too much documentation and a lack of documentation are both ineffective. (Info-Tech myPolicies Survey Data (N=59))

77% of IT professionals believe their policies require improvement. (Kaspersky Lab)

Presenting: A COBIT-aligned policy suite

We’ve developed a suite of effective policy templates for every Infra & Ops manager based on Info-Tech’s IT Management & Governance Framework.

Info-Tech Best Practice

Look for these symbols as you work through the deck. Prioritize and focus on the policies you work on first based on the value of the policy to the enterprise and the existing gaps in your governance structure.

Use these icons to help direct you as you navigate this research

Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

Info-Tech offers various levels of support to best suit your needs

Diagnostics and consistent frameworks used throughout all four options

Accelerate policy development with a Guided Implementation

Your trusted advisor is just a call away.

• Identify Policy and Procedure Gaps (Calls 1-2)
  Assess current policies, operational challenges, and gaps. Mitigate significant risks first.
• Create and Review Policies (Calls 2-4)
  Modify and review policy templates with an Info-Tech analyst.
• Create and Review Procedures (Calls 4-6)
  Workflow procedures, using templates wherever possible. Review documentation best practices.

Contact Info-Tech to set up a Guided Implementation with a dedicated advisor who will walk you through every stage of your policy development project.

Develop Infrastructure & Operations Policies and Procedures

Phase 1

Identify Policy and Procedure Gaps

PHASE 1: Identify Policy and Procedure Gaps

Step 1.1: Review and right-size the existing policy set

This step will walk you through the following activities:

• Identify gaps in your existing policy suite
• Document challenges to core Infrastructure & Operations processes
• Identify documentation that can close gaps
• Prioritize your documentation effort

This step involves the following participants:

• Infrastructure & Operations Manager
• Infrastructure Supervisors

Results & Insights

• Results: A review of the existing policy suite and identification of opportunities for improvement.
• Insights: Not all gaps necessarily require a fresh policy. Repurpose, refresh, or supplement existing documentation wherever appropriate.

Conduct a policy review

You’ve got time to review your policy suite. Make the most of it.

1. Start with organizational requirements.
   • What initiatives are on the go? What policies or procedures do you have a mandate to create?
2. Weed out expired and dated policies.
   • Gather your existing policies. Identify when each one was published or last reviewed.
   • Decide whether to retire, merge, or update expired or obviously dated policy.
3. Review policy statements.
   • Check that the organization is adequately supporting policy statements with SOPs, standards, and guidelines. Ensure role-related information is up to date.
4. Document and bring any gaps forward to the next activity. If no action is required, indicate that you have completed a review and submit the findings for approval.

But they just want one policy...

• Existing policies may address what you’re trying to do with a new policy. Using or modifying an existing policy avoids overlap and contradiction and saves you the effort required to create, communicate, approve, and maintain a new policy.
• Review the suite to validate that you’re addressing the most important challenges first.

Brainstorm improvements for core Infrastructure & Operations processes

Supplement the list of gaps from your policy review with process challenges.

1. Write out key Infra & Ops–related processes – one piece of flipchart paper per process. You can work through all of these processes or cherry-pick the processes you want to improve first.
2. With participants, write out in point form how you currently execute on these processes (e.g. for Asset Management, you might be tagging hardware, tracking licenses, etc.)
3. Work through a “Start – Stop – Continue” exercise. Ask participants: What should we start doing? What must we stop doing? What do we do currently that’s valuable and must continue? Write ideas on sticky notes.
4. Once you’ve worked through the “Start – Stop – Continue” exercise for all processes, group similar suggestions for improvements.

Asset Management: Manage hardware and software assets across their lifecycle to protect assets and manage costs.

Availability and Capacity Management: Balance current and future availability, capacity, and performance needs with cost-to-serve.

Business Continuity Management: Continue operation of critical business processes and IT services.

Change Management: Deliver technical changes in a controlled manner.

Configuration Management: Define and maintain relationships between technical components.

Problem Management: Identify incident root cause.

Operations Management: Coordinate operations.

Release and Patch Management: Deliver updates and manage vulnerabilities in a controlled manner.

Service Desk: Respond to user requests and all incidents.

PHASE 1: Identify Policy and Procedure Gaps

Step 1.2: Create an action plan to address policy gaps

This step will walk you through the following activities:

• Identify challenges and gaps that can be addressed via documentation
• Prioritize high-value, high-risk gaps

This step involves the following participants:

• Infrastructure & Operations Manager
• Infrastructure Supervisors

Results & Insights

• Results: An action plan to tackle policy and procedures gaps, aligned with business requirements and business value.
• Insights: Not all documentation is equally valuable. Prioritize documentation that delivers value and mitigates risk.

Support policies with procedures, standards, and guidelines

Use a working definition for each type of document.

Policy: Directives, rules, and mandates that support the overarching, long-term goals of the organization.

• Standards: Prescriptive, uniform requirements.
• Procedures: Specific, detailed, step-by-step instructions for completing a task.
• Guidelines: Non-enforceable, recommended best practices.

Info-Tech Best Practice

Take advantage of your Info-Tech advisory membership by scheduling review sessions with an analyst. We provide high-level feedback to ensure your documentation is clear, concise, and consistent and aligns with the governance objectives you’ve identified.

Answer the following questions to decide if governance documentation can help close gaps

1(c) 30 minutes

Documentation supports knowledge sharing, process consistency, compliance, and transparency. Ask the following questions:

1. What is the purpose of the documentation?
   Procedures support task completion. Policies set direction and manage organizational risk.
2. Should it be enforceable?
   Policies and standards are enforceable; guidelines are not. Procedures are enforceable in that they should support policy enforcement.
3. What is the scope?
   To document a task, create a procedure. Set overarching rules with policies. Use standards and guidelines to set detailed rules and best practices.
4. What’s the expected cadence for updates?
   Policies should be revisited and revised less frequently than procedures.

Info-Tech Best Practice

Reinvent the wheel? I don’t think so!

Always check to see if a gap can be addressed with existing tools before drafting a new policy

• Is there an existing policy that could be supported with new or updated procedures, technical standards, or guidelines?
• Is there a technical control you can deploy that would enforce the terms of an existing, approved policy?
• It may be simpler to amend an existing policy instead of creating a new one.

Some problems can’t be solved by better documentation (or by documentation alone). Consider additional strategies that address people, process, and technology.

Tackle high-value, high-risk gaps first

1(d) 30 minutes

Prioritize your documentation effort.

1. List each proposed piece of documentation on the board.
2. Assign a score to the risk posed to the business by the lack of documentation and to the expected benefit of completing the documentation. Use a scoring scale between 1 and 3 such as the one on the right.
3. Prioritize documentation that mitigates risks and maximizes benefits.
4. If you need to break ties, consider effort required to develop, implement, and enforce policies or procedures.

Example Scoring Scale

Info-Tech Insight

Documentation pulls resources away from other important programs and projects, so ultimately it must be a demonstrably higher priority than other work. This exercise is designed to align documentation efforts with business goals.

Phase 1: Review accomplishments

Policy pillars: Standards, Procedures, Guidelines

Summary of Accomplishments

• Identified gaps in the existing policy suite and identified pain points in existing Infra & Ops processes.
• Developed a list of policies and procedures that can address existing gaps and prioritized the documentation effort.

Develop Infrastructure & Operations Policies and Procedures

Phase 2

Develop Policies

PHASE 2: Develop Policies

Step 2.1: Modify policy templates and gather feedback

This step will walk you through the following activities:

• Modify policy templates

This step involves the following participants:

• Infrastructure & Operations Manager
• Technical Writer

Results & Insights

• Results: Your own COBIT-aligned policies built by modifying Info-Tech templates.
• Insights: Effective policies are easy to read and navigate.

Write Good-er: Be Clear, Consistent, and Concise

Effective policies adhere to the three Cs of documentation.

1. Be clear. Make it as easy as possible for a user to learn how to comply with your policy.
2. Be consistent. Write policies that complement each other, not contradict each other.
3. Be concise. Make it as quick and easy as possible to read and understand your policy.

Info-Tech Best Practice

To download the full suite of templates all at once, click the “Download Research” button on the research landing page on the website.

Use the three Cs: Be Clear

Understanding makes compliance possible. Create policy with the goal of making compliance as easy as possible. Use positive, simple language to convey your intentions and rationale to your audience. Staff will make an effort adhere to your policy when they understand the need and are able to comply with the terms.

1. Choose a skilled writer. Select a writer who can write clearly and succinctly.
2. Default to simple language and define key terms. Define scope and key terms upfront. Avoid using technical terms outside of technical documentation; if they’re necessary be sure to define them as well.
3. Use active, positive language. Where possible, tell people what they can do, not what they can’t.
4. Keep the structure simple. Complicated documents are less likely to be understood and read. Use short sentences and paragraphs. Lists are a helpful way to summarize important information. Guide your reader through the document with appropriately named section headers, tables of contents, and numeration.
5. Add a process for handling exceptions. Refer to procedures, standards, and guidelines documentation. Try to keep these links as static as possible. Also, refer to a process for handling exceptions.
6. Manage the integrity of electronic documents. When published electronically, the policy should have restricted editing access or should be published in a non-editable format. Access to the procedure and policy storage database for employees should be read-only.

Info-Tech Insight

Highly effective policies are easy to navigate. Your policies should be “skimmable.” Very few people will fully read a policy before accepting it. Make it easy to navigate so the reader can easily find the policy statements that apply to them.

Use the three Cs: Be Consistent

Ensure that policies are aligned with other organizational policies and procedures. It detracts from compliance if different policies prescribe different behavior in the same situation. Moreover, your policies should reflect the corporate culture and other company standards. Use your policies to communicate rules and get employees aligned with how your company works.

1. Use standard sentences and paragraphs. Policies are usually expressed in short, standard sentences. Lists should also be used when necessary or appropriate.
2. Remember the three Ws. When writing a policy, always be sure to clearly state what the rule is, when it should be applied, and who needs to follow it. Policies should clearly define their scope of application and whether directives are mandatory or recommended.
3. Use an outline format. Using a numbered or outline format will make a document easier to read and will make content easier to look up when referring back to the document at a later time.
4. Avoid amendments. Avoid the use of information that is quickly outdated and requires regular amendment (e.g. names of people).
5. Reference a set of supplementary documents. Codify your tactics outside of the policy document, but make reference to them within the text. This makes it easier to ensure consistency in the behavior prescribed by your policies.

"One of the issues is the perception that policies are rules and regulations. Instead, your policies should be used to say ‘this is the way we do things around here.’" (Mike Hughes CISA CGEIT CRISC, Principal Director, Haines-Watts GRC)

Use the three Cs: Be Concise

Reading and understanding policies shouldn’t be challenging, and it shouldn’t significantly detract from productive time. Long policies are more difficult to read and understand, increasing the work required for employees to comply with them. Put it this way: How often do you read the Terms and Conditions of software you’ve installed before accepting them?

1. Be direct. The quicker you get to the point, the easier it is for the reader to interpret and comply with your policy.
2. Your policy is a rule, not a recipe. Your policy should outline what needs to be accomplished and why – your standards, guidelines, and SOPs address the how.
3. Keep policies short. Nobody wants to read a huge policy book, so keep your policies short.
4. Use additional documentation where needed. In addition to making consistency easier, this shortens the length of your policies, making them easier to read.
5. Policy still too large? Modularize it. If you have an extremely large policy, it’s likely that it’s too widely scoped or that you’re including statements that should be part of procedure documentation. Consider breaking your policy into smaller, focused, more digestible documents.

"If the policy’s too large, people aren’t going to read it. Why read something that doesn’t apply to me?" (Carole Fennelly, Owner and Principal, cFennelly Consulting)

"I always try to strike a good balance between length and prescriptiveness when writing policy. Your policies … should be short and describe the problem and your approach to solving it. Below policies, you write standards, guidelines, and SOPs." (Michael Deskin, Policy and Technical Writer, Canadian Nuclear Safety Commission)

Customize policy documents

Use the policies templates to support key Infrastructure & Operations programs.

INPUT: List of prioritized policies

OUTPUT: Written policy drafts ready for review

Materials: Policy templates

Participants: Policy writer, Signing authority

No policy template will be a perfect fit for your organization. Use Info-Tech’s research to develop your organization’s program requirements. Customize the policy templates to support those requirements.

1. Work through policies from highest to lowest priority as defined in Phase 1.
2. Follow the instructions written in grey text to customize the policy. Follow the three Cs when you write your policy.
3. When your draft is finished, prepare to request signoff from your signing authority by reviewing the draft with an Info-Tech analyst.
4. Complete the highest ranked three or four draft policies. Review all these policies with relevant stakeholders and include all relevant signing authorities in the signoff process.
5. Rinse and repeat. Iterate until all relevant polices are complete.

Request, Incident, and Problem Management

An effective, timely service desk correlates with higher overall end-user satisfaction across all other IT services. (Info-Tech Research Group, 2016 (N=25,998))

Use the following template to create a policy that outlines the goals and mandate for your service and support organization:

• IT Triage and Support Policy

Support the program and associated policy statements using Info-Tech’s research:

• Standardize the Service Desk
• Incident and Problem Management
• Design & Build a User-Facing Service Catalog

Embrace Standardization

• Outline the support and service mandate with the policy. Support the policy with the methodology in Info-Tech’s research.
• Over time, organizations without standardized processes face confusion, redundancies, and cost overruns. Standardization avoids wasting energy and effort building new solutions to solved issues.
• Standard processes for IT services define repeatable approaches to work and sandbox creative activities.
• Create tickets for every task and categorize them using a standard classification system. Use the resulting data to support root-cause analysis and long-term trend management.
• Create a single point of contact for users for all incidents and requests. Escalate and resolve tickets faster.
• Empower end users and technicians with knowledge bases that help them solve problems without intervention.

Change, Release, and Patch Management

Slow turnaround, unauthorized changes, and change-related incidents are all too familiar to many managers.

Use the following templates to create policies that define effective patch, release, and change management:

• Change Management Policy
• Release and Patch Management Policy
• Change Control – Freezes & Risk Evaluation Policy

Ensure the policy is supported by using the following Info-Tech research:

• Optimize Change Management

Embrace Change

• IT system owners resist change management when they see it as slow and bureaucratic.
• At the same time, an increasingly interlinked technical environment may cause issues to appear in unexpected places. Configuration management systems are often not kept up to date, so preventable conflicts get missed.
• No process exists to support the identification and deployment of critical security patches. Tracking down users to find a maintenance window takes significant, dedicated effort and intervention from the management team.
• Create a unified change management process that reduces risk and is balanced in its approach toward deploying changes, while also maintaining throughput of patches, fixes, enhancements, and innovation.

IT Asset Management (ITAM)

A proactive, dynamic ITAM program will pay dividends in support, contract management, appropriate provisioning, and more.

Start by outlining the requirements for effective asset management:

• Hardware Asset Management Policy
• Software Asset Management Policy

Support ITAM policies with the following Info-Tech research:

• Implement IT Asset Management

Leverage Asset Data

• Create effective, directional policies for your asset management program that provide a mandate for action. Support the policies with robust procedures, capable staff, and right-fit technology solutions.
• Poor management of assets generally leads to higher costs due to duplicated purchases, early replacement, loss, and so on.
• Visibility into asset location and ownership improves security and accountability.
• A centralized repository of asset data supports request fulfilment and incident management.
• Asset management is an ongoing program, not a one-off project, and must be resourced accordingly. Organizations often implement an asset management program and let it stagnate.

"Many of the large data breaches you hear about… nobody told the sysadmin the client data was on that server. So they weren’t protecting and monitoring it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

Business Continuity Management (BCM)

Streamline the traditional approach to make BCM practical and repeatable.

Set the direction and requirements for effective BCM:

• Business Continuity Management Policy

Support the BCM policy with the following Info-Tech research:

• Create a Right-Sized Disaster Recovery Plan
• Develop a Business Continuity Plan

Build Organizational Resilience

• Evidence of disaster recovery and business continuity planning is increasingly required to comply with regulations, mitigate business risk, and meet customer demands.
• IT leaders are often asked to take the lead on business continuity, but overall accountability for business continuity rests with the board of directors, and each business unit must create and maintain its business continuity plan.
• Set an organizational mandate for BCM with the policy.
• Divide the business continuity mandate into manageable parcels of work. Follow Info-Tech’s practical methodology to tackle key disaster recovery and business continuity planning activities one at a time.

Info-Tech Best Practice

Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

Availability, Capacity, and Operations Management

What was old is new again. Use time-tested techniques to manage and plan cloud capacity and costs.

Set the direction and requirements for effective availability and capacity management:

• Availability and Capacity Management Policy
• System Maintenance Policy – NIST

Support the policy with the following Info-Tech research:

• Develop an Availability and Capacity Management Plan
• Improve IT Operations Management
• Develop an IT Infrastructure Services Playbook

Mature Service Delivery

• Hybrid IT deployments – managing multiple locations, delivery models, and service providers – are the future of IT. Hybrid deployments significantly complicate capacity planning and operations management.
• Effective operations management practices develop structured processes to automate activities and increase process consistency across the IT organization, ultimately improving IT efficiency.
• Trying to add mature service delivery can feel like playing whack-a-mole. Systematically improve your service capabilities using the tactical, iterative approach outlined in Improve IT Operations Management.

Enhance your overall security posture with a defensible, prescriptive policy suite

Align your security policy suite with NIST Special Publication 800-171.

Security policies support the organization’s larger security program. We’ve created a dedicated research blueprint and a set of templates that will help you build security policies around a robust framework.

• Start with a security charter that aligns the security program with organizational objectives.
• Prioritize security policies that address significant risks.
• Work with technical and business stakeholders to adapt Info-Tech’s NIST SP 800-171–aligned policy templates (at right) to reflect your organizational objectives.

Review and download Info-Tech's blueprint Develop and Deploy Security Policies.

Info-Tech Best Practice

Customize Info-Tech’s policy framework to align your policy suite to NIST SP 800-171. Given NIST’s requirements for the control of confidential information, organizations that align their policies to NIST standards will be in a strong governance position.

PHASE 2: Develop Policies

Step 2.2: Implement, enforce, measure, and maintain new policies

This step will walk you through the following activities:

• Gather stakeholder feedback
• Identify preventive and detective controls
• Identify required supports
• Seek policy approval
• Establish roles and responsibilities for policy maintenance

This step involves the following participants:

• Infrastructure & Operations Manager
• Infrastructure Supervisors
• Technical Writer
• Policy Stakeholders

Results & Insights

• Results: Well-supported policies that have received signoff.
• Insights: If you’re not prepared to enforce the policy, you might not actually need a policy. Use the policy statements as guidelines or standards, create and implement procedures, and build a culture of compliance. Once you can confidently execute on required controls, seek signoff.

Gather feedback from users to assess the feasibility of the new policies

2(b) Review period: 1-2 weeks

Once the policies are drafted, roundtable the drafts with stakeholders.

INPUT: Draft policies

OUTPUT: Reviewed policy drafts ready for approval

Materials: Policy drafts

Participants: Policy stakeholders

1. Form a test group of users who will be affected by the policy in different ways. Keep the group to around five staff.
2. Present new policies to the testers. Allow them to read the documents and attempt to comply with the new policies in their daily routines.
3. Collect feedback from the group.
   • Consider using interviews, email surveys, chat channels, or group discussions.
   • Solicit ideas on how policy statements could be improved or streamlined.
4. Make reasonable changes to the first draft of the policies before submitting them for approval. Policies will only be followed if they’re realistic and user friendly.

Info-Tech Best Practice

Allow staff the opportunity to provide input on policy development. Giving employees a say in policy development helps avoid obstacles down the road. This is especially true if you’re trying to change behavior rather than lock it in.

Develop mechanisms for monitoring and enforcement

Brainstorm preventive and detective controls.

INPUT: Draft policies

OUTPUT: Reviewed policy drafts ready for approval

Materials: Policy drafts

Participants: Policy stakeholders

Preventive controls are designed to discourage or pre-empt policy breaches before they occur. Training, approvals processes, and segregation of duties are examples of preventive controls. (Ohio University)

Detective controls help enforce the policy by identifying breaches after they occur. Forensic analysis and event log auditing are examples of detective controls. (Ohio University)

Not all policies require the same level of enforcement. Policies that are required by law or regulation generally require stricter enforcement than policies that outline best practices or organizational values.

Identify controls and enforcement mechanisms that are in line with policy requirements. Build control and enforcement into procedure documentation as needed.

Suggestions:

1. Have staff sign off on policies. Disclose any monitoring/surveillance.
2. Ensure consequences match the severity of the infraction. Document infractions and ensure that enforcement is applied consistently across all infractions.
3. Automatic controls shouldn’t get in the way of people’s ability to do their jobs. Test controls with users before you roll them out widely.

Support the policy before seeking approval

A policy is only as strong as its supporting pillars.

Create Standards

Standards are requirements that support policy adherence. Server builds and images, purchase approval criteria, and vulnerability severity definitions can all be examples of standards that improve policy adherence.

Where reasonable, use automated controls to enforce standards. If you automate the control, consider how you’ll handle exceptions.

Create Guidelines

If no standards exist – or best practices can’t be monitored and enforced, as standards require – write guidelines to help users remain in compliance with the policy.

Create Procedures: We’ll cover procedure development and documentation in Phase 3.

Info-Tech Insight

In general, failing to follow or strictly enforce a policy creates a risk for the business. If you’re not confident a policy will be followed or enforced, consider using policy statements as guidelines or standards as an interim measure as you update procedures and communicate and roll out changes that support adherence and enforcement.

Seek approval and communicate the policy

Policies ultimately need to be accepted by the business.

• Once the drafts are completed, identify who is in charge of approving the policies.
• Ensure all stakeholders understand the importance, context, and repercussions of the policies.
• The approvals process is about appropriate oversight of the drafted policies. For example:
  • Do the policies satisfy compliance and regulatory requirements?
  • Do the policies work with the corporate culture?
  • Do the policies address the underlying need?

If the draft is rejected:

• Acquire feedback and make revisions.
• Resubmit for approval.

If the draft is approved:

• Set the effective date and a review date.
• Begin communication, training, and implementation.

• Employees must know that there are new policies and understand the steps they must take to comply with the policies in their work.
• Employees must be able to interpret, understand, and know how to act upon the information they find in the policies.
• Employees must be informed on where to get help or ask questions and from whom to request policy exceptions.

"A lot of board members and executive management teams… don’t understand the technology and the risks posed by it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

Identify policy management roles and responsibilities

Discuss and assign roles and responsibilities for ongoing policy management.

"Whether at the level of a government, a department, or a sub-organization: technology and policy expertise complement one another and must be part of the conversation." (Peter Sheingold, Portfolio Manager, Cybersecurity, MITRE Corporation)

Phase 2: Review accomplishments

Effective Policies: Clear, Consistent, and Concise

Summary of Accomplishments

• Built priority policies based on templates aligned with the IT Management & Governance Framework and COBIT 5.
• Reviewed controls and policy supports.
• Assigned roles and responsibilities for ongoing policy maintenance.

Develop Infrastructure & Operations Policies and Procedures

Phase 3

Document Effective Procedures

PHASE 3: Document Effective Procedures

Step 3.1: Scope and outline procedures

This step will walk you through the following activities:

• Prioritize SOP documentation
• Draft workflows using a tabletop exercise
• Modify templates, as applicable

This step involves the following participants:

• Infrastructure & Operations Manager
• Technical Writer
• Infrastructure Supervisors

Results & Insights

• Results: An action plan for SOP documentation and an outline of procedure workflows.
• Insights: Don’t let tools get in the way of documentation – low-tech solutions are often the most effective way to build and analyze workflows.

Prioritize your SOP documentation effort

Build SOP documentation that gets used and doesn’t just check a box.

1. Review the list of procedure gaps from Phase 1. Are any other procedures needed? Are some of the procedures now redundant?
2. Establish the scope of the proposed procedures. Who are the stakeholders? What policies do they support?
3. Run a basic prioritization exercise using a three-point scale. Higher scores mean greater risks or greater benefits. Score the risk of the undocumented procedure to the business (e.g. potential effect on data, productivity, goodwill, health and safety, or compliance). Score the benefit to the business of documenting the procedure (e.g. throughput improvements or knowledge transfer).
4. Different procedures require different formats. Decide on one or more formats that can help you effectively document the procedure:
   • Flowcharts: Depict workflows and decision points. Provide an at-a-glance view that is easy to follow. Can be supported by checklists and diagrams where more detail is required.
   • Checklists: A reminder of what to do, rather than how to do it. Keep instructions brief.
   • Diagrams: Visualize objects, topologies, and connections for reference purposes.
   • Tables: Establish relationships between related categories.
   • Prose: Use full-text instructions where other documentation strategies are insufficient.

Modify the following Info-Tech templates for larger SOPs

Support these processes...	...with these blueprints...	...to create SOPs using these templates.
	Create a Right-Sized Disaster Recovery Plan	DRP Summary
	Implement IT Asset Management	HAM SOP and SAM SOP
	Optimize Change Management	Change Management SOP
	Standardize the Service Desk	Service Desk SOP

Use tabletop planning or whiteboards to draft workflows

3(b) 30 minutes

Tabletop planning is a paper-based exercise in which your team walks through a particular process and maps out what happens at each stage.

OUTPUT: Steps in the current process for one SOP

Materials: Tabletop, pen, and cue cards

Participants: Process owners, SMEs

1. For this exercise, choose one particular process to document.
2. Document each step of the process on cue cards, which can be arranged on the table in sequence.
3. Be sure to include task ownership in your steps.
4. Map out the process as it currently happens – we’ll think about how to improve it later.
5. Keep focused. Stay on task and on time.

Example:

• Step 3: PM reviews new defects daily
• Step 4: PM assigns defects to tech leads
• Step 5: Assigned resource updates status – frequency is based on ticket priority

Info-Tech Insight

Don’t get weighed down by tools. Relying on software or other technological tools can detract from the exercise. Use simple tools such as cue cards to record steps so that you can easily rearrange steps or insert steps based on input from the group.

Collaborate to optimize the SOP

Review the tabletop exercise. What gaps exist in current processes?
How can the processes be made better? What are the outputs and checkpoints?

OUTPUT: Identify steps to optimize the SOP

Materials: Tabletop, pen, and cue cards

Participants: Process owners, SMEs

Example:

• Step 3: PM reviews new defects daily
• NEW STEP: Schedule 10-minute daily defect reviews with PM and tech leads to evaluate ticket priority
• Step 4: PM assigns defects to tech leads
• Step 5: Assigned resource updates status – frequency is based on ticket priority
  • Step 5 Subprocess: Ticket status update
  • Step 5 Output: Ticket status moved to OPEN by assigned resource – acknowledges receipt by assigned resource

A note on colors: Use white cards to record steps. Record gaps on yellow cards (e.g. a process step not documented) and risks on red cards (e.g. only one person knows how to execute a step) to highlight your gaps/to-dos and risks to be mitigated or accepted.

If it’s necessary to clarify complex process flows during the exercise, you can also use green cards for decision diamonds, purple for document/report outputs, and blue for subprocesses.

PHASE 3: Document Effective Procedures

Step 3.2: Document effective procedures

This step will walk you through the following activities:

• Document workflows, checklists, and diagrams
• Establish a cadence for document review and updates

This step involves the following participants:

• Infrastructure Manager
• Technical Writer

Results & Insights

• Results: Improved SOP documentation and document management practices.
• Insights: It’s possible to keep up with changes if you put the right cues and accountabilities in place. Include document review in project and change management procedures and hold staff accountable for completion.

Document workflows with flowcharting software

Suggestions for workflow documentation

• Whether you draft the workflow on a whiteboard or using cue cards, the first iteration is usually messy. Clean up the flow as you document the results of the exercise.
• Make the workflow as simple as possible and no simpler. Eliminate any decision points that aren’t strictly necessary to complete the procedure.
• Use standard flowchart shapes (see next slide).
• Use links to connect to related documentation.
• Review the documented workflow with participants.

Download the following workflow examples:

• XMPL Recovery Workflows
• Workflow Library

Establish flowcharting standards

If you don’t have existing flowchart standards, then keep it simple and stick to basic flowcharting conventions as described below.

	Start, End, and Connector: Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified Modeling Language (UML) also uses the circle for start and end points.
	Start and End: Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes.
	Process Step: Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the subprocess symbol and flowchart the subprocess separately.
	Subprocess: A series of steps. For example, a critical incident SOP might reference a recovery process as one of the possible actions. Marking it as a subprocess, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process).
	Decision: Represents decision points, typically with Yes/No branches, but you could have other branches depending on the question (e.g. a “Priority?” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues).
	Document/Report Output: For example, the output from a backup process might include an error log.

Support workflows with checklists and diagrams

Diagrams

• Diagrams are a visual representation of real-world phenomena and the connections between them.
• Be sure to use standard shapes. Clearly label elements of the diagram. Use standard practices, including titles, dates, authorship, and versioning.
• IT systems and interconnections are layered. Include physical, logical, protocol, and data flow connections.

Examples:

• XMPL Recovery Workflows
• Workflow Library

Checklists

• Checklists are best used as short-form reminders on how to complete a particular task.
• Remember the audience. If the process will be carried out by technical staff, there’s technical background material you won’t need to spell out in detail.

Examples:

• Employee Termination Process Checklist
• XMPL Systems Recovery Playbook

Establish a cadence for documentation review and maintenance

Lock-in the work with strong document management practices.

• Identify documentation requirements as part of project planning.
• Require a manager or supervisor to review and approve SOPs.
• Check documentation status as part of change management.
• Hold staff accountable for documentation.

"It isn’t unusual for us to see infrastructure or operations documentation that is wildly out of date. We’re talking months, even years. Often it was produced as one big effort and then not reliably maintained." (Gary Patterson, Consultant, Quorum Resources)

Only a quarter of organizations update SOPs as needed

Info-Tech Best Practice

Use Info-Tech’s research Create Visual SOP Documents to further evaluate document management practices and toolsets.

Phase 3: Review accomplishments

Workflow documentation: Cue cards into flowcharts

Summary of Accomplishments

• Identified priority procedures for documentation activities.
• Created procedure documentation in the appropriate format and level of granularity to support Infra & Ops policies.
• Published and maintained procedure documentation.

Research contributors and experts

Carole Fennelly, Owner
cFennelly Consulting

Carole Fennelly provides pragmatic cyber security expertise to help organizations bridge the gap between technical and business requirements. She authored the Center for Internet Security (CIS) Solaris and Red Hat benchmarks, which are used globally as configuration standards to secure IT systems. As a consultant, Carole has defined security strategies, and developed policies and procedures to implement them, at numerous Fortune 500 clients. Carole is a Certified Information Security Manager (CISM), Certified Security Compliance Specialist (CSCS), and Certified HIPAA Professional (CHP).

Marko Diepold, IT Audit Manager
audit2advise

Marko is an IT Audit Manager at audit2advise, where he delivers audit, risk advisory, and project management services. He has worked as a Security Officer, Quality Manager, and Consultant at some of Germany’s largest companies. He is a CISA and is ITIL v3 Intermediate and ITGCP certified.

Research contributors and experts

Martin Andenmatten, Founder & Managing Director
Glenfis AG

Martin is a digital transformation enabler who has been involved in various fields of IT for more than 30 years. At Glenfis, he leads large Governance and Service Management projects for various customers. Since 2002, he has been the course manager for ITIL® Foundation, ITIL® Service Management, and COBIT training. He has published two books on ISO 20000 and ITIL.

Myles F. Suer, CIO Chat Facilitator
CIO.com/Dell Boomi

Myles Suer, according to LeadTails, is the number 9 influencer of CIOs. He is also the facilitator for the CIOChat, which has executive-level participants from around the world in such industries as banking, insurance, education, and government. Myles is also the Industry Solutions Marketing Manager at Dell Boomi.

Research contributors and experts

Peter Sheingold, Portfolio Manager
Cybersecurity, Homeland Security Center, The MITRE Corporation

Peter leads tasks that involve collaboration with the Department of Homeland Security (DHS) sponsors and MITRE colleagues and connect strategy, policy, organization, and technology. He brings a deep background in homeland security and strategic analysis to his work with DHS in the immigration, border security, and cyber mission spaces. Peter came to MITRE in 2005 but has worked with DHS from its inception.

Robert D. Austin, Professor
Ivey Business School

Dr. Austin is a professor of Information Systems at Ivey Business School and an affiliated faculty member at Harvard Medical School. Before his appointment at Ivey, he was a professor of Innovation and Digital Transformation at Copenhagen Business School, and, before that, a professor of Technology and Operations Management at the Harvard Business School.

Research contributors and experts

Ron Jones, Director of IT Infrastructure and Service Management
DATA Communications

Ron is a senior IT leader with over 20 years of management experiences from engineering to IT Service Management and operations support. He is known for joining organizations and leading enhanced process efficiency and has improved software, hardware, infrastructure, and operations solution delivery and support. Ron has worked for global and Canadian firms including BlackBerry, DoubleClick, Cogeco, Infusion, Info-Tech Research Group, and Data Communications Management.

Scott Genung, Executive Director of Networking, Infrastructure, and Service Operations
University of Chicago

Scott is an accomplished IT executive with 26 years of experience in technical and leadership roles. In his current role, Scott provides strategic leadership, vision, and oversight for an IT portfolio supporting 31,000 users consisting of services utilized by campuses located in North America, Asia, and Europe; oversees the University’s Command Center; and chairs the UC Cyberinfrastructure Alliance (UCCA), a group of research IT providers that collectively deliver services to the campus and partners.

Research contributors and experts

Steve Weil, CISSP, CISM, CRISC, Information Security Director, Cybersecurity Principal Consultant
Point B

Steve has 20 years of experience in information security design, implementation, and assessment. He has provided information security services to a wide variety of organizations, including government agencies, hospitals, universities, small businesses, and large enterprises. With his background as a systems administrator, security consultant, security architect, and information security director, Steve has a strong understanding of both the strategic and tactical aspects of information security. Steve has significant hands-on experience with security controls, operating systems, and applications. Steve has a master's degree in Information Science from the University of Washington.

Tony J. Read, Senior Program/Project Lead & Interim IT Executive
Read & Associates

Tony has over 25 years of international IT leadership experience, within high tech, computing, telecommunications, finance, banking, government, and retail industries. Throughout his career, Tony has led and successfully implemented key corporate initiatives, contributing millions of dollars to the top and bottom line. He established Read & Associates in 2002, an international IT management and program/project delivery consultancy practice whose aim is to provide IT value-based solutions, realizing stakeholder economic value and network advantage. These key concepts are presented in his new book: The IT Value Network: From IT Investment to Stakeholder Value, published by J. Wiley, NJ.

Related Info-Tech research

• Develop and Deploy Security Policies
• Develop an Availability and Capacity Management Plan
• Improve IT Operations Management
• Develop an IT Infrastructure Services Playbook
• Create a Right-Sized Disaster Recovery Plan
• Develop a Business Continuity Plan
• Implement IT Asset Management
• Optimize Change Management
• Standardize the Service Desk
• Incident and Problem Management
• Design & Build a User-Facing Service Catalog

Bibliography

“About Controls.” Ohio University, ND. Web. 2 Feb 2018.

England, Rob. “How to implement ITIL for a client?” The IT Skeptic. Two Hills Ltd, 4 Feb. 2010. Web. 2018.

“Global Corporate IT Security Risks: 2013.” Kaspersky Lab, May 2013. Web. 2018.

“Information Security and Technology Policies.” City of Chicago, Department of Innovation and Technology, Oct. 2014. Web. 2018.

ISACA. COBIT 5: Enabling Processes. International Systems Audit and Control Association. Rolling Meadows, IL.: 2012.

“IT Policy & Governance.” NYC Information Technology & Telecommunications, ND. Web. 2018.

King, Paula and Kent Wada. “IT Policy: An Essential Element of IT Infrastructure”. EDUCAUSE Review. May-June 2001. Web. 2018.

Luebbe, Max. “Simplicity.” Site Reliability Engineering. O’Reilly Media. 2017. Web. 2018.

Swartout, Shawn. “Risk assessment, acceptance, and exception with a process view.” ISACA Charlotte Chapter September Event, 2013. Web. 2018.

“User Guide to Writing Policies.” Office of Policy and Efficiency, University of Colorado, ND. Web. 2018.

“The Value of Policies and Procedures.” New Mexico Municipal League, ND. Web. 2018.